Computers and the Internet continue to pervade human life in everything from automobiles to kitchen appliances. Individuals or groups can now use Cyberspace to threaten International governments, or terrorize the citizens of a country. The crime of "cracking" can escalate into terrorism when an individual "cracks" into a government or military-maintained website. Cyber-terrorism could be hacking into a hospital computer system and changing someones medicine prescription to a lethal dosage for an act of revenge.
With cyber-terrorism becoming an increasing problem in our society, everyone needs to be aware of what it is and what dangers it poses.
Why do we care?
It is important for computing professionals to understand cyber-terrorism for the benefit of themselves, their profession, and society as a whole. The computer is being used as a new weapon to obtain results similar to the use of bombs, kidnappings or assassinations.
The computer as the target
This includes actions such as:
Theft of information (confidential data about new products, customer lists ) Blackmail, based upon the information obtained by theft of computer files (medical information ) Sabotage of data or of the system Unauthorized access to the files of the authorities to modify data (criminal records, driving license..) Techno-vandalism (destruction without precise goal of data) Browsing (intrusion in a system just for the pleasure of going there, without any intention of stealing)
The computer as the tool of conventional crime
Embezzling Murder by modifying a patients drug prescription in a hospital. Servers providing illegal data (child pornography )
The computer as generator of new types of crimes
Software piracy Hardware counterfeiting
Following are some of the threats to computer systems.
A hacker is a person who is pleased to explore in detail a programmable system and who seeks to extend to the maximum his knowledge in this field. Currently, the term is generally employed to designate persons illegally introduced into computer systems. White-hat hackers are the good guys who are excited by the intellectual challenge of tearing apart computer systems to improve computer security. Black-hat hackers are desperadoes on the Net out to crash systems, stealing passwords, and generally wreaking as much havoc as possible.
Phreaking is an act of pirating telephone networks. The activity is related to computer hacking because hackers have to spend long hours trying to be connected by modem on the computers chosen as targets. This can become very expensive. It is for this reason that the majority of the hackers are also phreakers. Moreover, since the modern telephone exchanges are computerised, it becomes possible for phreakers to control the network as easily as an employee of the telephone company.
A virus is a program that can reproduce in a computer and infect other programs. It is transmitted from one computer to another, on copying an infected program. The viruses can be programmed to be harmful, for example, by erasing all of the machines data on a precise date.
A worm differs from a virus in that it transfers itself from one computer to the other through a network.
A Trojan horse is a software program which hides another perfidious program. For example, if in addition to being a word-processing program, its programmer decides to make it search for the list of all the applications contained in the computer and erase all other word processing software, it is a Trojan horse. It is also possible to use a Trojan horse to introduce a virus on a computer.
Cyber Squatting refers to the practice of buying domain names like www.mcdonalds.com or www.coke.com , then selling them for a big profit (just like a personalised number plate).
Denial of Service
Denial of service is becoming a common networking prank . By flooding a website with too many requests for information, an attacker can effectively clog the system, slowing performance or even crashing the site.
Scans are widespread probes of the Internet to determine types of computers, services, and connections. This way one can take advantage of the weaknesses in a particular make of computer or software program.
Sniffer is a program that covertly searches individual packets of data as they pass through the Internet, capturing passwords of the entire contents.
Spoofing involves faking an e-mail address or a web page to trick users into passing along critical information like passwords or credit-card numbers.
Malicious Applets are tiny programs, sometimes written in the popular Java computer language, which misuse a computers resources, modify files on the hard disk, send fake e-mail, or steal passwords.
War dialing are programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection.
A logic bomb is an instruction in a computer program that triggers a malicious act.
Buffer overflow is technique for crashing or gaining control of a computer by loading it with data sent to the buffer in a computers memory.
Password crackers are those who possess softwares that can guess passwords.
Dumpster diving involves sifting through a companys garbage to find information to help break into their computers.
Crackers are hackers on hire who break into computer systems to steal valuable information for their own financial gain.
Script Bunnies are amateur hackers with little technical savvy who download program-scripts that automate the job of breaking into computers.
Insiders are employees, disgruntled or otherwise, working solo or in concert with outsiders to compromise corporate systems.
How to protect the computer against threats
If there is a weak link in the computer security chain, it is man. Currently there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone.
Here are a few ways to protect oneself from cyber terrorism:-
Use of firewalls to screen all communications to a system, including e-mail messages, which may carry logic bombs. ( Firewall is a relatively generic term for methods of filtering access to a network. They may come in the form of a computer, router, a communications device or in the form of a network configuration).
All accounts should have passwords and the password should be unusual and difficult to guess.
Change the network configuration when defects become known.
Check with vendors for upgrades and patches.
Audit systems and check logs to help in detecting and tracing an intruder.
If one is ever unsure about the safety of a site, or receives suspicious e-mail from an unknown address, one should avoid accessing it.
Installation of anti-virus programs in the system can check spread of viruses and worms.