Team 1 Sec3.3

From CyberSecurity
Revision as of 08:23, 20 October 2005 by Jalsalam (talk | contribs)

Jump to: navigation, search

3. Estimated feasibility and strategic value of the attack technique to a terrorist organization:

3.3. potential value of cyberattack as a tool for achieving the various terrorist aims identified in lectures 1, 2, 3, and/or 5.

Here is a first attempt at this. Any suggestions? --Yi-Kai

Terrorism is violence intended to manipulate a larger audience. Acts of terrorism may cause mass destruction and casualties, but the ultimate goal is to create fear even among people who were not directly affected. Internet attacks enter the picture in two ways: first, as a tool for causing physical harm; and second, as a way of attracting attention and creating psychological effects.

Physical harm: Generally speaking, an internet attack does not do much damage by itself, but it can be a component of a larger attack (e.g., using the internet to gain control of a SCADA system, in order to damage the electric power grid; or disrupting the internet to hinder emergency response to a physical attack). There are a few exceptions to this rule: a denial-of-service attack can hurt e-commerce retailers like Amazon.com, and phishing attacks can lead to identity theft and fraud. In these cases, there is financial damage.

Psychological effects: Because of their novelty, Internet attacks tend to get extra news coverage (particularly large-scale attacks such as worms). Terrorist groups may see this as a way to get attention, show off their capabilities, and make themselves more credible. This would lead them to choose targets with high visibility, not monetary value: www.whitehouse.gov instead of www.amazon.com. Another possibility is that terrorists would use the internet as a communications medium, like television and radio. The equivalent of an al Qaeda video might be a worm that downloads a terrorist manifesto onto every computer it infects. Terrorists might find this attractive because, unlike traditional media, the internet lets them communicate directly with their audience.

My feeling is that internet attacks are more useful as psychological tools, and carrying out such an attack would be relatively easy. There just aren't many ways that an Internet attack could cause serious physical damage. Internet attacks can be used to augment a physical attack, but that would require good coordination, it would be a distraction from the physical attack, and I don't think it's worth the extra effort.


Comments:

You might want to address terrorists' aims more directly than with the simple tool of "causing fear in those not directly involved in the attack". The first two lectures went through a number of different examples of terrorist groups and the different motives that they had. I beleive that the slides are on the web for these, so you can get a feel for the aims that Maurer feels terrorist groups have pursued. He builds up a list throughout the lecture that grows, so he was definitely trying to generalize beyond the perticular examples. On the other hand, the list is probably much longer than this (sub)section of the paper needs to be successful.

If you do want to focus fully on the fear aspect, I think that it is probably important to mention the way that computers play the dual roles of absolutely essential to the productivity of so many people as well as being something that many people identify towards as a tool they could not possibly understand. As such, I think that people can develop irrational fear, since anytime they are connected to the internet, they "might" be vulnerable to losing all their personal information (who backs up anything?) and they might have little idea if they are vulnerable or how to stop their vulnerability in any case. So in this way, a widespread cyber attack might have a lot of fear value. But feel free to ignore all these comments, I am just thinking out loud for you. --Jameel

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec3.3&oldid=1945"