Home / Security and Defence / Terror-Byte: why we need a Hard Drive to shutdown cyber-Terrorism

Terror-Byte: why we need a Hard Drive to shutdown cyber-Terrorism

by Simon Schofield – Senior Fellow

21st January 2014. Security and Defence, Issue 1, No. 2.             

Download this as a PDF  

The fact that no one has yet been seriously harmed by cyber-terrorism should not offer comfort to anyone.

One is struck with an unsettling scenario when watching Skyfall: an unseen invader reaches into your infrastructure from afar and manages to cause untold chaos and carnage whilst sat behind his desk sipping Red Bull.

Cyber-terrorism is yet to approach its zenith, but that time is not very far away. The interconnected, network-dependent nature of almost all aspects of modern society presents terrorists with a myriad of targets, whose defences are being probed every hour of every day.

One of the biggest issues in identifying cyber-terrorism is that it is very subjective and context-based. If a State carries out a cyber attack against another State then that is considered an act of cyber-warfare. Should al Qaeda launch a similar attack, then that is cyber-terrorism. Equally, if a cyber attack is carried out in order to amass wealth illegally, this is simply cyber-crime, but if the same attack is carried out with wider political objectives then this is terrorism. These sound like simple distinctions to make; in the physical world they usually are. However, when the origin of an attack cannot be determined accurately and the motives are unclear, what name do you give it?

With the growth of anonymising services such as Tor; VPNs and other such facilities, intruders can bounce their signals all around the world before they approach a target. This means sometimes the exact origin of a cyber attack may never come to light. Furthermore, in cases of information theft, it is not always immediately apparent what, if anything, has been stolen from a system because information is copied, rather than physically removed.

Peter Singer argues that there have been no people hurt or injured by cyber-terrorism and that the risk is over-analysed, although he does also accept that there should be governmental concern on the topic. Whilst he is – at least to public knowledge – correct, it rather misses the point. Subnational groups have used cyber-weapons to attack a veritable cornucopia of systems for a number of reasons and with varying degrees of success.

A notable recent example of such terrorism is the Shamoon worm, also known as W32.disstrack, often attributed to a mostly unknown group known as the Cutting Sword of Justice. This virus has been known to attack at least two important energy suppliers: the Government-owned Saudi Aramco (which is the world’s most valuable company valued at up to $10trillion) and the Qatari company RasGas, the world’s second largest producer of Liquefied Natural Gas (LNG). Shamoon (Arabic for Simon) has a modular platform, meaning that various combinations of malware tools can be uploaded to it, customised for each target machine. Many of the Shamoon modules are espionage tools, used for spying and stealing information and relaying it back to a host machine, but there is also a tool called ‘the Wiper’. As the name suggests, the Wiper renders the data on a computer unusable, at least to an ordinary user. It does this by overwriting the master boot record (MBR), effectively preventing the computer from starting. Where things get sinister though is that in the Saudi Aramco attack the MBR was overwritten with a JPEG picture file from Wikipedia. What this means is that when the computers were switched on, rather than booting as usual, the screen simply displayed a picture of a burning American flag, suggesting deep political sentiment to the attacks. The Aramco attack knocked out 30,000 desktop computers, crippling the company’s internal network, doing considerable financial damage and taking ten days of clean-up operations to recover. It has been revealed, however, that the primary objective of this attack was to prevent oil and gas from reaching local and international markets, which thankfully the attackers were not able to achieve. Nevertheless, the fact that they were able to penetrate so far into probably the world’s single most vital oil company is not something to be brushed off.

About Simon Schofield

Simon Schofield is a Senior Fellow at the HSC and the Assistant to the Directors' Office. His main research interests lie in the fields of national security, intelligence and counterterrorism.