certified Ethical Hacker Rich Bamber - Around the WorldCISSP

Case studies of Cyber-Terrorism

Why would a terrorist decide to use the Internet, rather than using the usual methods of assassination, hostage taking and guerrilla warfare? Part of the problem is that terrorist may come to realize that removing one official from office only causes another to take the officials place, which may not cause the result the terrorist wished to achieve. By using the internet the terrorist can affect much wider damage or change to a country than one could by killing some people. From disabling a countries military defenses to shutting off the power in a large area, the terrorist can affect more people at less risk to him or herself, than through other means. Cyber terrorism takes many forms. One of the more popular is to threaten a large bank. The terrorists hack into the system and then leave an encrypted message for senior directors, which threatens the bank. In essence, the message says that if they do not pay a set amount of money, then the terrorists will use anything from logic bombs to electromagnetic pulses and high-emission radio frequency guns to destroy the banks files. What adds to the difficulty to catch the criminals is that the criminals may be in another country. A second difficulty is that most banks would rather pay the money than have the public know how vulnerable they are. Here are some examples of cyber-terroism in its many forms:



Case One

Cyber-terrorists often commit acts of terrorism simply for personal gain. Such a group, known as the Chaos Computer Club, was discovered in 1997. They had created an Active X Control for the Internet that can trick the Quicken accounting program into removing money from a user's bank account. This could easily be used to steal money from users all over the world that have the Quicken software installed on their computer. This type of file is only one of thousands of types of viruses that can do everything from simply annoy users, to disable large networks, which can have disastrous, even life and death, results.


Case Two

Cyber-terrorist are many times interested in gaining publicity in any possible way. For example, information warfare techniques like Trojan horse viruses and network worms are often used to not only do damage to computing resources, but also as a way for the designer of the viruses to "show off." This is a serious ethical issue because many people are affected by these cases. For one, the viruses can consume system resources until networks become useless, costing companies lots of time and money. Also, depending on the type of work done on the affected computers, the damage to the beneficiaries of that work could be lethal. Even if the person never meant to harm someone with their virus, it could have unpredictable effects that could have terrible results.

Case Three

In one of its more unusual forms, cyber-terrorism can be used for an assassination. In one case, a mob boss was shot but survived the shooting. That night while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was dead a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the "accident". There are many ethical issues involved in a case like this. Most obviously, a man was killed by the hackers' actions. Also, the life of the nurse was probably ruined, along with the reputation of the hospital and all its employees. Thus, there are often more stakeholders in a terrorist situation that the immediate recipient of the terrorism.

Case four

Terrorism can also come in the form of disinformation. Terrorists can many times say what they please without fear of reprisal from authorities or of accountability for what they say. In a recent incident, the rumor that a group of people were stealing people's kidneys for sale was spread via the Internet. The rumor panicked thousands of people. This is an ethical issue similar to screaming 'Fire' in a crowded theater. In case like this, the number of people affected is unlimited. Thousands of people were scared by this and could have suffered emotionally.

Case five

Minor attacks come in the form of "data diddling", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords. Hackers may even prevent users who should have access from gaining access to the machine. Ethical issues in this case include things like invasion of privacy and ownership conflicts. It could be even more serious if, for instance, the person who needed access to the machine was trying to save someone's life in a hospital and couldn't access the machine. The patient could die waiting for help because the computer wouldn't allow the necessary access for the doctor to save his or her life.


Rich Bamber - Around the World
[ Home | Holiday | Cyber Terrorism | Chat | Email Me! | On-Line Mail ]