Internet and Cyber Terrorism Knoxville Division
UNLCASSIFIED In the wake of the September 11 attacks, Usama Bin Ladin (UBL) said, hundreds of Muslim scientists are with me who would use their knowledge - ranging from computers to electronics - against the infidels. [Canadian Office of Critical Infrastructure Protection and Emergency Services, 2001]
In the past ten years, Al-Qa ida (AQ) and its affiliates have created a potent online presence. Extremists are not limiting their use of the Internet to radicalization; they are using it to propagate terrorism and recruit jihadists. [FBI Director Mueller, 28 July 2010]
Internet and Terrorism In 2011, Europol s director general emphasized his belief that the Internet has replaced Afghanistan as the terrorist training ground In 2011, Manfred Murck, head of the Hamburg branch of Germany s Domestic Intelligence Service stated that the Internet functions as a kind of Al-Qa ida virtual group
Definition of Cyber Terrorism The execution of a surprise attack by a sub-national foreign terrorist group, or individuals with a domestic political agenda, using computer technology and the Internet to cripple or disable a nation s electronic and physical infrastructures. The goal is not only to hurt the economy of a region or a country, but also to amplify the effects of a traditional physical terrorist attack by causing additional confusion and panic. It can also take the form of a physical attack without ever touching a computer keyboard that destroys critical internet communications and electric power nodes.
Al-Qa ida Evolvement Al-Qa ida is an organization Al-Qa ida is a Movement Al-Qa ida is an ideology
Al-Qa ida Evolving Toward Internet Jihad and Cyber Attack UBL s vast financial resources may have enabled him to purchase the expertise required for a cyber attack Intelligence recovered from the raid on UBL s compound in Pakistan indicated: Laptops contained plans to target U.S. Information Systems Discovery of large databases containing US infrastructure details Use of the Internet to collect intelligence on targets Al-Qa ida remains committed to striking the United States and its interests Islamic Extremist Websites encourage attacks on US SCADA System and financial and nuclear facilities located in the United States Jihadi Sheiks issued fatwas providing religious justification for today s era of Internet and Cyber Jihad
Al-Qa ida and the Internet AQ and its affiliates embraced technology both as a media platform and a planning tool The Internet s importance to jihadists increased after AQ was driven from its safe haven in Afghanistan in 2002 From 2003 to 2007, AQ s central media group grew its operations from 6 to 97 annual productions disseminated via the Internet Internet jihadists, Younis Tsouli and Malika al Aroud used the online environment to recruit, propagandize, train for, and conduct cyberattacks By 2008, AQ s core recognized that the Internet reduced the time and costs of operational communications while increasing the scope of information-sharing among geographically disbursed groups
Al-Qa ida s Affiliates and the Internet In 2004, Abu Musab al-zarqawi (Zarqawi) became well-known by a strategic combination of extreme violence and Internet savvy Due to the Internet, Zarqawi had a voice, if not a face, and a clear ideology to explain his violence By going online, Zarqawi was able to both control the interpretation of his violent message and achieve greater impact with smaller operations Legions of fans inspired by Zarqawi s online activity took up the banner of violent jihad online An online jihadi milieu emerged (jihadi environment) Increased numbers of violent jihadi websites became available in English, French, German, Spanish, and Dutch signifying both the rise of violent jihadism in the West and growing efforts by violent jihadist voices to reach Western Muslim population
AQ s Affiliates and the Internet-Cont Anwar al-awlaki (Awlaki) was a master in the use of the Internet Awlaki s video-taped speeches - distributed online - produced real world terrorists from the online radical milieus Awlaki was implicated in a number of attacks and plots, including Major Nidal Hasan s shooting at Fort Hood in 2009, and the attempted Times Square car bombing in 2010 Above-noted individuals had been in online contact with Awlaki prior to their attacks Abu Dujana al-khurasani, who launched the suicide attack at U.S. Forward Operating Base Chapman in Afghanistan was crazy about Awlaki British Roshonara Choudhry was radicalized via YouTube videos featuring Awlaki s sermons
Internet War, a New Battlefield Jihadists connect with other like-minded individuals from the safety of their homes, sitting at their computers Online jihadists are free to read, participate, and ask questions in the privacy of their homes lowering the risk of detection Chat rooms and blogs mean that jihadists no longer have to physically meet Online jihadists are harder for authorities to detect Never before has one platform connected so many The challenge for authorities today is how to contain a social movement that simmers just beneath the surface
Islamic Extremist Hacktivists Hacking is part of the larger cyber security threats challenging Western capitals Numerous Western websites have been hacked by Islamic Extremist hacktivists acting on fatwas sanctioning their activities On 7 January 2013, police in Thailand arrested Hamza Bendelladj Algerian cybercrime suspect for stealing millions of dollars by hacking banks websites He was associated with the Izz Eddine Al Qassam Cyber Fighters On 2 January 2013, several US websites were hacked by Abu Ubayda Al-Masri to mark the anniversary of the December 30, 2009 suicide attack against CIA and Jordanian intelligence personnel in Afghanistan He offered his services to jihadi forum members, saying he was willing to start a workshop on device hacking, encryption, and computer programming
6 Worst Kinds of Hackers 1. State-sponsored 2. Hacktivist 3. Cyber Criminal 4. Insider (You) 5. Script Kiddie 6. Vulnerability Broker
2000 Maroochy Shire Cyber Event Intentional, targeted attack by a determined and knowledgeable person on an Industrial Control System (ICS). Accessed computers controlling the Maroochy Shire Council s sewerage system and altered electronic data in the sewerage pumping stations causing malfunctions in their operations. Pumps were not running when they should have been Alarms were not reporting to the central computer Maroochy Shire, Queensland, Australia (north of Brisbane) A loss of communication between the central computer Rural and tourist various destination pumping stations Population 120,000 Businesses have a need for cyber security to protect their trade secrets, proprietary information, and personally identifiable information (PII) of their customers or employees.
Cyberterrorist Insider? Vitek Boden Hunter Watertech (contractor) site supervisor on Maroochy SCADA project for two years Installed SCADA and radio-controlled sewage equipment for the Maroochy Shire Council Quit Hunter Watertech after a strained relationship in Dec 1999 Applied for job with Maroochy Shire Council Maroochy Water Services (rejected Jan 2000) Packed his car with stolen radio equipment connected to a laptop computer Drove around area on 46 occasions from February to April 2000 Gained unauthorized access to the control system via an insecure wireless network Issued radio commands to the sewage equipment Released 800,000 liters of raw sewage into local parks, rivers, and the grounds of a hotel Marine life died, creek water turned black, and the stench was unbearable for residents Cost of the attack was in the $1 million range
Attack Summary Vitek Boden was a disgruntled insider who was never an employee of the organization he attacked. He was an employee of a contractor that supplied IT/control system technology to the Maroochy Shire Council. With his knowledge he was the ultimate insider. The service contract was deficient or inadequate concerning Hunter Watertech s responsibilities. Lacked management, technical and operational cyber security controls Lacked personnel security controls that applied to its employees such as background investigations and protection from disgruntled employees A number of anomalous events occurred before recognition that the incidents were intentional. As a skillful adversary, Boden was able to disguise his actions. Extensive digital forensics were required to determine that a deliberate attack was underway There were no existing cyber security policies or procedures. There were no cyber security defenses.
Cyber Security Policies, Procedures, Defenses Access Physical Human Control Resource and Environmental Security Security IT Pre-employment screening at least 2 satisfactory professional references Control physical access Restrict User access (especially administrative privileges) Protect authentication (passwords) system files from unauthorized access Communicate transfer, resignation or termination of employees Regular review of the physical access list Timely Regular review revoke of physical Privileged access user s access of transferred, rights resigned, or terminated employees Control photography or video recording Regular audit of workstations - check for updates Anti-virus software, firewalls, Intrusion Detection Systems (monitoring), encryption Timely Use video revoke surveillance any electronic cameras access of at transferred, all entrances resigned, and or exits and other strategic points monitored 24/7 terminated employees (to include portable and mobile devices and remote access) Users For Use Secure Complex any employee, the Passwords system trainee, on intern, which or the contract access personnel control software is Don t installed write down or store passwords in readable format Terminate active sessions or lock workstations Just don t click on it!
Questions? IA Nicole Hembree IA Scott Peterson