7 minute read
Motivation of cyber terrorists in launching acts of cyber terror
What motivates cyber terrorists? Why do they selectively engage in cyber terrorism over other terrorist acts. And how can they be detected before acts of cyber terror occur? Barnaby Pace, Head of Department - Postgraduate and Research at Otago Polytechnic explains.
In its broadest context, the US Federal Bureau of Investigation views cyberterrorism as any “premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by sub-national groups or clandestine agents.”
As an extension of this, Marc Rogers describes a cyber terrorist as an “individual who uses computer/network technology to control, dominate or coerce using terror in continuance of political or social objectives.”
Unfortunately, contemporary movies and popular media would have us believe that cyber terrorism is set purely in the realm of cyber-attacks on military and government instillations, however this is not the case.
Who are cyber terrorists?
Cyber terrorists can be divided into two major groups: those individuals or groups within an organisation (insider threat) and those outside. As you’ll see, there is overlap between these categories, however for simplicity these are presented here as discrete groups.
Insider Threat
Individuals within an organisation, or insiders, typically fall into one of three categories: disgruntled employees, criminals or those individuals who are seeking financial gain, or lastly, unintentional cyber terrorists. It is estimated that the threat from inside an organisation accounts for 20 percent of cyber-terrorist activity but can cause up to 80 percent of the damage.
The first of these categories, the disgruntled employee, can cause issues by releasing organisationally sensitive information or data on the internet, which can be accessed by competitors or fellow employees. Alternatively, they may have integrated an automated programme, known as a ‘logic bomb’, which will create issues as the result of a predetermined event. For example, if the employee does not appear in the payroll system, then the ‘planted’ programme will reformat the company database.
Those individuals who fall into the second category, criminals, are financially motivated and will misuse organisational assets and manipulate computer systems for financial gain. This includes the copying and selling of organisational information or electronic data for monetary gain.
The final insider threat’ category is the unintentional group. These are those individuals who unintentionally delete files resulting in loss of information or data, or who open files or redirect to unsecured internet sites that contain malware that infects the organisational internal network.
One area of particular concern with this group is ‘spills’. Spills are the result of an individual unintentionally uploading or publishing organisationally sensitive information on an unclassified system.
Outsider threat
Individuals, whether acting alone or as a member of a group external to the organisation they are ‘attacking’, can be categorised into three classes dependent on their level of organisation, motivations, or level of ability. These categories include: organised attackers, hackers or hacktivists; and ‘script kiddies’ or ‘noobs’.
Organised Attackers: as with threats for the insider, organised attackers can be further divided into several sub-groups: terrorists, hacktivists (which will be explored further below), national state actors and criminal actors. The first of these, the terrorist, is an actor who breaks into computer systems to steal, change or destroy information, with parallels to ‘traditional’ terrorists who employ terror as a means of political or religious weaponry.
National state actors, as the name would suggest, act on behalf of government agencies. Criminal actors are organised groups of professional criminals, who, in this context, operate in cyberspace.
Hackers/Hacktivists: Dependent on motivation, which will be discussed later, hackers can be classified as either ‘white hat’ hackers or ‘black hat’ hackers. ‘White hat’ or ‘ethical’ hackers are actors who are computer security specialists who use their skills to access protected systems and networks to identify any systems vulnerabilities so improvements can be made.
Black hat hackers are the opposite; actors who use their knowledge of computing and systems skills to breach computer systems and networks. As with the concept of cyber terrorism, popular media has formed a stereotypical view of this group.
A further, less well known and defined group, grey hat hackers, form a group between the black and white hat hackers. Hacktivists are actors who gain unauthorised access to computer systems and networks to further a social, religious or political goal.
Script Kiddies/Noobs: ‘Script kiddies’ or ‘noobs’ are actors who are unskilled that utilise scripts or programmes developed by others, to access computer systems and networks. In a report prepared for the US Dependent of Defence, script kiddies were defined as:
(Mead, 2006).
Each of these groups are driven to perform acts of cyber-terrorism for different personal or collective reasons. To explore the drivers for these actors we need to consider their underlying motives and motivational behaviours.
Approaches to understanding motivation
Motivation can be viewed as the driving force behind behaviour that leads individuals to pursue certain things and avoid others; and it has two principle components: (i) what individuals want to do and (ii) how strongly they want to do it.
There are several different theoretical approaches that can be taken to guide our understanding and interpretation of motivation, and an examination of teach will help in our understanding of the motivational forces that underpin cyberterrorism:
1. Psychodynamic theory: distinguishes between conscious and unconscious motive.
2. Behavioural theory: people are motivated to repeat behaviours that lead to reinforcement and to avoid other behaviours.
3. Cognitive theory: people are motivated to perform behaviours that they value and that the behaviour can attain.
4. Humanistic theory: based on Maslow’s hierarchy of needs, which range from the need for basic survival through to the need that guides behaviour once the needs lower down the hierarchy have been fulfilled.
5. Evolutionary theory: evolution selects animals that maximise their inclusive fitness.
Contemporary thinking suggests that behavioural, cognitive and evolutionary theories offer the best conceptual models for the motives that drive cyberterrorism.
In each theoretical domain, social interactions between actors is a contributing factor, even in the case of the ‘lone’ cyberterrorist. Social motives can take several forms.
One or more of these examples of social motivation can be found in the psyche of the cyber terrorist. As an example, consider dominance motivation. In this instance, the actor is driven to have a measure of control or influence over the action of others, such as in the case of political or religious ‘claimed’ cyber terrorist acts.
What motivates them?
The motivations of a cyber terrorist vary in much the same way as those that are as shown in Figure 2. Inadvertent and inaction outcomes are often the result of unintentional actions of employees or those actors, such as script kiddies, who are ‘trying it out’ without any malice intent.
The key motivation of deliberate acts of cyber terrorist can be grouped into three principal classifications, all of which have been referred to above under the definitions of organised attackers and hackers/hacktivists. These are political motivations, economic motivations and socio-cultural motivations.
Political: One of the primary motivations of cyber-terrorism is the determination to express or show support for a certain political viewpoint, which drives the actor’s worldview. These attacks are carried out to make their political view known.
Examples of this type of motivation include the destruction, disruption or seizing control of targets, espionage, and making political statements, protests, or retaliatory actions.
Economic: Economic, or financial, gain is better reflected in the domain of cybercrime, however it includes the theft of intellectual property or other economically valuable assets, fraud, industrial espionage and sabotage, and blackmail.
From a financial perspective, cybercrime via forced entry to bank accounts or the impersonation of banks could be driven by the motivation to fund further terrorist activities.
Socio-cultural: Socio-cultural motivation covers several behavioural drivers with examples ranging from attacks with theological, personal or humanitarian goals through to motivations including fun and curiosity, or a desire for publicity or ego gratification. Those actors motivated by religious drivers parallel those who are politically motivated as mentioned above.
This group also includes actors who are socially motivated, or driven by their peer group. Some actors do this for the simple ‘thrill’ of making a successful cyber-attack on an organisation, where others are wishing to demonstrate their abilities at hacking and gain recognition from their peers, allowing them to earn respect and honour among their online hacking communities.
Why cyberterrorism?
Cyberterrorism offers features which make it an attractive approach to terrorists. There are several reasons for this approach over more traditional methods, each of which provides further motive to be engaged in cyberterrorist acts.
Firstly, cyberterrorism is considered a cheaper approach compared to traditional terrorist methods. Compared with the purchase of weaponry, such as firearms and explosives, computers are inexpensive, easier to purchase, and require no licence or registration.
Secondly, cyberterrorism provides a degree of anonymity with the use of online ‘screen names’ or guest user log ins. The lack of physical barriers in cyberspace removes geophysical blockades, such as borders and customs agents, and makes it difficult for security and government agencies to identify the real terrorist.
This anonymity also further depersonalises the criminal act being undertaken, removing any moral or ethical connections with the intended recipient.
Thirdly, cyberspace provides a vast number of potential targets, unmarred by physical barriers, as discussed above. These potential targets include computers and computer networks of individuals, public utilities and governments. According to Gabriel Weimann (2005), the sheer number of potential targets ensures that terrorists will find weaknesses or areas of vulnerabilities to exploit.
Fourthly, Cyberterrorism can be undertaken remotely and requires less travel then traditional forms of terrorism. This also makes it considerably easier to recruit and retain supporters. Further, there is no requirement for physical training and less risk of mortality, which significantly increases the potential number of terrorists.
Conclusion
The threat of cyberterrorism can take many forms and come from any physical location that has access to the ever-growing virtual world society is creating around itself. Such threats can occur internally or externally to an organisation as the result of an organised attack or from an individual wishing to express their worldview or simply to impress their peers.
To understand the motivation of a cyber terrorist consideration needs to be given to what is driving the behaviour. To this end, an examination and understanding of cyber terrorist psychological profiles is needed. What has been presented in this paper is an overview of the potential theoretical models that could be used in the development of such profiles with an emphasis on social motives.
Further, these social drivers have been considered in the traditionally known categories of political, economic and socio-cultural. It is crucial to understand the reasoning given as to why cyberterrorism is utilised as a means of achieving an actors’ desired objective over traditional approaches to terrorism. A psychological human sciences approach to cyber terrorism offers the mechanisms by which counter-terrorism strategies can be developed beyond the mere consideration of the ‘tools of the trade’, and allow for a greater understanding of the actors behind cyber-attacks.
The emergence of new fields of research, such as cyber psychology and the application of social physics to ‘big data’, are paving the way forward and offering new approaches to combat potential cyber terrorism attacks through the use of behavioural profiling and the analysis of predicative data indicators.
As cyber terrorism evolves so too must our approach. The examination and understanding of motivation is one such approach that will offer insight to the underlying drivers for such behaviours and how to predict and prevent them.
