Cyberterrorism is a planned violent cyber attack against information systems, programs and data, which is aimed at achieving the political or ideological motives of criminals.
The US FBI describes cyberterrorism as any cyberattack designed to intimidate or physically harm a victim. Attackers often achieve this by destroying or damaging the target's critical infrastructure.
However, the information security community interprets cyberterrorism as attacks aimed at achieving the political goals of criminals. Even in the absence of physical danger or major financial loss, the primary goal of cyberterrorism is to disrupt systems or cause harm to targets in any way.
According to the Center for Strategic and International Studies (CSIS), major attacks are aimed at government agencies, defense and high-tech companies, as well as financial crimes with damages of more than $1 million.
Types of cyberterrorism
Advanced Persistent Threat (APT) accesses the network using sophisticated penetration techniques. Once online, cyberterrorists try to steal data without being detected. APT attacks often target organizations with valuable information, including those in national defense, manufacturing, and the financial sector.
Malware, worms and viruses are used to attack military systems, transportation and electrical networks, and critical infrastructure.
A denial of service (DoS) attack is an attack aimed at shutting down a machine or network, making it inaccessible to users. In DoS attacks, the target is flooded with traffic or receives information that causes it to malfunction. A DoS attack blocks authorized users from accessing certain computer systems and devices.
Hacking involves gaining unauthorized access to collect sensitive data from organizations, governments, and businesses.
Ransomware encrypts all victim data and systems until the victim pays the required ransom. In addition, some ransomware attacks lead to data exfiltration.
Phishing is an attempt to obtain sensitive information (such as logins, passwords, or credit card information) by spoofing emails from a trusted source.
Spoofing is a cyberattack in which a scammer poses as a trusted source in order to gain access to sensitive data or information. The main purpose of spoofing is to gain access to personal information, steal money, bypass network access controls, and distribute malware.
Examples of cyberterrorism
Computer servers, devices and networks accessible via the Internet are often used in cyberterrorist activities. The targets are secure government networks.
Examples of cyberterrorism include:
Major website glitch. The goal of criminals is to disrupt the work of a large number of people or block access to websites with information that hackers consider unwanted.
Unauthorized access. Attackers are trying to disrupt communications that regulate military technology or other vital equipment.
Cyber espionage. Governments around the world often conduct or support cyber espionage. Usually states spy on rival countries and get information about the enemy's military plans.
Disruption of critical infrastructure. Cybercriminals are trying to damage the city, disrupt the health care system, endanger public safety or provoke panic. Targets can be refineries, pipelines, or water treatment plants.
The most famous cyberterrorist acts
The Center for Strategic and International Studies (CSIS) has compiled a list of the most significant cyber attacks since 2006. Some of them are acts of cyberterrorism:
On July 15, 2022, 4 groups of Iranian government hackers carried out a devastating attack on the state online services and government websites of Albania, taking them out of action. Following this cyberattack, Albania severed diplomatic relations with Iran.
On September 10, 2022, as a result of a cyber attack, the work of the Albanian police was significantly slowed down. Officials were forced to draw up all the documentation manually. The verification of arrivals at the border for police officers who have lost access to the database of wanted persons has also become more complicated.
Northwest Polytechnic University in China was the target of multiple cyberattacks in September, for which China blamed the US NSA. Authorities allege that the NSA hacked into digital communications networks and stole user data.
Defense against cyber terrorism
Until recently, state institutions were the main targets of cyberterrorism. Now the situation has changed and now the goal is business. Therefore, companies and other organizations must ensure that every IoT device is secure and inaccessible through open networks.
Organizations need to:
regularly back up systems;
conduct continuous monitoring of networks;
use anti-virus software and protection tools;
implement two-factor or multi-factor authentication;
restrict access to confidential and important data.
To improve cybersecurity in the United States, the National Cyber Security Alliance was created to increase citizens' awareness of cybersecurity. He suggests training employees on security procedures as well as how to detect malware and cyberattacks.
Types of hackers
White Hat Hacker
These are experienced highly skilled hackers with knowledge in the field of cybersecurity. White hat hackers work for governments or organizations and are legally allowed to break into systems. They use vulnerabilities in the system to hack it and assess the level of cybersecurity of the organization.
The task of white hat hackers is to detect weaknesses in the system and strengthen them in order to repel external threats. White hat hackers adhere to guidelines set by the government.
Black Hat Hacker
These are experienced computer specialists and important participants in cyberterrorism. Black hat hackers always have criminal motives - they break into systems to steal sensitive data or damage the system. They use various hacking methods, depending on their level of skill and knowledge.
Typically, they sell stolen resources on the dark web, use them for personal gain, or extort money from the victim to get their data back.
Gray Hat Hacker
This is a hacker or information security specialist who can sometimes break the law, but does not have the malicious intent typical of a black hat hacker. Such hackers may have both criminal and ethical intentions. In this case, the hacker is classified as a Gray Hacker if the motive is self-interest.
Green Hat Hacker
These are novice hackers. Their goal is to work hard and gain the necessary skills to become proficient hackers.
Red Hat Hacker
These hackers are like white hat hackers. Their goal is to prevent the attack of black hackers. Red hackers don't defend, they fight back. Red hat hackers launch full-blown attacks against cybercriminals using a range of aggressive methods.
Blue Hat Hacker
They use hacking as a tool to gain the trust of other hackers. These are amateur hackers who are not interested in learning the features of hacking. Blue hat hackers are dangerous actors in cyberterrorism, not because they are good at hacking, but because they have malicious goals.
Yellow Hat Hacker
They focus on hacking social media accounts using various tools. Because of their malicious goals, this type of hacker is comparable to a black hat hacker. Often the yellow hat hacker is also referred to as the purple hat hacker.
Purple Hat Hacker
The purple hat hacker is testing his own computers to test his cybersecurity and hacking skills.
These hackers aim to break into official websites. In doing so, they pose as activists, hence the name "hacktivists". A hacktivist is a person or group of anonymous hackers seeking to gain access to government networks and websites. Data obtained from available government documents is used for social or political benefit on an individual basis.
Is hacktivism a crime?
The methods that hacktivists use are illegal and constitute a kind of cybercrime. But law enforcement agencies rarely pay attention to such crimes, so they often go unpunished. Damage resulting from a hack is usually small, and it can be difficult for law enforcement to pinpoint hackers.
Causes of cyberterrorism
Cyberattacks can have a variety of motives, but most of them are financial in nature. However, as practice shows, hackers are becoming more politically motivated.
What is the difference between cyber warfare and cyber terrorism?
Cyber warfare is a form of information warfare and is limited to the Internet. Cyber warfare and information warfare have specific goals in the conflict, and cyber terrorism is massive and harms anyone who falls into the attackers' zone of influence.
How cyber attacks affect society
Power shortages, equipment failure, and the disclosure of sensitive national security information can all be caused by cyberattacks. They can lead to the theft of sensitive and personal information, as well as disable IT systems, telephone, computer networks and block access to data.
The most common types of cybercrime
Phishing and related scams were the most common cybercrimes reported to the U.S. Internet Crime Complaint Center (IC3) in 2021, affecting approximately 324,000 people. In addition, IC3 received reports of approximately 52,000 personal data breaches in the same year.
How cyberterrorism can affect physical infrastructure
Attackers seek to damage or disrupt critical infrastructure that provides essential services, especially those related to government and finance.
By disrupting the IT systems that manage physical processes, cybercriminals can damage the physical infrastructure without even having physical access to the attack target. Such attacks harm private businesses and endanger national security. To effectively protect systems, it is essential that government and the business sector work together.
Do not link terrorism in the digital world with terrorism in the real world. It would be more correct to consider cyberterrorism as an operational strategy aimed at achieving a certain psychological result. Despite the amount of information and policy in the field of cyberterrorism, this activity is "at the start" and is just beginning to expand.