|
Items in cart [0] |
Questions? Call 888-624-8373 |
| Copyright © 2009. National Academy of Sciences. All rights reserved. Terms of Use and Privacy Statement |
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 181
CYBERTERRORISM
OCR for page 182
OCR for page 183
Computer Terrorism and
Internet Security Issues
Valery A. Vasenin and Aleksei V. Galatenko ~
Center for Telecommunications and Internet Technologies
M. V. Lomonosov Moscow State University
INTRODUCTION
The word "terrorism" is derived from the Latin word terror (i.e., fear or
horror). It is not a new phenomenon, but for individual countries and the world
community the scale and significance of the acts now classified as terrorism
have increased considerably in recent years. This fact gives special meaning to
the study of the roots (causes) of this phenomenon, as well as of the technologies
by which it is carried out and the methods used to do so. Also of urgent impor-
tance is the task of creating mechanisms and building tools to effectively counter
this type of act.
Terrorism can be defined as the aggregate of illegal acts involving persecu-
tion, threats of violence, murder, distortion of objective information, and a num-
ber of other acts that facilitate the sowing of fear and tension in society for the
purpose of gaining advantages (influence) in connection with the resolution of
political, economic, or social issues.
The methodology, strategy, means of implementation, and mechanisms used
by criminals to commit terrorist acts vary. Some of them are more traditional and
involve the use of weapons (knives or firearms), radio, and television; others are
high-tech and utilize the latest advances in science and technology. Without
going into the use of various mechanisms, means, and methods including com-
puters to carry out terrorist acts, let us examine those that actively affect com-
puter systems and networks.
* Translated from the Russian by Rita Kit.
183
OCR for page 184
184
HIGH-IMPACT TERRORISM
Two factors have helped to create a new communications and information
environment that is potentially suitable for the commission of terrorist acts. The
first is the development of computer networks (especially those using packet
communications technology) and information systems, ranging from the agency
and corporation level to the national and even transnational level. The second
involves the processes of globalization, integration, and convergence that objec-
tively accompanied that evolution in the late twentieth century.
What are the distinctive characteristics of this new communications and infor-
mation environment? What possible areas could criminals exploit, and what are
the potential damages? Let us consider some individual objectives and focuses.
1. Destruction of the infrastructure of a network at the corporate, national,
or transnational level by disabling its control system or individual subsystems-
if a network supports tasks of a strategic nature, the threat of such destruction
could be used as blackmail, and the destruction itself could open the door to
criminal acts involving information on the network (disruption of the confidenti-
ality and noncontradictory nature of the information, not to mention its possible
destruction or restriction of access to the information);
2. Unauthorized (illegal) access to network information that is protected by
law and is confidential in nature or highly secret, for purposes of blackmail; and
3. Intentional distortion of information in Internet-based mass media for
purposes of discrediting, inadequately reflecting reality, and so forth.
Criminals might use the following potential strategies of action to achieve
the aforementioned objectives separately or in various combinations: the physi-
cal seizure of a network control center, penetration of it by accessing control
systems, the traditional use of computer software inserts and viruses by mali-
cious individuals, the usurpation of superuser rights, et cetera.
The material damages from malicious individuals' actions in each of these
cases may involve the cost of restoring network control or repairing damage
stemming from destructive acts during the violation, or damages involving pos-
sible losses from unauthorized use of information that is highly secret or from
distortion of information. Moreover, distortion of information in one form or
another is demoralizing to the owner of the network infrastructure as well as to
the owner of the distorted information resources that it supports.
The Internet's present capabilities do not allow the total prevention of its
use for terrorist purposes in the areas described above. The reasons are not only
and not even largely technological in nature (i.e., involving the TCP/IP stack
based on IF v. 4 [20-30 years have passed since its inception in 1973-1983,
whereas the life span of network infrastructure is 15-20 years]), but instead are
issues of a legislative and administrative nature.)
Given these factors, it is essential to make efforts in all areas (and at all
OCR for page 185
CYBERTERRORISM
levels) and accordingly take measures and create mechan
solve problems on each of the aforementioned levels.
185
.
isms that can be used to
THE INTERNET, ILLEGAL ACTS, AND TERRORISM
The development of the Internet as a transnational network infrastructure
has given rise to a number of very complex problems. In the early 1970s, when
the Internet's protocol base was taking shape, it was hard to imagine that eventu-
ally this "Network of Networks" would extend across more than 170 countries
around the world and link approximately 100 million computers, all the while
continuing to expand rapidly.2 Many of today's needs were not envisioned in
the traditional stack of Internet protocols. For these reasons today's agenda con-
tains urgent issues relating to the exhaustion of available addresses, address
mobility, and the ability of routers to prevent congestion in trunk channels and
also provide the necessary speed of network packet processing. There are also
problems with transmission quality for multimedia systems and with the security
of information resources. The reason for these problems is that in the early
1980s, when the stack of Internet protocols became the network's technical foun-
dation, it was hard to predict the future of the newly emerged network or envi-
sion its impact on every aspect of society. For these reasons, the implementation
of mechanisms to provide information security and to protect data and network
infrastructure were not that urgent. Today, concerns about information protec-
tion are not academic on the Internet, which is home to an enormous quantity of
information, including information that is confidential or secret and protected by
law. Access to it is a violation of the rights of an individual, organization, or
agency. Nowadays we are increasingly seeing how network technologies are
being used for criminal purposes, including terrorism.
Let us illustrate this point with a number of examples. Last year, a large
number of computers around the world were infected by the "I Love You" virus
(http://www.isec.ru.news). According to Federal Bureau of Investigation (FBI)
estimates, total damages were in the range of $10 billion.
A program developer for Japan' s naval headquarters turned out to be a mem-
ber of the religious sect Aum Shinrikyo, which is known for acts of terrorism. The
programs are now being audited. According to documents discovered during a
search of the sect's headquarters, Aum Shinrikyo members could control many
computers within the military establishment (www.provoslavie.ru.news/04-17/
09.htm).
According to Reuters reports, in February 1999 a hacker group seized con-
trol of a British communications satellite (http://inroad.kiev.ua/prob/terror.htm).
Another group of hackers called the "Legion of the Underground" has declared
cyberwar on China and Iraq (http://inroad.kievualprob/terror.htm). Their reason is
the execution of two Chinese hackers accused of financial fraud and Iraq' s manu-
OCR for page 186
186
HIGH-IMPACT TERRORISM
factoring of weapons of mass destruction. The group has declared that it intends
to wage war until the enemy' s computing resources are completely destroyed.
According to FBI reports, attempts have even been made to use computer
networks to physically eliminate individuals. One criminal attempted to get rid
of a witness who had consented to testify against him in court. The offender
gained access to a hospital's computer network and changed the dosage of a
medication to a lethal level (http://www.isec.ru.news).
Unfortunately, this list represents only a small selection from the many ex-
amples that illustrate the potential threat from illegal terrorist acts utilizing mod-
ern network technologies.
THE RUSSIAN SEGMENT OF THE INTERNET
Before we proceed to outline our views on ways of preventing or interdict-
ing use of the Internet for terrorist purposes, let us say a few words about the
current state of the Russian segment of the Internet, its place within the Internet
as a whole, and potential opportunities for its use for purposes of terrorism.
According to a study on the Russian segment of the Internet conducted by
the M. V. Lomonosov Moscow State University's Center for Telecommunica-
tions and Internet Technologies, the primary (integral) characteristics of its sta-
tus as of mid-2001 include the following:
· The total number of hosts is approximately 400,000, of which the com-
mercial sector accounts for 70% and scientific and educational institutions 30
percent.
· The Russian segment of the Internet is served by more than 250 Internet
service providers (ISPs).
· Growth of channel capacity on the global Internet since 1996 has been
exponential.
· The rates and trends of development of trunk carrying capacity in Russia
are in line with those in other parts of the world.
Thus, it may be said that the Russian segment of the Internet has already
completed its formative stage. The Russian Internet has all the attributes of anal-
ogous national segments abroad necessary for self-development, primary among
them being a fairly large number of hosts; the existence of a national trunk
infrastructure based on IP-exchanges in Moscow, St. Petersburg, and other re-
gions that is comparable in size to average European external capacity into the
global Internet; and a balance between incoming and outgoing traffic as the first
sign of good information content, including content not in the Russian language.
Mechanisms of regulation (in particular self-regulation) that are common
practice on the Internet worldwide have begun to be implemented within the
Russian Internet, though not to a sufficient extent.
OCR for page 187
CYBERTERRORISM
187
Thus, the Russian Internet has become a factor that actively affects all as-
pects of the country's economy, extending not only to the high-tech sectors,
education and industry, but also to business, medicine, the media, leisure, and a
number of other areas. This Internet's position in Russia makes it a potential
arena for the commission of illegal acts, including acts of terrorism.
Potential targets of such acts with major consequences could be facilities of
strategic importance in the country's defense system, as well as economic com-
plexes at the national scale, for example, transportation systems or electric pow-
er grids. The facts indicate that the number of illegal acts directed against facili-
ties inside Russia and from Russia against facilities outside its borders is
increasing in proportion to the growth and development of the Russian segment
of the Internet. An example of such an act could be actions by pro-Chechen
individuals intending to distort information on the Internet regarding the antiter-
rorist operation in Chechnya.
GENERAL FORMULATION OF THE PROBLEM
AND POSSIBLE SOLUTIONS
Accepting the potential objectives outlined above and the methods of terror-
ist acts using modern network technologies, one could view the following con-
siderations as a foundation upon which to build general approaches to formulat-
ing goals for preventing, interdicting in a timely manner, or eliminating the
effects of such actions.
· Actions that pursue (i.e., are aimed at achieving) goals 1 and 2 outlined
above, focusing on destruction of the network infrastructure and unauthorized
access to confidential information with a high level of classification, are mali-
cious acts that are traditionally viewed through violator models and attack mod-
els. These models are an essential prerequisite for the development of a system
(program of action) for any organization, company, or corporation that is build-
ing (developing) an information security policy in networks under its control.
· Actions that pursue objective 3 "the possibility of intentional distortion
of information in Internet-based mass media"—can be divided into two categories:
1. Those stemming from the unauthorized and illegal use of rights to the use
of an information resource; and
2. Those resulting from the creation of an alternative information source on
general-access networks.
The methodology for preventing and responding effectively to actions in the
first category boils down to the traditional means of maintaining information
security in networks and is supported by measures at all levels of implementa-
tion. The methodology for preventing actions that fall in the second category is
OCR for page 188
188
HIGH-IMPACT TERRORISM
less traditional and relies mainly on the legislative and administrative level of
information security. However, in terms of countermeasures it also correlates
with the assessment (evaluation) of the quality and functionality of resources
presented on the Internet. This is a separate and complex issue for which no
effective solution as yet exists anywhere in the world.
To sum up the above, one may conclude that the difference between ap-
proaches to prevention of and response to actions of a terrorist nature and other
illegal and unauthorized actions on the Internet rests largely in the higher level of
demands and losses from this type of malicious action.
Let us term actions intended to prevent and effectively interdict terrorist acts
using network technologies "ATIS," for antiterrorist information security, in or-
der to differentiate it from traditional IS (information security) in a network,
whenever the need for such differentiation arises.
Note that here and subsequently, we are referring to problems of informa-
tion security (in antiterrorist terms as well) in a narrow sense (i.e., only as it
applies to network infrastructure [the network transmission medium, technolo-
gies, informational and computational resources, et ceteraj). Hence the general
definition of ATIS and the goal of acting to prevent and effectively respond to
terrorist acts in the network environment and/or through use of information tech-
nologies may be formulated as follows: ATIS is the aggregate of mechanisms,
tools, methods, measures, and activities that make it possible to prevent; detect;
and, in the event of detection, effectively respond to actions intended to
.
Destroy network infrastructure by disabling control systems;
· Gain unauthorized access to information protected by law and confiden-
tial or highly classified in nature; and
networks.
· Create intentional distortion of information presented in general-access
The preceding definition reflects the current state of problems in the area of
ATIS. It does not claim nor can it claim to be universal, all-encompassing, or
complete in its description of possible objectives, areas of malicious action, et
cetera. These are defined by the status of development of computer, communica-
tions, information technologies, and hosting services, which are developing very
dynamically.
Note that the fundamental conceptual difference between this definition and
the traditional definition of IS rests on the lack of references to reasons (pre-
mises) of nonmalicious (unintentional) actions not necessarily caused (or taken)
by a human being. Those actions, including natural phenomena, should definite-
ly be taken into account when dealing with IS issues.
This definition indicates that at its root, the stated goal of providing ATIS
boils down, in methodological terms, to the similar stated goal of providing IS in
OCR for page 189
CYBERTERRORISM
189
the network infrastructure, in which normally the following types of threats are
identified:
.
A threat to confidential information (protection from unauthorized view-
ing);
· A threat to the integrity of information (the timeliness and non-contradic-
tory nature of information, as well as protection against destruction and unautho-
rized changes); and
.
A threat to information access (the ability to obtain information within an
acceptable amount of time).
The main components of efforts to ensure information security are as follows:
1. Actions to eliminate opportunities to carry out an attack, and thereby
prevent damage; and
2. Measures to reduce possible damage by
· Reducing the amount of information and resources accessible to a mali-
cious individual in the event of an attack, and restoration of systems following
an attack;
· Ensuring early detection of any attack on a system; and
· Implementing measures capable of detecting the perpetrator following
an attack.
The order of the areas of effort listed above reflects their urgency in terms of
protecting users' interests and reducing damages from perpetrators' actions.
The multifaceted nature of this goal of ensuring information security, in-
cluding antiterrorist information security, defines several areas (or levels), with
coordinated actions in each of them capable of supporting a comprehensive solu-
tion. These include the legislative, administrative, operational, and programming
and hardware levels.4
LEGISLATIVE, ADMINISTRATIVE, AND OPERATIONAL LEVELS
The legislative level is fundamental to the creation of a well-designed sys-
tem of measures to ensure IS at all the other levels, because it determines the
following:
.
Measures of direct legislative action that allow the categorization of vio-
lations and violators and also create a negative attitude in society toward IS
violators; and
· Measures aimed at coordinating and facilitating better education in the
field of IS, and developing and disseminating methods of ensuring IS.
OCR for page 190
190
HIGH-IMPACT TERRORISM
With regard to Russia, among the measures taken in our country in the first
category are Chapter 28, "Crimes in the Area of Computer Information," found
in Section IX of the latest edition of the Russian Federation Criminal Code, as
well as the law "On Information, Provision of Information Services, and Protec-
tion of Information" and a number of other laws that are currently under devel-
opment ("On the Right to Information," "On Commercial Secrecy," "On Person-
al Data," and "On Electronic Digital Signatures".
The second group of legislative and regulatory acts includes documents that
regulate licensing and certification in the realm of IS (issued by the FAPSI
[Federal Government Communication and Information Agency] and the Russian
Federation Presidential State Committee on Technology) and ministry and agen-
cy regulations (guidelines from the State Committee on Technology regarding
protection classes for computer hardware and automated systems, regarding in-
ternetwork firewalls, et cetera).
However, it should be noted that thus far, only the initial steps have been
taken toward bringing this level into compliance with the requirements of to-
day's Internet and its role in society and the state. We have repeatedly discussed
these issues at Moscow State University roundtables devoted to information se-
curity issues. One such standing roundtable discussion group was established at
the initiative of M.V. Lomonosov Moscow State University with support from
the Russian Security Council. It has been active for more than a year now, with
participation in its sessions by scientists, technical specialists from various sci-
entific fields, and of course representatives of the humanities.
We will not go into this in greater detail. Some issues of legislative sup-
port for information security have been discussed previously. We would sim-
ply like to focus attention once again on the importance of coordinating these
measures with international practices and on the need to bring Russian stan-
dards and certification regulations into line with the international level of in-
formation technologies. The former stems from the necessity of introducing
means of IS in order to interact with partners from abroad. The latter is dictat-
ed by the de facto dominance of foreign-made hardware and programs in Rus-
sian network infrastructure.
At this point in time, it must be acknowledged that not only have issues of
international legal regulation not been resolved, they are not even under consid-
eration. This is true not only in terms of preventing use of the Internet for terror-
ist purposes, but also with regard to broader issues of traditional illegal activities
with a direct bearing on ATIS. We find that the international legal aspects of the
Internet are lagging behind its infrastructure and technical capacities.
Security policy is a system of measures taken by the management of an
organization or network at the administrative level. This system of measures
represents the aggregate of administrative decisions aimed at protecting both
information and the network infrastructure that supports it. Security policy de-
OCR for page 191
CYBERTERRORISM
191
fines an organization's strategy in this area and is based on an analysis of risks,
which are systematized and acknowledged as real for the information system of
the organization (or network).
Implementation of a security policy may be divided into two groups, name-
ly, upper- and lower-level measures. The upper level includes risk management,
coordination of efforts, strategic planning, and monitoring of the implementation
of information security measures. The lower level is where monitoring of specif-
. . .
arc security services occurs.
The administrative level, or the level at which security policy is developed
and monitored, is very important. Coordination of efforts on that level makes it
possible to unify approaches and actions by specific implementers to prevent,
detect, and interdict in a timely manner violations of IS in general and ATIS in
particular and to reduce (minimize) damage from them. As demonstrated by the
example of the Aum Shinrikyo programmer cited previously, methods of protec-
tion must be tested. There is virtually no one to "watch the watchers," and if a
watcher allows terrorists into a facility, the security system is useless. A code
audit and certification of the entire complex of measures at the operations level
by reliable organizations proves to be very important.
Based on my own experience as a network service provider in the Russian
segment of the Internet, I would like to direct your attention to a number of
issues that are inherent to this level. Unfortunately, despite the existing (although
overly general) standards for the purpose of developing security policy, in prac-
tice a majority of organizations that have fairly large IF networks do not adhere
to those standards. Furthermore, the legislative level does not contain materials
that would stimulate activity at the appropriate administrative level (by making
this work mandatory). There is a lack of model standards in this area for various
organizations (networks) that would take into consideration the specific nature
of the goals to be achieved. For instance, in scientific and educational networks
the priority is usually to ensure access to information, while ensuring its integrity
and confidentiality is a goal at the second level of diagnostics. There is a differ-
ent correlation of priorities regarding protection against information security
threats in commercial structures' networks, and even more so in the networks of
law enforcement-related government institutions.
It is essential that at least model standards be developed for the networks of
such organizations.
The operational level is one of the most important in terms of implementing
a general security policy in Internet networks. Operational regulators are focused
primarily on people, not on technical means. They are intended to reduce dam-
age when attacks are launched, through a timely response and high-quality sys-
tem restoration. As our first example, let us examine the threat of penetration
into a computer system. It would be hard to exaggerate the seriousness of this
threat examples involving attempted murder of a witness and usurpation of
control over a communications satellite are sufficiently convincing (and what if
OCR for page 192
92
HIGH-IMPACT TERRORISM
the satellite had been a military ones. After acquiring superuser rights, a mali-
cious individual can do virtually anything he likes with a system. Let us focus on
the following operational measures:
· Personnel management,
· Physical control of access and minimization of privileges, and
· Maintenance of functionality and restoration of a network or network
resources after failures.
However, practical implementation of these measures at the operational level
in networks within the Russian segment of the Internet also creates a number of
difficulties. Personnel management, for example, collides with the absence of clear-
cut job descriptions and a lack of qualifications on the part of the specialists called
upon to carry out such management. It is possible, out of ignorance, to make a
mistake that could be fraught with serious consequences, for example, acquiring a
"Trojan horse" program, disclosing a password to an unauthorized individual, and
so on. One must be aware of these kinds of mistakes in order to avoid them.
The use of measures to physically control access is difficult to carry out
within the limits of a large organization's network. Nevertheless, the application
of such regulators to a number of key nodes is extremely desirable. This problem
applies in particular to ATIS in the case of objective 1, when the cost of the issue
is very high and actions taken by a malicious individual could have serious
consequences. A criminal who has penetrated a system can spy on a password
selected by one of the system's legitimate users and thus gain access to a confi-
dential computer (generally speaking, one that is not externally accessible, etc.~.
To keep this from happening, it is essential to monitor individuals who penetrate
the "security perimeter."
Each employee should have the minimum privileges necessary to perform
his or her duties. In this way, even if a malicious individual penetrates an organi-
zation, that individual cannot cause real damage. Prior development of responses
to violations of the network information security regime to a large extent in-
volves backup copying and network resource restoration following failures.
Maintenance of functionality and restoration of the system following fail-
ures remains a trouble spot even for major Russian ISPs because of a lack of
clarity in the way interaction with channel operators is set up, short staffing, the
lack of midlevel specialists with appropriate qualifications, and a host of other
problems. Response to violations of the security regime causes difficulties, usu-
ally due to a lack of any rules governing interaction not only with government
ministries and agencies involved with information security (the FAPSI, the State
Committee on Technology, the Internal Affairs Administration, et cetera), but
even with other ISPs, which might not have people to support that kind of inter-
action. The current situation can be explained as the initial stage in the develop-
ment of the relatively young Russian segment of the Internet. We must find
OCR for page 193
CYBERTERRORISM
193
approaches that will eliminate the indicated shortcomings in each of the net-
works that represent individual organizations.
Administrative and operational measures in support of information security,
for example, depend to a considerable degree on the structure in place for orga-
nizing and specifying goals to be achieved; therefore, the development of gener-
al recommendations with regard to a solution in these areas is made much more
difficult. However, efforts are being made in that direction. Moscow Universi-
ty's Center for Telecommunications and Internet Technologies, for example, has
a working group assigned to create a methodology for protecting open scientific
and educational networks. This activity addresses both administrative and opera-
tional regulators. However, the work is far from complete.
THE PROGRAMMING AND HARDWARE LEVEL
The Internet or as it is sometimes called, the Meta-Network (a network of
networks) is the sum total of interactions between individual networks ranging
from the very smallest, local networks to major networks at the corporate, na-
tional, or even transnational scale. It is precisely this task of internetwork inter-
action that is performed by the TCP/IP protocol stack, and that fact is the main
reason for the Internet's unprecedented rapid growth and popularity. Each of
these networks has (or should have) its own security policy and, based upon it,
apply its own operational regulators and use the programs and hardware needed
for that purpose. Of crucial importance in this hierarchy of network infrastruc-
tures are the major governmental and corporate networks. It is these that are as a
rule the main target of potential attacks by terrorists.
In order to build an information security system adequate to the needs of
such a network, the following protective means are necessary at the program-
ming and hardware level:
.
Internetwork firewalls (restricted access);
· Means of identification and authentication that support the concept of a
single entrance into a network (the user proves his or her authenticity once upon
entry and then has access to all of a network's services, subject to appropriate
authorization);
· Anticopying and code audit means to provide monitoring of the network
at all levels and to detect suspicious activity and implement a rapid response;
· Means of protection incorporated into applications, services and hard-
ware or software platforms; and
.
Centralized network administration tools.
The combination of these tools is intended to cover to a significant degree
the protection needs of a corporate IP network at the programming and hardware
level.5 Let us briefly examine a few of these.
OCR for page 194
94
HIGH-IMPACT TERRORISM
Firewalls. Firewalls are designed to regulate flows between the internal
and external parts of a computer system. Examples of this include closing certain
parts to outside access, blocking access from certain addresses, and blocking
traffic containing "dangerous" commands. Thus, firewalls restrict opportunities
for a malicious individual to enter a system and also make it difficult for Trojan
horse programs to send information out.
Identification and Authentication. Identification allows the subject to
indicate his or her name; authentication makes it possible to prove the authentic-
ity of the identifier used. There are three main methods of authentication: based
on what a person is (for example, using biometric features such as retinal scans
or fingerprints), based on what a person possesses (for example, using "smart
cards"), or based on what a person knows (for example, using a password).
Identification and authentication prevent "strangers" from entering and also make
it possible to track each action back to the subject who performed it.
Access Control. Access control tools make it possible to specify and mon-
itor actions that subject may perform on objects. Thanks to access controls,
"underprivileged" users cannot perform actions that could possibly cause signif-
icant harm. This is yet another defensive perimeter. Even if a malicious individ-
ual penetrates the lower levels, he cannot do serious damage.
Cryptography. Cryptography serves to ensure data confidentiality and in-
tegrity and is also an auxiliary service for other regulators (for example, authen-
tication). Thanks to cryptographic methods, a malicious individual cannot view
or alter critically important data.
Protocolling and Auditing. Protocolling is defined as the collection and
accumulation of information about events occurring in an information system.
Auditing refers to analysis of the accumulated information carried out either
quickly in real or near-real time or periodically (for example, once a day). Proto-
colling keeps users accountable. The psychological factor is important (aware
that all actions are being protocolled, some potential criminals could abandon
their intentions). Analysis of the recorded logs makes it possible to detect mali-
cious activity and take measures in time.
One of the important types of attack frequently used by hackers against
Internet networks in recent years has been the denial-of-service attack. As a
result of this type of attack, a system is unable to provide one or several services
with the required level of quality. This is also a very serious threat and could
result in the failure of large systems (transportation, power grids, et cetera).
In addition to the aforementioned methods of defense, we should also men-
tion one common type of access management (i.e., resource quotas). Generally
speaking, service failures occur due to exhaustion of some system resource. The
use of quotas can limit the amount of resources available to each subject and
create a reserve for the superuser, so that he or she will be able to intervene and
correct the situation.
OCR for page 195
CYBERTERRORISM
195
PHYSICAL EFFECTS
Physical effects can also disable a computer system. The classic examples
of such effects are fires or bombs. Recently, devices have been created that are
specifically designed to destroy computer systems.6 The basic principle by which
these devices operate is to cause a sharp voltage spike in power supply systems,
communications, or other signals, with an amplitude, duration, and energy in the
spike capable of shutting equipment down or degrading it completely. The abili-
ty to conceal this type of attack is greatly enhanced by the fact that an analysis of
the damaged or destroyed equipment will not clearly identify the cause of the
damage, since the cause could be either an intentional destructive power effect
(an attack) or an unintentional one (for example, lightning-generated induction).
As a rule, this kind of device uses one of three methods of creating the
effect:
1. Through the power grid (it is estimated that a device costing $10,000-
$15,000 can disable up to 20 computers simultaneously);
2. Through wiring conduits (in this case, the devices cost only about one-
tenth as much); or
3. Through the air, using short but powerful electromagnetic impulses.
effect:
Let us examine a few means of defense against this kind of destructive
· The security perimeter must be wider than the space occupied by the
computer so that a malicious individual cannot approach within the distance
required for effective use of his weapon.
· When equipment is purchased, priority should be given to products that
are more resistant to the destructive effects described above.
.
Power supply panels, grounding cables, communication lines, and so forth
must be closely monitored.
· A "normal" picture of the network's operations should be compiled and
the network's current status compared periodically with this benchmark (similar
to the use of code auditing).
· It is desirable to shield both the equipment and the rooms within which
the equipment is housed.
· Fiber-optic cables should be used as communication channels whenever
possible.
INTERNATIONAL INFORMATION SECURITY ISSUES
Extending as it does to all aspects of countries' affairs, the information
revolution is expanding opportunities to develop international cooperation and is
OCR for page 196
196
HIGH-IMPACT TERRORISM
creating an international information space within which information is becom-
ing a highly valuable component of national wealth and a strategic resource.
In view of this, international cooperation in the information realm is becom-
ing timely and promising. On the one hand, this cooperation makes it possible to
have access to the latest information technologies and participate in a worldwide
division of labor in the fields of information services, information systems, and
information-based products. On the other hand, it is becoming obvious that along
with the positive aspects of this process there is also emerging a real threat that
achievements in the information realm will be used for purposes not compatible
with the goals of maintaining world stability and security or abiding by the
principles of sovereign equality among nations, peaceful resolution of disputes
and conflicts, renunciation of force, nonintervention in internal affairs, and re-
spect for human rights and liberties. Among these threats is terrorism employing
modern network technologies.
This highlights the obvious need for international legal regulation of the
processes of international interaction among all subjects involved in the mainte-
nance and development of network infrastructure and information resources. It is
essential that we have an international platform on the issue of information secu-
rity that will correspond to the interests of world security and take antiterrorist
considerations into account.
The UN General Assembly, in its resolutions 53/70 of December 4, 1998,
and 54/49 of December 1, 1999, has already addressed the need to develop
international principles aimed at improving the security of global information
and telecommunications systems and facilitating the fight against information
terrorism and crime. Now the specific points in a program of action must be
developed.
Within the framework of international (bilateral and multilateral) programs,
for example, it would be possible to conduct research aimed at preventing the
following threats in the realm of information security:
· Actions by international terrorists, extremists, criminal societies, organi-
zations, groups, and individual lawbreakers that present a threat to information
resources and nations' critically important structures;
· The use of information technologies and means to the detriment of hu-
man rights and liberties as exercised in the information realm; and
· Manipulation of information flows, disinformation, and concealment of
information for the purpose of distorting society's psychological and spiritual en-
vironment and eroding traditional cultural, moral, ethical, and aesthetic values.
NOTES
Kroll, E. 1995. Vsyo ob Internet [All About the Internet] (translated from English). BNV
Trade and Publishing Bureau, p. 592.
OCR for page 197
CYBERTERRORISM
197
Cerf, V.G. 1991. Networks. Scientific American 265(September):72 et passim.
Kahn, R.E. 2000. Evolyutsiya seti Internet. Vsemirnyy doklad YuNESKO po kommuni-
katsiyam i informatsii, 1999-2000 [Evolution of the Internet Network: UNESCO Global Report on
Communications and Information, 1999-2000]. Moscow: Biznes-Press.
2. Vasenin, V.A. 1997. Rossiyskiye akademicheskiye seti i Internet (sostoyaniye, problemy,
resheniya) [Russian Academic Networks and the Internet (Status, Problems and Solutions)]. V.A.
Sadovnichiy, ed. Moscow: REFIA, p. 173.
3. Sadovnichiy, V.A., V.A. Vasenin, A.A. Mokrousov, A.V. Tutubalin. 1999. Rossiyskiy In-
ternet v tsifrakh i faktakh [The Russian Internet in Figures and Facts]. Moscow: Moscow University
Publishers, p. 148.
4. Galatenko, V.A. 1998. Informatsionnaya bezopasnost: prakticheskiy podkhod [Information
Security: A Practical Approach]. Moscow: Nauka Publishers, p. 301.
5. Galatenko, A.V. 1999. Aktivny audit [Active auditing]. Jet Info Newsletter 8(75).
6. Barsukov, V. 2000. Zashchita kompyuternykh sistem ot silovykh destruktivnykh vozdey-
stviy [Protecting computer systems from destructive power effects]. Jet Info Newsletter 2(81).
Representative terms from entire chapter:
network infrastructure
