Internet and cyber terrorism by Tegenlicht Rotterdam

UNCLASSIFIED

Internet and Cyber Terrorism Knoxville Division

UNCLASSIFIED

UNLCASSIFIED

In the wake of the September 11 attacks, Usama Bin Ladin (UBL) said, “hundreds of Muslim scientists are with me who would use their knowledge - ranging from computers to electronics - against the infidels.” [Canadian Office of Critical Infrastructure Protection and Emergency Services, 2001]

UNCLASSIFIED

“In the past ten years, Al-Qa’ida (AQ) and its affiliates have created a potent online presence. Extremists are not limiting their use of the Internet to radicalization; they are using it to propagate terrorism and recruit jihadists.” [FBI Director Mueller, 28 July 2010]

UNCLASSIFIED

Internet and Terrorism

In 2011, Europol’s director general emphasized his belief that the Internet has replaced Afghanistan as the terrorist training ground

In 2011, Manfred Murck, head of the Hamburg branch of Germany’s Domestic Intelligence Service stated that the Internet functions as a kind of Al-Qa’ida virtual group

UNCLASSIFIED

Definition of Cyber Terrorism The execution of a surprise attack by a sub-national foreign terrorist group, or individuals with a domestic political agenda, using computer technology and the Internet to cripple or disable a nation’s electronic and physical infrastructures. The goal is not only to hurt the economy of a region or a country, but also to amplify the effects of a traditional physical terrorist attack by causing additional confusion and panic. It can also take the form of a physical attack – without ever touching a computer keyboard – that destroys critical internet communications and electric power nodes.

UNCLASSIFIED

Al-Qa’ida Evolvement Al-Qa’ida

is an organization

Al-Qa’ida

is a Movement

Al-Qa’ida

is an ideology UNCLASSIFIED

UNCLASSIFIED

Al-Qa’ida Evolving Toward Internet Jihad and Cyber Attack

UBL’s vast financial resources may have enabled him to purchase the expertise required for a cyber attack Intelligence recovered from the raid on UBL’s compound in Pakistan indicated: Laptops contained plans to target U.S. Information Systems Discovery of large databases containing US infrastructure details Use of the Internet to collect intelligence on targets Al-Qa’ida remains committed to striking the United States and its interests Islamic Extremist Websites encourage attacks on US SCADA System and financial and nuclear facilities located in the United States Jihadi Sheiks issued fatwas providing religious justification for today’s era of Internet and Cyber Jihad

UNCLASSIFIED

Al-Qa’ida and the Internet

AQ and its affiliates embraced technology both as a media platform and a planning tool The Internet’s importance to jihadists increased after AQ was driven from its safe haven in Afghanistan in 2002 From 2003 to 2007, AQ’s central media group grew its operations from 6 to 97 annual productions disseminated via the Internet Internet jihadists, Younis Tsouli and Malika al Aroud used the online environment to recruit, propagandize, train for, and conduct cyberattacks By 2008, AQ’s core recognized that the Internet reduced the time and costs of operational communications while increasing the scope of information-sharing among geographically disbursed groups

UNCLASSIFIED

Al-Qa’ida’s Affiliates and the Internet

In 2004, Abu Musab al-Zarqawi (Zarqawi) became well-known by a strategic combination of extreme violence and Internet savvy Due to the Internet, Zarqawi had a voice, if not a face, and a clear ideology to explain his violence By going online, Zarqawi was able to both control the interpretation of his violent message and achieve greater impact with smaller operations Legions of fans inspired by Zarqawi’s online activity took up the banner of violent jihad online An online jihadi milieu emerged (jihadi environment) Increased numbers of violent jihadi websites became available in English, French, German, Spanish, and Dutch signifying both the rise of violent jihadism in the West and growing efforts by violent jihadist voices to reach Western Muslim population

UNCLASSIFIED

AQ’s Affiliates and the Internet-Cont

Anwar al-Awlaki (Awlaki) was a master in the use of the Internet Awlaki’s video-taped speeches - distributed online - produced real world terrorists from the online radical milieus Awlaki was implicated in a number of attacks and plots, including Major Nidal Hasan’s shooting at Fort Hood in 2009, and the attempted Times Square car bombing in 2010 Above-noted individuals had been in online contact with Awlaki prior to their attacks Abu Dujana al-Khurasani, who launched the suicide attack at U.S. Forward Operating Base Chapman in Afghanistan was crazy about Awlaki British Roshonara Choudhry was radicalized via YouTube videos featuring Awlaki’s sermons

UNCLASSIFIED

Internet War, a New Battlefield

Jihadists connect with other like-minded individuals from the safety of their homes, sitting at their computers Online jihadists are free to read, participate, and ask questions in the privacy of their homes lowering the risk of detection Chat rooms and blogs mean that jihadists no longer have to physically meet Online jihadists are harder for authorities to detect Never before has one platform connected so many The challenge for authorities today is how to contain a social movement that simmers just beneath the surface

UNCLASSIFIED

Islamic Extremist Hacktivists

Hacking is part of the larger cyber security threats challenging Western capitals Numerous Western websites have been hacked by Islamic Extremist hacktivists acting on fatwas sanctioning their activities On 7 January 2013, police in Thailand arrested Hamza Bendelladj Algerian cybercrime suspect for stealing millions of dollars by hacking banksâ&#x20AC;&#x2122; websites He was associated with the Izz Eddine Al Qassam Cyber Fighters On 2 January 2013, several US websites were hacked by Abu Ubayda Al-Masri to mark the anniversary of the December 30, 2009 suicide attack against CIA and Jordanian intelligence personnel in Afghanistan He offered his services to jihadi forum members, saying he was willing to start a workshop on device hacking, encryption, and computer programming

UNCLASSIFIED

6 Worst Kinds of Hackers 1. 2. 3. 4. 5.

State-sponsored Hacktivist Cyber Criminal Insider (You) Script Kiddie

6. Vulnerability Broker UNCLASSIFIED

UNCLASSIFIED

2000 Maroochy Shire Cyber Event

Intentional, targeted attack by a determined and knowledgeable person on an Industrial Control System (ICS).

•Accessed computers controlling the Maroochy Shire Council’s sewerage system and altered electronic data in the sewerage pumping stations causing malfunctions in their operations. •Pumps were not running when they should have been •Alarms were not reporting to the central computer •Maroochy Shire, Queensland, Australia (north of Brisbane) •Rural destination •A loss of communication between the central computer andtourist various pumping stations •Population 120,000

Businesses have a need for cyber security to protect their trade secrets, proprietary information, and personally identifiable information (PII) of their customers or employees. UNCLASSIFIED

UNCLASSIFIED

Cyberterrorist Insider?

Vitek Boden Hunter Watertech (contractor) site supervisor on Maroochy SCADA project for two years Installed SCADA and radio-controlled sewage equipment for the Maroochy Shire Council Quit Hunter Watertech after a strained relationship in Dec 1999 Applied for job with Maroochy Shire Council â&#x20AC;&#x201C; Maroochy Water Services (rejected Jan 2000) Packed his car with stolen radio equipment connected to a laptop computer Drove around area on 46 occasions from February to April 2000 Gained unauthorized access to the control system via an insecure wireless network Issued radio commands to the sewage equipment Released 800,000 liters of raw sewage into local parks, rivers, and the grounds of a hotel Marine life died, creek water turned black, and the stench was unbearable for residents Cost of the attack was in the $1 million range

UNCLASSIFIED

Attack Summary

Vitek Boden was a disgruntled insider who was never an employee of the organization he attacked. He was an employee of a contractor that supplied IT/control system technology to the Maroochy Shire Council. With his knowledge he was the “ultimate insider”. The service contract was deficient or inadequate concerning Hunter Watertech’s responsibilities. Lacked management, technical and operational cyber security controls Lacked personnel security controls that applied to its employees such as background investigations and protection from disgruntled employees A number of anomalous events occurred before recognition that the incidents were intentional. As a skillful adversary, Boden was able to disguise his actions. Extensive digital forensics were required to determine that a deliberate attack was underway There were no existing cyber security policies or procedures. There were no cyber security defenses.

UNCLASSIFIED

Cyber Security – Policies, Procedures, Defenses • Access Human Resource Security Security PhysicalControl and Environmental •• IT screening Pre-employment Control physical access– at least 2 satisfactory professional references • • • •• • •

Restrict User access (especially administrative privileges) Communicate transfer, resignation or termination of employees Protect authentication (passwords) system files from unauthorized access Regular review of the physical access list Timely revokeofphysical of transferred, resigned, or terminated Regular review Privilegedaccess user’s access rights Control video recording employees Regular auditphotography of workstations - or check for updates Anti-virus software, Intrusion Systems (monitoring), Timely revoke anyfirewalls, electronic accessDetection of at transferred, resigned, orencryption Use video surveillance cameras all entrances and exits

terminated employees (to include portable and mobile devices and remote and other strategic points monitored 24/7 • access) Users

Use Complex Secure thePasswords system on intern, whichorthe access control •• For any employee, trainee, contract personnel • • •

Don’t write down or store passwords in readable format installed Terminate active sessions or lock workstations Just don’t click on it! UNCLASSIFIED

software is

UNCLASSIFIED

Questions? IA Nicole Hembree IA Scott Peterson

UNCLASSIFIED