Selling Fear: How Cyber Terrorism is Portrayed in the News

Summary:  New technology is scary, even magical. In August 1962 Amazing Fantasy #15 describes the effects of a radioactive spider biting a boy. Today that’s old hat; now it’s genetically engineered spider. Similarly with war and terrorism. Fifth-generation fighters (F-35s) and new supercarriers are the past; cyberwar and cyberterrorism are the future. Here’s chapter two of our new series about this form of 21st C conflict, discussing how journalists report it. (1st of 2 posts today)

Cyber-Terrorism
“Guerre terrorisme mort” by iPatou

.

.

Selling Fear: How Cyber Terrorism is Being Portrayed

By Edwin Covert

From DarkMatters

1 December 2014

References appear at the end.

Posted with the author’s gracious permission

.

In the first installment in this series, we examined the concepts behind cyberterrorism as a strategy, and this second article dives into how cyberterrorism is being portrayed by interests from the media to government and academia. There is a common idea in the news industry that says, ‘If it bleeds, it leads;’ stories need a sensationalist angle to catch a reader’s or viewer’s attention.

Conway (2002) complains stories about cyberterrorism sell papers, television, and Internet advertising but do nothing to advance any basic understanding of the problem (p. 436). In a separate article, Conway (2011) says “the term ‘cyberterrorism’ unites two significant modern fears: fear of technology and fear of [traditional] terrorism” (Against Cyberterrorism, p. 26). As noted previously, fear sells.

A sampling of news reports or commentaries on the subject makes Conway’s point. Berner (2003) laments the fact the media glorified the dangers from cyberterrorists but then goes on to note “the resources to launch a cyber-attack are commonplace: a computer and a connection to the Internet are all that is really needed to wreak havoc” (Cyber-terrorism: reality or paranoia?, p. 2). He lists several “traditional weapons of cyber-terrorist” (p.2) to include:

  1. Computer viruses
  2. Password cracking tools
  3. Network sniffing tools (to monitor traffic going on a network connection)
  4. Dumpster diving (physically going through trashcans looking for potentially sensitive information to use in an attack

What Berner (2003) fails to relay to his readers is that these are tools of common computer criminals, not necessarily cyberterrorists. In essence, he is blending cybercrime with cyberterrorist; he is guilty of what he criticizes others in the media of doing.

.

Cyberattacks around the globe
.
In a 2004 article in Forbes magazine {The Next Threat}, Lenzner and Vardi discuss the ability of terrorists to “shut down chunks of the Internet” (p. 13). They clearly conflate physical terrorist acts such as the September 2001 attacks with looming threats to the Internet (Lenzner & Vardi, 2004). The confusion is then created in readers’ minds regarding the exact nature of the threat. This is known as fear, uncertainty, and doubt (FUD).

Traditionally defined, FUD is the concern generated about potentially switching to a competitor’s products or services. It is used by ethically challenged businesses. However, in this case the meaning is less capitalist. FUD refers to the fear or worry created by something one does not fully understand.

By using terms such as cyber-attack, terrorist, 9/11, computers, tragedy, and the like, unwary readers get the sense that a computer apocalypse is nigh. Neither Berner (2003), nor Lenzner & Vardi (2004) are the only culprits in the FUD-development department. Malone (2005) says (in hyperbolic terms):

Increasingly, I am struck that there are distinct parallels between hackers and terrorists. Both are essentially powerless people who believe that they are superior to everyone else. And both are furious that, for some inexplicable reason, history has turned against them and showered its favors on the suits/infidels.

The only answer, then — one that will punish the nonbelievers and reward the Illuminati with fame (or notoriety) and power — is to destroy the greatest institutions of those history has favored. Only then will the unbelievers (and the insufficiently committed) appreciate just how superior the Illuminati really are. (Malone, 2005)
.

Olivia Wilde in Tron Legacy
Olivia Wilde in Tron Legacy

.
Malone, according to his biography should know better than to merge hacking and terrorism. He has reported on Silicon Valley and its industries for over two decades in several periodicals including the San Jose Mercury News, a leading technology-focused newspaper.

Another example is an article from UPI (Two arrested for cyber terror support) that reports two men were arrested for “using the Internet and computer technology to support terrorism” (2006).

A final cursory example of media reporting on cyber-terror could be an article in the United Kingdom’s Telegraph newspaper on the restructuring of the UK’s Home Office (Cyber terror threat is growing, says Reid). In the article, former Home Secretary John Reid is quoted as warning of “devastating consequences” of cyberterrorism on the country’s critical infrastructure (Jones, 2007); however, he provides no actual evidence of any urgent or legitimate threat.

Unfortunately, it is not just news that is distorting the idea of cyberterrorism as a strategy. Verton (2003) confuses cyberterrorism with traditional terrorism when he says “Terrorist groups that want to amplify the chaos and confusion of physical attacks or directly target the economy can succeed by launching traditional-style terrorist assaults against the nation’s cyber-infrastructure” (p. 19).

As Conway (2002) notes, along with Ahmad and Yunos (2012), this is not cyberterrorism. When he notes that “skilled attackers” (p. 46) are the greatest threat the United States faces, he is mixing terrorist capabilities and computer capabilities a la Malone (2005). Terrorists and hackers each have a different motivation and the two should not be confused. Terrorists (in this case religiously motivated terrorists i.e. Al Qaeda like in Verton’s scenario (Verton, 2003, p. 3)) have a clear political motivation (Hoffman, 2006, p. 2).

At its core, terrorism is about power and maintaining power. Terrorists’ use of computers to spread an overtly political message on a chat forum is not any different from a local parent-teacher association using a website to announce an upcoming bake sale (this should not be confused with coordinating operational details about an attack). Certainly the end-state is different, but the using the Internet to communicate a widely disseminated message is the exact purpose of the medium.

US Cyber Command

However, even the federal government has gotten in on the act of misidentifying cyberterrorism. FBI Director Mueller warned the nation of Al Qaeda in the Arabian Peninsula’s (AQAP) “full-color, English-language online magazine” and Al-Shabaab’s twitter account (Mueller, 2012). In both of Mueller’s (2012) examples, the employment of less radical theology as a counterweight should be considered (Witty, 2008, p. 103).

Even academia creates a misperception. Gable (2012) believes the most glaring threat facing the nation’s critical infrastructure is the TCP/IP protocol that supports Internet communications and connectivity (p. 57). She goes on, as observed in other examples, to blend two fundamentally different concepts: “Indeed, cyberterrorists and hackers attempt to penetrate Department of Defense computer systems thousands of times a day” (p. 60).

While that may be true, under a framework such as Ahmad and Yunos propose, it becomes evident that because the threat actors have different motivations, only one can be labeled cyberterrorism.

The opinions expressed in this and other contributors’ articles are solely those of the author and do not necessarily reflect those Norse Corporation.

References

————————————————–

Edwin Covert

About the Author

Mr. Covert is a cybersecurity professional with over 20 years of cybersecurity and intelligence experience. He works for Booz Allen Hamilton in the Washington, DC metro area. He works with both government and commercial organizations and is an author on a diverse array of cybersecurity topics.

He holds the Certified Information Systems Security Professional (CISSP®) designation from (ISC)²® . He is also a certified Project Management Professional (PMP). He holds two designations from ISACA (previously known as the Information Systems Audit and Control Association): the Certified Information Security Manager (CISM), and the Certified in Risk and Information Systems Controls (CRISC). Additionally, he also has held the GIAC Certified Incident Handler designation from the SANS Institute. He is a member of the Order of the Sword & Shield, a national honor society for homeland security, intelligence, emergency management and other protective security disciplines.

From the Norse Corp website.Cyber-Ninja

Posts in this Series

  1. Cyber Terrorism as a Strategy
  2. Selling Fear: How Cyber Terrorism is Being Portrayed
  3. Unraveling the Complexities of Cyber Terrorism
  4. Consequences of Overstating the Cyber Terrorism Threat

For More Information

See all posts about Information & disinformation, in the new media & the old.

Posts by Marcus Ranum about cyber-espionage and cyberwar:

  1. Obama knows how to lead America by exploiting our fears,  5 June 2009 — About cyberwar
  2. Cyberwar: a Whole New Quagmire.  Part 1: The Pentagon Cyberstrategy, 2 September 2011
  3. “Do as I say, not as I do” shall be the whole of the law, 11 September 2011
  4. Conflating Threats, 14 September 2011
  5. About Stuxnet‏, the next generation of warfare?, 29 September 2011 – Introducing Stuxnet and some of the issues surrounding practical malware-based warfare.
  6. Cyberwar: a Whole New Quagmire – When the Drones Come To Roost, 8 October 2011
  7. About Attribution (identifying your attacker), 21 October 2011
  8. You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?), 16 December 2011
  9. Parsing Cyberwar – Part 1: The Battlefield, 9 August 2012
  10. Parsing Cyberwar – Part 2: The Logistical Train, 10 August 2012
  11. Parsing Cyberwar – Part 3:Synergies and Interference, 13 August 2012
  12. Parsing Cyberwar – Part 4: The Best Defense is a Good Defense, 20 August 2012
  13. Cyberwar, the Power of Nightmares, 31 August 2012

.

.

2 thoughts on “Selling Fear: How Cyber Terrorism is Portrayed in the News

  1. Whenever I critique (or hear others do it..) the media for doing such a bad job of reporting my field, I wonder if it’s just my field. Recently I had the chance to have a sit-down dinner with some high-level experts in other fields – specifically an astronomer, a rocket scientist, another computer programmer/web guy, an oncologist, and a biologist. The topic of the media came up and the oncologist offered that reporting on cancer therapies is universally terrible. Suddenly, we all were saying that the media does an absolute crap job of reporting in each of our respective fields. After a bit of discussion the rocket scientist hypothesized that perhaps the only area the media reports reasonably accurately is The Kardashians. Although many of us were skeptical and wondered that if we had an expert in applied kardashery present, we would have discovered that the media’s reporting in that area is deficient as well.

    We have gotten the media we paid for: much of it’s free which means that it’s either an amateur effort or a marketing conduit (which I consider to be dishonest) Government has become another of the great forces manipulating media. When the whole Sony/North Korea thing blew up I was clutching my temples going around asking “why does anyone believe anything the FBI is saying!?!” then it dawned on me that they really are so ignorant that they just print whatever they’re given, based on brand identity.

    1. Marcus,

      I agree on all points, and have written about the points you raise — at great length, for five years. The news biz is caught between two implacable trends:

      (1) Gross overcapacity: easy to see when looking at a big event. Note the hordes of journalists, each asking the same questions, taking the same pictures, often far outnumbering the key participants. They’re an army at big events, such as political conventions.

      (2) People will not pay for news. It’s like airline service. Everybody complains, but when it comes to buying they choose the option a dollar cheaper. The free market gives us what we want, and we reveal that not by what we say but by how we vote with our money.

      The combination of the two makes good journalism almost impossible. We now have billionaire-sponsored news. Jeff Bezos buys the Washington Post, and other rich guys sponsor 538, The Intercept, etc. I don’t expect much from these, but we can only wait and see.

      This is the paradigm for New America. We see ourselves as consumers, not citizens. We see candidates and news as items on a buffet — not as essential processes in which we get involved in order to run the nation.

      Solutions? See my ideas here.

Leave a Reply