Stratfor: The Coming Age of Cyberterrorism

Summary: For five years readers of the FM website have learned the facts and myths of cybersecurity and cyberterrorism. Now CEOs are fired for big security breeches, wild headlines stoke the public’s fears — and Stratfor declares the “coming age of cyberterrorism”. Their analysis, as usual, gives a solid introduction to this important subject.


The Coming Age of Cyberterrorism

By Scott Stewart
Stratfor, 22 October 2015

The Islamic State is trying to hack U.S. power companies, U.S. officials told a gathering of American energy firms Oct. 15 {CNN: “ISIS is attacking the U.S. energy grid (and failing)”}. The story quoted John Riggi, a section chief at the FBI’s cyber division, as saying the Islamic State has, “Strong intent. Thankfully, low capability … But the concern is that they’ll buy that capability.”

The same day the CNNMoney report was published, the U.S. Department of Justice announced the arrest of Ardit Ferizi — a citizen of Kosovo and known hacker, apprehended in Malaysia — on a U.S. provisional arrest warrant. The Justice Department charged Ferizi with providing material support to the Islamic State, computer hacking and identity theft, all in conjunction with the theft and release of personally identifiable information belonging to 1,351 U.S. service members and civilian government employees stolen from the servers of an unnamed U.S. retail chain.

According to the Justice Department, Ferizi provided the stolen personal information to the Islamic State’s Junaid Hussain (aka Abu al-Britani) who was subsequently killed in an airstrike in the Islamic State’s self-proclaimed capital of Raqqa, Syria.

Read more


Determining guilt in cyberspace: difficult now, but there’s hope for the future

Summary: We see the nature of modern America in our response to cyberattacks. The government quickly points to one of the usual suspects, and Americans believe. Reminders of past government lies have no effect, nor do experts’ warnings that attribution in cyberspace ranges from difficult to impossible. For a change of pace, today cybersecurity expert James Palazzolo explains why this might not always be so. Law and order might someday come to cyberworld.   {1st of 2 posts today.}


The Complexities of Attribution in Cyber Space: An Overview

By James Palazzolo, 25 August 2015
From DarkMatters: Providing superior attack intelligence.
Posted with their gracious permission.

Seeking attribution

The challenges with attribution and Cyber Space are a study of both social and political aspects that directly relate to the overall technical architecture of the Internet as a whole.

Rid and Buchanan argue that attribution is not a matter of technology but a matter of want; meaning: attribution in Cyber Space is determined by the importance for states to want accurate high confidence attribution with regards to cyber systems. If this want is not realized than little kinetic effort will be spent on the process of attribution.

The challenges of attribution are a well-known argument from a technical studies perspective, but it still does not help to answer: what can organizations do in the short term when looking for high degrees of confidence in attribution? If high degree confidence technical attribution is possible how long will organizations (that utilize cyber systems to conduct business) have to wait until states globally accept levels of concrete identity over the Internet for all systems? From an analogous perspective the wait for an answer to the question is the ‘gorilla in the room’.

There is a good possibility that consistent high confidence attribution of cyber systems will never be achieved. From a covert operations viewpoint the lack of high confidence attribution benefits states’ Intelligence communities.

The ability to launch political campaigns with almost complete anonymity is too convenient for states to ignore (Alyia Sternstein in Defense One). It can be argued that social applications have cemented this stance as these applications are able to reach millions of individuals rapidly and typically cost the end user nothing to use.

Therefore, why would states want to engage other states in creating policy that reflects the technical gaps surrounding attribution in Cyber Space?

Additionally, there is no monetary incentive from a private industry stance to push the conversation closer towards high confidence attribution for cyber systems. With billions of dollars already invested in offensive and defensive cyber systems there is no need to reel in development costs and towards developing systems that offer high degrees of user and host attribution.

Read more

A clarion call to prepare for cyberwar. But what’s the threat?

Summary:  American professionals writing about national defense are intelligent and well-educated, usually with distinguished careers. But their writings should be datelined “from Oz”. Today we examine another example, about the law of cyberwar.  {1st of 2 posts today.}



Preparing for Cyber War: A Clarion Call

By Michael Schmitt (bio here).
Posted at Just Security, 23 March 2015.


In every War College in the world, two core principles of military planning are that “hope is not a plan” and “the enemy gets a vote.” Any plan developed without sensitivity to these two maxims is doomed to fail. They apply irrespective of the mode in which the conflict is fought, the nature of the enemy, or the weapons system employed. Unfortunately, some states seem to be disregarding the maxims with respect to cyber operations. They include certain allies and friends around the world, states that the United States will fight alongside during future conflicts. The consequences could prove calamitous, especially in terms of crafting complementary strategies and ensuring interoperability in the battlespace.

… Many states have no position, confidential or public, on when the right of individual or collective self-defense provided for in Article 51 of the UN Charter and customary law applies. Some have yet to maturely grapple with the question of whether international humanitarian law (IHL) applies to cyber operations at all, and for those that have, important questions remain unanswered. These include whether civilian data qualifies as a civilian object enjoying IHL {international humanitarian law} protections, when a cyber operation is an attack in the context of IHL’s assorted targeting rules, and under what circumstances civilians who engage in cyber operations lose their IHL protections from — and during — attacks. Very few states have even considered whether and when a cyber only conflict qualifies as an “armed conflict,” international or non-international, such that IHL applies. This actuality is problematic, since a failure to understand how international law limits or allows cyber operations is a bit like playing football without knowing the rules.

This is sad to read, like so much writing by Americans about geopolitics. It’s not even wrong.

The US (probably with Israel and perhaps other allies) has already made a first strike cyberattack in an undeclared war, on a civilian target (albeit, like so many industrial targets, with dual-use capability). The author ignores this recent history, giving the article an air of unreality — like discussing “how many angels can dance on the head of a pin” .

Read more

Identifying the guilty: tying nation states to cyber espionage

Summary:  It’s the cycle of our time. Cyberattack on us. The government points a figure, without evidence and encumbered by their history of lies (and of committing similar deeds).  Today cyber intelligence analyst Emilio Iasiello explains why attribution is so important but difficult to do.  (2nd of 2 posts today.)

“Attempt the end and never stand to doubt;
Nothing’s so hard but search will find it out.”

— Robert Herrick, “Hesperides” (1648).

Lighthouse shining in a storm

Tying Nation States to Cyber Espionage

By Emilio Iasiello. From DarkMatters, 3 March 2015
Providing superior attack intelligence.
Posted with their gracious permission.


Cyber espionage is a significant contributor to what then Director of the National Security Agency Keith Alexander termed “the greatest transfer of wealth in history.”

While 2014 marked some of the more sensationalized breaches committed by cyber criminals, espionage actors continued to demonstrate their prowess by targeting a wide variety of sectors in support of information theft. Yet, as more cyber espionage campaigns have come to light, there is a growing body of evidence to suggest that part of this actor set is composed of enterprising independent contractors looking to monetize their efforts, rather than being directed by or working directly for a foreign government.

The case of Su Bin articulates why this new “as-a-service” model could potentially provide an opportunity for miscalculation and error, thereby impacting governments from developing appropriate response actions.

Attribution in Cyberspace is Difficult at Best

Read more

Consequences of Overstating the Cyber Terrorism Threat

Summary:  Chapter 4 of Edwin Covert’s series about cyberterrorism explains the severe penalties enacted since 9/11, their potential for misuse (accidental or deliberate), and how these poorly crafted laws and the public fear that created them both make us less safe. (1st of 2 posts today)

CyberWarrior Obama


Consequences of Overstating the Cyber Terrorism Threat

By Edwin Covert

From DarkMatters

16 December 2014

Posted with the author’s gracious permission


In the first installment of this series we examined the concepts behind cyberterrorism as a strategy, and the second article looked deeper into how cyberterrorism is being portrayed by the media, government and academia. The third part of the series examined why cyberterrorism is much more complex than most realize, and this last article in the series takes a look at the potential consequences of overstating the cyberterrorism threat.

There are side effects of the mischaracterization of cyberterrorism by the media and popular culture. In the United States, the Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001, or PATRIOT Act, was passed in the immediate aftermath of the September 11, 2001 attacks. It has two key provisions designed to counter potential cyberterrorist activity and increase the punishment for computer crimes (US Government, 2001). Section 814 of the PATRIOT Act enumerated specifically the goals of deterring and preventing cyberterrorism.

First, it increased the minimum prison terms for unauthorized access to a computer system, regardless of activity once in the system i.e. mixing criminal activity and cyberterrorism under a cyberterrorism section heading (§ 814.a.4).

Second, the law amended “the Federal sentencing guidelines to ensure that any individual convicted of a violation of section 1030 of title 18, United States Code, can be subjected to appropriate penalties, without regard to any mandatory minimum term of imprisonment” (§ 814.f).

In other words, simply being convicted of unauthorized access to a computer system allowed a federal judge (who most likely was not familiar with the nuances of cyber threats and threat + actors) to assume the worst and lock someone up for a very long time. Outside of the United States, others have made similar decisions regarding cyber threats and the law.

In the United Kingdom, Parliament changed its Terrorism Act so that using a computer system or threatening to use a computer system that interferes or disrupts another computer system is now considered terrorism (Conway, Cyberterrorism: Hype and Reality, 2007, p. 91).

Of concern of course is who makes the determination as to what constitutes disruption. Right now, that falls to Scotland Yard. That leaves a sour taste and no small amount of anxiety for human rights workers and other civil libertarians (p. 91).

Since the advent of the Internet, life has changed remarkable for citizens of the United States and the world. Unfortunately, this pace of change brings fear.

Read more

Unraveling the Complexities of Cyber Terrorism

Summary:  In chapter 3 of Edwin Covert’s series about the cyberterrorism he explains how it requires more than a hacker and a PC. Like most forms of conflict, attacks on a large scale require preparation and a complex structure. (1st of 2 posts today)



Unraveling the Complexities of Cyber Terrorism

By Edwin Covert

From DarkMatters

8 December 2014

References appear at the end.

Posted with the author’s gracious permission


In the first installment in this series we examined the concepts behind cyberterrorism as a strategy, and the second article dove deeper into how cyberterrorism is being portrayed by interests ranging from the media to government and academia. This third part of the series looks at why cyberterrorism is actually much more complex than it is being portrayed.

While a terrorist using the Internet to bring down the critical infrastructures the United States relies on makes an outstanding Hollywood plot, there are flaws in the execution of this storyline as an actual terrorist strategy. Conway (2011) calls out three limitations on using cyber-related activities for terrorists (Against Cyberterrorism, 2011, p. 27):

  1. Technological complexity,
  2. image, and
  3. accident.

Each is important to consider. While critical infrastructures may make a tempting target and threat actor capabilities are certainly increasing (Nyugan, 2013), it is a complicated process to attack something of that magnitude. It is precisely the interconnectedness of these two disparate parts that make them a target, however.

Nyugan (2013) calls them cyber-physical systems (CPS): “A physical system monitored or controlled by computers. Such systems include, for example, electrical grids, antilock brake systems, or a network of nuclear centrifuges” (p. 1084).

In Verton’s (2003) imaginary narrative, the target of the Russian hackers, the SCADA system, is a CPS. However, Lewis (2002) argues the relationship between vulnerabilities in critical infrastructures (such as MAE-East) and computer network attacks is not a clear cut as first thought (p. 1). It is not simply a matter of having a computer attached to a SCADA system and thus the system is can now be turned off and society goes in a free fall of panic and explosions and mass chaos.

Read more

Selling Fear: How Cyber Terrorism is Portrayed in the News

Summary:  New technology is scary, even magical. In August 1962 Amazing Fantasy #15 describes the effects of a radioactive spider biting a boy. Today that’s old hat; now it’s genetically engineered spider. Similarly with war and terrorism. Fifth-generation fighters (F-35s) and new supercarriers are the past; cyberwar and cyberterrorism are the future. Here’s chapter two of our new series about this form of 21st C conflict, discussing how journalists report it. (1st of 2 posts today)

“Guerre terrorisme mort” by iPatou



Selling Fear: How Cyber Terrorism is Being Portrayed

By Edwin Covert

From DarkMatters

1 December 2014

References appear at the end.

Posted with the author’s gracious permission


In the first installment in this series, we examined the concepts behind cyberterrorism as a strategy, and this second article dives into how cyberterrorism is being portrayed by interests from the media to government and academia. There is a common idea in the news industry that says, ‘If it bleeds, it leads;’ stories need a sensationalist angle to catch a reader’s or viewer’s attention.

Conway (2002) complains stories about cyberterrorism sell papers, television, and Internet advertising but do nothing to advance any basic understanding of the problem (p. 436). In a separate article, Conway (2011) says “the term ‘cyberterrorism’ unites two significant modern fears: fear of technology and fear of [traditional] terrorism” (Against Cyberterrorism, p. 26). As noted previously, fear sells.

A sampling of news reports or commentaries on the subject makes Conway’s point. Berner (2003) laments the fact the media glorified the dangers from cyberterrorists but then goes on to note “the resources to launch a cyber-attack are commonplace: a computer and a connection to the Internet are all that is really needed to wreak havoc” (Cyber-terrorism: reality or paranoia?, p. 2). He lists several “traditional weapons of cyber-terrorist” (p.2) to include:

  1. Computer viruses
  2. Password cracking tools
  3. Network sniffing tools (to monitor traffic going on a network connection)
  4. Dumpster diving (physically going through trashcans looking for potentially sensitive information to use in an attack

What Berner (2003) fails to relay to his readers is that these are tools of common computer criminals, not necessarily cyberterrorists. In essence, he is blending cybercrime with cyberterrorist; he is guilty of what he criticizes others in the media of doing.

Read more