Case Study – Cyberterrorism—A New Reality: When hackers claiming to support the Syrian regime of Bashar Al-Assad attacked and disabled the website of Al Jazeera, the Qatar-based satellite news channel

Case Study – Cyberterrorism—A New Reality:

When hackers claiming to support the Syrian regime of Bashar Al-Assad attacked and disabled the website of Al Jazeera, the Qatar-based satellite news channel, in September 2012, the act was another act of hacktivism, purporting to promote a specific political agenda over another. Hacktivism has become a very visible form of expressing dissent. Even though there have been numerous incidents reported by the media, the first case of hacktivism was documented in 1989 when a member of the Cult of the Dead Cow hacker collective named Omega coined the term in 1996. However, hacktivism is not the only form of cyber protest and conflict that has everyone from ICT professionals to governments scrambling for solutions. Individuals, enterprises, and governments alike rely in many instances almost completely on network computing technologies, including cloud computing. The international and ever-evolving nature of the Internet along with inadequate law enforcement and the anonymity the global architecture offers creates opportunities for hackers to attack vulnerable nodes for personal, financial, or political gain.

The Internet is also rapidly becoming the political and advocacy platform of choice, bringing with it both positive and negative consequences. Increasingly sophisticated off-the-shelf technologies and easy access to the Internet are significantly increasing incidents of cyberterrorism, netwars, and cyberwarfare. The following are a few examples.

· According to The Israel Electric Company, Israel is attacked 1,000 times a minute by cyberterrorists targeting the country’s infrastructure—water, electricity, communications, and other services.

· The New York Times, quoting military officials, said there was a seventeen-fold increase in cyberattacks targeting the US critical infrastructure between 2009 and 2011.

· The 2010 Data Breach Investigations Report has data recording more than 900 instances of computer hacking and other data breaches in the past seven years, resulting in some 900 million compromised records. In 2012, the same study listed 855 breaches, resulting in 174 million compromised records in 2011 alone, up from 4 million in 2010.

· Another study of 49 breaches in 2011 reported that the average organizational cost of a data breach (including detection, internal response, notification, post notification cost) was $5.5

million. This number was down from $7.2 millioWhen hackers claiming to support the Syrian regime of Bashar Al-Assad attacked and disabled the website of Al Jazeera, the Qatar-based satellite news channel, in September 2012, the act was another act of hacktivism, purporting to promote a specific political agenda over another. Hacktivism has become a very visible form of expressing dissent. Even though there have been numerous incidents reported by the media, the first case of hacktivism was documented in 1989 when a member of the Cult of the Dead Cow hacker collective named Omega coined the term in 1996. However, hacktivism is not the only form of cyber protest and conflict that has everyone from ICT professionals to governments scrambling for solutions. Individuals, enterprises, and governments alike rely in many instances almost completely on network computing technologies, including cloud computing. The international and ever-evolving nature of the Internet along with inadequate law enforcement and the anonymity the global architecture offers creates opportunities for hackers to attack vulnerable nodes for personal, financial, or political gain.

The Internet is also rapidly becoming the political and advocacy platform of choice, bringing with it both positive and negative consequences. Increasingly sophisticated off-the-shelf technologies and easy access to the Internet are significantly increasing incidents of cyberterrorism, netwars, and cyberwarfare. The following are a few examples.

· According to The Israel Electric Company, Israel is attacked 1,000 times a minute by cyberterrorists targeting the country’s infrastructure—water, electricity, communications, and other services.

· The New York Times, quoting military officials, said there was a seventeen-fold increase in cyberattacks targeting the US critical infrastructure between 2009 and 2011.

· The 2010 Data Breach Investigations Report has data recording more than 900 instances of computer hacking and other data breaches in the past seven years, resulting in some 900 million compromised records. In 2012, the same study listed 855 breaches, resulting in 174 million compromised records in 2011 alone, up from 4 million in 2010.

· Another study of 49 breaches in 2011 reported that the average organizational cost of a data breach (including detection, internal response, notification, post notification cost) was $5.5

million. This number was down from $7.2 millioly dying off in the summer of 2007.

Another incident was the South Ossetia conflict between Russia and Georgia in 2008. This Russian-Georgian conflict is classified as the first cyberspace conflict that was synchronized with traditional combat actions. Just as Russian troops were crossing the border, websites for communications, finance, government, and many international organizations in Georgia became inaccessible. These actions included various DDoS attacks that disrupted communications and information networks in Georgia. The attackers also defaced Georgian websites, adding pro-Russian images, supposedly for propaganda purposes. One of the first networks attacked was a popular hacker forum in Georgia. Consequently, pro-Georgian hackers made successful attacks against Russian networks as well.

Although both the Estonian and Georgian attacks were widely believed to be the work of state-sponsored Russian hackers, no proof has ever been found conclusively linking Russian authorities to the incidents.

The “First Cyberwarfare Weapon”: Stuxnet

In June 2010, an Iranian nuclear facility in Natanz was said to have been attacked by a sophisticated, standalone malicious malware that replicated itself to spread to other computers. The malware, called Stuxnet, initially spread via Microsoft Windows operating system and targeted industrial software and equipment—in particular, certain specific industrial control systems made by Siemens. In all, versions of Overview of Stuxnet Symantec found that not only did versions of Stuxnet exploit up to four “zero-day” vulnerabilities in the Microsoft Windows operating system, at half a megabyte it was unusually large in size and seemed to have been written in several languages, including portions in C and C++. Another sign of the sophistication was the use of stolen digital certificates from Taiwanese companies, the first from Realtek Semiconductor in January 2010 and the other from JMicron Technology in July 2010. The size, sophistication, and the level of effort has led experts to suggest that the production of the malware was “state-sponsored,” and that it is “the first-ever cyberwarfare weapon.” The effects of Stuxnet have been likened to a “smart bomb” or “stealth drone,” since it sought out a specific target (programmable-logic controllers made by Siemens), masked its presence and effects until after it had done the damage (the operation of the connected motors by changing their rotational speed), and deleted itself from theStuxnet targeted five Iranian organizations, all allegedly linked to the Iranian nuclear program, and may have caused significant damage to the Iranian nuclear enrichment program facility located at Natanz. Stuxnet is said to have been in use since 2009 and was first identified in July 2010 by VirusBlokAda, an information-technology security company in Belarus, after it was said to have “accidently spread beyond” its intended target, Natanz, via infected USB sticks. However, some experts have argued that Stuxnet is not a “worm,” since it was propagated via removable media—CDs, DVDs, thumbdrives—and did not distribute through self-replication over the Internet.

In any event, the 2010 version of Stuxnet has been called the “largest” and “most sophisticated attack software ever built,” and one investigative article said that the event foreshadowed the destructive new face of 21st century warfare, writing that “Stuxnet is the Hiroshima of cyberwar.” According to a report by Symantec, data from the early days of the Stuxnet attack showed that Iran, Indonesia, and India accounted for the bulk of the infected computers. The report also said that Stuxnet was the first piece of malware to exploit the Microsoft Windows shortcut “LNK/PIF” files’ automatic file execution vulnerability36 to spread.

Overview of Stuxnet Symantec found that not only did versions of Stuxnet exploit up to four “zero-day” vulnerabilities in the Microsoft Windows operating system, at half a megabyte it was unusually large in size and seemed to have been written in several languages, including portions in C and C++. Another sign of the sophistication was the use of stolen digital certificates from Taiwanese companies, the first from Realtek Semiconductor in January 2010 and the other from JMicron Technology in July 2010. The size, sophistication, and the level of effort has led experts to suggest that the production of the malware was “state-sponsored,” and that it is “the first-ever cyberwarfare weapon.” The effects of Stuxnet have been likened to a “smart bomb” or “stealth drone,” since it sought out a specific target (programmable-logic controllers made by Siemens), masked its presence and effects until after it had done the damage (the operation of the connected motors by changing their rotational speed), and deleted itself from the USB flash drive after the third infection. As programmed, Stuxnet stopped operating on June 23, 2012, after infecting about 130,000 computers worldwide, with most of them said to be in Iran.

What does the threat do?