Ebook: Countering Terrorist Activities in Cyberspace

This book encompasses a set of lectures presented during the Advanced Training Course (ATC) Countering Isis Radicalisation in the Region of South-East Europe (CIRACRESEE), organized in the city of Ohrid, Republic of Macedonia between April 3–7, 2017 and officially supported by NATO – Emerging Security Challenges Division of Science for Peace and Security Program, G. 5257.

The CIRACRESEE ATC was set up and performed by the Joint Training Simulation & Analysis Center (JTSAC) of the Institute of Information and Communication Technologies, Bulgarian Academy of Sciences, Sofia, Republic of Bulgaria, as a NATO member nation, and locally hosted and supported by the Military Academy ‘Gen. Mihailo Apostolski’, University of Goce Delcev – Stip, Republic of Macedonia as a Partnership for Peace (PfP) nation.

JTSAC was officially founded in 2007, and today combines both research & educational efforts in a sustainable knowledge capacity throughout a proven expert team, supported by a valuable partner network. Being at the forefront of global digitalization, the center aims to provide appropriate strategies for coping with the modern security threats and challenges of socio-technological hybridization for the integrated security sector. Special attention is given to creative research and training in the fields of cyber security, crisis & emergency management, defense planning & assessment, future threat analysis, modeling and forecasting, psycho-physiological monitoring & stimulation of human factor response, distributed CAX in mixed cyber-physical realities. JTSAC has been distinguished with a number of awards and much appreciation for this work, which has already been ongoing for 10-years, as well as for numerous successfully concluded security studies, analyses, research and applied projects results funded by the Bulgarian government, EU, NATO, USA, UN and the non-governmental sector.

The main objective of the CIRACRESEE ATC five-day training program was to provide participants from the integrated security sector in the region (including representatives from Albania, Bulgaria, Bosnia Herzegovina, Croatia, Slovenia, Republic of Macedonia, Montenegro and Serbia) with information and knowledge about global trends with regard to the use by ISIS of cyberspace, as well as accentuating the importance of resulting social and technological challenges. In addition, in-depth analysis of how these trends are influencing the region of South-East Europe was performed.

The results aim to facilitate important regional cooperation among the participants from NATO and its Partner countries in South-East Europe; cooperation which is an essential component in building societal resilience to terrorist use of cyberspace and its negative technological implementations.

The course topic was addressed from strategic/political, legal and technical perspectives. Furthermore, participants were engaged in creating future regional policy proposals to counter ISIS use of cyber space by engaging political, strategic, legal and technical components.

This book presents thirteen chapters, selected from the academic lectures and practical case studies presented during the CIRACRESEE ATC, with the objective of providing readers with a comprehensive analytical outlook from socio-cultural, organizational and technological perspectives. Particular attention is given to the importance of successfully countering terrorism in the region of SEE using new cyberspace opportunities, and coping with emerging socio-technological security challenges. The team of authors includes well-known academics and security professionals with internationally proven expertise in their areas of work.

The course was opened by the former Minister of Defense, HE Mr. Zoran Jolevski, Republic of Macedonia, who welcomed the trainees and guests on behalf of the country and explained to participants and media representatives the huge importance of countering ISIS terrorism in the region of South-East Europe successfully and quickly, marking this as a serious problem that requires a joint effort if it is to be effective. He also noted the key role of NATO in integrating these security efforts sustainably. The course co-directors, Prof. Zlatogor Minchev (JTSAC Director and NATO Co-Director) & Prof. Mitko Bogdanoski (Military Academy ‘Gen. Mihailo Apostolski’ and PfP Nation Co-Director) appreciated Mr. Jolevski's positive message, and responded to his political line with scientific and analytical support. They also greeted the participants, and acquainted them with the objectives of the CIRACRESEE ATC and program.

The course's keynote address by Alan Brill, Senior Managing Director at Kroll Associates, Inc., USA, appears in the first chapter of the book. The content gives a broad overview of what has been happening and why the danger of terrorist misuse of cyberspace is not only possible, but virtually certain. The lecture also outlines the mediating role of the evolution of crypto currencies in this process. A final discussion on the necessity of establishing the cyber security plans and forces of member nations and allies for the effective protection of multiple critical infrastructure facilities, and of assure the successful countering of the new security challenges, and of cyber terrorism in particular, forms part of the conclusion of the chapter.

The second chapter, from Prof. Velizar Shalamanov, until recently NCIA Demand Managing Director of the JTSAC team, gives an outline of the NATO evolutionary approach to cyber defense for the successful countering of modern terrorism. A proposal for using this as a reference implementation model in the development of national capabilities and cooperation for the successful fighting of cyber-terrorism in South-East Europe is further presented. Some allied benefits from the application of innovations in the working format of the military, government, academia and industry, with joint experimentation and training for the effective countering of terrorism in the cyber domain, are also discussed.

The third chapter, prepared by Prof. Predrag Pale, University of Zagreb, Croatia, describes cyber and modern terrorism interactions, noting a threefold role for cyberspace: facilitator, instrument and target. Some options and tools for the State countering of terrorism using technologies, information space and human capacity before, during and after the activity are presented, as well as an argument of some legal aspects of the problem. A concluding discussion covers successful modern counter-terrorism measures, and citizens' rights and freedoms.

The fourth chapter by Prof. Zlatogor Minchev, JTSAC Director and CIRACRESEE ATC, NATO Co-Director, outlines the methodology for addressing the proactive analysis of hybridized emerging digital society threats and the challenges of phenomena such as cyber terrorism, criminal activities in cyberspace, social engineering and other negative socio-technological tendencies. The solution is to attempt to generalize the input of CIRACRESEE ATC participants, both expert and empirical, implementing future foresight of morphological & system-of-systems analyses. A concluding machine validation of probabilistic results is finally implemented. Some key findings, priorities and perspectives, in the context of securing South-East Europe region specifics and achieving a successful countering of terrorism globally in the new digital age are discussed at the end of the chapter.

The fifth chapter, from Prof. Mitko Bogdanoski, ATC PfP nation Co-Director, Military Academy ‘Gen. Mihailo Apostolski’, Republic of Macedonia, provides a study on the nexus of possibilities for potential targets of attack offered to terrorists by cyberspace. The study also discusses the proper understanding of terms like ‘terrorist use of cyberspace’, ‘cyber attacks’ and ‘cyber terrorism’. Furthermore, it covers the aspect of ‘cyber terrorism’, as one of the future potential threats against national and global security, also noting the potential for attacks on critical infrastructure.

Brig. Gen. Prof. Metodi Hadji-Janev, Military Academy ‘Gen. Mihailo Apostolski’ eminent expert & Republic of Macedonia and until recently a Defense Attaché in the USA, now adjutant to the country President, is the author of the sixth chapter, which addresses the reality of the threats posed by those radical Islamic extremists affiliated with terrorist organizations. A practical exploration of how these individuals and groups use/abuse cyberspace to extend their agenda is also given. Some recommendations that South-East European governments need to consider as to whether they are prepared to protect their societies and Euro-Atlantic values are finally discussed.

In the seventh chapter Dr. Zeynep Ünsal, security researcher from CSRC-Global, Turkey, describes the situation of radicalism as ‘politically motivated violence’, and examines the Balkan region, while also offering an explanation of the role of terrorism, radicalism, Islamic history and the Salafist/Wahhabi movements. Some concluding remarks on countering rising radicalism as an element of terrorism with regard to individuals/groups from the area are also included.

Dr. Aleksandar Nacev, until recently Director of the Directorate for Security of Classified Information, Republic of Macedonia & Dr. Dimitar Bogatinov and a leading ICT security expert and young researcher from the Military Academy ‘Gen. Mihailo Apostolski’ have authored the next two chapters in the book. Chapter eight delivers a comprehensive overview of recent methods which employ the internet and social media used for recruitment purposes by ISIS terrorist groups, noting some examples and nuances concerning their motivation and resultant rapid radicalization. The authors also state the importance of properly and comprehensively understanding ISIS in order to counter further successful terrorist activities by implementing a ‘whole of society’ approach. In the ninth chapter the authors' team also gives a brief technological review of the recent evolution and implementation of key Artificial Intelligence (AI) techniques in modern complex cyber defense. They express the belief that AI is expected to guarantee the successful and intelligent countering of terrorist activities via cyberspace, placing the accent on the current and future critical infrastructure protection of ICT components in the new cyber world.

The tenth chapter is by Joe Whittaker, a young PhD candidate and researcher from Swansea University, UK, and explores the role of online radicalization, with attention for the internet, and modern social media in particular. The author provides both a literature review of the problem and an empirical analysis with real case studies. Additionally, a discussion on the current driving vs facilitating role of the internet for terrorism, extremism and online radicalization is presented, following social understanding and influence from a Western perspective.

In the eleventh chapter, Dr. Ivica Simonovski, financial expert from Cyber Security, Corporate Security and Crisis Management Initiative, Republic of Macedonia, notes the importance of controlling and protecting the international financial system, which has a key role in the economics of global terrorism. An overview of different terrorist funding schemes, criminal activities, threats and attack vectors via cyberspace with an active human-in-the loop role towards the critical infrastructure of the financial sector is outlined. The conclusion emphasizes the importance of public-private partnership and sustainable support for countering the financial funding sources for terrorist activities.

The twelfth chapter in the book is from Dr. Elisa Canzani, a young researcher from IABG, Germany. The study aims to provide some insights on the use of modeling and simulation as an approach for supporting the better understanding of decision-makers of the complex interrelationship between terrorism and cyber space, and explores different cyber-risk scenarios. The overall aim is to stimulate multidisciplinary research that will bridge practice and theory in a sufficiently complex synergy. At the end of the chapter, some further developmental ideas are also discussed from the perspective of future success in comprehensively facing the challenges of modern terrorism in the new cyber age.

In chapter thirteen, Karl Schelps, Managing Director and Senior Consultant at Enfina – Security, s.r.o., Czech Republic focuses on the ‘Segregation of Duties’ and ‘Know your Customer’ techniques as risk-based measures to counter terrorism, providing a comprehensive anti-money-laundering approach from a financial perspective. Concluding remarks cover digital verification of recipient's identities and the necessity for the sharing of information, and transaction and registration data, by the international community in the context of the successful countering of global terrorism funding.

Several key findings, priorities and perspectives for the future expectations of the South-East Europe security landscape can be extracted from CIRACRESEE ATC participant feedback:

– The upcoming technological trends will mostly support the prevention and early warning of future terrorist activities in the region, giving a mostly positive nuance to the new digital progress.

– The role of third -party players will remain uncertain as regards recruitment and radicalization of new terrorist members, using different social, economic, religious and technological motivation approaches.

– Multi-stakeholder integrated security sector cooperation at both a national and international level could generate a reasonable environment for successful and resilient strategies for coping with new and upcoming hybrid phenomena.

– A common and harmonized strategic and legal framework should be established in order to produce a sustainable base for information, knowledge and experience exchange, taking into account cultural, demographic, economic and religious regional peculiarities.

Apart from these generalized outlines, it must inevitably also be noted that no single nation, culture or religion can achieve peace and security at home while ignoring the modern terrorist threats posed to others globally. Thus, the significant importance of the regional cooperation of NATO allies for the successful meeting of these new security challenges cannot be overstated.

We hope that training activities such as the CIRACRESEE ATC held in Ohrid, Republic of Macedonia, and other similar collaborative projects, will assist in the multinational effort to fight the threat of global terrorism, while at the same time establishing a knowledgeable and resilient network capacity in the field.

Prof. Zlatogor Minchev

CIRACRESEE ATC NATO Co-Director

Prof. Mitko Bogdanoski

CIRACRESEE ATC PfP Co-Director

The use of cyberspace – for good and for evil – has accelerated faster than almost anyone could have imagined. From global malware attacks to alleged Russian interference in the US presidential elections, it is a rare day that some form of cyberspace attack isn't in the news. To think that terrorist organizations haven't understood that cyberspace represents an attack vector that is particularly asymmetric. A few good hackers – either in their organizations or paid for on an outsourced basis – can do tremendous damage or provide the means for communication that are virtually immune to interception by governments. New forms of value transfer – cryptocurrencies, can enable a terrorist group to move funds between countries instantaneously and outside of traditional financial sectors. The present keynote chapter provides an overview of what has been transpiring and why the danger of terrorist misuse of cyberspace is not just possible but is virtually certain.

This paper presents the evolution of cyber defense in NATO and proposes to use this as a reference model in the development of national capabilities in South Eastern Europe (SEE), as well as establishing regional project-based cooperaiton. Similarities between the different areas of cyber defense and counter-terrorism are used to propose approach to fight terrorist activities in cyber space. Academic support for cyber defense and counter-terrorism, using Basic Environment for Simulation and Training (BEST) – Cyber is described with defining the development of a model for SEE cooperation around this environment.

The essence behind terrorism is to instill fear in citizens so they demand changes from their governments, which will be beneficial to terrorists and their aims. The highest impact of terrorist activities is obtained if they are targeting state citizens or infrastructure. The chapter notes cyberspace and terrorism interactions in three ways: (i) cyberspace can be a facilitator – used as a communication tool or recruiting tool to perform a “classical” terrorist act; (ii) cyberspace as an instrument – assuring performing the terrorist act either by providing access to targets or to conduct information warfare; (iii) cyberspace itself can be the target of the terrorist act – aiming to disrupt its operations or access to it or to pollute information or services and create users' distrust. Some state measurements for counter terrorism before, during and after their activities are further marked. Obstacles, problems and the high significance of this process are finally discussed for the state from social, legal and technical perspectives.

The chapter outlines a methodological address towards proactive analysis of emerging digital society hybrid threats and challenges of phenomena, like: cyber terrorism, criminal activities in cyber space, social engineering and other negative socio-technological tendencies. The solution is trying to generalize CIRACRESEE ATC participants' inputs, both expert and empirical, implementing future foresight morphological and system-of-systems analyses. A concluding machine results probabilistic validation is finally implemented. Some key findings, priorities and perspectives are discussed at the end of the chapter, in the context of securing South-East Europe region specifics, achieving successful countering against terrorism globally in the new digital age.

In the recent years of advanced cyber attacks over the critical information infrastructure (CII) with a high cause of damage, including physical destruction, raised the fears that cyber terrorism is an imminent threat. Moreover, many experts and officials worldwide are trying to extend the term cyber terrorism to include hacktivism and terrorists' use of the cyberspace, which is causing a lot of confusion in defining what really cyber terrorism is. On the other hand, although different countries across the globe experience a different kind of cyber attacks on everyday basis, which also includes attacks against CII, up to now there is still not an example of a cyber attack that is officially recognized as an act of cyber terrorism. This chapter gives an overview of the possibilities offered to the terrorists by the cyberspace, mainly focusing on the explanation of the terms “terrorist use of cyberspace”, “cyber attacks”, and “cyber terrorism”. It argues that the cyberspace is more extensively used for support of different terrorists' activities as propaganda, radicalisation and recruitment, networking and secret communication, planning, command and control, funding training and data mining for potential targets to attack. Furthermore, it covers the aspect of cyber terrorism, as one of the future potential threats against the national and global security.

The threat from radical Islamic extremists affiliated with terrorist organizations represents a serious challenge to the security of South East Europe (SEE). Although there are different opinions about the reality of the threat empirical evidence unequivocally confirm that individuals and groups affiliated with terrorist organizations are present in the region, work and act against its security. In the past several years, individuals and groups affiliated with radical Islamic extremists that practice terrorism have utilized their actions to the South East European cyberspace. Their malicious agenda uses technical, social, normative-legal, and the existing challenges of modern day societies. At the same time, even though all of the South East countries have developed effective counter-terrorist measures, none of these countries have address terrorists' and their affiliates' use of a cyberspace. The chapter briefly addresses the reality of the threat posed by the radical Islamic extremists affiliated with terrorists' organizations. Then it explores how this individuals and groups use/abuse cyberspace to further their agenda. Finally, it provides some recommendation that South East governments need to consider if they are about to protect their societies and Euro-Atlantic values.

Terrorism is a global and common security issue that threatens the security of individuals and states these days. The Islamic state of Iraq and the Levant (IS/ISIL) terrorist organization that emerged with the Syrian civil war and killing the innocent people with reference to Islam. Some individuals/groups who already have a fundamentalist mindset are radicalized by the influence of some environmental factors and participate in terrorist organizations like IS. In this chapter the situation of radicalism in the Balkan region will be examined by explaining terrorism, radicalism, Islam history and Salafist/Wahhabi movement. It should not be forgotten that terrorism is an act that takes place with the use of violence by the fanatics of every ideology/religion. From this, the main aim should be manage and control the radicalization process of individuals/groups.

Todays' radicalism as never before in mainkind history is globalising and getting closer and closer to our homes. With recent developments on the battlefields and the rise of Islamic State (ISIS) activities noted in the international media, terms like: jihad, infidels and foreign fighters have become an almost ubiquitous part of the media news. Among the numerous stories and testimonies, the media spotlight has many times glimpsed on the prospect of radicalization and recruitment, which also have opened additional questions and issues on preventing and neutralizing these two complex social processes. At the same time, it is nearly impossible to identify a single pathway towards terrorism, making it somewhat difficult for identification with overarching patterns of individuals susceptible to terrorists recruitment activities. With these in mind, the chapter gives a generalized outlook on the ISIS recent methods, implementing Internet and social media for new members recruitment, noting some examples and nuances, concerning their motivation and fast radicalization. Finally, the importance of properly and comprehensively understanding of ISIS for further successful countering, implementing “whole of society” approach is aslo stated.

The development of the information and communication technologies with their extensive use from the governments and governmental organisations make them nowadays state vital components. This is also establishing critical infrastructures more vulnerable to advanced cyber threats, generated from terrorist groups and organisations. Terrorist use up-to-date tools and applications to perform cyber attacks, and usually are always step ahead from the personnel responsible for defending it. Terrorists usually use tools that can't be handled and analysed manually by an operator and require significant automation so that the cyber space can be effectively defended. The implementation of artificial intelligence (AI) based antivirus programs, showed that they are a useful tool for restricting cyber attacks, stop and react before or during the cyber attack. This chapter gives a brief review of techniques based on AI that already exists, emphasising the use of neural nets, expert systems and intelligent agents. Furthermore, it gives an overview of the AI based antivirus programs and their possible use in protecting of critical infrastructure and vital governmental infrastructure against terrorirst cyber attacks.

The topic of online radicalization is ubiquitous within common discourse around terrorism and extremism. However, there is a distinct lack of empirical research which focuses on how the Internet affects this process. The prevailing wisdom among academics is that despite the large digital footprint in modern cases of terrorism and extremism, the Internet is a facilitator, rather than a driver, of radicalization. After outlining the literature in the field, this research offers five reasons why a healthy degree of skepticism may be prudent, and then offers a case study analysis of three actors who have been radicalized in recent years to discern the role the Internet played and how important it was compared to other factors. It finds that two of the case studies largely conform to the prevailing wisdom, while one offers good evidence that the Internet can, under certain circumstances, play a potentially driving role.

Internet technologies have become continuously more advanced, and so do the ways in which terrorists utilise them for their illicit and illegal activities funding support. The chapter notes the importance of controlling and protecting the international financial system, having a key role for the economics of global terrorism, providing an overview of different terrorist funding schemes in cyber space. Apart of this, due to the ICT financial services and tools fast development a vast field of possible criminal activities for terrorist funding are also discussed. Further, possible financial threats and attack vectors with human-in-the loop active role towards critical infrastructure of the financial sector are outlined. The role of public-private partnership for sustainable countering of terrorism funding is finally given, noting the cooperation importance between the private sector and law enforcement for early detection of suspicious financial activities.

The convergence of terrorism and cyberspace has tremendously changed the threat landscape in a way that reached an unmanageable complexity. Understanding new risks posed by cybererrorism constitutes a main concern for both national authorities and research communities. This chapter provides insights on the use of modeling and simulation to support decision-makers in understanding cyber risk scenarios at both operational and strategic layers. The overall objective is to stimulate a multidisciplinary research that bridges practice and theory by accounting for different perspectives and combination of quantitative tools to face the challenge of (cyber-) terrorism.

Financial and anti-money laundering tools help nowadays to expose the infrastructure of criminal organizations, the web of corruption, or a conspiracy to commit terrorist acts. They also provide authorities with a roadmap to the ones who facilitate the criminal/illicit activities and lead to the recovery and forfeiture of unlawfully-acquired assets. At the same time those solutions are supporting a broad deterrence against a wide range of activities including the terrorism funding. The chapter focuses on the “Segregation of Duties” and “Know your Customer” techniques as risk-based counter measures against terrorism, providing a comprehensive anti-money laundering approach. Finally, some concluding remarks concerning recipient's identities digital verification necessities and international community information sharing of transaction and registration data are also given in the context of successful countering the global terrorism funding.