Selling Fear: How Cyber Terrorism is Portrayed in the News

Summary:  New technology is scary, even magical. In August 1962 Amazing Fantasy #15 describes the effects of a radioactive spider biting a boy. Today that’s old hat; now it’s genetically engineered spider. Similarly with war and terrorism. Fifth-generation fighters (F-35s) and new supercarriers are the past; cyberwar and cyberterrorism are the future. Here’s chapter two of our new series about this form of 21st C conflict, discussing how journalists report it. (1st of 2 posts today)

.

.

Selling Fear: How Cyber Terrorism is Being Portrayed

By Edwin Covert

From DarkMatters

1 December 2014

References appear at the end.

Posted with the author’s gracious permission

.

In the first installment in this series, we examined the concepts behind cyberterrorism as a strategy, and this second article dives into how cyberterrorism is being portrayed by interests from the media to government and academia. There is a common idea in the news industry that says, ‘If it bleeds, it leads;’ stories need a sensationalist angle to catch a reader’s or viewer’s attention.

Conway (2002) complains stories about cyberterrorism sell papers, television, and Internet advertising but do nothing to advance any basic understanding of the problem (p. 436). In a separate article, Conway (2011) says “the term ‘cyberterrorism’ unites two significant modern fears: fear of technology and fear of [traditional] terrorism” (Against Cyberterrorism, p. 26). As noted previously, fear sells.

A sampling of news reports or commentaries on the subject makes Conway’s point. Berner (2003) laments the fact the media glorified the dangers from cyberterrorists but then goes on to note “the resources to launch a cyber-attack are commonplace: a computer and a connection to the Internet are all that is really needed to wreak havoc” (Cyber-terrorism: reality or paranoia?, p. 2). He lists several “traditional weapons of cyber-terrorist” (p.2) to include:

1. Computer viruses
2. Password cracking tools
3. Network sniffing tools (to monitor traffic going on a network connection)
4. Dumpster diving (physically going through trashcans looking for potentially sensitive information to use in an attack

What Berner (2003) fails to relay to his readers is that these are tools of common computer criminals, not necessarily cyberterrorists. In essence, he is blending cybercrime with cyberterrorist; he is guilty of what he criticizes others in the media of doing.

.

.
In a 2004 article in Forbes magazine {The Next Threat}, Lenzner and Vardi discuss the ability of terrorists to “shut down chunks of the Internet” (p. 13). They clearly conflate physical terrorist acts such as the September 2001 attacks with looming threats to the Internet (Lenzner & Vardi, 2004). The confusion is then created in readers’ minds regarding the exact nature of the threat. This is known as fear, uncertainty, and doubt (FUD).

Traditionally defined, FUD is the concern generated about potentially switching to a competitor’s products or services. It is used by ethically challenged businesses. However, in this case the meaning is less capitalist. FUD refers to the fear or worry created by something one does not fully understand.

By using terms such as cyber-attack, terrorist, 9/11, computers, tragedy, and the like, unwary readers get the sense that a computer apocalypse is nigh. Neither Berner (2003), nor Lenzner & Vardi (2004) are the only culprits in the FUD-development department. Malone (2005) says (in hyperbolic terms):

Increasingly, I am struck that there are distinct parallels between hackers and terrorists. Both are essentially powerless people who believe that they are superior to everyone else. And both are furious that, for some inexplicable reason, history has turned against them and showered its favors on the suits/infidels.

The only answer, then — one that will punish the nonbelievers and reward the Illuminati with fame (or notoriety) and power — is to destroy the greatest institutions of those history has favored. Only then will the unbelievers (and the insufficiently committed) appreciate just how superior the Illuminati really are. (Malone, 2005)
.

.
Malone, according to his biography should know better than to merge hacking and terrorism. He has reported on Silicon Valley and its industries for over two decades in several periodicals including the San Jose Mercury News, a leading technology-focused newspaper.

Another example is an article from UPI (Two arrested for cyber terror support) that reports two men were arrested for “using the Internet and computer technology to support terrorism” (2006).

A final cursory example of media reporting on cyber-terror could be an article in the United Kingdom’s Telegraph newspaper on the restructuring of the UK’s Home Office (Cyber terror threat is growing, says Reid). In the article, former Home Secretary John Reid is quoted as warning of “devastating consequences” of cyberterrorism on the country’s critical infrastructure (Jones, 2007); however, he provides no actual evidence of any urgent or legitimate threat.

Unfortunately, it is not just news that is distorting the idea of cyberterrorism as a strategy. Verton (2003) confuses cyberterrorism with traditional terrorism when he says “Terrorist groups that want to amplify the chaos and confusion of physical attacks or directly target the economy can succeed by launching traditional-style terrorist assaults against the nation’s cyber-infrastructure” (p. 19).

As Conway (2002) notes, along with Ahmad and Yunos (2012), this is not cyberterrorism. When he notes that “skilled attackers” (p. 46) are the greatest threat the United States faces, he is mixing terrorist capabilities and computer capabilities a la Malone (2005). Terrorists and hackers each have a different motivation and the two should not be confused. Terrorists (in this case religiously motivated terrorists i.e. Al Qaeda like in Verton’s scenario (Verton, 2003, p. 3)) have a clear political motivation (Hoffman, 2006, p. 2).

At its core, terrorism is about power and maintaining power. Terrorists’ use of computers to spread an overtly political message on a chat forum is not any different from a local parent-teacher association using a website to announce an upcoming bake sale (this should not be confused with coordinating operational details about an attack). Certainly the end-state is different, but the using the Internet to communicate a widely disseminated message is the exact purpose of the medium.

However, even the federal government has gotten in on the act of misidentifying cyberterrorism. FBI Director Mueller warned the nation of Al Qaeda in the Arabian Peninsula’s (AQAP) “full-color, English-language online magazine” and Al-Shabaab’s twitter account (Mueller, 2012). In both of Mueller’s (2012) examples, the employment of less radical theology as a counterweight should be considered (Witty, 2008, p. 103).

Even academia creates a misperception. Gable (2012) believes the most glaring threat facing the nation’s critical infrastructure is the TCP/IP protocol that supports Internet communications and connectivity (p. 57). She goes on, as observed in other examples, to blend two fundamentally different concepts: “Indeed, cyberterrorists and hackers attempt to penetrate Department of Defense computer systems thousands of times a day” (p. 60).

While that may be true, under a framework such as Ahmad and Yunos propose, it becomes evident that because the threat actors have different motivations, only one can be labeled cyberterrorism.

The opinions expressed in this and other contributors’ articles are solely those of the author and do not necessarily reflect those Norse Corporation.

References

• Ahmad, R., & Yunos, Z. “A Dynamic Cyber Terrorism Framework“, International Journal of Computer Science and Information Security, 2012, 149-158
• Berner, S. “Cyber-terrorism: reality or paranoia?” South African Journal of Information Management, March 2003
• Conway, M. “What is Cyberterrorism?” Current History, 2002, 436-442. Gated.
• Conway, M. (2007). Cyberterrorism: Hype and Reality. In L. Armistead, Information Warfare: Separating Hype from Reality (pp. 72-94). Potomac Books
• Conway, M. “Against Cyberterrorism“, Communications of the ACM, 2011, 26-28. Gated.
• Corrin, A. “Frequency, costs of cyberattacks on the rise“, Federal Computer Week, 8 October 2013
• MAE East Colocation Birdseye. Cryptome. 13 February 2006
• Gable, K. A. Cyber-Apocalypse Now: Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent. Vanderbilt Journal of Transnational Law, 6 July 2012
• Hildebrandt, M. “Legal Protections by Design: Objections and Refutations”, Legisprudence, 5(2) – 2011, 223-248
• Hoffman, B. (2006). Inside Terrorism. Columbia University Press
• Jones, G. Cyber terror threat is growing, says Reid. The Telegraph, 26 April 2007
• Lenzner, R., & Vardi, N. The Next Threat. Forbes, 20 September 2004
• Lewis, J. A. “Assessing the Risk of Cyber Terrorism Cyber War and Other Cyber Threats“, Center for Strategic and International Studies, December 2002
• Malone, M. S. “Silicon Insider: Fighting Cyberterror“, ABC News, 18 August 2005
• Mueller, R. (Director of the FBI), Prepared Remarks at RSA Cyber Security Conference. San Francisco, 1 March 2012
• Nacos, B. “Accomplice or Witness? The Media’s Role in Terrorism“, Current History, 2000, 174-178. Gated.
• Global Terrorism Database of the National Consortium for the Study of Terrorism and Responses to Terrorism. (2012). University of Maryland
• Nyugan, R. “Navigating Jus Ad Bellum in the Age of Cyber Warfare“, California Law Review, 104 #4 (2013), 1079-1129
• Panetta, L “Defending the Nation from Cyber Attack“, speech to the Business Executives for National Security,  NYC, 11 October 2012
• Saint-Claire, S. Overview and Analysis of Cyber Terrorism. School of Doctoral Studies (European Union) Journal, 2011, 85-98
• Shiryaev, Y. “Cyberterrorism in the Context of Contemporary International Law“, San Diego International Law Journal, Fall 2012, 139-192
• Two arrested for cyber terror support. UPI, 24 August 2006
• DoD Operations Security (OPSEC) Program. Defense Technical Information Center, 20 June 2012
• Country Reports on Terrorism. Bureau of Counterterrorism, US Department of State, 30 May 2012
• Critical Infrastructure Protection, Presidential Decision Directive 63, 22, May 1998
• USA Patriot Act. US Government. 26 October 2001
• Verton, D. (2003). Black Ice: The Invisible Threat of Cyber-Terrorism. McGraw-Hill/Osbourne
• Weber, R. H. “Internet of things – Governance quo vadis?“, Computer Law and Security Review, August 2013, 341-347. Gated.
• Witty, D. M. “Attacking al Qaeda’s Operational Centers of Gravity“, Joint Forces Quarterly, Q1 2008, 98-103

————————————————–

About the Author

Mr. Covert is a cybersecurity professional with over 20 years of cybersecurity and intelligence experience. He works for Booz Allen Hamilton in the Washington, DC metro area. He works with both government and commercial organizations and is an author on a diverse array of cybersecurity topics.

He holds the Certified Information Systems Security Professional (CISSP^®) designation from (ISC)²^® . He is also a certified Project Management Professional (PMP). He holds two designations from ISACA (previously known as the Information Systems Audit and Control Association): the Certified Information Security Manager (CISM), and the Certified in Risk and Information Systems Controls (CRISC). Additionally, he also has held the GIAC Certified Incident Handler designation from the SANS Institute. He is a member of the Order of the Sword & Shield, a national honor society for homeland security, intelligence, emergency management and other protective security disciplines.

From the Norse Corp website.

Posts in this Series

1. Cyber Terrorism as a Strategy
2. Selling Fear: How Cyber Terrorism is Being Portrayed
3. Unraveling the Complexities of Cyber Terrorism
4. Consequences of Overstating the Cyber Terrorism Threat

For More Information

See all posts about Information & disinformation, in the new media & the old.

Posts by Marcus Ranum about cyber-espionage and cyberwar:

1. Obama knows how to lead America by exploiting our fears,  5 June 2009 — About cyberwar
2. Cyberwar: a Whole New Quagmire.  Part 1: The Pentagon Cyberstrategy, 2 September 2011
3. “Do as I say, not as I do” shall be the whole of the law, 11 September 2011
4. Conflating Threats, 14 September 2011
5. About Stuxnet‏, the next generation of warfare?, 29 September 2011 – Introducing Stuxnet and some of the issues surrounding practical malware-based warfare.
6. Cyberwar: a Whole New Quagmire – When the Drones Come To Roost, 8 October 2011
7. About Attribution (identifying your attacker), 21 October 2011
8. You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?), 16 December 2011
9. Parsing Cyberwar – Part 1: The Battlefield, 9 August 2012
10. Parsing Cyberwar – Part 2: The Logistical Train, 10 August 2012
11. Parsing Cyberwar – Part 3:Synergies and Interference, 13 August 2012
12. Parsing Cyberwar – Part 4: The Best Defense is a Good Defense, 20 August 2012
13. Cyberwar, the Power of Nightmares, 31 August 2012

.

.