Today, the head of the intelligence monitoring service GCHQ – Jeremy Fleming – revealed that the threats posed by cyber attacks are considered just as seriously as the threats posed by terrorism.
But the rise of cyber attacks has led to a more diverse and politically motivated threat; cyber terrorism. In cases of cyber terrorism, hackers exploit vulnerabilities for politically-driven motives; to manipulate an election, for example.
To learn more about this growing threat of cyber terrorism, Information Age interviewed Laura S.D. Hawkes – an intelligence associate for AnotherDay, a security and risk consultancy firm that utilises the latest social media analytics and intelligence platforms to provide its clients with the most granular and useful threat information.
>See also: Encryption isn’t the enemy in the war against cyber-terrorism
‘We are, at times, the neglected part of cyber as we link it to the physical. This can include background checks, intelligence etc, which sits outside of buying software packages, and we work closely with insurance broker, AJ Gallagher, who are industry leaders in the areas of terrorism and cyber, to help lower our client’s premiums. We don’t only focus on preventative security, but we provide the necessary crisis management tools hold our client’s hand during such a time.’
Hawkes predominantly focuses on terrorism and organised criminal activity both online and offline, and in this exclusive focuses on the rise of cyber terrorism, with examples and what can be done to mitigate this emerging threat.
What is cyber terrorism, and can you explain its rise?
Cyber terrorism is broadly defined as any act of internet terrorism. More specifically this includes deliberate disruptions and/or large-scale attacks on computer networks using viruses, or physical attacks utilising malware, to attack individuals, businesses, and governments.
>See also: Cyber security threat is just as serious as terrorism – GCHQ
Cyber terrorism is routinely confused or used interchangeably with cyber criminality. The main differentiator being the former is politically motivated, while the latter purely aims at financial gain or hackers bragging rights. Much the same as in the physical world, the modus operandi adopted by terrorist groups in cyber space constantly evolves to successfully evade security forces and intel agencies.
3) Can you provide examples of attacks?
‘Telephone terrorism’ – Between 11 to 14 Sep, hundreds of hoax bomb threats by anonymous telephone callers were made against major public buildings across Russia. The perpetrators conducted hoax calls in over 30 cities, leading to the evacuation of schools, hotels, hospitals, airports, train stations, universities, and shopping malls. The Kremlin called the threats ‘telephone terrorism’. No explosive devices have been found to date, making it clear the motive was to spread fear and disruption.
Qatar news hack – For a very recent example of state-sponsored cyber terrorism look to the hostile situation between Qatar and its neighbours. It’s not merely a case of hyper offensive realism or power diplomacy, but the opposing sides are routinely attacking each other through the Net.
>See also: Understanding the motives behind cyber attacks can help prevent them
One recent example of that is, hacking into the Qatari government media sites/ministries to put out false news and attempts to take rival sides website down. It’s a new form of politically motivated information war.
4) What are the most effective ways of countering cyber terrorism?
This largely depends on who you are as an individual or as a company. For example, threats to a high-net worth individual in New York are far different than those to a bank in Hong Kong. It is our understanding of the nuances between these intricate differences that help us formulate our risk mitigation and defence strategies.
You could say it’s a government-sponsored myth that encryption is the only barrier to successfully combating online-terrorism. For our business clients one part of our cyber risk management is our partnership with online security experts, Appsecco, who conduct penetration testing and code checking of existing platforms.
Meanwhile, it is also possible for at risk industries to combat insider and/or fixated threats by rolling out a radicalisation programme, such as logging incidents to stop tensions escalating.
>See also: The Trojan horse: 2017 cyber security trends
Today, Jeremy Fleming, the director of the UK government’s intel agency known as ‘GCHQ’, claimed protecting the nation against cyber attacks is just as important as fighting terrorism. Although this is problematic as government intel agencies face a conflict of interest between public-safety responsibility and secret operations. As such, cyber security should be taken away from spies and concentrated into the hands of the impartial private sector.
5) How will cyber terrorism develop over the next 3-5 years?
Security was an afterthought in the creation of the computers, and so both governments and the private sphere are only recently acknowledging the potential harm inherent in the Internet.
Traditional organised criminals and associated networks are expected to continue exploiting the hidden corners of the internet, such as the Darknet, or the normal internet to target victims.
Simultaneously, there will likely be a significant growth in the threats posed by cyber terrorism, particularly as businesses and governments have yet to provide a comprehensive framework for mitigating attacks. At the same time, policy makers and legal eagles will scramble to introduce laws prohibiting online terrorist acts and forcing companies to comply with certain security protocols.
>See also: Cyber attack could cost the world’s economy £92BN – Lloyds
Places where our physical and virtual worlds converge will be potential cyber terrorist attack zones. As such the Internet of Things is providing the perfect attack vectors for cyber terrorists, where civilian and government infrastructure is increasingly computerised. These include, anything from smart-devices, such as lights and ovens, to large-scale targets, i.e. energy infrastructure, air traffic control systems and government databases. These may not only serve to spread fear and destruction but can result in the acquisition of top-secret information.
When thinking of the future concept of a ‘smart city’ (integrating information and communication technology [ICT] and the Internet of things [IoT] to manage a city’s assets), if this was hacked by a cyber terrorist the damage would of a magnitude never witnessed before. As armies could be hacked and exploited, which cyber terrorists are acutely aware of.