In the months prior to Russia firing the first shot at Ukraine, we have been seeing widespread use of cyber warfare as an integral part of the Russian offensive. Through this, we see a rising trend whereby the use of cyber tools against civilians has been exponentially expanding.
One example of this growing trend occurred in 2021, when Iranian hackers hacked into Atraf – a popular LGBTQ dating site and targeted thousands of Israelis. The hackers stole sensitive personal details including the victim’s sexual orientation and HIV status. Leaking this information could have had devastating consequences for every single one of the victims’ lives. This attack is part of a new and growing movement whereby states are engaging in cyberterrorism. This type of cyberterrorism targets civilian infrastructure and services, endangers lives, and causes fear and panic – just like traditional terrorism. As cyberterrorists can attack remotely (– simply with the click of a button); the consequences have the potential to be much more far-reaching than physical attacks such as suicide bombers or missiles.
Cyberterrorism is a new weapon that can be used both daily, and in wartime and it is undoubtedly a new and strong component of modern warfare doctrine. This can not only be seen through the Atraf attack, but also in many other cases were countries such as Iran have been blamed for cyberattacks targeting civilians and civilian enterprises. These enterprises include water infrastructures and insurance companies,all of which would result in potentially devastating consequences for countless individuals. This phenomenon was again seen just this past week in Israel when the Israeli government’s websites were hit by what has been coined by some as “the largest ever cyberattack launched against the country”. This cyberattack had the potential to exceedingly disrupt daily proceedings had it not been quickly and adequately addressed. This once again reiterates the prominence and dangerousness of cyberattacks in our daily lives.
Further to this, while states have long relied on cyber tools for legitimate uses such as international messaging, the fact that some are now using them to cause fear and possibly physical harm to the general populace means that their actions have explicitly become terroristic. It is also important to note therefore, that cyberterrorism is very different to cybercrime. Cybercrime connotes that the attackers are private groups rather than state workers, their motive is also different as most often their focus is financial gain which is achieved through either extracting ransom payments or acquiring information to sell on the dark web.
It is henceforth clear to see that cyberterrorism is a growing threat throughout all aspects of society and the stakes involved are explicably high. It has also recently become especially clear that cyber-attacks can be fatal. Some legal experts and surviving family members representing victims of previous cyberattacks, have explicitly blamed ransomware attacks on hospitals, including in Germany and the United States for causing patient deaths. It is therefore apparent that although the parties involved and motivations behind some of the attacks aresometimes unclear, the repercussions more often than not, have the potential to be monumental.
Regulation is needed but is not enough
In recent years, many governments have increased the funding for departments tasked with preventing cyberterrorism. The United States released a statement saying that this summer they would give investigating ransomware attacks the same priority as investigating terrorism. Whilst this is a good initiative, it is our view that governments also need to dedicate more resources to prevention. The cruciality of focusing on prevention is accentuated as most cyberterrorism threats to the United States and Western countries stem from state-backed actors in countries that also pose the largest military threats, including Iran, China, North Korea, and Russia. Some of the threats however, are also derived from non-state or lesser-known actors and therefore are highly unpredictable and more difficult to address in the aftermath of an event.
Another growing potential avenue for cyberterrorism is the software supply chain. Software suppliers, enable access to high-value targets like utility companies, airports, and police departments. They offer attackers another indirect route to potentially disrupt or cut off services, which primarily endangers lives. In fact, the hackers who hacked into the Atraf dating site, did so via the servers of the web hosting company Cyberserve.
Correspondingly, expanding cybersecurity regulations, which are now limited to sectors like government, financial and energy companies, to include all sectors – such as software supply chain, would somewhat help. Regulations, which are rarely enforced and continuously updated, are not enough on their own however, all organizations, both big and small need experts to evaluate and secure their digital assets daily. They also need to keep up with the latest cyber intelligence about new threats and trends to ensure maximum protection.
With all its benefits of deniability, relatively low costs, and ability to attack from anywhere at any time – as well as the risk of copycat attacks–there is no doubt that the dangers of cyberterrorism to civilians will progressively grow. As the digital realm gets more ubiquitous in our lives, governments and private companies must stand up to this challenge for the sake of protecting all of society. As fundamentally seen, prior to the outbreak of the war against Ukraine, Russia executed a number of cyberattacks attacks against a variety of Ukrainian targets (government, financial, non-profit etc…) indiscriminately. Our analysis of the current conflict ultimately highlights that both any, and every company could be a legitimate target for cyberterrorism activity.