CHAPTER 2

AN EVOLVING CONCEPT

A. INFORMATION AGE TERRORISM

Terrorism will change in the 21st century. Information warfare, the current "hot topic" for the military, along with Command and Control Warfare (C2W) are two concepts that some argue will create or accelerate a "Revolution in Military Affairs." These ideas also suggest the possibility of a "Revolution in Terrorism Affairs." Information age terrorism may take on three distinct forms: conventional terrorism, technoterrorism, and cyberterrorism. While conventional terrorism will still rely on physical violence, terrorists acquisition of high technology information warfare capabilities will allow a shift toward tactics focused on disruption rather than destruction. Information age terrorism, while continuing to use "conventional" weapons, will also employ weapons radically different from those used in conventional terrorism. This shift toward disruption in cyberspace, though the use of new weapons and without the use of violence in the physical world, may force a redefinition of the classic conception of terrorism.

1. Information Warfare

The definition of Information Warfare has been extensively debated in the open press. The Department of Defense has a classified definition of Information Warfare contained in DOD Directive T$3600.1, but the public debate on the subject will be sufficient for the purposes of this thesis. Drs. John Arquilla and David Ronfeldt capture the broad nature of information warfare in Cyberwar is Coming! In this work, they address the military and civilian, as well as the offensive and defensive components of information warfare. The spectrum of conflict is split into "netwar" and "cyberwar".

Netwar refers to information-related conflict at a grand level between nations or societies. It means trying to disrupt, damage or modify what a target population knows or thinks it know about itself and the world around it. A netwar may focus on public or elite opinion, or both, It may involve public diplomacy measures, propaganda and psychological campaigns, political and cultural subversion, deception of or interference with local media, infiltration of computer networks and databases, and efforts to promote dissident or opposition movements across computer networks.6

Cyberwar is the military cousin of netwar. While a diverse group of actors can conduct netwar at a variety of levels, cyberwar exists exclusively in the military realm.

Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting, if not destroying, information and communications system, broadly defined to include even military culture, on which an adversary relies in order to know itself: who it is, where it is, what it can do when, why it is fighting, which threats to counter first, and so forth. It means trying to know everything about an adversary while keeping the adversary from knowing much about oneself.7

Cyberterrorism, while utilizing some cyberwar tactics, lies in the realm of netwar, Through an examination of cyber and netwar, Arquilla and Ronfeldt highlight the increasing importance of information control for military victory in the information age. In the future, information control may also be critical for successful terrorism or counter-terrorism.

The National Defense University (NDU) has posited a working definition of Information-Based Warfare that outlines the offensive and defensive components of information warfare. It highlights the applicability of information as both a target and a weapon across the conflict spectrum:

Information-based Warfare is an approach to armed conflict focusing on the management and use of information in all its forms and at all levels to achieve a decisive military advantage especially in the joint and combined environment. Information-based Warfare is both offensive and defensive in nature -- ranging from measures that prohibit the enemy from exploiting information to corresponding measures to assure the integrity, availability, and interoperability of friendly information assets.

While ultimately military in nature, Information-based Warfare is also waged in political, economic, and social arenas and is applicable over the entire national security continuum from peace to war and from 'tooth to tail.' Finally, Information-based Warfare focuses on the command and control needs of the commander by employing state-of-the-art information technology such as synthetic environments to dominate the battlefield.8

Martin Libicki of NDU has also examined the concept of Information Warfare and its implications for the future. In his Advanced Concepts and Technology paper, "What is Information Warfare?" Libicki outlines seven specific forms of information warfare: command and control warfare, information-based warfare, electronic warfare, psychological warfare, hacker warfare, economic information warfare, and cyber warfare.9 While most of these forms of conflict fall into the military realm, each of them is applicable to terrorism in the emerging information age. The form described as hacker war (warfare against computer networks) is split into three areas by Libicki the physical, the syntactic, and the semantic.10 The physical attack of computer networks is classified as technoterrorism by my typology. The attack of computer systems at the syntactic level (attack on the flow of electrons within the network) and at the semantic level (attacks on the veracity of a network's information--fooling the computer into producing an output that is incorrect) are defined as cyberterrorism because they exist exclusively in the realm of cyberspace.

There are two components of Information Warfare. First, your own information must be protected and trusted at all levels. During collection, the accuracy of the information received must be verified. During processing, information must be defended against theft, destruction and modification. Finally, during distribution of information to other elements, the means of transfer must be secure to ensure that information arrives at its destination in an unaltered format. The defensive portion of information warfare aims to ensure information confidentiality, integrity, and availability.

Second, an effort to disrupt the information gathering, processing, and distribution functions of the enemy must be undertaken. The effort to manipulate the information of the enemy while protecting your own takes place on several levels. Information warfare is not just about computers sending electrons from point A to point B. It is not only the hardware and software but the "wetware" (computer slang for a human brain) that is critical to information warfare. The fundamental goal of warfare is to change the mind of the enemy and convince him to do your will. The goal of information warfare is to accomplish this through the manipulation of the enemy's ability to control information. This places information warfare in the camp to Sun Tzu. Michael Handel captures the essence of information warfare by quoting both Clausewitz and Sun Tzu who states, "For to win one hundred victories in one hundred battle is not the acme of skill. To subdue the enemy without fighting is the acme of skill." This effort to win without fighting runs counter to Clausewitz, who believed that combat and bloodshed were an integral part of warfare. "Kind-hearted people might of course think there was some ingenious way to disarm or defeat and enemy without too much bloodshed, and might imagine this is the true goal of the art of war. Pleasant as it sounds, it is a fallacy that must be exposed."11 While contradictory, both quotes apply to terrorism in the information age. While perceived as "less bloody," and "not really fighting," physical destruction can play an important role in information warfare. One of the tools of information warfare is infrastructure warfare, in which the infrastructure of an enemy is targeted with both "regular" technology (bombs, missiles, troops on the ground) and "information" technology, the attempt to utilize malicious software to disrupt and alter enemy telecommunications without physical destruction and to induce a psychological state in the enemy that will lead him to "do your will."

Information warfare is the quest to disrupt, disable, destroy, or modify an adversary's information and information systems while simultaneously protecting your own. While electronic attacks of a network via computer and modem are the "cleanest" means of information warfare, physical attacks on the network's infrastructure are also possible and should always be considered as an option open terrorists.

a. Command and Control Warfare (C2W)

Chairman of the Joint Chief's of Staff Memorandum of Policy Number 30, "Command and Control Warfare," identifies Command and Control Warfare (C2W) as the military component of information warfare.12 Both terrorism and information warfare cover a larger spectrum of conflict than simply command and control, but the fundamentals of both are rooted in the ability to affect the thinking of the enemy. As a result, there are several useful parallels between C2W and terrorism in the information age.

 Figure 1. displays how offensive and defensive C2W is viewed in the military.13

The "five pillars" of C2W (electronic warfare, physical destruction, operations security, psychological operations, military deception) are designed to help classify a military operation. Each of these pillars is also applicable to terrorism. An understanding of C2W is useful in examining both the internal and external working of terrorist organizations. Properly performing in all five areas enhances the ability of a terrorist organization to mount an offensive against its opponent. If one of the areas is weak, it can be exploited by the organization under attack and used to disrupt or destroy a terrorist organization. While the defending group targets the weakness of a terrorist group, the terrorist group will target any perceived weakness of the defending group. This continual targeting and retargeting of actual and perceived weaknesses is the basis for determining the type of strategy that a defending group will use. If a terrorist organization is seen to have several glaring weaknesses in its C2 structure, the defending group may find it most effective to pursue an offensive strategy in an effort to destroy the terrorist. If, however, the terrorist' C2 networks are hard to identify, target, and attack, the only option open to the defender is to establish a defensive strategy in cyberspace whereby the costs of attack are increased, and the benefits reduced. New technology has affected the C2W "balance of power" between terrorists and authorities. Counter-terror forces now have the capability to more closely monitor communications channels using increasingly sophisticated computers. Terrorists, however, can also use increasing computer power and publicly available encryption technology to secure their member's communications. Terrorists, in the past, operated in what J. Bowyer Bell described as a "dragonworld," where they were forced to live in fear of constant government surveillance.14 With the rise of secure voice and data communications (i.e., Pretty Good Privacy (PGP for E-mail and PGPphone for Internet voice communication encryption), terrorists can emerge from the dragonworld. Conventional defensive C2W restrictions no longer exist for the information age terrorist, who can devote more time to offensive C2W and other acts without constantly worrying about secure communication.

Defense in cyberspace bears some resemblance to defense in the physical world. The most effective defense is to isolate a computer or network completely from the rest of cyberspace. If there is no access into a computer system because it has been removed from all networks, defending it will be easier. The primary concern for such a "stand alone" computer is the possibility of an authorized user inserting some form of malicious software. The problems associated with trusted individuals "going over" to the enemy camp have existed throughout history and are hardly unique to the information age. The second form of defense is similar to a point defense with access to a computer system challenged by an authentication and identification procedure. In this case, the computer asks for and verifies the password provided by the user. While "static" passwords that do not change are vulnerable to attack by random guessing, technology, such as the "smart card," exists to provide a constantly changing set of passwords that are nearly impossible to crack. Increasing the transmission paths available to data is akin to a defense in depth. As the data paths increase, the ability of an enemy to attack all of them successfully decreases. When one communication path is destroyed or degraded (by accident, natural causes, or malicious action), data will instantaneously switch to one of the other available paths with no impact to the end user. The use of encryption to ensure the confidentiality and integrity of data consists of electronically scrambling, and thus armor plating, the data that is to be sent through cyberspace. Even if the data is intercepted and copies, its contents remain unknown to the enemy until they can decrypt it, which may take years.

The ever shifting nature of conventional terrorism causes difficulty for defender states who attempt to pursue an offensive strategy against terrorism. The inability to target and attack small terrorist groups, plus the myriad of defensive techniques available to both state and substate actors will only increase the problems associated with countering conventional terrorists as the exploit the principles of information warfare.

2. Infrastructure Warfare:

Infrastructure Warfare is an attack against the physical components of a state's networks, such as power and water distribution, telecommunications networks, rail lines, and roads, As related to information warfare, infrastructure warfare is defined as a physical attack on system components that would subsequently influence the ability to process or transmit information. As such bombing the telephone switching building that serve a specific location to isolate it from the rest of the world or destroying the electrical grid that supplies power to a targeted system would constitute infrastructure warfare. Terrorists have already proven that they are capable of physical destruction via numerous airline, building, and infrastructure bombings. Terrorists design these events to "send a message" to the world and to terrorize specific target audiences. Terrorist infrastructure warfare may utilize the same tools, such as bombs, with which the terrorist is familiar, but for a different purpose. Instead of attempting to "make a statement" by bombing a physical target for a physical impact, a terrorist group can bomb infrastructure targets to cause cascading failures (loss of electricity leads to loss of computers which leads to loss of communications, etc.) within a targeted system. These secondary effects of the bombing, which may only destroy equipment without causing personnel casualties, are the primary goal of the terrorist in infrastructure warfare.

3. Cyberspace

Cyberspace is a term coined to capture the essence of "where" computers work. While the physical components of computers and their networks are necessary for cyberspace to exist, it is more than merely the sum of these parts. Winn Schwartau defines cyberspace as follows:

Cyberspace is that intangible place between computers where information momentarily exists on its route from one end of the global network to the other. When little Ashley calls Grandmother, they are speaking in Cyberspace, the place between the phones. Cyberspace is the ethereal reality, an infinity of electrons speeding down copper or glass fibers at the speed of light from one point to another. Cyberspace includes the air waves vibrating with cellular, microwave and satellite communications. According to John Perry Barlow, cofounder of Electronic Frontier Foundation, Cyberspace is where all of our money is, except for the cash in our pocket."15

The Defense Information Systems Agency, a branch of the Department of Defense charged with conducting defensive information warfare defines cyberspace as:

The electronic environment formed by the aggregate of global computing and telecommunications resources. Cyberspace is a virtual 5th dimension characterized by: no geographic, national, or temporal boundaries, no ownership, laws, or identity cards.16

Cyberspace does not have a physical reality. One cannot physically "enter" cyberspace. It consists of the "virtual world" through which all electronic transactions take place. It is in this realm that the cyberterrorist will operate.

4. Cyberterrorism

The term cyberterrorism refers to the use of information warfare tactics and techniques by terrorist organizations to affect cyberspace. The cyberterrorist will operate exclusively within cyberspace and will not physically destroy any of the infrastructure that supports the existence of cyberspace. While cyberterrorists wish to have an impact on the actions of real people in the real world, they operate within the virtual world of cyberspace to manipulate these actors. Thus, if cyberterrorists wished to take down a telephone system or an electric grid, they would attack the computers controlling the system and not its subsidiary physical components.

a. Weapons of the Cyberterrorist

The weapons of the cyberterrorist are not designed to kill people or break physical objects. Rather, they exist exclusively to destroy or modify computer data. The weapons and the targets are the electrons moving within cyberspace. While it is possible to attack this data without any human interfaces, the human is usually the weakest link in a computer system.

Joseph Seanor of CIBIR Corporation, a computer crime investigative group, recently discussed the "Methods of Operations" of Cyberterrorists. His definitions provide a useful starting point to examine how cyberterrorists may attack their targets. The critical element in cyberterrorism, and information warfare in general, is knowledge. While the "tools" of the cyberterrorist (computer modems, phone connections) are nearly universally available, the knowledge of computer systems and their weaknesses (while becoming increasingly common is not as easily obtained. Individuals who have the requisite level of knowledge to become cyberterrorists fall into three main categories. The first is a "hacker" defined as a "person that breaks into computers to prove that it can be done. Some are destructive in nature, others are purely joyriders." The second category is the cyberpunk, "a harder edged computer hacker, one that enjoys technology and uses that technology to make money or act as an anarchist." The third category is the cypherpunk, "a person that is interested in the use of encryption to protect the privacy and the use of decryption methods to access other protected files."17 Paul Strassmann notes that, with the skill resident in these groups, several risks to computer systems exist:

Pest Programs

-Trojan horse attacks- implanting malicious code, sending letter bombs.
-Logic bombs-setting time or event bombs
-Malevolent worms- denying access to distributed resources
-Virus Attacks- attaching code to programs and replicating it

Bypasses

-Backdoor attacks- using existing flaws in software for exploitation
-Authorization attacks- password cracking, hacking control files

Active Misuse

-Creating, modifying, denying service, entering false or misleading data
-Incremental attacks- using salami tactics
-Denials of service- launching saturation attacks

Passive Misuse

-Browsing- reading and copying with apparent authorization
-Interference, aggregation- exploiting database searches, traffic analysis
-Indirect misuse- preparing for subsequent misuses, off-line      pre-encryptive matching, factoring numbers to obtain crypto keys,      autodialer and voice-mail scanning.18

To achieve these results, the cyberterrorist cannot use the weapons commonly employed in conventional terrorism. While a conventional terrorist finds a fertilizer bomb effective in blowing up a building or other symbolic target, a technoterrorist will find the same bomb useful in destroying a critical node in a network to cause disruption. Cyberterrorists have no use for physical explosives. Their weapons exist nearly exclusively in cyberspace. These new weapons are unique in that they can simultaneously be more powerful and weaker than the weapons of the conventional terrorist. This apparent dichotomy exists because the laws of physics do not operate in cyberspace in the same manner as the physical world. A conventional bomb will have some effect every time it is exploded in the real world. A software bomb when exploded in cyberspace may have an extraordinary effect the first time it is used as it normally exploits an existing weakness in a computer operating system. After that weakness has been corrected, an identical software bomb will do no damage to the targeted computer or its data.

Several cyberterrorist weapons can have an impact on the networks of today and tomorrow.

(1.) Viruses. One of the most heralded weapons of a cyberterrorist or a hacker is the computers virus. Computer viruses are programs designed to perform actions not intended by the operator. These actions include erasing or modifying the data in a computer's memory or storage with or without malicious intent. A virus is so named because it "lives" within a host system or program and cannot spread without some actin., often unwitting (such as using an infected disk), by the system operator. Viruses can be used in an attempt to shut down a computer or even hold it hostage. The front page publicity granted the "Michelangelo virus" every march serves as an example of the publicity power generated by hostile virus. This particular virus was written to check the computer's internal clock/calendar and destroy the data on the infected computer on Michelangelo's birthday, March 6. The virus was widely publicized when released in 1992. The ease of identifying and removing the Michelangelo virus has resulted in publicity about it not attacking computers:

MICHELANGEL0 VIRUS FAILS TO SURFACE: The Michelangelo virus, a nasty bit of high-technology vandalism designed to break out each year on March 6, the great artist's birthday, failed to cripple the world's computers. The Michelangelo virus was front-page news in 1992.19

To compete against virus detection and removal programs, virus writers have created a subset of the virus, known as a polymorphic virus. This type of virus changes itself slightly every time it is replicated or executed, thus denying a virus detection program a fixed set of "indicators" that the virus has infected a computer. The battle between virus writers and virus fighters will continue into the future, with each trying to outsmart the other. The sheer explosion in the number of viruses (in 1991 where were approximately 500 known computer viruses, by 1995 that number expanded to more than 5,000) is evidence of this threat.20 This exponential growth suggests that virus writers hold the initiative in the battle for cyberspace. For existing operating systems that are infected with viruses, a cure cannot be developed until the virus is released into the system. Once released, the virus can be studied to find a method to prevent its further spread and remove it form the system. The computer community is striving to regain the initiative by developing operating systems that are more resistant to viruses. Despite these developments, those that attack computer systems will generally hold the initiative.

(2) Trojan Horses. The second type of weapon is a trojan horse. True to its name, it is a program that does not appear to be destructive but releases a second program to perform a task unintended by the system operator. A trojan horse can be used to install a password "sniffer" program that collects the passwords of valid users and stores them for later use by an intruder posing as a legitimate user. Cyberterrorists can utilize this type of weapon for espionage to gain the information needed to access a system by impersonating legitimate users, thus compounding the problem of intrusion detection.

(3) Worms. Worms are programs originally developed to travel through systems and perform mundane tasks, such as data collection or ensure of old data. While they can be useful, if misprogrammed or programmed with malicious intent, they can be extraordinarily destructive. A virus attaches itself to a host program, but a worm is designed to spread across a computer network independently. While normally programmed to perform a task on a network, a worm may also simply replicate itself on target computers while it continues to spread across a network. The Morris worm discussed in Chapter IV serves as an example of the damage a "non-malicious" worm can cause.

(4) Humans. Computer operators are the vehicles by which viruses, trojan horses, and worms are initially programmed and then inserted into computer systems. In addition to utilizing software attacks on a computer system, a cyberterrorist or hacker can attack a computer system through the vulnerability of its operators. The hacker community commonly refers to this as "social engineering."21 Using a social engineering tactic, a cyberterrorist may impersonate a computer technician and call individuals within the targeted organization to obtain information to penetrate a system. Once in possession of legitimate log on information, cyberterrorists will have "legal" access to a system and can insert viruses, trojan horses, or worms to expand their control of the system or shut it down.

(5) Electro-Magnetic Pulse Weapons. While not nearly as widespread as viruses, there exists a class of weapons that destroy computers and electronics through an electromagnetic pulse,22 The capability now exists to generate an instantaneous electromagnetic pulse that will overload and destroy the sensitive circuitry in advanced electronics and computer systems without the previously required detonation of nuclear weapons in the upper atmosphere. Any system that is within the limited range of these weapons will be disrupted or have its electronic components destroyed. While there have been reports of the military using such weapons in the GulfWar, there are no indications that any terrorist organization possesses or has used these weapons against computer targets.23 Press reports from Japan indicate that the AUM Shinrikyo cult, incriminated in the sarin gas attacks on Tokyo's subway was attempting to develop a high powered microwave weapon, ostensibly for use against humans.24 While suspected of being powerful enough to incinerate a human body, they may have intended this weapon for use against electronic targets as well. An electromagnetic weapon does not leave a crater like a conventional bomb, nor does it modify the operating system of a computer. As such, detection of an attack becomes more difficult. These weapons have been names HERF (High energy Radio Frequency) Guns and EMP/T (Electro Magnetic Pulse Transformer) Bombs by Winn Schwartau in testimony before Congress.25 In the same manner as a fertilizer bomb can be assembled by a conventional terrorist, a cyberterrorist can manufacture an EMP/T bomb out of readily available electrical and electronic components.

5. Technoterrorism.

Technoterrorism is the intermediate step between "conventional" terrorism and "cyberterrorism." The technoterrorist understands the importance of high technology networks and C2 systems to a "third wave" state. Unlike the cyberterrorist, the technoterrorist will target and attack those systems that exist in the physical world to disrupt cyberspace. Thus, the computer itself (hardware rather than software) is the target of the technoterrorist. The technoterrorist will use "conventional" weapons such as bombs and physical destruction to destroy or disable those systems that control cyberspace.

6. Terrorism

The debate over the definition of terrorism is as old as the term itself. As the world moves into the information age, expanding the definition of terrorism to include actions taken inside cyberspace as well as the physical world may be necessary. There are several elements that run through the many definitions of terrorism. The first critical element is physical violence. At some point in terrorism, an individual or group must believe that they are being threatened with violence. The second element is the political nature of terrorism. The violence caused by a terrorist action must have some larger political goal than the physical action itself. The debate surrounding the definition of terrorism is addressed in Appendix B, which contains an overview of some of the more popular definitions in the literature. An understanding of the violent and political elements of terrorism are most important for this study.

One of the popular selling points of information warfare is that it is a less violent and destructive form of warfare in which the combatant states wage war with electrons in cyberspace. While the ability of states to wage relatively bloodless war is yet to be seen (the Persian Gulf war began to approach this standard in terms of allied casualties), the potential to create mass chaos and insecurity in a society via information warfare techniques may appeal to terrorists. As discussed in Chapter III, the definition of terrorism must be adapted and applied to those events that extend beyond mere physical violence and include what can be called "cyberviolence," or violence in cyberspace, where electrons, not people are destroyed. In addition, disruption, not destruction must be included as a tool to be utilized by cyberterrorists.

The evolving concept of information warfare will influence terrorism in the information age. Every advance in computing power continues to increase the usefulness of computers and their associated networks to law-abiding citizens. Simultaneously, these computers increase the power of the weapons available to cyberterrorist and criminals. The implications of computer technology's dual nature, as both a tool and weapon, must be understood in the information age. The military information warfare tactics that exploit this dual nature may be used against the United States by future cyberterrorists. As such, it is important to include information warfare as a potential component of information age terrorism.

Previous

Next

Table of Contents