Use of IT - cybeterrorism,

cybercrime and hacking

Marek Madej
ISM UW
December 2024
 Information warfare (IW):
preliminary definitions
 Information warfare:
- broad meaning – all activities aimed to take control
over the content, flow or access to information
- strict (‘narrow’) meaning – use of information
technologies to gain access to opponent’s information
systems (databases, flow of data, processing of data) in
goal to use them, to manipulate them or to destroy them

 Defensive vs. offensive IW

 Information Warfare vs. cyberwarfare vs. netwar
 Other challenges in cyberspace: misinformation (fake
news, information chaos, bubbles creation etc.); data
protection (big data, privacy etc.)
Specificity of actions in cyberspace (from
the perspective of non-state actors)
 Cyberspace = force equalizer
 Irrelevancy of space and time
 Low cost of entry and of maintaining activity
 (Relative) anonymity (Internet structure,
capabilities/possibilities of camouflage)
 Unpredictability, problems with prevention before
attack actually happens
 Systemic (”cascading”) effects and problem of
”Internet monoculture”
 Problem of legal status, legal co-operation and
penalization
 Basic forms of use of IT by non-state
actors

 IT as an ”auxiliary tool” and force

multiplier:

IT as a tool for improving/supporting other activities,

usually perpetrated in the real, material (physical)
world

 IT as a weapon:

Use of IT as a specific means of destruction, directly

to cause harm in virtual or physical reality.
 IT as a force multiplier and ”auxiliary
tool”
 Propaganda and creating
misperception/information disruption
 Communication
 Recruitment and mobilization of supporters
 Operation planning
 Command & control
 Financing/collecting of financial means (assets)
 Training and Education
 Intelligence
 IT as a propaganda tool – main
advantages and disadvantages
 Low cost and simplicity (basic tools – websites, e-
mails, chats, social media)
 Accessibility of the audience (important reservation:
recipient has to be interested in receiving the message,
has to actively pursue information)
 Control over the content and form
 Adaptability and flexibility - different segments of the
audience (supporters, ”enemies”, global public opinion)
 different message
 Spreading in viral form  additional legitimacy for
information (issue of reliability of sources) and safety for
sources
 Problems of countermeasures (technical and legal
questions, issue of freedom of speech, etc.)
 IT as a mean of communication and
intelligence collection
Communication
 Cost, simplicity, accessibility
e-mails, communication tools i.e.
Skype (VOIP), chat-rooms, info
on the websites
 Security
- numerous securing tool: strong
cryptography, steganography,
anonymizing tools (i.e. remailers,
spoofing)
- peer-to-peer (P2P) technology
(50%-70% of the flow in the
Internet) MUTE, GNUnet
- scale of the information flow
through the Internet
(2001 – 15,5 bln e-mails daily)
- TOR (The Onion Route) etc.
network
Intelligence
 Three types of data
collection
 General data from open
sources
(Internet = ”virtual library”)
 Specific data from open
sources
(i.e. building’s plans, rail
timetables etc.)
 Confidential data available
through the Internet
- break-in (trojans)
- interception (sniffers;
spoofing, scanning)
- „social manipulation”
(”sociotechnique”)
IT as a weapon – basic typology of information
attacks
 Information attacks proper (sensu stricto):
consequences limited to cyberspace
 Information attacks sensu largo:
consequences also in real world

 Means and methods of attack in both cases similar,

the difference is in complexity and target selection
 Physical attacks on infrastructure, which maintains
and support cyberspace (i.e. building with servers,
phone lines etc.)
 Information attacks – typology of means and
methods
 Website defacement, incl. so-called hijacking
 Flooding
- virtual sit-ins
- e-mail bombs
- Denial of Service – DoS; Distributed Denial of Service
(problem of botnets)
 Computer hacking, break-ins
- many forms and tools
- trojans and other spying tools
- malware (viruses, worms and their subcategories:
bacterias, logic bombs etc.)
Information attacks sensu largo – conditions of
success
 Accuracy of methods and means (potentially the
most dangerous):
- Botnets  DoS, particularly DDoS
- Virtual break-ins, particularly malware (worms,
viruses)
 Proper target selection (key elements of IT
networks - nodes, hubs – important servers, routers)
 Level of integration with critical infrastructure
(telecommunication; electrical power systems; gas and
oil storage and transportation; banking and finance;
transportation; water supply systems; emergency
services - medical, police, fire, and rescue services)
 Obstacles: security tools and practices (securing
software, i.e. firewalls; air gaps), difficulties with target
identification and selection, human factor
 Cyberterrorism – definition
 Cyberterrorism – ”combination of terrorism and
cyberspace” (B. Collin) – many possible
interpretations of the term
 Soft vs. hard cyberterrorism
 Cyberterrorism vs. use of IT by terrorists
 Use of IT/misuse of IT/ offensive use of IT (M.
Conway)

Cyberterrorism: information attacks perpetrated by

politicaly motivated groups and with the intention to
cause physical damage by use of force (or threat to
use it) against ”noncombatants” or property
 Cybeterrorism – probability of materializing
Pro’s:
 Easy access to attractive
targets
 Potential consequences
 Anonimity (relative)
 Mediocre danger for
perpetrator
 Variety of methods and
means of attack
 Low costs
 Pace of growth of global IT
networks and growing
number of IT security
incidents
Cons:
 Need of adequate technical
knowledge and equipment
 Unusual character of
activity in comparison to
modus operandi of hostile
non-state actors
 Low probability of
spectacular success
 Dependency on
cyberspace
 Lack of drama
 Risk of counter-reaction
 Historical record
 Use of IT by terrorists
 As an ”auxiliary” tool: intensive
- propaganda (directly or via front
groups/supporters): websites, other forms of info
on the Internet
- communication (leaderless resistance,
network-type terrorist organizations)
- intelligence and disinformation
 As a weapon: rare
exclusively information attacks proper (limited to
cyberspace) – LTTE, EZLN, Palestinians
 Cybercrime
 Definitions
- all illegal business activity with the use of IT (also as an
”auxiliary tool”)
- illegal use of IT for financial gains
- use of IT by organized criminal groups
 Three levels of the problem:
- widening of the sphere of criminal activity – new
categories of crime (i.e. phishing) or new perspectives
for well-known crimes (i.e. frauds, property rights
violations etc.)
- use of IT as an ”auxiliary tool” by criminal groups
(particularly communications)
- use of IT as a weapon by criminals – sporadically,
mainly as an element of blackmail
 Hacking
 Hacker:
- broader meaning – every person with IT skills,
who use it to gain unauthorized access to data in
digital form (motivation is irrelevant)
- strict meaning – every person, who break security
of cyberspace/IT infrastructure for reasons other
than political or material (lust for fame or fun, other
psychological needs)
 Hacker vs. cracker
 Hacking - hactivism - cyberterrorism
 Phenomenon of so-called Internet wars
 Wikileaks, Snowden etc – are they
hackers/cyberterrorists?
 Hacking – importance in context of state
security
 Hackers – responsible for majority of IT security
violations, particularly the most serious incidents
 Most skilful wrongdoers (in spite of huge diversity in
actual proficiency – from masters to script-kiddies)
 Specificity of motivation (mostly psychological  factor,
which simultaneously increases risk of grave
consequences of their activity as well as decreases it –
depends on context)
 Growing importance of ”the underground” (TOR etc.)
 Intentional harms vs. collateral damage – what is more
serious and when
 In general – use of IT by states the most serious
threat (see Stuxnet case), not non-state actors (but
how to recognize who is the real culprit?)
 Countries – still the most dangerous
enemies in cyberspace
 Estonia 2007 (April-May 2007) and Georgia 2008
(August) – attacks on IT infrastructure coordinated from
Russia
 Stuxnet affair (2010) – attacks on nuclear facilities in
Iran, significantly specialized/profiled virus
 Duqu/Flamer/Gauss attacks (2011-2012) – very complex
spywares, active primarily on Middle East (Iran, Israel)
 Cyber spying (accusations in part. against China)
 Propaganda/hybrid warfare capabilities (esp. since 2014)
 The main issue – question of the legal status of state
activities and difficulties with proving the responsibility for
actions)