Everything that exists has both theoretical and practical direction. Thus, when we talk about cyber terrorism or cyber warfare, first of all it should be explained what event we are dealing with. In this regard cyber terrorism can be explained as use of digital attacks by one country to another (spreading of computer viruses or implementation hacker cyberattacks) to damage, liquidate, and destroy computer infrastructure.
There are differing opinions among the experts regarding the term "cyber warfare”. Some researches point out that the term "cyber warfare" is incorrect, because till the modern times no cyber-attack can be considered as "cyber terrorism" or "cyberwarfare". The second part of the experts believe that this is an appropriate name because a cyber-attack causes physical harm to people and objects in the real world.
Is cyber-attack considered as terrorist act? It depends on many factors - what the hackers do, how they do it and what damage they do to the target object. The qualifications of the attacks must be of considerable scale and severity.
Attacks by an individual hacker or group of hackers, are not considered as cyber terrorism or cyber warfare if the state does not assist or direct the concrete group. Nevertheless, the virtual world is still vaguely represented in the direction of cyber-attacks. There are states that support hackers in carrying out malicious actions, this is a dangerous but common trend.
For example, cybercriminals who destroy a bank's computer systems while stealing money are not considered as cyber terrorists or cybercriminals, even if they are from another country, but state-backed hackers do the same thing to destabilize another country's economy and to terrorize the population of foreign country. This action can be considered as a one of the main direction within terrorism - state-sponsored terrorism (UN Resolution 1999).
Together with the state actors, in the cyber terrorism activities are involved non-state actors. For example, there are many types of jihadist networks on the Internet. This directly concerns to the selective work to bring up a new generation of jihadists - as cyber terrorists. These are the second and third generation jihadists that need to work at the "behind of enemy lines".
Today, there are more than 10 thousand websites in cyberspace, which work for the spreading the jihadist ideology and the practice of terrorism.
There are three main methods of cyber warfare: sabotage, cyber espionage or stealing information from computers through viruses, and attacking power grids. The third is probably the most alarming, which implies a cyber-attack on critical infrastructure (Lewis University, 2020).
Governments are becoming increasingly aware that the modern society is highly dependent on computer systems - from financial services to transportation networks. Therefore, using viruses or other means by hackers, stopping these systems can be just as effective and harmful as a traditional military campaign by using the armed forces, weapons and missiles.
Unlike traditional military attacks and terrorist acts, cyber-attacks can be carried out from any distance. It is also possible that no trace is left and there can be no evidence at all. Governments and intelligence agencies fear that digital attacks against critical infrastructure, banking systems or power grids will allow to cyber terrorists to evade the adoption of counter measures from the country's traditional defense structures side. That is why all countries are striving to improve the computer system security.
Historical Aspects of Cyber Terrorism Transformation: Spatial Characteristics of Military Conflicts
The development of technology has not changed the priorities of the state defense as much as it did during World War II. The main terrorist strikes are aimed toward energy facilities. Currently most of the serious cyber-attacks take place on fuel and energy complexes, followed by the financial sector. The digital world has given rise to new types of threats related to international terrorism. As it is known, not all types of cyberattacks can be implemented in cyberspace. Even though that the term cyber terrorism has been significantly introduced in the list of one of the main threats before the international society,
It is still difficult to finally qualify a cyber terrorism and cyber warfare meanings because most of the facts around the world are based on assumptions. Traces often lead to an aggressive state, but often there is no evidence. There are discussed cyber wars and cyber terrorism or their technical characteristics based on various studies. Experts do analysis - when the cyber war starts, how it has been transformed, what role it plays in conflict production, and so on. It is an important fact that many states not only carry out cyber espionage activities, intelligence and investigation, but also create their own cyber capabilities.
At the end of the 20th century, no one could have imagined that the unreal space would merge with real space. Perhaps no one could have imagined that a dimension would emerge that would be almost impossible to control and it would have no boundaries, that humanity would face a new form of terrorism as invisible threat. When trying to explain the transformation of cyber terrorism and cyber warfare, it has to be highlight what changes all of this. This is mostly related to the refinement of cyber-attack technologies and the creation of malicious hacking strategies, programs or viruses. Therefore, we must distinguish the new types of terrorist attack: there are passive and active cyber-attacks, passive attack involves traffic analysis and monitoring of vulnerable communications. During an active attack, a hacker attacks protected systems. This is mostly done by viruses.
Here are some of the most common types of cyber-attacks and „malware“- types of malicious code attacks, that hackers - cyber terrorists actually carry out:
Types of malicious code attacks:
Denial-of-service (DoS) – During this attack a large amount of unusable traffic is sent and the network goes out of order. Consumption is interrupted when the web server is full and no longer meets legitimate requirements.
Distributed denial-of-service (DDoS) – During an attack, several hackers or hacked systems make many requests to the web server and block the service with useless traffic. A coordinated attack can do great damage.
Man-in-the-middle (MitM) - When someone interferes and controls your communication process, you think you are talking to a familiar person, or you have direct access to the server, but this time, all your personal information is seen by a hacker.
Phishing - An attacker creates a clone of a real web page, sends an email to the targeted user with a fake web page link, if the user moves to that link and enters personal data, the hacker will gain access to that data.
War Drive - A method of obtaining access to wireless computer networks, such as a laptop, antennas, and a wireless network adapter that provides unauthorized access.
Password - Obtaining passwords is a common and effective method of attack. This can be done randomly or systematically (DiGiacomo John, 2017).
Malware attack An unwanted program running on the system without your consent can add and multiply legitimate code. It can also be reproduced in different programs, or interpreted on the Internet. Note that all viruses are Malware. However not all Malware is a virus, it can be a program, an application and so on that allows a hacker to gain unauthorized access to personal data (Rapid 7, 2020).
Here are some common types of malicious code attacks:
Ransomware - Encrypts files in the system and makes them temporarily inaccessible, in case of this attack hackers demand ransom in exchange for returning the information.
Logic bombs - It can be part of the software that turns into a malicious program after a certain date.
Trojan horse - Hidden in a useful program. It usually has a damaging function. A hacker can use the virus to intercept and carry out attacks.
Worm - An independent computer program that multiplies itself from one system to another on a network.
Based on research and the presented list, it can be distinguished three categories of the target group of cyber terrorist acts - these are:
As it can be seen, cyber terrorists have many options to try to gain unauthorized access to critical infrastructure and important data. Therefore, the states create a legal norms to ensure technological security. Cyberattacks have historically not been as devastating as they are today. There is a lot of statistical data based on facts that confirms those opinions.
The world's leading research and consulting firm Gartner publishes data on cybersecurity expenditures, which are compared and discussed by 2017-2019 global cybersecurity expenditure segment (Gartner, 2019).
In the table it can be seen, that in terms of combating terrorism in the field cyber security, worldwide, huge amount of money is spent and increasing every year. For example, expenditures in 2017 were $ 101.544 billion, in 2018 it increased to $ 114.152 billion, and in 2019 it reached $ 124.116 billion (Gartner, 2020).
According to Gartner, in 2022, global cybersecurity spending will reach $ 133.7 billion (Varonis, 2020). While noteworthy is the fact that the damage to the world far exceeds the amount spent on security, a report by Cybersecurity Ventures estimates that by 2021 the damage from cyberterrorism will be $ 6 trillion, up from $ 3 trillion in 2015 (Morgan, 2017).
This in its turn means that the trend of cyber terrorism, cyber warfare and cyberattacks has recently taken on a larger scale and is undergoing a transformation. Russia has great potential in terms of cyber attacks and numerous suspicions events confirm this. Russia used cyber weapons against Georgia during the 2008 war, and in 2019 used the same method to launch cyber-attacks on Georgian government websites and television infrastructure. According to foreign media, at the closed session of the UN Security Council in 2020, the United States, Britain and Estonia assessed this fact as a cyber attack carried out by Russia. The same handwriting was observed during the attack on Ukraine in early 2014 (Georgian Public Broadcast, 2014)
