Introducing Cyberterrorism and Cyberweaponry by Mike Gillespie & Ellie Hurst

A discussion in three parts…

Part 1

This article is to introduce some of the key themes and explore the impact on our lives. In part one we will look at terrorism and crime vs. cyberterrorism and cybercrime, within the definitions above we can start to look at recent events and consider how we classify them. We will also examine the way criminal organisations and terrorist ideology come together. In part two we will discuss the Armageddon tiptoe and how the threat we are now facing has been a long time in the making, the emergence of the nation state attacker and the emergence of offensive cyber weapons. In the final part we will discuss moral implications, a cyberweapons convention and at what point will we say, stop – this ends now.

  • Defined by the FBI as “premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by subnational groups or clandestine agents”.
  • The Wikipedia entry, “Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. It is also sometimes considered an act of Internet terrorism where terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by means of tools such as computer viruses, computer worms, phishing, and other malicious software and hardware methods and programming scripts.”
  • A more human definition from Google – “the politically motivated use of computers and information technology to cause severe disruption or widespread fear in society”.

Fear is a huge part of any terrorist activity and outcome, and should never be underestimated. Yes this fear, disruption and danger to life and society is perpetrated through cyberspace, but the net result is drawing closer to real-world physical threat all the time.

With all of these definitions in mind, think about some recent events that may have impacted you or those you love. Think about NotPetya and Wannacry ransomware that wrought havoc across the world, and as it spread, caused hospitals, GPs and other key health organisations to be unable to process patients, perform much needed tests or even operations. Eighty UK health organisations experienced some kind of computer shutdown, and by computer we don’t just mean PCs, we mean imaging systems, booking systems and a range of other internet protocol (IP) health systems, putting the health, wellbeing and even lives of vulnerable patients, at risk. This may have been your first brush with the insidious and cynical malware that is ransomware. If that is so, then you are very lucky.

For those not familiar with ransomware, it is malware designed to remove access to either data, files or systems, from the user. So, it might make an X-ray machine inaccessible and unusable or it might encrypt patient files making them unreadable and inaccessible. It can work on files or systems and it demands payment for the return of those files or systems. It should be noted that if the payment is made there is no guarantee the files will be returned. Let’s be frank, we are talking about criminals, how much are we expecting them to care? The reason for asking you to think about this is because although these particular forms of ransomware were worm-like and indiscriminate, a bit like biological weapons, the basis was designed to exploit a Windows vulnerability that was actually discovered previously and was part of a toolbox of hacking from the NSA which they called, Eternal Blue. So it started life as a state sponsored hack, which was somehow released into the wild and simplistically speaking, attached to a worm and sent on its way to collect cryptocurrency payments from those unfortunate to come in its path.

When we have finished this series of articles we will come back to this series of unfortunate events and consider where it leaves us and look forward to what needs to be done.

If we look at crime and terrorism in the non-cyber space then we see the victims, the perpetrators and the crime all happening in the same place. Consider the film Die Hard and recall what the terrorists (for they were never labelled any other way, regardless of the absence of any political motivation) did when they arrived in Nakatomi Plaza. They locked down the building, locked out the legitimate users and law enforcement and threatened the wellbeing of the inhabitants in order to gain access to vast sums of wealth. Cyberterrorism does the same thing, with a couple of interesting and highly disturbing twists. Links between transnational organised crime groups (TOC) and terrorist groups are emerging and indeed appear to be ‘outsourcing’ to each other. Ideology apparently takes a back seat when procuring certain cyber skills that are not readily available to terrorists and so this disturbing nexus has emerged. It is well funded (the majority of cybercrime is linked to these TOCs) and mercenary, and combined with hate-filled terrorist groups’ dogma, poses a very real and present danger to us all, as well as complex issues for law enforcement.

And yet, the underlying prime directive for law enforcement in the UK although evolved, really hasn’t changed very much since the nine principles were first laid down by Sir Robert Peel. Look at the principles of Sir Robert Mark when he introduced his little blue book in the 1970’s “The primary object of an efficient police is the prevention of crime: the next that of detection and punishment of offenders if crime is committed. To these ends all the efforts of police must be directed. The protection of life and property, the preservation of public tranquillity, and the absence of crime, will alone prove whether those efforts have been successful and whether the objects for which the police were appointed have been attained.”

This being the case, it would appear to be counter intuitive that through use of language we have created a sub-class of criminality and terrorism that is somehow deemed less heinous or dangerous for occurring in cyberspace, than in the real world.

Isn’t it time we called it what it is?

  • Bank robbery
  • Blackmail
  • Extortion
  • and Terrorism……

Mike Gillespie

Mike Gillespie

MD of Advent IM, C3i Group on cyber security, cybercrime and cyber intelligence, Mike is also cyber spokesperson for the International Institute of Risk and Safety Management (IIRSM) and the Cyber Security lead adviser for UK Government’s, Surveillance Camera Commissioner

Ellie Hurst

Ellie Hurst

Head of MarComms & Media for Advent IM, Ellie is also an Associate of the Security Institute and Institute of Information Security Professionals