through cyber space
THERE is a new buzzword called cyber-terrorism that is catching the attention of governments, intelligence agencies, militaries and national security analysts. There have been a number of cases of cyber attacks, cracking of passwords, social engineering of important websites and the use of information technology (IT) by terrorists to supplement their physical operations. The question that faces all governments is whether this threat is all hype or is there any substance in these fears.
Cyber-terrorism is not only about damaging systems but also includes the use of IT in terrorist warfare, intelligence-gathering counter-intelligence and disinformation. It could include planting an unknown virus, spreading disinformation through anonymous e-mails, cracking into government Website and changing the contents to suit the terrorist cause, collecting information about banks and other sources of funds and using it at a convenient time, using the Internet to raise money for a cause, copy information and process it at leisure stealing money over the Internet etc.
The scope to cause
destruction through these methods is large. In warfare, the side that
runs out of funds first loses. Thus, the objective of warfare may not
just be to inflict physical damage, but also maximise financial
damage. The Irish Republican Army (IRA) used this method effectively
against the British government.
The social engineering of the Army Website (armyinkashmir.com) was possible because the server controlling the Website was not located in India. A group of Pakistani hackers posing to be Indians rang up the controllers of the Army Website and asked them to change the Internet Protocol (IP) address of the Website to another address. Then the hackers changed the contents of the Website. In order to guard against such incidents an organisation’s Internet network should not be connected to the Internet. The server on which the Website is located should be located in the country, preferably designed and managed by a reliable organisation which can be held responsible for avoidable lapses.
Pakistan has been carrying out a vitriolic propaganda war against India through radio and TV since Independence. Now the domain has been expanded to the Internet. A Pakistani Internet hacker, ‘Dr Nuker’ and his cyber cohort, one ‘Mr Sweet’ have struck almost 100 cyber facilities on the Internet in 1999. Dr Nuker’s group, called the ‘Pakistan Hackerz Club’ (PHC), is a cyber-terrorist organisation with a cause — freedom from Indian-controlled Kashmir. They have posted anti-India message on the Internet sites run by Karachi Stock Exchange, Disney Guide and the Naval Reserve Maintenance Facility in Ingleside. Recently, Dr Nuker has warned — "In case of a cyber war with Pakistan, we will prove our knowledge, ability and skill." Moreover, the Pakistan government’s site portrays "Bleeding Kashmir", listing the 1948 UN resolution on Kashmir as also the Indian nuclear tests of May 1998.
Militants in Kashmir and in the Northeast parts of India have taken to information technology to communicate, for propaganda and to avoid detection. According to the India Army Chief, they are using satellite phones, Internet and ‘burst modes’ to communicate. In ‘burst system’, voice-mail, and data of several minutes are compressed and transmitted in a single burst of a few seconds. It is extremely difficult to detect and decode these messages. The Army is not only trying to neutralise the militants’ communication network to deal with low-intensity conflict operations (LICO). Using the latest Very Small Aperture Terminal (VSAT), the indigenous system provides secure speech and data communications to the military in the northern, eastern and southern sectors.
During the Kargil conflict of May-June 1999, the United Liberation Front of Assam’s (ULFA) Website was in tune with Pakistani secret Website. The ULFAs had details about "Deployment of Indian Occupation Forces in the Seven-Sister Region of South-East Asian Formation Placement." The National Council of Nagaland (NSCN) was the pioneer in the use of the Internet for propaganda and probably the most meticulous. Their Website has the map of ‘Greater Nagaland’ they are fighting to ‘liberate’, major press releases are maintained on their sites, insurgent leaders are using it to air their opinions and they also have details of the Indian Army’s deployment.
The Liberation Tigers for Tamil Eelam (LTTE) has been using the Internet as an effective tool to influence opionion amongst the Tamil Diaspora and for collecting funds from them. In May 1998, the LTTE swamped Sri Lankan Embassies all over the globe with e-mail. Since the Sri Lankan government blanked out the media from reporting about the current conflict between the Sri Lankan forces and the LTTE in Jaffna province, it is the LTTE Website which is being used by the media to report on the situation in Jaffna. The Zapatista National Liberation Army (EZLN) in Mexico is also making use of Netwar. EZLN leader Marco not only uses computers to coordinate the activities of his organisations but also uses the Internet for propaganda.
Leading industrialised nations, faced with the growing threat from global computer viruses like the devastating "love bug", met in Paris in May 2000 to discuss ways to coordinate their fight against cyber crimes. The Group of Eight (G-8) exchanged tips on how to combat increasingly sophisticated computer crimes which are capable of shutting down computers across the planet, threatening security and causing billions of dollars of damage. The danger was highlighted when millions of computers worldwide were hit by the "love bug" virus, including some in the Pentagon and the British Parliament.
It is well-known that hackers gain entry into a computer system by various means, line sending malicous software as attachments to e-mail messages. On gaining entry into the system, hackers launch various scanning software like SATAN, ADMhack, Mscan Interner Security System (ISS) ident TCP scan, etc, in order to crack passwords.
There are various state-of-the-art security system available today to make the systems impregnable against hackers. Any organisation which intends to network its computers must first install a foolproof security system. There are various technologies to ensure security like firewalls, bastions, tunnelling data encryption, URL filtering, proxy screens, intrusion, detectors, audit trails and e-mail relays.
Moreover, many other
measures have already been taken by the USA and the UK, like the US
Federal Cyber Services and the British intelligence agency MI-5, to meet
cyber-security needs. These measures, it is hoped, will enable
governments to read everything that passes through the Internet.