Counter-arguments

thibbi2001

CyberCapabilitiesandIntentofTerrosistForces.pdf

Home >English homework help >Counter-arguments

Cyber Capabilities and Intent of Terrorist Forces

Christopher Cox U.S. Army National Training Center, Fort Irwin, California, USA

ABSTRACT This article defines and explores the utilization of cyber capabilities in order to achieve traditional terrorism goals while investigating the unprecedented role of nonstate actors in both offensive and defensive capabilities. Included in this article are the results of investigation into the Websites and Web-based services of identified terrorist groups as well as several interviews with hackers in order to determine capability and intent.

KEYWORDS cyber jihad, cyber terrorism, hacking, terrorism

Address correspondence to Christopher Cox, U.S. Army National Training Center, G6, 988 Inner Loop Rd., Fort Irwin, CA 92310, USA. E-mail: [email protected]

Color versions of one or more of the figures in the article can be found online at www.tandfonline. com/uiss.

Hacking on the Internet is one of the key pathways to Jihad, and we advise the Muslims who possess the expertise in the field to target the websites and the information networks of big companies and government agencies of the countries that attack Muslims, and to focus on the Websites and networks that are managed by the media center that fight Islam, Jihad and mujahideen. Al-Qaida video, You Are Held Responsible Only for Thyself , Part 2, June 3, 2011

In the 1990s, the buzz phrase was “Cyber Pearl Harbor.” Decades later, the term became “Cyber 9/11.” The terms may have changed, but the underlying (and as yet, unrealized) fear has not–our nation is vulnerable to cyber attack and our adversaries know it.

Cyber terrorism is a concept that is difficult to define and far more difficult to discern from other forms of cyber incidents such as hacking, economic espionage, or state-sponsored cyber warfare. In order to consider the concept, we must first consider the two components of the term and the implications of each: “cyber,” which in contemporary terms refers to the infrastructure, networks, and systems that make up the shared electronic medium that enables online communication; and “terrorism,” which for the purposes of this article refers to the unlawful use of violence or threat of violence to instill fear and coerce governments or societies in support of goals which may be political, ideological, or social. Therefore, in order to qualify as cyber terrorism, an act must be committed which furthers the goals of terrorism using or targeting the medium of cyber space. While not necessarily an act of cyber terrorism, the use of cyber capabilities to support terrorist goals (e.g., fundraising, intelligence, training, recruiting) must be considered when addressing the overall concern.

The potential for harm is significant; it is not uncommon for one to entrust critical financial or personal information to their personal computers or mobile devices. Much of the nation’s critical infrastructure, to include the electric grid, communications, water, and other components, are directly or indirectly addressable

mailto:[email protected]

www.tandfonline.com/uiss

via public networks as well, which opens up previously unforeseen avenues for attack. This threat was high- lighted in 2010 when FBI Director Robert Mueller noted, “Terrorists have shown a clear interest in hacking skills and combining real attacks with cyber attacks,” and also in 2011 when President Barack Obama revealed that “cyber intruders have probed our electrical grid.” Recently, in response to the new Flame worm, Internet security firm Kaspersky added that “. . . it’s important to under- stand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable . . .”

Despite such provocative claims, however, one must exercise caution when making claims as to the realistic risk to life, livelihood, and critical infrastructure. In order to constitute a “threat,” an adversary must possess both the intent and the capability to carry out the act. In this con- text, there are two basic considerations: does the adversary have the intent to carry out a terrorist act, and do they have both the intent and capability to doing so using the cyber sphere?

Before considering the capability of any particular group, one must consider whether or not cyber terrorism in this context is within the realm of possibility. While it is accurate to say that “cyber pearl harbor” has not occurred, the following examples demonstrate the signif- icant damage and disruption that may be leveraged via cyber avenues. It is important to note that the select exam- ples in Figure 1 are mostly attributed to cyber criminals or state actors, rather than terrorist factions; however, the potential for harm if instead initiated by terrorist forces is evident.

Although Former Homeland Security Director Tom Ridge warned that “terrorists can sit at one computer con- nected to one network and can create worldwide havoc,” and the Australian Government’s Institute of Criminology assessed “the potential damage which can be inflicted on our infrastructure—systems such as air traffic control, power, telecommunications, and the like, by a malicious person sitting at a keyboard on the other side of the planet, is mindboggling,” neither has been seen to a significant degree to date. However, that there is no threat presupposes two things: that current and future security mechanisms are sufficient and that the threat is not evolving. Both statements are demonstrably false.

Given that the goal of terrorism includes the spread of fear and mass hysteria, Federal Bureau of Investigation (FBI) Special Agent John Chesson adds that nonviolent acts can also be a concern, as “simple propaganda on the

Internet, such as that there will be bomb attacks during the holidays, can be considered cyberterrorism” (personal communication, May 18, 2012). This is underscored by historical events, such as the 2005 incident in Sri Lanka in which a woman was killed and 50 others wounded in the panic resulting from a hoax bomb threat against a Saudi Arabian commercial flight (U.S. Department of State, 2012). In another case, the false claim of a suicide bomber among the million or more Shia pilgrims making a pilgrim- age resulted in the deaths of nearly 1,000 men, women, and children who were trampled to death or pushed from bridges in the ensuing panic (Associated Press, 2005).

In the United States, most of the critical infrastructure is privately controlled and operated, and while they perform an indispensable service to the public and are accordingly supported by the Department of Homeland Security, they are not universally subject to the same strict cyber security regulations and requirements as government entities. For example, a classified military network is isolated from the publically accessible Internet, while a small-town ambu- lance service is most likely not. This means that while Hollywood-style attacks where hackers gain control over the U.S. nuclear arsenal is unlikely at best, the ability to interfere with emergency response to a planned explosion is well within the realm of possible.

The FBI-sponsored public-private collaboration known as Infraguard is one group that aims to bridge that gap. With 54,000 members as of March 2013 (Infraguard, n.d.), Infraguard brings together academic institutions, businesses, law enforcement, and other entities to share information and strategies to protect critical infrastruc- ture. This relationship needs to be built upon and further cultivated in order to bring together organizations and cor- porations formally entrusted with life-sustaining systems. This becomes more crucial when considered against the continuous actions of terrorist forces.

It is undeniable that certain terrorist groups have demonstrated their intent to do harm to the United States and its citizens. According to the FBI, there were more than 11,500 terrorist attacks in 72 countries in 2010, with approximately 50,000 victims. Of those, there were almost 13,200 fatalities, of which greater than half were civilian. In addition, there were 250 incidents of domestic terrorism between 1980 and 2000, including the 1995 Oklahoma City bombing (168 dead, 680 wounded) and the bomb- ings and robberies perpetuated by the United Freedom Front (UFF) (U.S. Department of State, 2011). Therefore, we can conclude that the overall intent exists and shall continue to do so.

32 C. Cox

FIGURE 1 Selected examples of cyber security incidents.

The capability to use cyber capabilities in order to achieve terrorist goals is also relatively easy to determine. Relatively standardized control measures and security equipment helps to keep systems secure; automated network-based intrusion prevention systems watch for threats while each computer on a network most likely has its own host-based security suite. However, as computer security specialist and cryptologist Bruce Schneier noted, “if you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” While security-assistive soft- ware and hardware helps to increase the security posture of the system, there is no such thing as “complete secu- rity” for any network that is connected to the same public Internet that is expected to service 15 billion devices by 2015 (CISCO Technology, 2011).

To cause widespread damage, a terrorist element will consider a nation’s critical infrastructure as a viable tar- get. The term “critical infrastructure” refers to “systems and assets, whether physical or virtual, so vital to the United States that the incapacity of such systems and assets would

have debilitating impact on security, national economic security, national public health or safety, or any combi- nation of those matters” (U.S. Department of Homeland Security, 2009) and includes food and agriculture, dams, energy, information technology (IT), postal services, bank- ing and finance, communications, transportation, chem- ical, emergency services, healthcare and public health, nuclear facilities, and water, among others. This term also includes those critical international services upon which we depend but have no control, such as shipping, airports, and communications services operated by other nations. In order to service increasingly large geographic areas in a cost-restrained environment, sectors rely heavily on the use of Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCSs).

SCADA systems allow for remote monitoring of systems and their status and include the capability to transmit com- mands from a remote location. For example, the remote monitoring and operation of railroad track switches, draw bridges, and traffic control systems. DCSs are a network of computers that provide processed information to a

Cyber Capabilities and Intent of Terrorist Forces 33

centralized control location while also possessing the capa- bility to receive remote commands. Generally, a DCS is used at a single site rather than distributed across a wide geographic location; however, a SCADA and DCS may be implemented within the same organization to work in tandem. In 1997, the President’s Commission on Critical Infrastructure Protection said of SCADA systems:

From the cyber perspective, SCADA systems offer some of the most attractive targets to disgruntled insiders and saboteurs intent on triggering a catastrophic event. With the exponen- tial growth of information system networks that interconnect the businesses, administrative and operational systems, signifi- cant disruption would result if an intruder were able to access a SCADA system and modify the data used for operational deci- sions, or modify programs that control critical industry equip- ment or the data reported to control centers (U.S. Department of State, 2012).

Although such systems were originally designed to be isolated from commercial networks, the practice of pro- viding real-time data to customers and field technicians has necessitated the integration of SCADA components into the public sphere, introducing previously unforeseen vulnerabilities.

Despite certain best business practices, such as network segmentation and data filtering, there has been a general increase in the number or cyber-related incidents reported by the FBI’s Internet Crime Complaint Center (IC3), with more than 300,000 complaints in 2010 totaling $622 million in damages. Included in those complaints, according to Symantec, were businesses across six critical infrastructure categories: emergency services, energy, IT, finance, health care, and communications. In its Critical Infrastructure Protection Study, the IC3 found that 53% of respondents within those six fields had experienced a politically motivated cyber attack, and only a third of those surveyed reported that they were “extremely” prepared for a cyber attack (Internet Crime Complaint Center, 2011).

With the creation of automated network exploita- tion tools and the availability of online training, we face an increasingly cyber-aware adversary that is grow- ing in both capability and quantity. One example of the type of resource available for misuse by modern adver- saries is TOR. The TOR Project was originally designed, implemented, and deployed by the U.S. Naval Research Laboratory to protect the content and source of gov- ernment communications by reducing the risk of traffic analysis or network surveillance using the onion rout- ing system. Now formally sponsored by the Electronic Freedom Foundation (EFF), the tool has gained wider use in the corporate world, the public sector, and for private

use. In order to understand this technology, imagine a separate network overlaid on the public Internet with suc- cessive relays passing encrypted traffic all over the world. The intermediate relays, excluding the entrance node, have no awareness of the actual source of the traffic, and the data itself are encrypted via the onion protocol until passed from the exit node (where, conceivably, the traffic remains encrypted using the HTTPS protocol). The tool exists to conceal user identities, and it is successful at doing so providing that the user takes basic precautions in their browsing habits (Electronic Frontier Foundation, n.d.). Additional protection is afforded by configurations that periodically change the location of the exit node, cre- ating what is essentially untraceable network traffic that may appear to be originating in Germany at one time, and then 10 minutes later from Switzerland. Based on this capability, a targeted hacking effort against critical infrastructure would be difficult to correctly attribute and, possibly, detect.

As the intermediate nodes are anonymized and all traffic between them is encrypted, the onion network provides for location-hidden services protected by a psuedo top-level domain referred to as “.onion,” which are only accessi- ble while using a TOR client. This function obfuscates both the location and identity of the requester from the host and also the host from the requestor allowing for a high degree of security for both parties by eliminat- ing the inherent security risks of traversing an exit node. An abundance of information and resources, both legal and illegal, are available via hidden services at minimal risk. For example, one may directly purchase illegal narcotics (using a built-in decentralized monetary system that protects both the origin and destination of funds) or browse child pornography as easily as anonymously provide informa- tion related to corporate wrongdoing (“whistleblowing”), or share information with fellow urban-exploration enthu- siasts interested in the steam tunnels under Virginia Tech.

As there is no “Google”-type service that autonomously catalogues sites for the .onion pseudomain and addresses are hash-based rather than user-friendly (e.g., http:// a5ec6f6zcxtudtch.onion is the URL for an anonymous E-Mail service), services are difficult to identify unless explicitly shared. Because of this, information and plans may be openly shared with little concern as to exploitation, potentially supporting key terrorist goals of training, plan- ning, and equipping (Figure 2).

In this example, the tool itself is entirely neutral and its utilization depends on the intent of the user. The ser- vice, as a whole, is beneficial and has multiple legitimate

34 C. Cox

http://a5ec6f6zcxtudtch.onion

FIGURE 2 “Electronic Jihad” site on a .onion domain.

uses to include military (TOR is issued to U.S. intelli- gence teams for open-source intelligence), journalists (to protect their sources), government employees (to protect their affiliation and identity when travelling overseas), indi- viduals (who value privacy or have legitimate reasons to be concerned for their security, such as the Iranian protestors in 2009; (Lake, 2009), law enforcement, and many oth- ers. However, the possibility also exists for exploitation by criminals, terrorists, hackers, or other elements.

TOR is relatively easy to set up and configure, with prepackaged software bundles and bootable-USB amnesiac operating systems (which erase all session data after each use) largely automating the process; cyber attacks can be simplified even further using automated tools and programs. One example is the Metasploit framework, which searches for system vulnerabilities and recommends exploitations; however, this tool still requires a certain degree of “cyber savvy” to properly utilize. In the likely (and historically observed) scenario that a large force of willing but unskillful participants may be dedicated to a certain cause, a software program such as the “Low-Orbit Ion Cannon,” or LOIC, may be preconfigured and dis- tributed via the Web to great effect. Using this tool, the online hacking collective known as “Anonymous” suc- cessfully launched Distributed Denial of Service (DDOS) attacks against RIAA, the U.S. Department of Justice, the MPAA, PayPal, and organizations that opposed WikiLeaks (Paget, 2012). The tool offers minimal risk to participants since the server’s logs are quickly overloaded by the sheer volume of concurrent connections, resulting in a low detec- tion rate for participants. Participation in such an effort may be metaphorically likened to an infantry-based human

wave attack most notably associated with the first and sec- ond World Wars, whereas the attackers rely on overwhelm- ing numbers of expendable units in order to achieve their aims. Similarly, we will see less reliance on such a rudimen- tary tactic as we face a more sophisticated, better trained, and better equipped adversary; the greater the capabil- ity of the adversary, the more tactical the attack we will face.

The capability to launch cyber attacks against critical infrastructure using cyber resources has been demonstrated in historical case studies. It is also undeniable that terror- ist organizations exist that desire to do harm to the United States and its citizens. In order to demonstrate capability and intent (consequently substantiating risk), the remain- ing question is if organizations exist that have the intent to leverage such a capability.

Increasingly, terrorist organizations are realizing the value of the Internet as both a means of accomplishing their goals and as an objective in itself. In other words, the Internet can be seen as both a weapon and a target. This dual nature justifies the use of Western technologies by foreign organizations that would otherwise be bound to avoid its “corrupting” influence. For example, while the Qur’an is generally interpreted to disallow pornography, that is exactly the medium that was used to hide sev- eral encrypted messages that were intercepted by police in Berlin. This type of act is specifically addressed in the Manchester Document, which states that “necessary per- mits the forbidden” when breaking religious code in order to achieve objectives” (Al Qaeda, 2002).

This discovery is significant for two reasons. First, and most obviously, is that it highlights the continued use of

Cyber Capabilities and Intent of Terrorist Forces 35

modern technology in order to achieve the group’s objec- tives, specifically in this case encryption and steganography (remembering that neutral technologies that can be used to both nefarious and beneficial ends). Second, and per- haps more compelling, is the content itself. While the specific information contained in the files is not available to the public, what has been released indicates an intense aspiration among Al Qaeda leadership to reinvigorate the organization through violent terrorist actions in the face or restricted freedom of movement and greater surveillance. It is noted in the documents that anti-terrorism and intelli- gence efforts have significantly impeded the organization’s ability to conduct operations, requiring a change in tactics.

Indicative of this fact is the loose correlation that exists between funding allotted by the Department of Homeland Security for antiterrorism expenditures and the cost of cyber security incidents reported by the FBI. While this trend should not be considered to be necessarily causative, it is at least suggestive of a relationship between the restric- tion of movement and an increase in nonconventional tactics. Note that each time anti-terrorism expenditures increase, so does the cost associated with cyber incidents; correspondingly, each time anti-terrorism expenditures decrease, so does the cost of cyber incidents (Internet Crime Complaint Center, 2014). Given the significant variables associated with each metric, there is no solid reason to suspect that the two are conclusively linked; how- ever, it is a relationship that one would expect to find if terrorist forces are pursuing electronic warfare strategies as a force multiplier.

The use of the Internet to support terrorist objectives is not new. In 2000, Manchester police captured a document while executing a search warrant. This document, allegedly created by Al Qaeda, outlined multiple strategies for oper- ating in an asymetric environment, to include conducting surveilance, deception, acts of sabotage, assassination, and kidnapping. Included in this document, under the heading titled Espionage, was the estimate that “using this public source openly and without resorting to illegal means, it is possible to gather at least 80% of information about the enemy” (Al Qaeda, 2002). If terrorist groups consider that a majority of actionable intelligence may be collected via unclassified, open source methods, then it is a certainty they are making efforts to do so.

A review of several hundred Websites affiliated with or in support of foreign and domestic terrorism revealed a growing interest in hacking and electronic warfare. While far from universal, multiple groups advocate hacking as a legitimate strategy and offer courses in “electronic warfare”

or make automated tools available for download. In forums and the sites itself, there is a growing sentiment that cyber activities is a legitimate tactic and is both encour- aged and enabled. Given the intended audience of such sites, this directly recruits and arms potentially dangerous adversaries.

In June 2011, Al Qaeda released a video titled You Are Held Responsible Only for Thyself , in which they encour- age cyber attacks by all followers, noting that “there’s a place for the underground mujahedeen” and “youth par- ticipation in the electronic warfare is possible and easy.” While the segment includes video clips from multiple U.S. government officials stating our vulnerability to cyber attacks, it ends with a question asked of Admiral Michael McConnell, former director of National Intelligence and the National Security Agency, referring to his concerns of an attack against the power grid during the hottest parts of summer or the coldest parts of winter. “Is the United States ready for such an attack?,” the interviewer asks. McConnell replies, “No, the United States is not ready for such an attack” (Council on Foreign Relations, 2011). By its prominent placement in the video, it is clear that this is the image that Al Qaeda desires to convey to those among them who have the ability to act.

The Brigades of Tariq ibn Ziyad were formed in 2010 in order to further the goals of “electronic jihad.” Most notably, the group was responsible for distributing a mass- mailing worm that targeted U.S. government and corpo- rate systems, resulting in a significant disruption to their services. Although the group claimed the capability to launch more damaging attacks, this example could be com- pared with the intent behind the Stuxnet work of 2010, which was designed to target and damage the capabilities of a specific target. Another group is the North American Earth Liberation Front (ELF), which said that cyber attacks support their objectives “by inflicting as much economic damage as possible, the ELF can allow a given agency to decide if it is in their best economic interest to stop destroying life for the sake of profit (North American Earth Liberation Front Press Office, n.d.).”

It is beyond contestation that individuals and groups exist that possess the desire to enable terrorist acts against the United States, and have the intent and ability to do so using cyber capabilities. Therefore, a bona fide threat is demonstrable. However, on the whole, such groups have been reluctant to carry out such attacks. This reflects a general lack of expertise among groups that are primar- ily dedicated to traditional acts of physical terrorism, as indicated in the 2011 Al Qaeda video in which group

36 C. Cox

leadership urges anyone with the “expertise in the field” to carry out such attacks and reference successful cyber attacks by others, rather than claiming the ability to do so themselves. Although slow to adopt such technolo- gies and tactics, this will conceivably change in the future as the group develops a greater reliance on the Internet for recruiting, fundraising, and operations, and more so should they recruit or hire those that already possess the desired skill sets.

One must wonder, however, if a sensational Internet- based attack is really the most effective strategy to achieve the goals of cyber jihad. If it is accepted that the Internet itself is a viable target, particularly as it easily serves as a convenient example of Western decadence and moral cor- ruption, then severe restrictions on the Internet itself when imposed by the target government would be perceived as a victory, particularly if it served to undermine the cit- izenry’s confidence in their government. Latin-American revolutionary Carlos Marighela developed a strategy based on the observation that terrorist acts would elicit a pre- dictable reaction from the government, which often results in increasingly repressive measures in order to respond to the threat. In doing so, the populace would reject the per- ceived oppressive regime and eventually revolt against their own government (Neumann & Smith, 2007). If this strat- egy were applied to the Internet, increased incidents of cyber crime and security incidents may serve to bolster the argument of well-meaning politicians as they propose mea- sures to effectively censor the Internet—a measure that is overwhelmingly unpopular with users.

There is another factor, one which cannot be pre- dictably restrained or controlled—that of the nonstate hacker, which has the potential to play a decisive role in the event of unrestrained cyber warfare. There is a formal pro- cess to respond to a coordinated cyber attack against U.S. interests, which includes the Department of Homeland Security, the Defense Security Service, the Department of Defense, and other agencies, depending on the nature, source, and scope of the threat. “The United States has the capability to defend itself, but response to a state sponsored or OCONUS (Outside of the Continental U.S.) cyber attack has many considerations that are affected by inter- national treaties and possibly ongoing U.S. Government covert operations,” says Special Agent Chesson. “Non-state hackers are more likely going to harm response capabili- ties if they interfere with the official response” (personal communication, May 18, 2012).

Unlike government forces, however, independent hack- ers and hacking collectives are unrestricted by laws or

rules of engagement. In the hypothetical scenario of a cyber attack, which is found to originate from a com- mercial Web host that houses multiple legitimate business Websites, government entities are bound by international law and treaty while hackers are restricted only by a col- lective sense of morality or willingness to subvert local law. An example of this exists in those that self-identify with the collective known as Anonymous, which launched an effort in 2010 dubbed “Operation DarkNet,” in which they targeted commercial Web servers that hosted child pornog- raphy. Although illegal, as a result of their actions 40 child porn sites with hundreds of Gigabytes of images and videos were taken down and the names of more than 1,500 site visitors and administrators were published (Stone, 2012). The morality of the effort is a matter of personal interpretation.

A properly crafted tool would be able to perform surveil- lance on the very network used by terrorist forces to facil- itate their plot. The Flame worm is a textbook example of this fact; the malware is designed for intelligence-gathering, specifically to capture computer screenshots, record audio via the microphone, and steal computer files. Such a tool, if deployed, would allow one to effectively map a terror- ist contact network by surreptitiously capturing data and tracking communications. While arguably a valid target, legal issues exist for official channels which are not a factor for nonstate hackers.

Nonattributional interviews with 43 self-proclaimed hackers, conducted for this article, showed certain trends and considerations that highlight the unpredictable yet potentially decisive role that could be expected to be played by this ethereal force. Respondents varied in age, skill level, and affiliation; the overwhelming majority from the United States who were interviewed stated that, in the event of a large-scale cyber attack against the United States, they would leverage their skill sets to assist in the defense of critical infrastructure, particularly if they were potentially impacted by the loss of electricity, water, or other essential services. Also telling is the finding that the majority believe that “patriotic hacking” is justifiable by nongovernment entities if it protects government interests (41% saying it is, with 32% saying it is not) while an even greater per- centage felt that it is morally justifiable to hack into a commercial Web server or network in order to restrict the commission of a crime (69% saying that it is justifiable, and only 13% saying it is not). Perhaps most significant is the finding that 59% of respondents felt that hackers or hacking groups have the ability to either multiply or impede the traditional military or cyber warfare capabilities

Cyber Capabilities and Intent of Terrorist Forces 37

of a nation, with such scenarios as disrupting commu- nications, spreading disinformation (which may be made to appear to come from official sources or Websites), dis- able military capabilities, disable critical infrastructure, or attack personal computer systems versus only 5% who do not feel that such groups can have an impact (with 36% saying they were “unsure”). This is noteworthy because it captures the sentiment of the groups themselves, who believe that they may play a particular role if motivated to do so.

As the military, government, and private industries grow to develop their roles in our nation’s cyber defense, the public must also realize that they play a critical part in our collective defense against cyber terror. Infected com- puters, known as “bots,” may be remotely leveraged into greater attacks, further insulating the actual attacker from prosecution. Individual users must recognize that poor security practices may have a greater impact than the one to their personal data.

Although tempting to consider, the answer to the threat of cyber terrorism is not in security technology alone but also in training, awareness, and an increased relation- ship between public and private entities and coordinated response by appropriate national and international agen- cies. The Internet continues to grow as an indispensable part of our daily lives. As such, we must accept that its very presence has shaped and changed our culture into one that is increasingly dependent on online services. Only by acknowledging that this technology is being used as a vector for terrorist action and that it is a target in itself can we make available the collaborative resources available to defend our nation against this new domain of warfare. In the end, one thing must be remembered: our adversaries had the intent and capability to initiate cyber attacks, they know that we are vulnerable, and they are developing the skills and tactics to exploit that.

REFERENCES Al Qaeda. (2002). The Manchester Document. Retrieved from

http://www.justice.gov/ag/manualpart1_1.pdf Associated Press. (2005). Shiites turn out to support Iraqi constitu-

tion. NBC News. Retrieved from http://www.nbcnews.com/id/91269 48#.UUKPtWfMggg

Abrams, M., & Weiss, J. (2008). Malicious control system cyber secu- rity attack case study–Maroochy Water Services, Australia. Retrieved from http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy- Water-Services-Case-Study_report.pdf

Ashmore, W. C. (2009). Impact of alleged Russian cyber attacks. Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a504991.pdf

CISCO Technology. (2011). Global internet traffic projected to quadru- ple by 2015. Retrieved from http://newsroom.cisco.com/press-release- content?type=webcontent&articleId=324003

Council on Foreign Relations (2011). A conversation with Admiral J Michael McConnell. Retrieved from http://wn.com/A_Conversation_ with_Admiral_J_Michael_McConnell#/videos

Electronic Frontier Foundation. (n.d.) TOR. Retrieved from https://ssd. eff.org/tech/tor

Federal Bureau of Investigation. (2003). The case of the hacked South Pole. Retrieved from http://www.fbi.gov/news/stories/2003/ july/backsp_071803

Greenberg, A. (2010). “Here You Have” virus writer claims credit in video denouncing Iraq invasion. Retrieved from http://www.forbes. com/sites/andygreenberg/2010/09/13/here-you-have-virus-writer- claims-credit-in-video-denouncing-iraq-invasion/

Infraguard. (n.d.) Home Page. Retrieved from http://www.infragard.net Internet Crime Complaint Center. (2011) 2010 Internet Crime Report.

Retrieved from http://www.ic3.gov/media/annualreport/2010_ ic3report.pdf

Internet Crime Complaint Center. (2014) Annual Internet Crime Reports. Retrieved from http://www.ic3.gov/media/annualreports.aspx

Lake, E. (2009). Iranian protesters avoid censorship with Navy technology. The Washington Times. Retrieved from http://www.washingtontimes. com/news/2009/jun/26/protesters-use-navy-technology-to-avoid- censorship/?page=all

Neumann, P. R., & Smith, M. L. R. (2007). The strategy of terrorism – how it works and why it fails. Retrieved from http://www.polsci.wvu.edu/ faculty/hauser/PS461/NeumannSmithStrategicTerrorismJSS2005.pdf

North American Earth Liberation Front Press Office. (n.d.) Frequently asked questions about the Earth Liberation Front (ELF). Retrieved from http://www.animalliberationfront.com/ALFront/ELF/elf_faq.pdf

Paget, F. (2012). Hacktivism. McAfee Labs. Retrieved from http://www. mcafee.com/us/resources/white-papers/wp-hacktivism.pdf

Stone, M. (2012). Anonymous hacks pedophile website - operation darknet returns. Examiner. Retrieved from http://www.examiner. com/article/anonymous-hacks-pedophile-website-operation-darknet- returns

U.S. Court of Appeals. (2005). United States of America, Plaintiff- appellee, v. Rajib K. Mitra, Defendant-appellant, 405 F.3d 492 (7th Cir. 2005). Retrieved from http://law.justia.com/cases/federal/appellate- courts/F3/405/492/473548/

U.S. Department of Homeland Security. (2009). National infrastructure protection plan. Retrieved from http://www.dhs.gov/xlibrary/assets/ nipp_consolidated_snapshot.pdf

U.S. Department of State. (2011). Country reports on terrorism 2010. Retrieved from http://www.state.gov/j/ct/rls/crt/2010/index.htm

U.S. Department of State. (2012). Chapter 6. Foreign terrorist organiza- tions. Retrieved from http://www.state.gov/j/ct/rls/crt/2011/195553. htm

BIOGRAPHY Chris Cox is the Information Assurance Manager for

the U.S. Army’s National Training Center at Fort Irwin, California. He is also the founder and past president of the Operations Security Professionals Association (OSPA), a nonprofit organization dedicated to providing OPSEC training and awareness.

38 C. Cox

http://www.justice.gov/ag/manualpart1_1.pdf

http://www.nbcnews.com/id/9126948#.UUKPtWfMggg

http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study_report.pdf

http://www.dtic.mil/dtic/tr/fulltext/u2/a504991.pdf

http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=324003

http://wn.com/A_Conversation_with_Admiral_J_Michael_McConnell#/videos

https://ssd.eff.org/tech/tor

http://www.fbi.gov/news/stories/2003/july/backsp_071803

http://www.forbes.com/sites/andygreenberg/2010/09/13/here-you-have-virus-writer-claims-credit-in-video-denouncing-iraq-invasion/

http://www.infragard.net

http://www.ic3.gov/media/annualreport/2010_ic3report.pdf

http://www.ic3.gov/media/annualreports.aspx

http://www.washingtontimes.com/news/2009/jun/26/protesters-use-navy-technology-to-avoid-censorship/?page=all

http://www.polsci.wvu.edu/faculty/hauser/PS461/NeumannSmithStrategicTerrorismJSS2005.pdf

http://www.animalliberationfront.com/ALFront/ELF/elf_faq.pdf

http://www.mcafee.com/us/resources/white-papers/wp-hacktivism.pdf

http://www.examiner.com/article/anonymous-hacks-pedophile-website-operation-darknet-returns

http://law.justia.com/cases/federal/appellate-courts/F3/405/492/473548/

http://www.dhs.gov/xlibrary/assets/nipp_consolidated_snapshot.pdf

http://www.state.gov/j/ct/rls/crt/2010/index.htm

http://www.state.gov/j/ct/rls/crt/2011/195553.htm

Copyright of Information Security Journal: A Global Perspective is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.

ABSTRACT
REFERENCES
BIOGRAPHY