Denial-of-Service Attacks

Whereas a web sit-in requires participation by tens of thousands of people to have even a slight impact, the so-called denial-of-service (DoS) and distributed denial-of-service (DDoS) tools allow lone cyberwarriors to shut down websites and e-mail servers. With a DoS attack, a hacker uses a software tool that bombards a server with network messages. The messages either crash the server or disrupt service so badly that legitimate traffic slows to a crawl. DDoS is similar except that the hacker first penetrates numerous Internet servers (called "zombies") and installs software on them to conduct the attack. The hacker then uses a tool that directs the zombies to attack the target all at once.

During the Kosovo conflict, Belgrade hackers were credited with DoS attacks against NATO servers. They bombarded NATO’s web server with "ping" commands, which test whether a server is running and connected to the Internet. The attacks caused line saturation of the targeted servers.

Similar attacks took place during the Palestinian-Israeli cyberwar. Pro-Palestinian hackers used DoS tools to attack Netvision, Israel’s largest ISP. While initial attacks crippled the ISP, Netvision succeeded in fending off later assaults by strengthening its security.

Automated e-mail bombings represent another way of disrupting service. In what some US intelligence authorities characterize as the first known attack by terrorists against a country’s computer systems, ethnic Tamil guerrillas swamped Sri Lankan embassies with thousands of e-mail messages. The messages read, "We are the Internet Black Tigers and we’re doing this to disrupt your communications." An offshoot of the Liberation Tigers of Tamil Eelam, which had been fighting for an independent homeland for minority Tamils, was credited with the 1998 incident.

The e-mail bombing consisted of about 800 e-mails a day for about two weeks. William Church, managing director of the Centre for Infrastructural Warfare Studies (CIWARS), observed that "the Liberation Tigers of Tamil are desperate for publicity and they got exactly what they wanted.… considering the routinely deadly attacks committed by the Tigers, if this type of activity distracts them from bombing and killing then CIWARS would like to encourage them, in the name of peace, to do more of this type of ‘terrorist’ activity."

Future Prospects

As the Internet continues to grow, its popularity as a digital battleground for hacker warriors is likely to increase. There will be more targets to attack and more people to attack them. Many regions of conflict in the world have only recently joined the Internet. When they have, the conflict has followed them on-line. It seems likely that every major conflict in the physical world will have a parallel operation in cyberspace. Further, there may be cyberspace battles with no corresponding physical operations.

Cyberdefenses will improve, but they are unlikely to fend off all attacks. New vulnerabilities are continually uncovered at a faster rate than ever before. Security lags behind. Cyberwarriors, therefore, will have little difficulty finding weak systems to attack. Hacking tools will become more powerful and easier to use.

Although hacktivism is certain to be a part of the picture, it is harder to predict the extent to which terrorists might engage in attacks with potentially lethal or catastrophic consequences. While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm. Conversely, terrorists who are motivated to cause violence seem to lack the capability or motivation to cause that degree of damage in cyberspace.

In August 1999, the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, issued a report entitled "Cyberterror: Prospects and Implications." Their objective was to articulate the demand side of terrorism. Specifically, they assessed the prospects of terrorist organizations pursuing cyberterrorism. They concluded that the barrier to entry for anything beyond annoying hacks is quite high and that terrorists generally lack the wherewithal and human capital needed to mount a meaningful operation. Cyberterrorism, they argued, was a thing of the future, although it might be pursued as an ancillary tool.

The Monterey team defined three levels of cyberterror capability. The first level is simple-unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command and control, or learning capability.

The second is advanced-structured: the capability to conduct more sophisticated attacks against multiple systems or networks, and possibly to modify or create basic hacking tools. The organization possesses elementary target analysis, command and control, and learning capabilities.

The third is complex-coordinated: the capability to coordinate attacks capable of causing mass disruption against integrated, heterogeneous defenses (including cryptography). The organization has the ability to create sophisticated hacking tools. They possess a highly capable target analysis, command and control, and organizational learning capability.

The Monterey team estimated that it would take a group starting from scratch two to four years to reach the advanced-structured level and six to ten years to reach the complex-coordinated level, although some groups may get there in just a few years or turn to outsourcing or sponsorship to extend their capability more rapidly.

The study examined five types of terrorist groups: religious, New Age, ethno-nationalist separatist, revolutionary, and far-right extremist. The authors determined that only the religious groups are likely to seek the most damaging capability level, as it is consistent with their indiscriminate application of violence. New Age or single-issue terrorists, such as the Animal Liberation Front, pose the most immediate threat. However, such groups are likely to accept disruption as a substitute for destruction. Both the revolutionary and ethno-nationalist separatists are likely to seek an advanced-structured capability. The far-right extremists are likely to settle for a simple-unstructured capability, as cyberterror offers neither the intimacy nor the cathartic effects that are central to the psychology of far-right terror. The study also determined that hacker groups are psychologically and organizationally ill-suited to cyberterrorism, and that it would be against their interests to cause mass disruption of the information infrastructure.

For a terrorist, digital battles have other drawbacks. Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons. Unless people are injured, there is also less drama and emotional appeal. Further, terrorists may be less inclined to try new methods unless they see their old ones as inadequate, particularly when the new methods require considerable knowledge and skill to use effectively. Terrorists generally stick with tried and true methods. Novelty and sophistication of attack may be much less important than the assurance that a mission will be operationally successful. Indeed, the risk of operational failure could be a deterrent to terrorists. For now, the truck bomb poses a much greater threat than the logic bomb.