Module 5 - Cyberterrorism

Question 1

Occurrences of Cyberterrorism

Answer 1

• Few documented cases
• Mohamedou Ould Slahi -> al Qaeda launched low level computer attacks and sabotaged websites through DoS such as Israeli prime minister’s computer server.

Question 2

Expansion of Term - Cyberterrorism (5 use examples)

Answer 2

No includes performing activities with the Internet to further terrorist activities.

(possible) attacks to bring about physical attack, but more likely:
- covert communication
- intelligence gathering
- training and recruiting
- stealing money to fund terrorism (now surpasses international drug trafficking as terrorist financing source)

Question 3

Examples of Funding Terrorism (2)

Answer 3

Ibrahim Samudra

• $200,000 to fund bombings in Bali
• Executed by Indonesia

Younis Tsoul (Terrorist 007)

• Incited to commit terrorism by posting extremist websites
• Conducting at least 2.5 million pounds of fraudulent activity including credit card fraud
• Convicted by the UK

Question 4

Money Mules

Answer 4

• used to launder money through the Internet so that not easily traced.
• Recruitment sim to work at home.
  10000 reportable limit in US
  Deposit < 10000 into account, use random denominations, transport overseas

Question 5

Propaganda & Recruitment

Answer 5

• Violence is a common theme.
• Propaganda may be OK, but use to incite acts of terrorism unlawful for many UN participants.
• Jihadist websites
  Examples:
• Quetta Shura Taliban maintains several websites, including one with an Arabic-language online magazine, and publishes daily electronic press releases on other Arabic- language jihadist forums.
• The As-Shahab Institute for Media Production is Al Qaeda’s media arm and distributes audio, video, and graphics products online through jihadist forums, blogs, and file-hosting websites.

Question 6

Japanese Hackers

Answer 6

• attempting to incite violence (mass murder, bomb, workers at Nintendo and Ise Grand Shrine, mass killings at elementary schools).
• Taunting police
• tagline “Thank you for playing with me. Let’s play again.”

Question 7

Means of Covert Communications

Answer 7

• encrypted email
• Forums (vBulletin)
• TOR
• Jon Do
• Chat rooms
• IRC
• VOIP (Skype, Vonage)
• File sharing (RapidShare, BitTorrent, Drop)

Syberian Post Office

Question 8

Syberian Post Office

Answer 8

Post messages to popular bulletin boards, but use cross-site request forgery exploit.
In current Japanese case, the virus called iesys.exe is used to post messages to the sites through infected computers.

Question 9

Mumbai Attacks (Basic Details)

Answer 9

11/26-29/2008

• 11 coordinated attacks (shootings & bombings) by Islamist terrorists (support from Pakistan’s ISI).
• 164 people killed, over 300 injured
• no investment in tech of platforms, used Google Earth / watched news (BBC and India TV)

Question 10

Mumbai Attacks (Use of Tech)

Answer 10

• 5 Nokia cell phones from China with locally obtained SIMs
• Blackberries (internet)
• Callphonex, a VoIP service (1 account)
• fake email address -> 10 IP addresses
• One satellite phone
• GPS device
• Social media sites
• picked up victim’s cell phone - hard to track

Question 11

Mumbai Attacks (outside coordination)

Answer 11

Lashkar-e-Toiba (LeT) had used Voice-over Internet Protocol (VoIP) software to communicate with the 26/11 attackers on the ground and direct the large scale operation on a real-time basis.
- handlers monitored on tv and media and warned attackers

Question 12

Mumbai Attacks (witness reporting)

Answer 12

• 80 tweets every 5 seconds (CNN)

- photos to Flickr