UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
TACTICS OF TERRORIST AND ROGUES:-
The information warfare (IW) arsenal and tactics of terrorists and rogues
have become increasingly transnational as the networked organizational
form has expanded. When terrorism’s mentors were the Soviet Union and
the Eastern Bloc, they imposed their own rigid hierarchical structure on
terrorist groups. Now that terrorism is increasingly substate, or
semidetached, networking and interconnectivity are necessary to find allies
and influence others, as well as to affect command and control.
An analogy, using the Palestinian example, may be that the more networked
form of Hamas now that Arafat is dead, is replacing the hierarchical
structure of the PLO. In many ways the Afghan War was a seminal event in
promoting the networked form in that it showed that fluidly organized
groups, driven in this case by a religious imperative, could defeat an
experienced hierarchically structured army.
Bin Laden Uses Web to Plan:- Osama bin Laden and other Muslim
extremists are using the Internet to plan more terrorist activities against the
United States and its allies. Recently, U.S. law enforcement officials and
other experts disclosed details of how extremists hide maps and
photographs of terrorist targets in sports chat rooms and on pornographic
bulletin boards and other popular Web sites. Instructions for terrorist
1 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
activities also are posted on the sites, which the officials declined to name.
To a greater and greater degree, terrorist groups, including Hezbollah,
Hamas, and bin Laden’s al Qaeda, are using computerized files, email, and
encryption to support their operations—like the train bombing in Madrid in
the winter of 2004. According to various unnamed officials and
investigators, the messages are scrambled using free encryption programs
set up by groups that advocate privacy on the Internet. It’s something the
intelligence, law-enforcement, and military communities are struggling to
deal with. The operational details and future targets, in many cases, are
hidden in plain view on the Internet. Only the members of the terrorist
organizations, knowing the hidden signals, are able to extract the
information.
The Terrorist Profile:- Sid-Ra, a 6-foot-4-inch, 350-pound giant of a man,
paces between his “subjects” in the smoke-filled Goth club Click + Drag,
located in the old meat-packing district of Manhattan. Inside the club are
leather-clad, black-lipped females and young men dressed in women’s
underwear. Sid is a hacker-terrorist and an acknowledged “social
engineer” with curious nocturnal habits. There are thousands of people like
him, who by day care system and network administrators, security analysts,
and startup cofounders. When night comes, they transform into something
quite different. Is this the profile of a “wanna-be” terrorist? Perhaps! These
are the selfproclaimed freedom fighters of cyberspace. They even have a
name for it: hactivism. Political parties and human rights groups are circling
around to recruit hactivists into their many causes. Recently, for example,
the Libertarian Party set up a table at the HOPE (Hackers on Planet Earth)
conference. The San Francisco– based Electronic Frontier Foundation (EFF)
collected donations, and members of civil-rights groups, including the
Zapatistas, a Mexican rebel group, spoke up at one of two sessions on
hactivism.
2 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
From Vietnam Marches to Cyberdisobedience:- Like any social engineer,
Sid exaggerates. Except for the four-year jail terms handed down to Kevin
3 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
Mitnick and Kevin Poulsen, sentencing for even criminal hacking in 2003–
2004 has been relatively light (mostly probation and fines) because of the
suspects’ young ages.
Hackers question conventional models. They don’t just look at technology
and say, “This is how it works.” They say, “How can I make it better?”
They look at society that way too—their government, their schools, and their
social situations. They say, “I know how to make this better,” and they go
for it. In the Motion Picture Association of America (MPAA) case, staffers at
2600 Enterprises Inc., based in Middle Island, New York, were threatened
with imprisonment if they didn’t remove a link on the 2600 Web site to the
code used to crack DVD encryption. Because the link was editorial content,
it set Sid off on another diatribe. The Libertarian Party also recruits hackers
and technologists. At HOPE, the party’s New York State committee
(http://www.cownow.com) handed out fliers, signed up recruits, and took a
“sticker” poll of party affiliations. The poll got hacked, but about half the
stickers were yellow—for libertarian, anarchist, or independent. Many party
members are programmers
Why Terrorists and Rogues have an Advantage In IW:- Governments have
neither the financial resources nor the technical know-how to stay on top of
hackers and computer terrorists. This is why terrorists and rogues have an
advantage in IW. The private sector must itself take much of the action that
is necessary to prevent attacks being made on the Internet. It’s no longer
possible for governments to provide the resources and investment necessary
to deal with these kinds of issues.
There are no cookie-cutter solutions; every network is different. At the top of
chief information officers (CIOs) lists of concerns is denial of service (DoS)
attacks, which recently brought Yahoo, Amazon.com, eBay, and other high-
profile Web sites to their knees. DoS attacks are a key concern because the
only way that is currently available to prevent them is to catch the
4 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
perpetrators.
5 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
Solutions seem harder to come by today than solutions to the problems just
discussed. Governments, businesses, and research institutions must band
together to find the best technologies and courses of action to defeat cyber
crimes. Companies must be more willing to invest in security systems to
protect their networks. A few of these companies called on software
companies and service providers to make their products more secure.
Default settings for software products sold to consumers should be at the
highest level of security. You wouldn’t build a swimming pool in the center
of town and not put a fence around it. Basically, that’s just what the
software companies are doing.
Although security firms have financial incentives for promoting security
issues, for the average corporation, the benefits of spending millions of
dollars to bolster security in networks aren’t immediately obvious, thus
making them slow to act. If you have a choice of spending five million dollars
on getting 693,000 new customers, or five million dollars on better serving
the ones you already have, that’s a difficult value proposition. Most
companies would take the additional customers. The severity of attacks
could get worse, though, and businesses would be wise to make
precautionary investments now. Most businesses have been lucky so far.
The Criminal Café in Cyberspace:- Not long ago, if a terrorist wanted to
cause a blackout in, say, New York, it would have taken some work. He or
she might have packed a truck with explosives and sent it careening into a
power plant. Or he or she might have sought a job as a utility worker to
sabotage the electrical system.
In a closed briefing to Congress, the CIA reported that at least a dozen
countries, some hostile to America, are developing programs to attack other
nations’ information and computer systems. China, Cuba, Russia, Korea,
and Iran are among those deemed a threat, sources later declared.
Reflecting official thinking no doubt, the People’s Liberation Daily in China
noted that a foe of the United States only has to mess up the computer
6 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
systems of its banks by high-tech means “Eligible Receiver” culminated
7 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
when three two-person “red teams” from the National Security Agency
used hacker techniques that can be learned on the Internet to penetrate
DoD computers. After gaining access to the military’s electronic message
systems, the teams were poised to intercept, delete, and modify all messages
on the networks. Ultimately, the hackers achieved access to the DoD’s
classified network (see sidebar, “Espionage By Keystroke?”) and, if they
had wished, could have denied the Pentagon the ability to deploy forces. In
another exercise, the DoD found that 74% of test attacks on its own systems
went undetected.
Sabotage:- Sophisticated hackers, meanwhile, are breaking into sensitive
Chinese computers (see sidebar, “Cyberspace Incidents on the Rise in
China”). Members of the Hong Kong Blondes, a covert group, claim to have
gotten into Chinese military computers and to have temporarily shut down a
communications satellite last year in a hacktivist” protest. The ultimate aim
is to use hacktivism to ameliorate human rights conditions.
The Super Computer Literate Terrorist:- During the next 20 years, the
United States will face a new breed of Internet-enabled terrorists, super
computer literate criminals, and nation-state adversaries who will launch
attacks not with planes and tanks, but with computer viruses and logic
bombs. America’s adversaries around the world are hard at work
developing tools to bring down the United States’ private sector
infrastructure. The United States faces an increasingly wired but dangerous
world, as evidenced by the following:
1. Many countries have programs to develop cyberattack technologies and
could develop such capabilities over the next decade and beyond.
2. The Unites States, Russia, China, France, and Israel are developing
cyberarsenals and the means to wage all-out cyberwarfare.
3. Terrorist groups are developing weapons of mass destruction.
4. Russia has become a breeding ground for computer hackers. The Russian
equivalent of the U.S. National Security Agency and organized crime groups
8 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
recruit the best talent.
9 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
5. Electronic stock scams, robberies, and extortions are proliferating.
The other important topics to be discussed as follows.
The brilliant and nasty rouge
How they watch and what they know
How and where they get their tools
Why tools are easy to get and use
Why nasty people are so hard to track down and capture
What they will do next-the information warfare games
TACTICS OF PRIVATE COMPANIES:-
Surviving Offensive Ruinous IW:-
Sendmail program:- Installation of a malicious code in an email message
sent over a network machine. As the sendmail program scans the message
for its address, you will execute the attacker’s code. Sendmail operates at
the system’s root level and therefore has all privileges to alter passwords or
grant access privileges to an attacker.
Computer-searching programs:- Password cracking and theft is much
easier with powerful computer-searching programs that can match numbers
or alphanumeric passwords to a program in a limited amount of time. The
success depends on the power of the attacking computer.
Packet sniffing:- An attacker inserts a software program at a remote
network or host computer that monitors information packets sent through
the system and reconstructs the first 125 keystrokes in the connection. The
first 125 keystrokes would normally include a password and any logon and
user identification. This could enable the attacker to obtain the password of
a legitimate user and gain access to the system.
Access: Attackers who have gained access to a system can damage it from
within, steal information, and deny service to authorized users.
Trojan horses:- An independent program that when called by an authorized
user performs a useful function but also performs unauthorized functions,
which may usurp the user’s privileges.
10 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
Logic bomb:- An unauthorized code that creates havoc when a particular
event occurs (for example, the dismissal of an employee).
11 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
Surviving Offensive Containment IW:- New technologies that aim to
directly strengthen user authentication include the use of tokens and smart
cards combined with digital certificates. The most compelling and intriguing
authentication technologies involve biometrics matching the measurement
of physical and behavioral characteristics such as facial structures, voice
patterns, and fingerprints.
To gain widespread acceptance in businesses, multiple individual
biometrics methods must coexist in a single-system solution, and the
underlying architecture must better support the conditions of
interoperability, scalability, and adaptability that govern the total cost of
ownership calculations. A multitier authentication system built around
these notions is one solution.
Many other important topics includes,
Participating in defensive preventive information warfare planning.
Benefiting from and surviving defensive ruinous information warfare.
Benefiting from and surviving defensive responsive containment
information warfare.
Protection against random terrorist information warfare tactics.
What to do when terrorists keep attacking.
Countering sustained rogue information warfare protection against
random rogue information warfare.
Keeping the amateur rogue out of the cyber house.
12 Dr.R.SUGANYA
� UNIT Tactics of Terrorist and Rogues – Tactics of Private Companies
13 Dr.R.SUGANYA
