Ebook: Terrorist Use of Cyberspace and Cyber Terrorism: New Challenges and Responses

The South East European (SEE) region is comprised of NATO member countries (Slovenia, Croatia, Albania and Bulgaria) as well as Partnership for Peace (PfP) countries (Bosnia and Herzegovina, FYROM, Montenegro and Serbia). Opportunities and challenges related to cyber are prevalent in SEE.

Unlike the rest of the world, however, this region faces unique circumstances:

1. The dominance of the illicit goods market / transit in the SEE impacts NATO countries, PfP, Mediterranean Dialogue nations as well as key regions to the Alliance elsewhere in the world;

2. Terrorist groups increasingly interface with criminality in SEE to support their efforts;

3. Terrorism has been an enduring problem in SEE;

4. SEE and in particular FYROM, has made it a priority to increase their IT sector to achieve development goals; and

5. Political instability in the region may be mitigated by training and cooperation on cross-border issues such as terrorists’ use of cyber and technology which benefits the Alliance.

As in the rest of the world, Information, Communications and Technology (ICT) plays a crucial role in the South Eastern Europe (SEE) region. The pursuit of modernization, the quest for Euro-Atlantic integration, and the undeniable necessity of foreign direct investment urged SEE countries to invest in the development of cyber. Furthermore, this domain has become the dominant place for social, economic and political interactions in the SEE region. However, this ICT-based dynamism has brought both positive and negative effects.

The increasingly growing dependence on cyber and technology in SEE has not been matched by a parallel focus on security. Recent practices show that the cyber domain has turned into both a battle-space for modern terrorists’ ideological and informational warfare and a medium for global radicalization. Terrorist organizations and violent radical religious insurgents are using the internet and modern ICT as a tool for radicalization and recruitment, a method of propaganda, a means of communication, a mechanism for attacking other entities and a suitable ground for training.

The dynamics of the changing security environment around the globe in general and in the region of SEE in particular over the past decades have produced new adversaries to SEE stability. This has the potential to directly and indirectly affect NATO countries’ interests, security and stability. On several occasions NATO has strongly emphasized that threats from cyber and technology against NATO countries and Partners are real (NATO Parliamentary Assembly in 173 DSCFC 09 E BIS - NATO and cyber defence, NATO’s New Strategic Concept - 2010; the 2012 Chicago declaration, etc.). It is critical to note that SEE nations Slovenia, Croatia, Albania and Bulgaria are NATO members while Bosnia - Herzegovina, FYROM, Montenegro and Serbia are Partnership for Peace (PfP). Hence addressing the issue of terrorists’ use of a cyber and technology in the current security environment remains as important as ever.

These actors are a hybrid mix of terrorists, criminals, insurgents and religious extremists, as well as other non-state entities who challenge SEE stability and security. The 2011 attack on the U.S. Embassy in Bosnia and Herzegovina, the 2012 attack and murder of five civilians in FYROM, and the 2012 attack on the Israeli tourists in Bulgaria, along with the numerous reports of thwarted attacks or arrests (e.g., Bosnia and Herzegovina, Serbia, Croatia, Kosovo, etc.) all confirm that this threat is genuine. Furthermore, recent trends in active support of radical Islamic groups in Syrian resistance and growing numbers of internet-based recruitments for these supporters along with the alleged online radicalization connected to the region prior to attacks around globe, raise serious concerns over the terrorist use of cyber and technology in SEE. If this development is not addressed seriously, then the growing trend of radicalization, recruitment and attack through cyber and technology holds the potential to render SEE’s efforts to create a cyber-platform for increased development into one that becomes a breeding ground for training and launching pad for cyber-attacks on SEE, the Alliance, her partners and others.

As new developments occur every day in technology, terrorists are easily adjusting themselves to this change. In this new age of terrorism, terrorism is transnational, institutionalized, technologically advanced, and global. In this respect, today’s terrorist organizations are using cyberspace for different purposes. The Internet has become the new and main source of communication in terms of disseminating propaganda for terrorist activities.

In modern terrorism, almost all terrorist organizations are benefitting from the Internet to commit their activities such as message delivering to the masses in the frame of propaganda activities, facilitate communication, and recruit new members to their organizations, raising funds, or to train the new hired members. Multimedia sources are so vulnerable for terrorist exploitation. The Internet offers terrorists so many advantages such as: easy access; no regulation, censorship, or other forms of government control; so many audiences; anonymity of communication; fast flow of information; interactivity; inexpensive development and maintenance of a Web presence; a multimedia environment (the ability to combine text, graphics, audio, and video and to allow users to download films, songs books, posters, etc.).

The area of concern, as a consequence of Internet exploitation, has been extended not only in the domestic realm, but also additionally to transnational and international arenas. The secrecy of conducting aforementioned activities can easily be resumed by means of covered or coded methods on the Internet. Thus, a comprehensive research of Cyberspace terrorist activities ought to be analyzed.

Governments usually take legal measures to prevent the unlawful usage of the Internet by applying to the national courts. However, flexible opportunities to run a Web site by changing servers, tags, proxies, and so forth do not deter or deny terrorist organizations to exploit the Internet. Thus national and international authorities, responsible for security, can also exploit and analyze the design and the context of the pro-terrorist organizations’ Web sites to exhibit the context of the activities of the terrorist organizations.

A full cooperation and coordination of efforts are required to prevent the Internet usage of terrorist organizations. In this context, both state and non-state level cooperation must be institutionalized to create a check mechanism. Ever since terrorism and other types of transnational criminal activities have become the main topic in the international arena, the term “cooperation” has become a focal point for every government.

It is widely accepted that terrorism is a real and constant threat and no part of the world can be considered immune from it. However, by following a pro-active nature and keeping up with this evolving threat, we will become successful in overcoming it in very near future.

This chapter examines The Use of Internet Technology by Cyber Terrorists & Cyber Criminals: The 2014 Report. 2014 has been an interesting one in the area of the use of cyberspace by cyber-criminals and cyber-terrorists. it is clear that cyber security has become a matter of vital importance to all organizations, whether in the public or private sectors. It is a matter that should be considered at the highest level in the organization.

The way of conducting terrorism with the time is becoming more sophisticated. Namely, there are eight different ways in which contemporary terrorists use the Internet, ranging from psychological warfare and propaganda to highly instrumental uses such as fundraising, recruitment, data mining, and coordination of actions. Coordination of the terrorist activity is key for their success. However coordination of their global activity is going through global network controlled and often monitored by ISPs (Internet Service Providers), LEAs (Law Enforcement Agencies), and different security and intelligence agencies. The terrorists are aware that the messages sent to their perpetrators through the Internet can be intercepted very easily and thus their intentions can be detected. Therefore, they are using different methods to protect their information. The two most used techniques of information protection are cryptography and information hiding. This chapter will cover only one of the mentioned techniques which deals with information hiding, or more specific it will cover different steganography techniques and tools. It will give short review of several different steganographic tools. Furthermore, it will explain specific usage of some of these tools. The chapter also tends to explain the different steganalysis techniques that are striking a significant blow not only to the terrorist organizations, but also on any other individual or group that use steganographic techniques as a way for covert transmission of their malicious intents. The chapter will show not only practical usage of some specific steganalysis tools but also usage of some tools whose basic function are not connected with this technique but can give significant contribution in steganalysis process and determining the existence of hidden objects.

This chapter is about protecting critical information infrastructure from terrorist attacks and other threats. It explores many strategic challenges facing NATO and its partner countries. This Chapter begins with a few general definitions of key terms used throughout the article so the reader can focus properly on the challenges presented. The author then surveys the international security environment, including threat to critical information infrastructure and finally presents a litany of specific challenges and a path forward that will significantly increase the demonstrable “resilience” of Alliance..

This chapter examines the Virtual Currencies and Terrorist Financing. The rise of forms of payment that are independent of governmental issued and controlled currencies, and which can be traded in a highly anonymous, instantly transferred and used for both legal and illegal transactions represent a new means of laundering money destined to finance the operations of terrorist organizations. Because virtual currencies have the capability of being used (legally) with lower fees than traditional funds transfer modalities, it is likely that their use will increase, and that legitimate organizations will make use of them. Understanding this new form of government-independent “money” is important to those involved in the field of terrorist interdiction.

Entering into the world of globalization create the right proportional process in which benefits have for anyone. For the ordinary man a boon, for terrorists open space for boundless projection of their scopes and impacts. The process of transition of the traditional way of warfare where the battlefield has been replaced by cyberspace, and military operations have been replaced by cyber operations and all of this within the cyber war, the question is, which is the limit, or where it ends the process?

This paper in the form of a thesis will explain the scientific basis for the access, conditions and the using of cyberspace by terrorists in the realization of all its cyclic activities, ranging from calls for the acceptance of the ideology until carrying out a terrorist act. Following the stages of funding terrorist activities, with special emphasis will turn the use of cyberspace in the collection of funds transfer patterns from the source to the terrorists, and the manner of use of the funds for necessary cyclic activities. At the same time, we will explain the paradox of the development of techniques and technology as well as its use for criminal or terrorist activities in the area of methods and ways of fundraising.

Terrorist groups use the internet for a number of reasons; chief amongst them the dissemination of narratives to supporters and detractors alike. Al Qaeda’s single narrative discusses the basic grievance that exists between the West and the Muslim world, the vision of the Caliphate in which this grievance is resolved and the pathway that takes Muslims from the grievance to the vision through violent jihad. This chapter examines and assesses the narratives produced by al Shabaab – an official affiliate of al Qaeda – through Twitter during the Westgate terrorist attack of September 2013 in terms of the single narrative framework. By doing so, the author discovers that al Shabaab and al Qaeda produce similar narratives on the basic grievance and the pathway, but that there is no evidence to suggest that al Shabaab are fighting to establish a religious caliphate. Instead, al Shabaab appears to have geographically limited political ambitions that they seek to redress through their campaign of violence.

Over the past 20 years, Al-Qaeda and other jihadi groups have been quietly investing in their cyber jihad capabilities. This report will summarize the development of Al-Qaeda’s and its affilate groups’ cyber efforts, from the earliest closed online jihad websites and forums to its transition into social media accessible to all. It has been almost a decade since the U.S. government first stated that it would deny terrorists use of the Internet, but this has not yet come about; in the meantime, Al-Qaeda’s online efforts have exploded.

Human behavior plays a major role in the effectiveness of cyber security efforts although the human typically receives far less attention than the technology. Perhaps the greatest challenge to cyber security is that people are inherently behind each cyber problem as well as its solution [1]. This paper examines the behavioral aspects of cognitive overload, bias, and incentives. These aspects of human behavior all affect the decision making of those who develop policy and strategy, those who fall victim to cyber attacks, and those who initiate cyber attacks.

The paper outlines nowadays social engineering problem in the modern terrorism context. Accents are given towards: human factor dual role, technological and communicational components of todays’ cyber world. An experimental system model is proposed for a deeper and comprehensive studying of the problem. Further results validation on the bases of multiagent architecture simulation is discussed for detailed understanding of the experts’ findings. Special accent is also given to multimedia aspects with possible resulting social engineering effects.

Taking advantage of the rapid expansion of the Internet and the development of social media, extremist organizations have made cyberspace a hub for their radicalization and recruitment activities in recent years. Online propaganda distributed by terrorist organizations, such as ISIL and al-Qaeda, have led to the radicalization of individuals, inspiring them to become foreign fighters, engage in terrorist activity at the behest of organizational leadership, or carry out lone-wolf attacks. Through the use of different tactics, governments, civil society organizations, international institutions, and even private companies are currently exploring ways in which to counter online extremist propaganda and contain terrorist organizations’ cyber footprints. Radicalization represents a gateway issue for stakeholders trying to grasp a firm understanding of extremist groups’ multifaceted online activity and cyber potential. Forming a coherent strategy at the national and, subsequently, international level to address propaganda dispersion and the threat of radicalization is vital for governments in this regard. This assessment lays out the threat posed by radicalization via online extremist content, references the types of materials present on the Internet and the different platforms on which this content appears, explores a sampling of the various tactics used to suppress or engage online extremism, examines some of the impediments and achievements made at the international level regarding terrorism and the Internet, and ultimately offers suggestions for states in their development of comprehensive strategies for countering online radicalization, with the aim of subsequently sharing lessons learned with countries still developing their cyber capabilities and international institutions.

This chapter explores the Southeast European (SEE) States’ rights and obligation in their cyberspace activities under international law. So far there is no list that summaries states’ rights and obligations in cyberspace. Therefore, the article first addresses the applicability of international law to states’ activities in cyberspace. After identifying that the general principles of international law could produce guidance in this manner the article explains SEE states’ international rights and obligations in their cyberspace activities.

Key to addressing cyber issues is solving both the resistance to share information about cyber attacks or intrusions and the mechanics to actually share that information. Humans control all information sharing since humans ultimately have to make the decisions that enable computers to share. In military settings information sharing, collaboration and decision making are influenced by culture.

Over the last few years the approaches and the use of the Internet, and the so-called Cyberspace, by terrorist organizations, such as ISIS (Daiesh, in Arabic), dramatically risen up. In today’s world, a fully digitalized, always-on and hyper-connected one, the ICT technology is even more central in the society, which in the meanwhile become a “digital society”. Every relevant sectors of Western economies depend on ICT technology, from Energy Infrastructures to banking and finance, from TLC infrastructure to government administration; over the last three years the yearly reports from the World Economic Forum showed us those dangerous interdependencies, and each one of them risen up those stakes we are facing, as a modern society. Throughout history, terrorist organizations demonstrated the capability to adapt and evolve, in order to further their ideological and political goals; the very recent behavior of organizations such as ISIS showed up their use of the cyberspace in order to deliver propaganda, to demonstrate their power, to raise funds, to show and to share the evidences of their crimes, such as murders, rapes and much more. Nevertheless, it is our opinion that all of this is strongly different from the so-called Cyber Terrorism, while at the same time such a complex terminology – on which most of the States do not have a commonly shared definition and interpretation – is quoted and mentioned all over, and it is increasingly becoming a top five national security priority for Nation States. In addition, actions such as “DDoS attacks” and “Web defacements” should not be considered as “cyber attacks”, and the skills and technology needed today in order to perpetrate these actions are available to any average skilled Internet user. This article aims to draw possible attack scenarios, and identify those potential attacks made possible through IT and ICT technologies, like SCADA and Industrial Automation, while including those ICT standards used in the field of Transportation, Automotive, and more, thanks to the currently available public documentation and relevant case studies.

What recently happened in Paris has brought up again the never-ending issue related to the need to check terrorist groups’ attempts to launch attacks in Italy and throughout Europe. This paper firstly tries to give a scientific definition of what cyber-terrorism should be referred to as, also by identifying, on the other hand, activities that can be only considered as an use of the Internet for terrorist purposes. Then the paper analyzes the Italian strategic response against cyber-threats through the examination of the Italian Reports on the Security Intelligence (2009-2014), tracing back the evolution of the Government approach toward such issue. Moreover, the main Italian strategic documents are examined, with regard to the strategic and operational guidelines set out in order to carry out an organic, yet flexible response to cyber-threats. Lastly, the paper also provides a legal definition of when a generic software or malware can be defined as such a cyber-weapon in the specific context of warfare.

This chapter examines the convergence of two of today’s most pressing security challenges: international terrorism; and, cyberattack. Drawing on both published research and a survey of the global research community, the chapter shows that, whilst the majority opinion is that cyberterrorism is a (current or potential) significant threat, there are also some strong dissenting voices. It then addresses questions of response, focusing particularly on methods for improving cyber defense and the introduction of new laws, and argues that partnership between the private and public sectors and members of the international community is necessary for such responses to be effective.