In-depth

What is cyber terrorism?

How is cyber terrorism defined and how likely is an attack?

Hacker

Everyone is familiar with what "terrorism" means, but when we stick the word "cyber" in front of it, things get a bit more nebulous.

Whereas the effects of real-world terrorism are both obvious and destructive, those of cyber terrorism are often hidden to those who aren't directly affected. Also, those effects are more likely to be disruptive than destructive, although this isn't always the case.

Cyber terrorism incidents

One of the earliest examples of cyber terrorism is a 1996 attack on an ISP in Massachusetts. Cited by Edward Maggio of the New York Institute of Technology and the authors of Internet: A Historical Encyclopedia, Volume 2, a hacker allegedly associated with the white supremacist movement in the US broke into his Massachusetts-based ISP after it prevented him from sending out a worldwide racist message under its name. The individual deleted some records and temporarily disabled the ISP's services, leaving the threat "you have yet to see true electronic terrorism. This is a promise".

While this is a clear example of a cyber-terrorist incident carried out by a malicious, politically motivated individual that caused both disruption and damage, other frequently listed examples fit less clearly into the category of "terrorism".

Advertisement
Advertisement - Article continues below

For example, while attacks that have taken out emergency services call centres or air-traffic control could be considered cyber terrorism, the motivation of the individuals is often unclear. If a person caused real-life disruption to these systems, but had no particular motivation other than mischief, would they be classed as a terrorist? Perhaps not.

Similarly, cyber protests such as those that occurred in 1999 during the Kosovo against NATO's bombing campaign in the country or website defacements and DDoS attacks are arguably online versions of traditional protests, rather than terrorism.

Additionally, in the case of civil war, if one side commits a cyber attack against the other then it can be said to be more of an act of war or cyber war than one of cyber terror. Again, where there is a cold war between nations, associated cyber attacks could be thought of as sub-conflict level skirmishes.

Indeed, the FBI defines cyber terrorism as "[any] premeditated, politically motivated attack against information, computer systems or computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents". Under this definition, very few of the tens-of-thousands of cyber attacks carried out every year would count as cyber terrorism.

The future of cyber terrorism

As the number of connected devices increases, the likelihood of a more destructive cyber terrorist incident something on a par with an attack in the physical world becomes increasingly possible.

The security industry is full of stories and proofs of concept about hacking medical devices, with two particularly famous demonstrations being given by New Zealander Barnaby Jack.

This opens up the possibility for targeted assassinations or mass-scale killings carried out remotely and potentially across borders. Similarly, there are concerns self-driving vehicles could be turned into remote-controlled missiles and used in an attack, although the counter argument is that such vehicles will make the roads safer in the face of terrorists driving conventional vehicles into crowds.

Another possible style of cyber terrorism is disruption of infrastructure in a way that could potentially endanger life. For example, in 2016 an unknown actor caused a disruption that saw two apartment buildings in Finland lost hot water and heating for a week in the dead of winter. In locations as cold as Finland, actions like this could cause illness and death if widespread and sustained.

Nevertheless, the likelihood is most serious cyber attacks will be acts of cyber warfare, rather than cyber terrorism, as nation states have larger and more sophisticated resources at hand.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019