Cybercrime Logo

 

 

 NYLS Cybercrime.AdvancedStudies.Org

 

UNIT 10:
Information Warfare, Cyberterrorism, and Hacktivism

Cybercrime, Cyberterrorism, and Digital Law Enforcement
NYLS CRI150 SPRING 2009
Professor K. A. Taipale (bio) (contact)


Registered Students login to NYLS Portal for updated Course Information and Reading Assignments.



UNIT 10:
Information Warfare, Cyberterrorism, and Hacktivism

PONDERABLES:

Information is an instrument of national and global power. As such, control over its use, its protection, and its manipulation, are national and global security issues. How should nation states respond to delocalized, transborder cyber threats? To cyber threats or attacks from other nation states? To cyber threats or attacks from non-state actors operating on behalf of, or from the terroritory of, other nation states?

(See GISP Program on Information and Warfare).

 

REQUIRED READING:

CASEBOOK: David J. Loundy, COMPUTER CRIME, INFORMATION WARFARE, AND ECONOMIC ESPIONAGE, Carolina Academic Press (2003) (ISBN:0890891109) read:

Chapter 13, Hacktivism, pp. 449-478 (Dorothy E. Denning).

Congressional Research Service, "Botnets, Cybercrime, and Cyberterrorism:
Vulnerabilities and Policy Issues for Congress
," CRS RL32114 (updated Jan. 29, 2008) ("Cybercrime is becoming more organized and established as a transnational
business. High technology online skills are now available for rent to a variety of
customers, possibly including nation states, or individuals and groups that could
secretly represent terrorist groups. The increased use of automated attack tools by
cybercriminals has overwhelmed some current methodologies used for tracking
Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are
acknowledged openly in publications, could possibly attract cyberattacks to extort
money, or damage the U.S. economy to affect national security.")

 

ADDITIONAL READING:

Johannis Kuhn, "In Cyberwar There Are No Rules," interview with Kim Taipale in Sueddeutsche Zeitung (Sept. 20, 2007) (See also "Virtual Attack").

K. A. Taipale, "Deconstructing Information Warfare" presented to the Committee on Policy Consequences and Legal/Ethical Implications of Offensive Information Warfare, The National Academies, Wash., DC (Oct. 30, 2006).

K. A. Taipale, Cyber-Deterrence in Law, Policy and Technology: Cyberterorrism, Information Warfare, Digital and Internet Immobilization (IGI Global 2010).

Congressional Research Service (CRS), "Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress," Oct. 17, 2003) (Persistent computer security vulnerabilities may expose U.S. critical infrastructure and government computer systems to possible cyber attack by terrorists, possibly affecting the economy or other areas of national security. This report discusses possible cyber capabilities of terrorists and sponsoring nations, describes how computer security vulnerabilities might be exploited through a cyber terror attack, and raises some potential issues for Congress.)

James Lewis, "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats," Center for Strategic and International Studies (CSIS) (Dec. 2002) ("Unless a cyber terror event can be designed to attract as much media attention as a physical terror event, the Internet maybe better utilized byterrorist organizations as a tool for surveillance and espionage, rather than for cyber terrorism.")

 

Offense/Defense:

Patience Wait, "Defense domain, civilian awareness," GCN (Jan. 22, 2007).

Ellen Messmer, U.S. cyber counterattack: Bomb 'em one way or the other, NetworkWorld (Feb. 2, 2007) ("If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.").

Ellen Nakashima, "Bush Order Expands Network Monitoring: Intelligence Agencies to Track Intrusions," Washington Post (Jan. 26, 2008) ("President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. The [classified] directive ... authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies. ... The NSA has particular expertise in monitoring ... communications systems -- traditionally overseas. The prospect of aiming that power at domestic networks is raising concerns, just as the NSA's role in the government's warrantless domestic-surveillance program has been controversial.")

 

Political Hacktivism:

Patrick Houston, "Hackers protest embassy bombing," ZDnet News (May 9, 1999).

"Hackers hit government Web sites after China embassy bombing," CNN.com (May 11, 1999).

Heather Greenfield, "Bloggers Coordinate 'Google Bombs' To Sway Voters," Nat. J. TechDaily (Oct. 24, 2006).

Tom Zeller, Jr., "A New Campaign Tactic: Manipulating Google Data," N.Y. Times (Oct. 25, 2006).

"Hackers bring down Panama assembly's Web site," Reuters (Jan. 22, 2008) ("Hackers crashed the Web site of Panama's National Assembly and briefly posted an American flag there, four months after the legislature elected as its leader a man accused of murdering a U.S. soldier.").

"Indonesian ministry Web site hacked over porn ban," Reuters (Mar. 28, 2008) ("Hackers have defaced the Web site of Indonesia's information ministry in response to a government move to restrict access to pornographic material on the Internet, ....")

EPIC Report, "E-Deceptive Campaign Practices Report: Internet Technology & Democracy 2.0", Electronic Privacy Information Center (Oct. 20, 2008) ("Deceptive campaigns are attempts to misdirect targeted voters regarding the voting process for public elections. Election activity that would be considered deceptive could for example include false statements about polling times, date of the election, voter identification rules, or the eligibility requirements for voters who wish to cast a ballot. ... Today, voters are relying more and more on Internet enabled communications to engage in political decision-making. Deceptive practices tactics that target e-mail, instant message, and
cell phone users can compress the timeline for launching successful disinformation and
misinformation attacks from days to hours or minutes.")

 

Case Study: Russia v. Estonia (Cyberwar or cyberriot?):

"A cyber-riot," The Economist (May 10, 2007) ("Estonia has faced down Russian rioters. But its websites are still under attack").

"The cyber raiders hitting Estonia," BBC News (May 17, 2007) ("Estonia ... has been under sustained attack from hackers since the ethnic Russian riots sparked in late April by its removal of a Soviet war memorial from Tallinn city centre. ... While the government ... has not blamed the Russian authorities directly for the attacks, it ... has published a list of IP addresses "where the attacks were made from". [These] include addresses in the Russian government and presidential administration. ... [But security consultants believe] the hackers are likely to be "younger types who, in other days, would have been writing and spreading viruses". ... [and see] no reason to believe in Russian state involvement in the hacking, beyond the fanning of anti-Estonian sentiment. ... "Unlike a nuclear or conventional military attack, you do not need a government for such attacks" .... "There were anti-Estonian sentiments, fuelled by Russian state propaganda, and the sentiments were voiced in articles, blogs, forums and the press, so it's natural that hackers were part of the sentiment and acted accordingly." )

"Cyberwarfare: Newly nasty," The Economist (May 24, 2007).

John Leydon, "Botnets linked to political hacking in Russia," The Register (Dec. 14, 2007).

"Estonia fines man for 'cyber war'," BBC Nes (Jan 25, 2008) ("A 20-year-old ethnic Russian man is the first person to be convicted for taking part in a "cyber war" against Estonia.")

 

Cae Study: Russia v. Georgia (Cyberwar or cyberriot?):


Gregg Keizer, "Cyberattacks knock out Georgia's Internet presence: Large-scale attacks, traffic rerouting traced to Russian hacker hosting network," Computer World (Aug. 11, 2008)

Jon Swaine, "Georgia: Russia 'conducting cyber war' ,"The Telegraph (Aug. 11, 2008) ("Several Georgian state computer servers have been under external control since shortly before Russia's armed intervention into the state commenced on Friday, leaving its online presence in disarray. ... The Georgian Government said that the disruption was caused by attacks carried out by Russia as part of the ongoing conflict between the two states over the Georgian province of South Ossetia. ")


John Markoff, "Before the Gunfire, Cyberattacks," NY Times (Aug. 12, 2008) ("... attacks against Georgia’s Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests — known as distributed denial of service, or D.D.O.S., attacks — that overloaded and effectively shut down Georgian servers. ... Exactly who was behind the cyberattack is not known. The Georgian government blamed Russia for the attacks, but the Russian government said it was not involved. ...").


John Swaine, "Russia continues cyber war on Georgia," The Telegraph (Aug. 13, 2008) ("Their assault, which began before the commencement of the five-day Russian military offensive, has again crashed the official website of the central government and has been widened to include a US company which stepped in to rescue the website of Mikheil Saakashvili, the Georgian President.")


Kim Hart, "A New Breed Of Hackers Tracks Online Acts of War," Wash. Post (Aug. 27, 2008).

Trevis Wentworth, "You’ve Got Malice," NEWSWEEK (Sep. 01,2008) ("Russian nationalists waged a cyber war against Georgia. Fighting back is virtually impossible. On July 20, weeks before Russia stunned Georgia with a rapid invasion, the cyber attack was already under way. While Moscow baited Georgia with troop movements on the borders of the breakaway provinces of Abkhazia and South Ossetia, the "zombie" computers were already on the attack. Russian viruses had seized hundreds of thousands of computers around the world, directing them to barrage Georgian Web sites, including the pages of the president, the parliament, the foreign ministry, news agencies and banks, which shut down their servers at the first sign of attack to pre-empt identity theft. At one point the parliament's Web site was replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. This was not the first Russian cyber assault—that came against Estonia,in April of 2007—but it was the first time an Internet attack paralleled one on land.")

Report, "Russian Cyberwar on Georgia," HostExploit.com (Oct. 20, 2008).

Kim Taipale discusses the Russian Cyber Attacks on Georgia on Digital Age with James Goodale (WNYE-PBS, Sept. 28, 2008) (Play Video).

Kim Taipale, Developing Policy for Cyberwarfare: Lessons from the Russia/Georgia Conflict, CAS/PIW (Sept. 10, 2008).

 

Critical Infrastructure Attacks:

Thomas Claburn, "CIA Admits Cyberattacks Blacked Out Cities," InformationWeek (Jan. 18, 2008) ("The CIA on Friday admitted that cyberattacks have caused at least one power outage affecting multiple cities outside the United States.") CIA statement:

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

DAN CATERINICCHIA, "New Cyber-Security Rules for Power Cos." Washington Post (Jan. 18, 2008) ("Federal regulators on Thursday approved the first cyber-security standards for the nation's electric industry, following growing concerns about the power grid's vulnerabilities. ... The power grid, generating plants and refineries face are increasingly threatened from hackers who could cause major disruptions and economic chaos in the U.S., the Government Accountability Office said in October.").

 

Hardware Counterfeiting:

John Markoff, "F.B.I. Says the Military Had Bogus Computer Gear," N.Y Times (May 9, 2008) ("Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control").

 

China and Information Warfare:

(see also, Economic Espionage section, below)

Frank Tiboni, "Chinese military targeting DOD tech," FCW.com (July 19, 2005) ("The People’s Liberation Army has likely established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics to protect friendly computer systems and networks.").

Josh Rogin, "DOD: China fielding cyberattack units," FCW.com (May 25, 2006) ("The Chinese People’s Liberation Army (PLA) is developing information warfare ... units and ... is developing the ability to launch pre-emptive attacks against enemy computer networks in a crisis.").

Josh Rogin, "China a major cyberthreat, commission warns," FCW.com (Dec. 1, 2006) ("China’s cyberwarfare strategy has switched from a defensive to an offensive posture, with the goal of attacking enemy networks and denying adversaries access to information, said the U.S.-China Economic and Security Review Commission (USCC) in its annual report, released Nov. 16. Chinese strategy focuses on U.S. systems that perform command and control or deliver precision weapons, the report states.").

Roy Mark, "Report Details China's Cyber-Warfare Plans," eWEEK (Nov. 21, 2007) ("If the United States and China were to find themselves in an armed conflict, China is likely to launch cyber attacks on American [interests] ... China is already actively engaging in cyber-reconnaissance through the probing of computer networks of U.S. government agencies and private companies.").

John Leyden , "MI5 warns over China hacking menace," The Register (Dec. 3, 2007) ("MI5 has warned UK businesses of the threat posed by state-sponsored Chinese hackers. The UK security service has sent an advisory to banks and law firms warning them to guard against attack from "Chinese state organisations".).

"Chinese Hackers Accused of Attacking Shell, Rolls Royce: Britain security agency warns of international spies in cyberspace," Washington Post (Dec. 3, 2007).

Simon Elegant, "Enemies at The Firewall," Time Magazine (Dec. 6, 2007) ("China has long regarded cyberwarfare as a critical component of asymmetrical warfare in any future conflict with the U.S. ... to counter America's huge technological advantage. A current wave of hacking attacks seems to be aimed mainly at collecting information and probing defenses, but in a real cyberwar, a successful attack would target computer-dependent infrastructure, such as banking and power generation.")

John Markoff, "China Link Suspected in Lab Hacking," NY Times (Dec. 8, 2007).

Bob Brewin, "Pentagon: Cyberattacks appear to come from China," Government Executive GovExec.com (Mar. 3, 2008) ("The Defense Department said Monday that cyberattacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China -- marking the first time the Pentagon has so visibly pinned the blame against China for cyberattacks.")

Bob Brewin, "Top Defense commander hints at taking offensive actions in space, cyberspace," Government Executive GovExec.com (Mar. 12, 2008) ("The chief of the Strategic Command hinted ... during a Senate hearing that the Pentagon has plans to conduct warfare ... in cyberspace, strategies the Defense Department has been reluctant to discuss openly in the past.. ... Last June, the Defense Science Board released a report that recommended that attacks against U.S. information systems should be countered with "disproportionate response." The report added that "every potential adversary, from nation states to rogue individuals, could be targets of an integrated offensive capability.")

 

TREATIES/STATUTES (THE LAWS OF WAR/ARMED CONFLICT)w:

The Hague Conventions (1899-1907) (1956)

United Nations Charter (~ [Article 2], [Article 33, Article 39], [Article 51])

Geneva Convention (Protocols 1977 ~ Article 51.2)

 

ADDITIONAL BACKGROUND READING (Selections):

Winn Schwartau, INFORMATION WARFARE (1996) (ISBN:1560251328).

Dorothy Denning, INFORMATION WARFARE AND SECURITY (Addison-Wesley 1998) (ISBN:0201433036).

John Arquilla and David Ronfeldt, NETWORKS AND NETWARS: The Future of Terror, Crime, and Militancy (RAND 2001) (ISBN:0833030302).

Gregory J. Rattray, STRATEGIC WARFARE IN CYBERSPACE (MIT Press 2001) (ISBN:0262182092).

Anthony H. Cordesman, CYBER-THREATS, INFORMATION WARFARE, AND CRITICAL INFRASTRUCTURE PROTECTION: DEFENDING THE US HOMELAND (2002) (ISBN:0275974235).

Leigh Armistead, INFORMATION OPERATIONS (Jt. Forces Staff College and the NSA 2004) (ISBN:1574886991).

DOD REPORT TO CONGRESS: Military Power of the People’s Republic of China (2006), pp 35-36:

Exploiting Information Warfare

The PLA [Peoples Liberation Army] considers active offense to be the most important requirement for information warfare to destroy or disrupt an adversary’s capability to receive and process data.  Launched mainly by remote combat and covert methods, the PLA could employ information warfare preemptively to gain the initiative in a crisis. 

Specified information warfare objectives include the targeting and destruction of an enemy’s command system, shortening the duration of war, minimizing casualties on both sides, enhancing operational efficiency, reducing effects on domestic populations and gaining support from the international community.

The PLA’s information warfare practices also reflect investment in electronic countermeasures and defenses against electronic attack (e.g., electronic and infrared decoys, angle reflectors, and false target generators.)

Computer Network Operations.  China’s computer network operations (CNO) include computer network attack, computer network defense, and computer network exploitation.   The PLA sees CNO as critical to seize the initiative and achieve “electromagnetic dominance” early in a conflict, and as a force multiplier.  Although there is no evidence of a formal Chinese CNO doctrine, PLA theorists have coined the term “Integrated Network Electronic Warfare” to outline the integrated use of electronic warfare, CNO, and limited kinetic strikes against key C4 nodes to disrupt the enemy’s battlefield network information systems.  The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks.  The PLA has increased the role of CNO in its military exercises.  For example, exercises in 2005 began to incorporate offensive operations, primarily in first strikes against enemy networks.

 

 


Registered Students login to NYLS Portal for updated Reading Assignments.



 

Course Outline/Class Units

Registererd NYLS students login to my.nyls.edu for updated outline and assignments.

  1. Overview, What is Cybercrime?
  2. Computer Intrusions and Attacks (Unauthorized Access)
  3. Computer Viruses, Time Bombs, Trojans, Malicious Code (Malware)
  4. Online Fraud and Identity Theft; Intellectual Property Theft; Virtual Crime
  5. Online Vice: Gambling; Pornography; Child Exploitation
  6. International Aspects and Jurisdiction
  7. Infrastructure and Information Security; Risk Management
  8. Investigating Cybercrime: Digital Evidence and Computer Forensics
  9. Interception, Search and Seizure, and Surveillance
  10. Information Warfare, Cyberterrorism, and Hacktivism
  11. Terrorism, Radicalization, and The War of Ideas
  12. Trade Secret Theft and Economic Espionage
  13. National Security
  14. Case Study: CALEA, VoIP

Course Information

  1. PAPER RESEARCH
  2. USEFUL LINKS FOR DEFINING TECHNICAL TERMS
  3. COURSE SUBTEXT AND OPTIONAL BACKGROUND MATERIAL

 


Registered Students login to NYLS Portal for updated Reading Assignments.


All original material on this or any linked page is copyright the Center for Advanced Studies in Science and Technology Policy © 2003-2009. Permission is granted to reproduce this material in whole or in part for non-commercial purposes, provided it is with proper citation and attribution.

 

 NYLS Logo