Showing posts with label IGI Global. Show all posts

Lech J. Janczewski & Andrew M. Colarik

Premier Reference Source

Acquisitions Editor: Kristin Klinger, Development Editor: Kristin Roth, Senior Managing Editor: Jennifer Neidig, Managing Editor: Sara Reed, Copy Editor: Ann Shaver and Heidi Hormel, Typesetter: Sharon Berger and Jennifer Neidig, Cover Design: Lisa Tosheff, Printed at: Yurchak Printing Inc.

e-books shop
Cyber Warfare and Cyber Terrorism

First of all, we would like to thank all the contributing authors, who in the course of preparing this manuscript for
publishing supported us in this task. This project would not be possible without their substantial efforts.
We are directing special thanks to the reviewers of the papers included in this book:
• Dr. Brian Cusack from AUT University, New Zealand
• Prof. Ronald Dodge from the West Point United States Military Academy, USA
• Prof. Peter Goldschmidt from the University of Western Australia, Australia
• Prof. Dieter Gollmann from Hamburg University of Technology, Germany
• Prof. Kai Rannenberg from Frankfurt University, Germany
• Prof. Matthew Warren from Deakin University, Australia
• Prof. Hank Wolf from the Otago University, New Zealand
• Prof. Dennis Viehland from Massey University, New Zealand
What we really appreciate is not only the high quality of their reviews, but their very timely responses to all of our queries and requests.
Special thanks are also directed to our families who were deprived of our mental presence during the time of writing this book.


So many things come in sets of five. The five senses consisting of sight, hearing, touch, smell, and taste; the five elements consisting of water, earth, air, fire and ether; and even the Lorenz cipher machine that uses two sets of five wheels that generate the element obscuring characters—these are but a few examples of independent items that merge together to create a genre of function. Let us now take a look at a number of factors, which on their
face value may seem to be totally independent but together create something worth contemplating.
Factor 1
In mid-1960s a group of scientists called the “Rome Club” published a report, which at that time was read and commented on widely around the world. This report was the result of analysis of computer-based models aimed at forecasting the developments of our civilization. The overall conclusions were dim. In the 21st century, human civilization would start facing major difficulties resulting from the depletion of natural resources. The conclusions of the report were discussed and rejected by many at that time. However, without any doubt the Rome Report was
the first document trying to address the impact of our civilization on the natural environment.
Factor 2
At the end of the 20th century, the whole world was fascinated with the Y2K computer bug. Due to the limited space used for storing a date in computer records of legacy systems, it was discovered that switching from the year 1999 to 2000 may result in software failures. These failures then may trigger chain reactions due to the fact that computers drive public utility systems (i.e., power supply, water, telecommunications, etc.). As a matter of fact,
some people went so far as to hoard food and other supplies to avoid any possible society-wide disturbances that may result. The information technology sector responded with mass action aimed at tracing all possible systems that could generate problems during the switch to a new millennium. As a result, no significant accidents occurred at that time around the world. Interestingly, some mass media outlets clearly were disappointed that nothing had happen.
Factor 3
Telecommunication networks come in many forms; whether they are for the use of businesses, governments, social organizations, and/or individuals, they have great value for improving people’s lives. A network is essentially the connecting of two or more entities with the ability to communicate. Utilizing a multitude of telecommunication technologies, such as the Public Switched Telephone Network (PSTN), Public Switched Data Network (PSDN),
Cable Television (CATV) network, and orbiting satellite networks (i.e., commercial and military), people from around the globe can communicate and share information virtually in an instant. The real-time services that this infrastructure provides include regular telephone calls, videoconferencing, voice over Internet protocol (VOIP), and a host of other analog, digital, and multimedia communications. Connecting these networked systems and facilitating their communications are high-speed switches, routers, gateways, and data communication servers.
Combined, these technologies and infrastructures comprise the global information infrastructure, which is primarily used for the sharing of information and data. This infrastructure serves communications between communities, businesses, industrial and distribution interests, medical and emergency services, military operations and support functions, as well as air and sea traffic control systems. The global information infrastructure sustains our westernized
economic and military superiority as well as facilitating our shared knowledge and culture.
It provides national, international and global connectivity through a vast array of systems. 
The services overlay that facilitate voice and data transfers support the globalization of western values, business, and cultural transfers by creating a smaller, highly responsive communication space to operate and interact with any interested participants. All of this is facilitated by the massive network of servers known as the Internet, and managed by thousands of
organizations and millions of individuals. The global information infrastructure is utilized to improve organizations’ and individuals’ respective efficiencies, coordination and communication efforts, and share and consolidate critical data for maintaining ongoing efforts. This is why such an infrastructure is so important to our western way of life, and also why it is a viable target for those seeking to assert their influence and agendas on the rest of humanity.
Factor 4
Every year the Computer Security Institute, an organization based in San Francisco, California, produces, in cooperation with the FBI, a report called the CSI/FBI Computer Crime and Security Survey. It is a summary and analysis of answers received from more than 600 individuals from all over the United Stated representing all types of business organizations in terms of size and operation. This survey is known around the world as the most representative source of assessment of the security status of businesses. Some of the key findings from the
2006 survey were:
• Virus attacks continue to be the source of the greatest financial losses.
• Unauthorized access continues to be the second-greatest source of financial loss.
• Financial losses related to laptops (or mobile hardware) and theft of proprietary information (i.e., intellectual property) are third and fourth. These four categories account for more than 74% of financial losses.
• Unauthorized use of computer systems slightly decreased this year, according to respondents.
• The total dollar amount of financial losses resulting from security breaches had a substantial decrease this year, according to respondents. Although a large part of this drop was due to a decrease in the number of respondents able and willing to provide estimates of losses, the average amount of financial losses per respondent also decreased substantially this year.
The overall tone of the survey is optimistic. We, as a society, have put a curb on the rising wave of computerbased crime. The survey’s findings confirm that.
Factor 5
The mass media reports everyday on terrorist attacks around the world. These attacks may be launched at any time in any place and country. The method of attack in the overwhelming majority of cases is the same: an individual or a group triggers an explosion at a target. It could be done remotely or in suicidal mode. The common dominator of these tragic events is that the attackers are representing only a small part of society and most of the victims are
innocent people who just happen to be in the proximity of the explosion.
The important conclusions that may be drawn from these five factors:
• Lack of symptoms of certain phenomena does not imply that the phenomena do not exist. But if such a phenomenon may eventuate and would be damaging to us, we need to take preventive measures.
• All the technology that we have created could be used for the benefit of all of us, but also could be used as a tool of attack/destruction against all of us.
• Information technology, and networking in particular, is a marvel of 20th/21st-century civilization. It dramatically changes all aspects of human behavior. Information technology is beneficial for humanity but may also be (and is) used by individuals to pursue their own objectives against the interest of the majority of people.
• These jagged individuals have started creating significant damages to information technology applications and their respective infrastructures. To counter this new discipline, information/computer security emerged. At present, the efforts of security specialists have started to pay off, and the overall percentage of computerbased crime has leveled off.
• Currently, terrorism has become the most widespread form of violence for expressing public discontent. Thus far, terrorism has stayed within its traditional form of violence, but it has already begun to migrate into using computer technology and networks to launch such attacks. As in the case of Y2K, we need to build awareness among information technology professionals and people alike that terrorism based on the use of computers and networks is a real threat.
All of the above has laid the foundation to the discipline called cyber terrorism. So what are the objectives of cyber terrorism, or rather, why do we need to worry about it?
Because of the enormous efficiencies gained over the past 25 years due to the introduction of computers and telecommunications technologies, organizations have a vested interest to maintain and sustain their deployment regardless of any residual issues. The use of these systems and networks means that there now is a major concentration and centralization of information resources. Such a consolidation creates a major vulnerability to a host of attacks and exploitations. Over the past 35 years, electronic economic espionage has resulted in the theft
of military and technological developments that have changed the balance of power and continue to threaten the safety and stability of the world. In 2005 alone, more than 93 million people in the United States were subjected to the potential of identity theft as a result of information breaches and poor information security. When viewed globally, organizations of all kinds are obviously doing something terribly wrong with the security of proprietary and personal information. This is why it is so important to re-energize the need to protect these systems and reexamine
our underlying organizational processes that may contribute to future breaches. The emergence of cyber terrorism means that a new group of potential attackers on computers and telecommunications technologies may be added to “traditional” cyber criminals.
The use of technology has impacted society as well. Due to automation technologies, organizational processes are becoming similar around the world. Governments are sharing information and aligning legal frameworks to
take advantage of these synergies. Businesses are operating in distributed structures internationally to expand global reach, as well as outsourcing services requiring the use of information to less expensive centers around the
world. This has created an extended communication structure between functional units, vendors, and suppliers in order to maintain an efficient value chain of products and services. This facilitated the capabilities of attacking targets wherever they may be located.
Individuals now have access to a vast storage of information resources for the creation of new thought, ideas, and innovations. This includes technological as well as political ideas and innovations. Cultures are becoming closer through shared communications, and as a result are changing at faster rates than previously seen in recorded history.
While these technologies have inherent benefits to unify disparate groups and nationalities, this is also creating ultra-minorities that may be inclined to engage in extremism in order to control these changes and compete in this unifying environment. The facilitation of the underlying technologies is also being utilized by these groups to form solidarity and global reach for those of similar mindset and means. Thus, the underlying infrastructures are allowing
small groups of people to gain their own form of scales of economies. People and organizations are realizing that in order to be able to compete in a globally connected world, they must master the underlying infrastructure that supports this connectivity. Whether this is to gain access to the opportunities that lie ahead from its mastery or it is to undermine and/or destroy these opportunities for others is still an emerging issue we are all facing today
and into the future. Therefore, the exploitation of its inherent strengths (i.e., communication and coordination of global activities, and intelligence gathering) and vulnerabilities (i.e., protocol weaknesses and people processes)
can be considered one of the primary sources of attacks today and in the future. This is why we cannot ignore the societal and organizational influences that create the motivations to commit cyber warfare and cyber terrorism in addition to the technological requirements to securing our systems and eliminating any inherent vulnerability.
This book a compilation of selected articles written by people who have answered the call to secure our organizational, national, and international information infrastructures. These authors have decided to come together for this project in order to put forth their thoughts and ideas so that others may benefit from their knowledge and experience. They are dedicated people from around the world who conduct research on information security, and develop and/or deploy a host of information security technologies in their respective fields and industries, and
have brought forward a host of key issues that require greater attention and focus by all of us. It is our sincerest hope that the readings provided in our book will create new lines of thought and inspire people around the world to assist in improving the systems and processes we are all now dependent on for our sustained futures. Following this prologue, there is a chapter Introduction to Cyber Warfare and Cyber Terrorism formulating an overview with basic definitions of cyber terrorism and information warfare. Basic recommendations on how to
handle such attacks are also presented. The main part of the book follows, containing more detailed discussions of the topics mentioned in the first chapter and other relevant issues. The articles are grouped roughly following the content of the most known security standard ISO 17799, which is entitled “Code of practice for information security
management.” In each chapter, the reader will find two types of articles: summaries of a given method/technology or a report on a research in the related field. An epilogue is then presented to conclude the content. The purpose of this book is to give a solid introduction to cyber warfare and cyber terrorism, as we understand it at the beginning of the 21st century. Our book is not a guide to handling issues related to these topics but rather a review of the related problems, issues, and presentations of the newest research in this field. Our main audience is information technology specialists and information security specialists wanting to get a first-hand brief on developments
related to the handling of cyber warfare and cyber terrorism attacks.


Table of Contents
Preface ...... viii
Acknowledgment ........ xii
Introductory Chapter / Andrew M. Colarik and Lech J. Janczewski .... xiii
Section I Terms, Concepts, and Definitions
Chapter I
Cyber Terrorism Attacks / Kevin Curran, Kevin Concannon, and Sean McKeever............1
Chapter II
Knowledge Management, Terrorism, and Cyber Terrorism / Gil Ariely .......7
Chapter III
Ten Information Warfare Trends / Kenneth J. Knapp and William R. Boulton .....17
Chapter IV
Bits and Bytes vs. Bullets and Bombs: A New Form of Warfare / John H. Nugent and
Mahesh Raisinghani..........26
Chapter V
Infrastructures of Cyber Warfare / Robert S. Owen .....35
Chapter VI
Terrorism and the Internet / M. J. Warren........42
Chapter VII
Steganography / Merrill Warkentin, Mark B. Schmidt, and Ernst Bekkering......50
Chapter VIII
Cryptography / Kevin Curran, Niall Smyth, and Bryan Mc Grory......57
Chapter IX
A Roadmap for Delivering Trustworthy IT Processes / Kassem Saleh, Imran Zualkerman, and
Ibrahim Al Kattan .............65
Section II Dynamic Aspects of Cyber Warfare and Cyber Terrorism
Chapter X
An Introduction to Key Themes in the Economics of Cyber Security / Neil Gandal.......78
Chapter XI
Role of FS-ISAC in Countering Cyber Terrorism / Manish Gupta and H. R. Rao .....83
Chapter XII
Deception in Cyber Attacks / Neil C. Rowe and E. John Custy.......91
Chapter XIII
Deception in Defense of Computer Systems from Cyber Attack / Neil C. Rowe .....97
Chapter XIV
Ethics of Cyber War Attacks / Neil C. Rowe........105
Chapter XV
International Outsourcing, Personal Data, and Cyber Terrorism: Approaches for Oversight /
Kirk St.Amant..........112
Chapter XVI
Network-Based Passive Information Gathering / Romuald Thion .....120
Chapter XVII
Electronic Money Management in Modern Online Businesses / Konstantinos Robotis and
Theodoros Tzouramanis.............129
Chapter XVIII
The Analysis of Money Laundering Techniques / Krzysztof Woda ....138
Chapter XIX
Spam, Spim, and Illegal Advertisement / Dionysios V. Politis and Konstantinos P. Theodoridis....146
Chapter XX
Malware: Specialized Trojan Horse / Stefan Kiltz, Andreas Lang, and Jana Dittmann....154
Chapter XXI
SQL Code Poisoning: The Most Prevalent Technique for Attacking Web Powered Databases /
Theodoros Tzouramanis.......161
Section III Human Aspects of Cyber Warfare and Cyber Terrorism
Chapter XXII
Electronic Surveillance and Civil Rights / Kevin Curran, Steven McIntyre, Hugo Meenan, and
Ciaran Heaney......173
Chapter XXIII
Social Engineering / B. Bhagyavati ....182
Chapter XXIV
Social Engineering / Michael Aiello .....191
Chapter XXV
Behavioral Information Security / Isabelle J. Fagnot ........199
Chapter XXVI
Toward a Deeper Understanding of Personnel Anomaly Detection / Shuyuan Mary Ho..........206
Chapter XXVII
Cyber Stalking: A Challenge for Web Security / Alok Mishra and Deepti Mishra ....216
Section IV Technical Aspects of Handling Cyber Attacks
Chapter XXVIII
Cyber Security Models / Norman F. Schneidewind .......228
Chapter XXIX
Cyber War Defense: Systems Development with Integrated Security / Murray E. Jennex........241
Chapter XXX
Antispam Approaches Against Information Warfare / Hsin-Yang Lu, Chia-Jung Tsui, and
Joon S. Park .....254
Chapter XXXI
Denial-of-Service (DoS) Attacks: Prevention, Intrusion Detection, and Mitigation / Georg Disterer, Ame Alles, and Axel Hervatin ......262
Chapter XXXII
Large-Scale Monitoring of Critical Digital Infrastructures / André Årnes .....273
Chapter XXXIII
Public Key Infrastructures as a Means for Increasing Network Security / Ioannis P. Chochliouros, Stergios S. Chochliouros, Anastasia S. Spiliopoulou, and Evita Lampadari........281
Chapter XXXIV
Use of Geographic Information Systems in Cyber Warfare and Cyber Counterterrorism / Mark R. Leipnik.....291
Chapter XXXV
Use of Remotely Sensed Imagery in Cyber Warfare and Cyber Counterterrorism / Gang Gong and Mark R. Leipnik .....298
Section V Identification, Authorization, and Access Control
Chapter XXXVI
Hacking and Eavesdropping / Kevin Curran, Peter Breslin, Kevin McLaughlin, and Gary Tracey........307
Chapter XXXVII
Access Control Models / Romuald Thion ........318
An Overview of IDS Using Anomaly Detection / Lior Rokach and Yuval Elovici ....327
Chapter XXXIX
Bio-Cyber Machine Gun: A New Mode of Authentication Access Using Visual Evoked PotentialsAndrews Samraj ......338
Chapter XL
Content-Based Policy Specification for Multimedia Authorization and Access Control Model /
Bechara Al Bouna and Richard Chbeir .....345
Chapter XLI
Data Mining / Mark Last.......358
Chapter XLII
Identification and Localization of Digital Addresses on the Internet / André Årnes .....366
Chapter XLIII
Identification Through Data Mining / Diego Liberati ......374
Section VI Business Continuity
Chapter XLIV
A Model for Emergency Response Systems / Murray E. Jennex ....383
Chapter XLV
Bouncing Techniques / Stéphane Coulondre ......392
Chapter XLVI
Cyber Forensics / Stéphane Coulondre...........397
Chapter XLVII
Software Component Survivability in Information Warfare / Joon S. Park and Joseph Giordano .......403
Chapter XLVIII
Taxonomy for Computer Security Incidents / Stefan Kiltz, Andreas Lang, and Jana Dittmann.......412
Section VII Cyber Warfare and Cyber Terrorism: National and International Responses
Chapter XLIX
Measures for Ensuring Data Protection and Citizen Privacy Against the Threat of Crime and Terrorism: The European Response / Ioannis P. Chochliouros, Anastasia S. Spiliopoulou, and Stergios P. Chochliouros .....420
Chapter L
EU Tackles Cybercrime / Sylvia Mercado Kierkegaard.............431
Chapter LI
The U.S. Military Response to Cyber Warfare / Richard J. Kilroy, Jr......439
Chapter LII
USA’s View on World Cyber Security Issues / Norman Schneidewind.....446
Chapter LIII
ECHELON and the NSA / D. C. Webb .....453
Chapter LIV
International Cybercrime Convention / Sylvia Mercado-Kierkegaard.......469
Epilogue .....477
Glossary .....479
Compilation of References ..........483
About the Editors ......528


e-books shop

Purchase Now !
Just with Paypal

Product details
 565 p
 File Size
 5,329 KB
 File Type
 PDF format
 978-1-59140-991-5 (hardcover)
 978-1-59140-992-2 (ebook)
 2008 by IGI Global 

═════ ═════

Loading... Protection Status