Beruflich Dokumente
Kultur Dokumente
CHAPTER 1
1. INTRODUCTON
Cyberterrorism is the use of computer network tools to harm or shut down critical national
Infrastructures (such as energy, transportation, government operations). The premise of Cyber
terrorism is that as nations and critical infrastructure became more dependent on Computer
networks for their operation, new vulnerabilities are createda massive electronic Achilles
heel. Cyberterrorism is an attractive option for modern terrorists, who Value its anonymity, its
potential to inflict massive damage, its psychological impact, and Its media appeal.
The threat posed by cyber terrorism has grabbed the attention of the mass Media, the security
community, and the information technology (IT) industry. Journalists, Politicians and experts in a
variety of fields have popularized a scenario in which sophisticated Cyber-terrorists
electronically break into computers that control dams or air traffic Control systems, wreaking
havoc and endangering not only millions of lives but national Security itself. And yet, despite all
the gloomy predictions of a cyber-generated doomsday, No single instance of real cyber terrorism
has been recorded. Just how real is the threat that cyber terrorism poses? Because most critical
infrastructure In Western societies is networked through computers, the potential threat from
Cyber terrorism is, to be sure, very alarming.
2014-2015
Page 1
2014-2015
Page 2
networks. Activity of this sort is tangible in nature and thus, generates most of the interest we
have in cyber terrorism today.
Cyber terrorist threats can include:
Rapid communication of threats to a wide or specific audience
Threats to public utilities and transportation
Threats to commercial institutions and transnational corporations
Threats to IGOs and NGOs
Threats to individuals
Threats to political groups or other ethnic, religious or nationalist
Entities (all of these can include other terrorist groups) identified as "the enemy"
Threats to security forces
Threats to nation states
2014-2015
Page 3
not only do damage to computing resources, but also as a way for the designer of the viruses to
"show off" his "creativity". This is a serious ethical issue, because many people are affected by
these cases. For one, the viruses can consume system resources until networks become useless,
costing companies lots of time and money. Even if the person never meant to harm someone
with their virus, it could have unpredictable effects that could have terrible results. In one of its
more unusual forms, cyber-terrorism can be used for an assassination.
In one case, a Mafia boss was shot but survived the shooting. That night while he was in the
hospital, the assassins hacked into the hospital computer and changed his medication so that he
would be given a lethal injection. He was dead a few hours later.
They then changed the medication order back to its correct form, after it had been incorrectly
administered, to cover their tracks so that the nurse would be blamed for the "accident". Thus, a
man was killed by the hackers' actions. Also, the life of the nurse was probably ruined, along with
the reputation of the hospital and all its employees. Thus, there are often more victims in a
terrorist situation that the immediate recipient of the terrorism.
CHAPTER 2
Dept. of CSE, SEACET, Bangalore.
2014-2015
Page 4
2014-2015
Page 5
2014-2015
Page 6
attack capabilities, members of this network use information technology to formulate plans for
cyberattacks. Thus, argues Vatis, trends seem clearly to point to the possibility of terrorists
using information technology as a weapon against critical infrastructure targets.
Nation-States: Several nation-states, including supporters of terrorism, such as Syria,
North Korea, Iran, Sudan, and Libya, may develop information warfare capabilities that could be
turned against the United States and its allies. China, Cuba, and Russia, among others, are also
believed to be developing cyberwarfare capabilities.
Terrorist Sympathizers: This category contains those actors probably most likely to
engage in attacks.Others with anti-U.S. or anti-allied sentiments, such as members of the anticapitalism and anti-globalization movements, or Chinese hackers still upset about the 2001
surveillance plane incident or the 1999 accidental NATO bombing of the Chinese Embassy in
Belgrade, could join in such attacks.
Thrill Seekers (or cyberjoyriders): There are many hackers and script
kiddies who simply want to gain notoriety through high profile attacks. However, such
individuals can still have significant disruptive impact, as evidenced by the February 2000 DoS
attacks and recent destructive worms.
CHAPTER 3
3. Cyberspace, Cyber hate, Cyber Crime & Cyber Warfare
2014-2015
Page 7
The terminology and concepts of cyberspace, cyber hate, cyber threats, cyber terrorism and
policing need to be carefully defined.
Cyberspace
Cyberspace may be considered as:
a metaphor for describing the non-physical terrain created by computer systems. Online systems,
for example, create a cyberspace within which people can communicate with one another (via email), do research, or simply window shop. Like physical space, cyberspace contains objects
(files, mail messages, graphics, etc.) and different modes of transportation and delivery. Unlike
real space, though, exploring cyberspace does not require any physical movement other than
pressing keys on a keyboard or moving a mouse Some programs, particularly computer
games, are designed to create a special cyberspace, one that resembles physical reality in some
ways but defies it in others. In its extreme form, called virtual reality, users are presented with
visual, auditory, and even tactile feedback that makes cyberspace feel real.
Cyber refers to concepts of an organised movement and use of electronic data,and of control
which is derived from manipulating such data. Space refers to the virtual place where two or
more human activities interact. Cyberspace can be used to describe simply the World Wide Web,
the Internet as a whole and also to include all global media and communication channels. Sterling
(1992) credits Barlow (1990) as the first to use the phrase cyberspace to refer to the present-day
nexus of computer and telecommunications networks
Cyberhate
Cyber Hate as any use of electronic communications technology to spread anti-Semitic,racist,
bigoted, extremist or terrorist messages or information. These electronic communications
Dept. of CSE, SEACET, Bangalore.
2014-2015
Page 8
technologies include the Internet (i.e., Web-sites, social networking sites, Web 2.0 user
generated content, dating sites, blogs, on-line games, instant messages, and E-mail) as well as
other computer- and cell phone-based information technologies (such as text messages and
mobile phones).
Cybercrime
Computer crime, or cybercrime, is any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target. Net crime
is criminal exploitation of the Internet.
CyberWarfare
Cyber warfare involves the actions by a nation-state or international organization to attack and
attempt to damage another nation's computers or information networks through, for example,
computer viruses or denial-of-service attacks. Cyber warfare is politically motivated hacking to
conduct sabotage and espionage.
2014-2015
Page 9
Currently there are no fool proof ways to protect a system. The completely secure system can
never be accessed by anyone. Most of the militaries classified information is kept on machines
with no outside connection, as a form of prevention of cyberterrorism. Encryption's drawback is
that it does not protect the entire system, an attack designed to cripple the whole system, such as
a virus, is unaffected by encryption.
Here are few key things to remember to protect you from cyber-terrorism:
1. All accounts should have passwords and the passwords should be unusual, difficult to
guess. Change the network configuration when defects become know.
2. Check with venders for upgrades and patches.
3. Audit systems and check logs to help in detecting and tracing an intruder.
4. If you are ever unsure about the safety of a site, or receive suspicious email from an
unknown address, don't access it. It could be trouble.
CHAPTER 4
4. Types of Cyber Crimes:
Broadly three types of cybercrimes are recognized:
2014-2015
Page 10
Unauthorized access with intention to commit further offences. These can include theft,
4.1 Hacking:
Hackers might be
1. Code hackers They know computers inside out. They can make the computer do
nearly anything they want it to.
2. Crackers They break into computer systems circumventing operating systems and
their security is their favorite pastime.
3. Cyber pumps They are masters of cryptography.
4. Phreakers They combine their in-depth knowledge of the Internet and mass
telecommunication systems.
Hackers are becoming menacing, so uncontrollable that even largest companies in the world are
finding it difficult to cope up with their incessant attacks. An act to constitute trespass undersection 441 I.P.C. must compromise one of the following.
There must be an unauthorised entry into or upon property against the will of the person
in possession; or
There must be an unauthorised entry lawfully obtained into or upon property but
unlawfully remaining therein.
4.2 Network pocket sniffers: It is package softer which uses a network adaptor card in promiscuous made to capture all
network pockets that are sent across a local area network this provide user with meaningful and
Dept. of CSE, SEACET, Bangalore.
2014-2015
Page 11
often sensitive information such as accounts and passwords. Attacker uses pocket sniffers to get
passwords accounts etc.
4.3 IP spoofing: An IP (internet protocol)Spoofing attack occurs when an attacker outside the network enters
pretending as if he is inside network and takes all information from network or destroy
information. Password attacks, Distribution of sensitive internal information to external sources.
Man in the middle attacks
CHAPTER 5
5. Fraud on Internet:
This is a form of white collar crime whose growth may be as rapid and diverse as growth of the
internet itself. In 1997 1152 crimes were reported. But in 1998 they skied up to 7500.
2014-2015
Page 12
Online investment newsletters: These are major tools for advertising the investments in stock
market and growth of companies. But some of them are found to be tools for fraud.
Bulletin boards: Online bulletin boards whether newsgroups, use nets or web-based- have
become popular tools for sharing the information in market. Some of these are also found to be
fraudulent.
E-mail online Spam: Because spam-junk e-mail- is so cheap and easy to create, fraudsters
increasingly use it to find investors for bogus investment schemes using a bulk e-mail program
Spammers can send personalized messages to thousands and even millions of internet users at a
time.
This is largest menace facing the world of computers. They are the programs created by humans
which do destruction. They are:1. VIRUS 2. Trojan horses 3.Worms 4.Logic bomb.
Types of Viruses
1. File infectors
2. Boot sector virus
3. Macro VIRUS
2014-2015
Page 13
If any system which is working with help of internet is hacked, it is obvious that its source code
will be modified and system falls in malfunctionality. Hence all functions taking this systems
help will also fall in malfunctionality. If this situation happened in banks, military control
systems and etc the loss will be of great amount. Hence Government of India passed some rules
to counter Cybercrimes.
Cybercrimes And Information Technology Act, 2000:---This act, passed with the objective of promoting a secure electronic environment deals with
issues subsidiary to this secure electronic environment such as contraventions relating to
electronics transactions and I.T. offences. It also amends the I.P.C. along with a few other
statutes.
CHAPTER 6
6. CONTRAVENTIONS AND I.T. OFFENCES
I.T. act delineates two separate types of penal provisions; contraventions and I.T.
offences. Contraventions have resultant monetary penalties, the offences may result in the
offender being imprisoned or paying a fine or both.
CONTRAVENTOINS AND COMPENSATOINS/PENALTIES Contraventions
2014-2015
Page 14
Obscenity: Publishing or transmitting any material which is lascivious or appeals to the prurient
interest or of its effect is such so as to tend to deprave and corrupt person who are likely
concerned to it. This is punishable on FIRST CONVICTION with imprisonment of either
description for a term which may extend to 5 years and with fine which may extend to 1 lakh
rupees and in event of a SECOND or subsequent conviction with imprisonment of either
description for a term which may extend to 10 years and also with fine 2 lakh rupees.
Failure to comply with controllers directions: The CCA [Controller Complying Authority] may
give certifying authorities to take certain measures to ensure compliance under act. If nay such
person fails to comply with such directions liable to imprisonment up to three years or fine up to
2 lakh rupees or both.
Dept. of CSE, SEACET, Bangalore.
2014-2015
Page 15
CHAPTER 7
7. HACKING
Original term referred to learn programming languages and computer systems; now associated
with the process of bypassing the security systems on a computer system or network.
HACKER: A term sometimes used to describe a person who pursues the knowledge of computer
and security systems for its own sake, sometimes used to describe a person who breaks into
computer system for the purpose of stealing or destroying data. Hacker's and criminals to
transmit computer viruses, invade privacy, steal or corrupt valuable information.
2014-2015
Page 16
Cyber Murders: A hacker breaks into hospital medical records and maliciously alters
prescriptions. Say, if a patient is allergic to penicillin, the hacker adds 500 mg of penicillin to his
usual dose of medication. The nurse administers the drug causing immediate death.
Effect On Government Sites: US government sites were hacked by mujihadeen.Two US
government sites were hacked late last week by a group calling themselves mujihadeen. The
pages were defaced with the flag of Saudi Arabia and a message in Urdu, which translates as
Allah is the greatest of all, Americans be prepared to die. The hackers called themselves
mujihadeen threatened further cyber terrorism.
Hacking Incident Closes Security News Site: A hacker had offered $10,000 bounty for
information about fluffy bunny, a notorious hacker who defaced the schmitz site. The owners
site came crashing down.
Manipulating Stock Markets: A hacker can somehow go to the stock markets web site and
manipulate various shares they by giving some companies great losses and some great profits.
Transmission Of Virus: In hacking a hacker can paralyze the systems by transmitting virus they
by affecting the whole data be it of any company.
Crashing Of Sites: Sometimes a mischievous hacker tries to crash down site by sending millions
of email like the tempest site.
Are hackers really criminals?
2014-2015
Page 17
Not according to Pete Shipley, chief security architect at KPMG consultancy. Shipley is proud to
call himself a hacker. He suggested the CHAOS THEORY which is given as below.
Media misconceptions:
What is a hacker? A hacker is someone who pursues technology. Ben Franklin was an inventor,
an experimenter and a hacker. According to him hackers are inventors who thirst for knowledge.
They dont want to destroy the world. They want to rule the world. The media typically mislabels
hackers as crackers and crackers as hackers.
Use strong passwords: use passwords that are difficult or impossible to guess. Give
daily for new virus signature updates and then scan it.
Use firewall as a gatekeeper between your computer and Internet.
Do not keep computers online when not in use: either shut them or disconnect them from
Internet connection.
Do not open e-mail attachments from strangers. Regularly down load security.
2014-2015
Page 18
Chapter 8
8. Instances of Cyber Terrorism
Some attacks are conducted in furtherance of political and social objectives, as the following
examples illustrate:
In 1998, Spanish protestors bombarded the Institute for Global Communications (IGC)
with thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the
ISP's users, and support lines were tied up with people who couldn't get their mail. IGC
finally relented and pulled the site because of the "mail bombings."
In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day
over a two-week period. The messages read "We are the Internet Black Tigers and we're
doing this to disrupt your communications." Intelligence authorities characterized it as the
2014-2015
Page 19
businesses, public organizations, and academic institutes received highly politicized virusladen e-mails from a range of Eastern European countries, according to reports. Web
Whether there are actors with the capability and motivation to carry them
Misuse of the technology that make it open to attack even after the high security
Involvement of the insiders, acting alone or in concert with the other terrorist misusing their
access capabilities.
Role of consultants and contractor causing grave harm.
2014-2015
Page 20
tried to buy military software from hackers who had stolen it from Department of Defense
computers they had penetrated.
capability.
Complex-Coordinated: The capability for coordinated attacks capable of causing massdisruption against integrated, heterogeneous defences (including cryptography). Ability to
create sophisticated hacking tools. Highly capable target analysis, command and control, and
organization learning capability.
2014-2015
Page 21
Flame
Wiper
2014-2015
Page 22
CYBERTERRORIS
M: The Bloodless War?
CHAPTER 9
9. Drawbacks
Systems are complex, so it may be harder to control an attack and achieve a desired level of
damage than using physical weapons.
Terrorists may be disinclined to try new methods unless they see their old ones as
inadequate, particularly when the new methods require considerable knowledge and
2014-2015
Page 23
CYBERTERRORIS
M: The Bloodless War?
CHAPTER 10
2014-2015
Page 24
CYBERTERRORIS
M: The Bloodless War?
CHAPTER 11
11. Conclusion
This article is not meant to give amateur hackers a crash-course in cyberterrorism, but to
provide insights on the dangers of cyberterrorism. Computer professionals the world over
need to be aware of the problem areas of information systems that may be susceptible to
terrorist attacks, to be able to attempt putting an end to such activity.
There are a large number of ethical issues to be taken into consideration, as well. For
example, there are sites on the Internet that deal with methods of making bombs, and sites
from which these materials can be purchased. This information is available to everybody.
However, if an individual acted on this information, and made a bomb with evil intentions,
then one could not blame technology, but society, for producing such a person. Technology
must be used for the betterment of mankind, not with the intent of destroying what He
created.Doomsday and other haunting scenarios involving weapons of mass destruction
existed long before the advent of cyberterrorism and will continue to do so as long as political
actors, security firms and others who can benefit from them can exploit the basic myths
surrounding terrorism for their own purposes.
CHAPTER 12
Dept. of CSE, SEACET, Bangalore.
2014-2015
Page 25
CYBERTERRORIS
M: The Bloodless War?
12. References
Interests 2: 137147.
"India Quarterly: a Journal of International Affairs". 42-43. Indian Council of World
Affairs. 1986. p. 122. The difficulty of defining terrorism has led to the cliche that one
November 12, 2009). Harvard Law Record. Victoria Baranetsky. November 5, 2009.
"Latest viruses could mean end of world as we know it, says man who discovered
2014-2015
Page 26
CYBERTERRORIS
M: The Bloodless War?
2014-2015
Page 27