Story

Cyber terrorism and the world around it

 Cyber terrorism

Before i start explaining my view about the cyber terrorism aspects i want to define the phrase first.
 
Cyber terrorism is a controversial term; the phrase is used to describe the use of internet to:
· Acts of deliberate.
· Large-scale disruption of computer networks.
· Attacks against information systems.
 
Cyber terrorism got defined again by the Stuxnet virus.
 
The worm's probable target is said to have been high value infrastructures in Iran using Siemens control systems. According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant
 
Although Siemens initially had stated that the worm had not caused any damage, on November 29, Iran confirmed that its nuclear program had indeed been damaged by Stuxnet.
Source: Wikipidia.
 
At the moment I heard of the Stuxnet attack my nightmare became true.
 
The internet and computer networks around the world are not save enough to prevent a Cyber terrorism act. Only the thought that a virus could take down a hospital or other high value infrastructures is breath taking.
 

Scenarios

There are two scenarios which i want to point out.
 

Hospital

The hospitals are a easy target, with the help of a malicious code the infrastructure of a hospital could fail. There are a lot of infrastructures in a hospital that need to be active. The first infrastructure i think would be attacked is the Database which holds the patients files.
 
The attack could edit the database in such a way that the patients get the wrong medication. This attack will have a great impact in the country and the attacker (Terrorist) will get recognized as a terrorist.
 
The second scenario is the Traffic control infrastructure. This infrastructure is controlled by servers, because they are controlled by servers they can be targeted by malicious code. The scenario i was thinking about;
 
For example:
The malicious code attacks the traffic light system which results in stoplights giving the green sign which means: Just drive.
 
I don't have to explain what could happen, because it would be chaotic.
 

Prevention

These attacks are done with the use of the Internet or social engineering. The social engineering part can be done using a simple usb stick with malicious code on it. (Pentagon attacked by Malicious code - source). The attacker stands in front of the building or in a snack bar and spreads the usb sticks to employees. Because the employees are not informed about the threats’ they will simply put the usb stick in their working machine. This will result in a infection in the infrastructure.
 
The famous internet attack is of course the three-week of massive cyber-attacks on the small Baltic country of Estionia. This resulted in a three week period of no internet in Estonia -- No banking, no internet, no nothing. (source of the attack).
 
You can prevent some types of social engineering by informing your employees about the threats that come from the outside world. 
 
The second thing which can be done is to keep your infrastructure updated and monitored. By having scenarios planned out you can react a.s.a.p. 
 
Publishing this article brought me to the next questions; how do you feel about this issue? Is this something we have to worry about or is it just crazy talk?
 
 

Cyber Attacks on Estonia - Short Synopsis

http://doubleshotsecurity.com/pdf/NANOG-eesti.pdf

Estonia vs. Russia - The DDOS War
http://www.cis.uab.edu/forensics/blog/Estonian.DDOS.pdf

Estonian Cyber Attacks 2007
http://meeting.afrinic.net/afrinic-11/slides/aaf/Estonia_cyber_attacks_2007_latest.pdf

Lessons Learned from the Russian-Estonian Cyber-Conflict
http://lacnic.net/documentos/ixp/woodcock-caso_estonia.pdf

Webwar One: The Botnet Attack on Estonia
http://www.wired.com/images/press/pdf/webwarone.pdf

Estonia: Information Warfare and Lessons Learned
http://ec.europa.eu/information_society/policy/nis/docs/largescaleattacksdocs/s5_gadi_evron.pdf

Political DDOS: Estonia and Beyond
http://www.usenix.org/events/sec08/tech/slides/nazario-slides.pdf

Propaganda, Information War and the Estonian-Russian Treaty Relations: Some Aspects of International Law
http://www.juridicainternational.eu/public/pdf/ji_2008_2_154.pdf

List provided by - click here