• Home

• Europe

• Business

• Economy

• Culture

• Technology

• Education

• Travel

• Lifestyle

• Just Curious

• Video

A Digital 9/11?

The next generation of cyber terrorism

by Joey De Keyser

May 2007, Estonian computer security specialists scented danger. Websites of the state-owned broadcasting system and multiple government services crashed. The malefactor: a Distributed Denial Of Service (DDOS) attack organised by Russian hackers as a retaliatory measure against the removal of a Soviet war statue from Tallinn city centre. Wary of assaults involving an overload of bits and bytes, the European Union decided to send some of its own cyber experts to observe and assist the Baltic country in fending off the attacks.

February 2010, the European Commission announces a security review after a cyber attack on the European Union's Emissions Trading Scheme (ETS). Cyber criminals e-mailed firms possessing emissions rights urging them to give their password, a method known as "phishing". Some companies fell into the trap. The intruders gained access to the databases and sold the emissions rights, whose new owners presumed they had acquired legally. In different EU countries, the caused damage ran into millions.

This year’s DEFCON Hacking Conference in Las Vegas revealed how GSM calls can be tapped with a device that resembles an official antenna and how a cash dispenser spits out its notes after a hacking session of a few seconds. Pump and dump fraud via computer break-in has become an international trend. After wrongfully appropriating different accounts, cyber criminals buy a few hundred thousand small shares on less known and less controlled stock markets. This sudden interest pushes the share price upwards, after which the shares are sold as quickly as they were bought. Then, the hackers channel the enormous profits out of the visible market. All this happens without the knowledge of the common investor.

How vulnerable has Internet, the backbone of the international economy and all crucial infrastructure, become?

Considerably, it appears. If hacking used to be an individual activity taking place in attic rooms, now it increasingly follows a professional pattern. Terrorist organisations and states have discovered opportunities to coordinate cyber attacks. In August 2008, the invasion of Georgia by Russia and the DDOS assaults disrupting Georgian communications appeared remarkably simultaneous.  In the same year, GhostNet was discovered. The largest electronic espionage network ever detected, GhostNet had managed to infiltrate over 1.000 computers, including those of multiple ministries.

What comes next? Cyber wars?

Most likely not, if the word cyber war is understood to mean an isolated, destructive assault of a state on the networks of another state. It is and will remain very difficult to prove that the initiative for a cyber attack is taken by a government. A cyber war will not be more likely to happen than a conventional war. It is hard to contend that a new way of waging war is born in cyber space. The internet is not a "the Matrix" - like separate universe where cyber armies operate. It is rather a medium which one can misuse in order to destabilise the systems of enemies, and it will be used as such in combination with a conventional attack. Furthermore, while some states have the capability to go over to a cyber offensive, they are restrained from doing so because the consequential costs outweigh the limited advantages. For the time being, cyber wars seem to be food for comics. However, cyber espionage and terror – which require less means – can never be excluded. Hackers specialised in infiltrating networks and stealing confidential data are available to be hired by any organisation.

As an internationally active actor, it seems obvious that the EU will be more and more exposed to these threats. So, vigilance and investments are necessary to secure computer networks. However, one also needs to be wary not to be carried away by the cyber war rhetorics unleashed by the military industry to squander money without reflection. After all, threat is the combination of intention, possibility and vulnerability.