Cyber Crime and Cyber Terrorism

Download 5,67 Mb.

Pdf ko'rish

bet	134/283
Sana	19.05.2022
Hajmi	5,67 Mb.
	#604880

1 ... 130 131 132 133 134 135 136 137 ... 283

Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

FUTURE DEVELOPMENTS CYBER TERRORISM

127

Future developments
In February 2013, the Global Islamic Media Front released a new encryption tool
“Asrar al-Dardashah” but this time as a plugin to instant messaging client Pidgin that
can be used in conjunction with user accounts on popular platforms such as Google
Talk, MSN, Yahoo, AOL Instant Messenger, and Jabber/XMPP.
Though it can be seen as a shift in strategy for the use of Internet by implementing an
encryption layer on top of existing services, the main disadvantage is that Public Keys
have a very explicit heading
“
#—Begin Al-Ekhlaas Network ASRAR El Moujahedeen
V2.0 Public Key 2048 bit—” leading to increased difficulty to store keys on public
server or exchange those keys without raising the attention of counter-terrorism units.
The very same group, Global Islamic Media Front, also released an Android ap-
plication to send/receive encrypted SMS and files. Indeed, this tool cannot be down-
loaded directly from the official store but is available on their website and a tutorial
is available for the would-be users.
Finally in December 2013, a new tool has been discovered and was released
by Al-Fajr Media Centre. This encryption tool is the latest program available for
Al-Qaeda-type terrorists and codenamed “Amn al-Mujahid” (secret of the Mujahid).
It’s a software like PGP giving the possibility for users to choose among a set of well
know encryption algorithm and to generate key pairs.
FUTURE DEVELOPMENTS
CYBER TERRORISM
We can imagine in the near future that terrorist and/or associated type of groups will
want to leverage their attacks to be able to attain an unprecedented scale of impact
of fear and destruction. With this in mind, the Internet can clearly be used as a tool
to directly sustain a major attack. The most obvious target will certainly be critical
infrastructure systems where disruption can be life-threatening and/or having mass
disruption whilst generating distrust from the wider population (e.g., a transportation
system hack). It is quite difficult to assess if terrorist groups are close to perform-
ing such attacks. However, if traditional terrorist groups are willing to, it means that
they will have to either recruit very knowledgeable individuals or ask for external
help such as for purchasing particular skills via a platform such a CaaS (Crime as a
Service) or individuals such as Hackers-for-Hire.
However, as previously mentioned, trust is the biggest issue and the amount of
time requested to develop this type of attack can be quite significant. Also informa-
tion leakage about an operation cannot be ignored. The attack would also need to
be built (e.g., software development, etc.) and tested. The problem with testing is
either it is performed “off-line” or out of the target system. In the “off-line” option, it
requires reconnaissance/intelligence first but also enormous resources to reproduce
the target system and most of the time this is impossible (e.g., SCADA systems). The
second problem with testing, if done on the live system, is that it leaves noises (e.g.,
traces/logs) that can raise the attention of the targeted system monitoring capabilities.
This option is too risky and very unlikely to be chosen by terrorist groups.

Download 5,67 Mb.

Do'stlaringiz bilan baham:

1 ... 130 131 132 133 134 135 136 137 ... 283