The Far View Group
Cyberterrorism Fact Sheet
The National Plan for Information Systems Protection, dubbed Version 1.0, asks Congress to set aside $2.03 billion in the fiscal year 2001 budget for various measures, including a detection network and a scholarship program, with $621 million going for increased research and development efforts.
"It's creating another new database of personal information that is labeled suspicious and potentially terrorist in nature," says Jim Dempsey, a spokesman for the Center for Democracy and Technology.
Networked computers expand their control over the nation’s energy, power, water, finance, communications, and emergency systems, the possibility of electronic attack and catastrophic terrorism becomes increasingly possible.
Hacking attempts on government computers are not rare. The General Accounting Office recently reported an alarming 250,000 attempted attacks last year on military computers, which cost millions of dollars to track and repair. At least two-thirds of the attacks were successful in some way, the GAO report said. It expects those numbers to double each year.
People can now download ready-made hacking programs off the Internet. "It is no longer the case that you have to be an expert to engage in a cyberattack. All you have to do is type in your target and click a button," said Vatis.
Some 118 million people around the world already possess the skills to conduct cyberattacks, according to International Data Corp.
The Internet may be fast emerging as a public network vital to the flow of commerce. But it also depends on the rest of the critical public infrastructure - the national power grid, the telephone switching system - to operate at all. These systems are vulnerable to a dizzying variety of attackers.
Conversely, the best computer security cannot stop a disgruntled former employee with a password - or a key to the basement. These types of inside attacks are by far the most common among US companies.
The FBI defines terrorism as the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Cyberterrorism is the convergence of terrorism and cyberspace
An example of cyber-terrorism could be hacking into a hospital computer system and changing someone's medicine prescription to a lethal dosage as an act of revenge.
Most security experts feel that military installations, power plants, air traffic control centers, banks and telecommunication networks themselves are the most likely targets. Other targets include police, medical, fire and rescue systems, which could be hurt, along with Wall Street, water systems, etc.
A survey conducted by the Science Applications International Corp. in 1996 found that 40 major corporations reported losing over $800 million to computer break-ins. An FBI survey of 428 government, corporate and university sites found that over 40% reported having been broken into at least once in the last year. One third said that they had been broken into over the Internet. Another survey found that the Pentagon's systems that contain sensitive, but unclassified information, had been accessed via networks illegally 250,000 times and only 150 of the intrusions were detected. The FBI estimates that U.S. businesses loose $138 million every year to hackers. According to the CIA in the past three years government systems have been illegally entered 250,000.
Palm VII Banned From Lab as
Security Threat
BY BRIAN ANDERSON
Valley Times
Thursday,
April 20, 2000
. "Another may be well-planned cyber-attack on the air traffic control system on the East Coast of the United States as some 200 commercial aircraft are trying to land safely in a morning's rain and fog."
Many of the attacks are serious and costly. The recent ILOVEYOU virus and variants, for example, was estimated to have hit tens of millions of users and cost billions of dollars in damage. The February denial-of-service attacks against Yahoo, CNN, eBay, and other e-commerce Web sites was estimated to have caused over a billion in losses. It also shook the confidence of business and individuals in e-commerce according to Dorothy E. Denning professor of Computer Science at Georgetown University.
Case 1:
Cyber-terrorists often commit acts of terrorism simply for personal gain. Such a group, known as the Chaos Computer Club, was discovered in 1997. They had created an Active X Control for the Internet that can trick the Quicken accounting program into removing money from a user's bank account. This could easily be used to steal money from users all over the world that have the Quicken software installed on their computer. This type of file is only one of thousands of types of viruses that can do everything from simply annoy users, to disable large networks, which can have disastrous, even life and death, results.
Case 2:
Cyber-terrorist are many times interested in gaining publicity in any possible way. For example, information warfare techniques like Trojan horse viruses and network worms are often used to not only do damage to computing resources, but also as a way for the designer of the viruses to "show off." This is a serious ethical issue because many people are affected by these cases. For one, the viruses can consume system resources until networks become useless, costing companies lots of time and money. Also, depending on the type of work done on the affected computers, the damage to the beneficiaries of that work could be lethal. Even if the person never meant to harm someone with their virus, it could have unpredictable effects that could have terrible results.
Case 3:
In one of its more unusual forms, cyber-terrorism can be used for an assassination. In one case, a mob boss was shot but survived the shooting. That night while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was dead a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the "accident". There are many ethical issues involved in a case like this. Most obviously, a man was killed by the hackers' actions. Also, the life of the nurse was probably ruined, along with the reputation of the hospital and all its employees. Thus, there are often more stakeholders in a terrorist situation that the immediate recipient of the terrorism.
Case 4:
Terrorism can also come in the form of disinformation. Terrorists can many times say what they please without fear of reprisal from authorities or of accountability for what they say. In a recent incident, the rumor that a group of people were stealing people's kidneys for sale was spread via the Internet. The rumor panicked thousands of people. This is an ethical issue similar to screaming 'Fire' in a crowded theater. In case like this, the number of people affected is unlimited. Thousands of people were scared by this and could have suffered emotionally.
Case 5:
Minor attacks come in the form of "data diddling", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords. Hackers may even prevent users who should have access from gaining access to the machine. Ethical issues in this case include things like invasion of privacy and ownership conflicts. It could be even more serious if, for instance, the person who needed access to the machine was trying to save someone's life in a hospital and couldn't access the machine. The patient could die waiting for help because the computer wouldn't allow the necessary access for the doctor to save his or her life.
 |
|
|
 |
 |
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|
|
 |
|