Internet Terrorist: Does Such A Thing Really Exist?
by Rick Lawhorn - Director of Information Security & Compliance at PlanIT Technology Group - Tuesday, 19 August 2008.
The second use of the internet by terrorist is their utilization of technologies to build and coordinate their activities such as recruitment, fundraising and data mining. The internet is the perfect tool to use for this activity since much of it is not regulated and there is anonymity that protects against identification. This helps terrorist build memberships and raise funding to further their cause and distribute their message to a wider audience. But can this equate to electronic violence or transform into physical harm? Each one of us use the internet for the same purpose, minus the terrorist intent, so tracking and monitoring are quite difficult to nail down without spilling over into our civil liberties as a whole. The perceived harm that can be identified is the ability to organize a group for the intent of personal or physical violence. In order for an organization to keep on top of this issue, it would require vast amounts of resources and capital to infiltrate each terrorist group and monitor their progress. This goes way beyond what any commercial organization would do, especially since many still require basic security controls and services. This type of request would certainly invoke some strange looks.

Here is where the government steps in on the war on internet terror. The government has the funding and resources to concentrate on infiltrating the terrorist groups to provide the community greater insight into the problem. We know that the government’s main concern is infrastructure and self-preservation so terrorist targeting one specific entity or business becomes secondary by default. Disclosure of the intelligence takes a considerable amount of time since the information has to be interpreted and correlated against other information before being released. I have not experienced a mechanism or process that would release intelligence in a timely manner to a commercial business unless it was a matter of national security. Strike two is the inability, either by design or accident, to make the intelligence gathering and disclosure transparent and timely. This seems to be the greatest gap in protecting our commercial industries from Internet terrorist today. The lack of communication, fear or retaliation coupled with the shear expense prevents organizations from becoming the watchdogs for their respective industries. The terrorist seem to capitalize on this shortfall and use it to their benefit.

There are many journals and white papers that clearly confirm that the internet terrorist community is becoming increasingly sophisticated and beginning to leverage technology to protect their interests. I find this is amazing considering the lack of a fundamental definition to understand what we are monitoring, but I digress. Online session encryption and file encryption are being used to conceal information about activity and potential targets. They are building redundant systems that have the ability to withstand constant bombardment of noise by other terrorist groups or disgruntled citizens. They are beginning to build highly dynamic services that can disappear, re-emerge to change locations quickly and easily. The content on their sites is rich with multimedia such as movies or audio. They even implement security controls to track and prevent their version of threats to their presence. As the use of technology sophistication continues to grow, the less insight our governments will have about their activities and potential targets. The small amount of information we could potentially access today is drying up fast. We really need to open our eyes to this problem and build better methods to keep up or offset this threat growing into something much larger. We need to convince our governments that our society can be radically impacted by the collapse of our commercial industries as well as our critical infrastructure. Monitoring and active communication of emerging threats can further assist our industries to prepare or prevent the attacks, given the time to react. Sure, the down side is overreacting, but given that the majority of our businesses are on-line, I would enjoy the ability and time to manage my reaction.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th