УДК 32 (327)

National measures against international terrorism and cyber threat

Марифли Акиф Марифович – кандидат исторических наук, диссертант степени доктора наук кафедры Международных отношений и внешней политики Академии государственного управления при Президенте Азербайджанской Республики.

Аннотация: В статье освещены вопросы борьбы с кибертерроризмом и преступлениями. Доведено до сведения о том, что кибертерроризм является одной из страшных проблем современного мира и справедливо можно отметить, что кибер преступления появились паралельно с распространением использования компьютеров и интернета. Также, анализируя основные формы технической войны, выдвигается мнение о том, что это одна общая кибервойна.

Известно, что многие страны принимают информационную войну как эффективное оружие внешней политики. такие факторы как достижение информационной войны глобального уровня и детальное описание того, что в конечном итоге это приводит к кибертерроризму, выдвигает актуальность темы на первый план. Также здесь говорится о сути «емейл бомбы” и о том, что она превратилась в проблему века. В статье изучен опыт международных организаций и мировых стран в сфере борьбы с кибертерроризмом, а также произведен сравнительный анализ различного и аналогичного опыта между ними.

Здесь обращено внимание на интересные утверждения западных ученных, а также анализирована суть темы. В основном дано объяснение различиям между исследованиями. Исследуя в статье то, что кибертерроризм является одним из самых сильных угроз мира, присутствует обращение к утверждениям местных и зарубежных специалистов.

В итоге, указан опыт Азербайджана в этой сфере и специальные статьи законодательства, посвященные кибербезопасности.

Ключевые слова: Кибер, террор, борьба, кризис, атака, безопасность, компьютер.

Abstract: The article highlights the issues of combating cyberterrorism and cybercrimes. It is brought to the attention that cyberterrorism is one of the imminent problems of the modern world. Moreover, it can be justly noted that cyber crimes have emerged alongside the rapid spread of the use of computers and the Internet. In addition, by analyzing the main forms of technological warfare, an argument that they represent one joint cyberwar has been proposed.

It is known that many countries consider the information warfare as an effective tool of foreign policy. The relevance of the article is determined by the fact that information warfare has reached the global level, and thus, the author particularly elaborated its ultimate role in triggering the cyberterrorism. Along with that, the author discusses the essence of the “email bomb” and the fact that it has been turned into a problem of the century. The article examines the experience of the international organizations and countries in the field of combating cyberterrorism. The comparative analysis of the relevant contrasing and similar practices of those countries and organizations was conducted.

The poignant assumptions of Western scholars were mentioned and the essence of the matter was analyzed. In general, an explanation of the differences in the studies was suggested.

In its deliberations on cyberterrorism representing one of the most dangerous threats to the world, the article refers to the arguments of the local and foreign experts.

In summary, the experience of Azerbaijan in this field as well as specific articles of the legislation referring to cyber security were stated.

Keywords: Cyber, terror, fighting, crisis, attack, security, computer.

Introduction

In the field of information economy development, there are many new concepts; one of the most dangerous is the concept of “cyberterrorism”. The word “cyber” (“kubernesis”) means “to rule”, “to judge”. The term “cybernetics” was used by the American mathematician Nibert Wiener, and then it continued in the field of information technology [6, pp. 79-80]. Approaches to cyberterrorism are almost identical both in the West and in the world. Cyber terrorism is a politically-motivated attack by any or all of the secret agents against the civilian population as the main line of groundbreaking of the national balance through the use of electronic means, computer programs or other electronic forms of communication. Cyber terrorism aims to form public scrutiny by using advanced technology and information in keeping with means [10].

The prohibition of cyber-terrorism has not been specifically reflected in any international constitution and is therefore of particular importance. In this case, it has an impact on relevant legislation in the area of international law [13, p. 155]. Beyond any doubts, the most important source of power of the twenty-first century is information. Who has information, also owns power. With the power of information, developments in the technological field have a positive effect on our lives. Internet, computers, satellites, mobile phones... These are simply some of the technological products that enter our daily lives. Using the power of information, the same tools are transformed into a weapon, and come out as cyberwars or cyber terror concepts [7, p.360].

In the late 1980s, Berry Collin, Senior Research Fellow at the American Institute for Security and Intelligence, used the term “cybernetic terrorism” for the first time in describing the virtual spatial terrorist activity [24]. At that time, this term did not have practical significance and was used only for predicting the future. Berry Collins himself noted that it is really possible to speak about cyber-terrorism in the first decade of the twenty-first century. However, in relation to the real situation, the special agent of the Federal Bureau of Investigation, Mark Pollit, mentioned the definition of cyber terrorism in 1996 [33]. Thus, the development of information and communication technologies in modern times has led to the formation and increasing of cybercrime.

At Paris Convention held in 1983, the European Economic Commission (EEC) has set up computer crimes in the form of “any behavior that is subject to automatic processing or transmitting information in a system that is contrary to law, morality or non-discrimination”. In this context, computer systems and networks, known as “Cyber Crime” or “Virtual Crime”, are referred to as “Cyber Crime” in International Law [20]. Cyber crimes have occurred in parallel with the spread of computer and Internet use, and there is still no common decision on its definition and structure. The European Union has categorized cybercrime in four headlines in its draft of Strasbourg No 24, dated as of 21st of November, 2000:

1. The offenses relating to the safety, integrity and utilization of information and information systems,
2. Crimes in the field of information,
3. Offenses related to content,
4. Crimes related to spiritual wealth and related rights

This classification aims to obviate the infringement of the information systems of the European Union with regard to infringement, interference with communication, infringement of information and system integrity, fraud in information documents, offenses relating to child pornography, offenses committed against moral property and related rights [12, p. 1-22]. Due to the nature of the Internet and the technical nature of the Internet, legal arrangements for electronic media are not strong enough compared to the speed of technological advancement. In this regard, countries have taken different measures to address these problems. In the United States, the Commission on Critical Infrastructure Protection (PCCIP) was established in July 1996 with the support of President Bill Clinton [36]. The national team as the part of this Comission has identified a number of traps in the direction of prosecution and crime prevention on the Internet. In addition, in February 1998, the National Infrastructure Protection Center - National Infrastructure Protection Center (NPIC) [34] was established under the Federal Bureau of Investigation (FBI) in order to combat cybercrime in the United States. Launched in 1996 as a pilot project, NPIC has made significant progress in protecting the information system in public and private sectors [39]. In addition, the Federal Bureau of Investigation has also created a second center, called the National Computer Crimes Squad (NCCS) [28; 29], which, in its turn, uses the Internet to detect cyber crime when it comes to computer security breaches, online imitation , illegal disclosure of intimate visuals, and theft [25].

Outside of these, organizations like the American Information Technology Association - Information Technology Association of America, Central Intelligence Information Security Center - CIA Information Warfare Center [32] are among other organizations established to combat cybercrime in the United States [5, p.57-66].

Italy has formed a body within the Italian General Directorate of Security on March 30, 1998 to combat cybercrimes [15, p.36]. In France, state-run special units have been set up: the Office of the Central Information Systems Security established by the Secretary-General of the Defense and National Security, the Secreticariat, Général de la Défense et de Sécurité Nationale (SGDSN), which is attached to the Prime Minister. (DCSSI) [23] is working in this direction. Switzerland has two federal laws on cyber terrorism and the fight against technological crime, the Federal Penal Code [14, p. 15] and the Unfair Competition Act [30; 37]. The Federal Penal Code envisages the punishment of offenses such as technological information, information stealing, and infringement of information illegally. The Unfair Competition Act covers computer penalties for commercial purposes.

In 1997, the Bureau of Information Crimes under the Security Headquarters, and then the Computer Crime and Information Security Council in 1998, was set up to monitor the virtual environment in Turkey. The Council was established to conduct research in the field of ensuring proper security and to eliminate legal gaps. The Bureau of Information Crimes has been renamed into the Internet and Information Crimes Department in 2001 and has expanded its research area as well as began to provide services to deal with information crimes [20].

Riptech, a network security company of Symantec, an American technology company, said in its Internet Security Threat report in July 2002 that Internet attacks increased by 64 percent. Cyber attacks have been mostly in the United States. The report notes that mainly 80 percent of attacks come from 10 countries: USA, Germany, South Korea, China, France, Canada, Italy, Taiwan, Great Britain and Japan. The most hacker country was Israel. Cyber attacks are likely to come from countries that support terrorism, and it is likely that other countries will also arrive [38, p.43; 27]. Some of the cyber-attack examples in the world indicate that a Dutch group of young men entering the Pentagon during the Gulf War, changes sensitive information about US combat operations [8, pp.1-14].

The first outer attack took place in 2007 in Estonia. This is the case of stopping the group’s Internet access against the replacement of the Tallinn Bronze Statue monument built in memory of the Red Army. After the attack, many NATO and EU delegates were sent to Estonia for research. A similar event took place in Germany in August 2007. Virtual database of strategic organizations in Germany has been digitized, copies of many documents have been dublicated. Another case of cyberterrorism, which took place on the Ministry’s website in England in April 2009, drew the attention of the international community. A similar event occurred in Germany in August 2007. Another incident occurred at the French Defense Ministry in February of the same year. As a result of a cyber attack, many aircraft were unable to fly through the Villacoublay Airport due to a computer virus [9, p.39-45].

In Turkey, terrorist organizations are closely watching computer and internet technology, using pre-posting, propaganda, educational CDs and notifications for use primarily in propaganda and training purposes. There is also information that they could use virtual media to attack the operating and information centers, ministries, PTT-Telecom, Security Headquarters and Turkish Armed Forces, as well as to cause cause these systems to fail. According to security sources, the number of malicious websites operating against Turkey is around 8,000. Of these, 150 are active, and the average daily number of visitors is 500-1,000 people. These sites, generally called “com” or “org”, are administered through America, Germany, the Netherlands, and other Western European countries. “Kartepe Criteria” was prepared in the framework of the work done at the end of the “Second Internet Content Regulatory Workshop” held in Kocayeli - Kartepe on April 20-22, 2010 in Turkey [19; 22]. At present, more than 7,000 websites are linked to the Law No. 5651, “Organization of Internet Literature and Combating These Crimes”, known as “Kartepe Criteria”.

Materials and methods

The materials are mainly used from the works of the foreign scholars who had researches in the sphere of terrorism, periodicals, and official internet resources. The methodological grounds of the work consist of the basic methods of objective, systematic and chronological links between the events, comparative analysis of cyberterrorist acts of the distant past and modern terrorist acts and their types, as well as synthesis of scholarly researches in this area, and analysis of theoretical, practical and virtual methods and techniques applied by the famous terrorist organizations.

The article provides a comparative analysis of the consequences of cyberterrorism, the most common type of terrorism in the modern world, which is claimed to be a quiet death, and it is emphasized that it has become a global problem and disturbs the whole humanity.

The outcomes of the research can be used as analytical materials in the educational process of the universities as well as by specialists as a reference.

Discussion

Such attacks have an impact on the existence of a computer system. Thus, by sending e-mails to many people or public e-mail addresses by e-mail, “electronic bombs” result in the failure of the operating system on several computers, which in turn, leads to the destruction of electronic confidential documents. The hacker who enters into the computer system with a direct virtual attack, can delete or erase the recordings on the computer and change it to the format he wants. For example, Portuguese Hackers Against Indonesian Tyranny (PHAIT), the Portuguese hacker group, has overthrown the Indonesian government and its commercial websites to protest against East Timor. Since 1997, this group has hacked 20 government, 14 commercial, 1 academic and 9 small government websites. Their campaign against the Indonesian government is still under way [11, pp.33-35]. Acording to the paper, cyber terrorism is used to intimidate and suppress a society against individuals and goods in computer or computer systems to achieve a certain political and social purpose [16, p.223-238]. Terrorist organizations carry out propaganda and education, communication, data collection and virtual attack activities on the Internet. Shortly, these are terrorist operations committed in the Internet space. The main difference that separates cyber terrorism from other Internet-related crimes is that the victim of the crime is a state or suffers a political cause [40].

Cyber war differs from other wars to structure, different strategies, and, most importantly, its arena. It is a known fact that a state declaring cyber warfare (of course, it can be also actor) can achieve that in a short period of time. It simply uses this information in a thought-provoking manner to reach the intended goal.

Information War - Today, any country in the world needs an effective system of psychological-information warfare operations. It is no secret that today many countries recognize the information war as an effective tool of foreign policy. The Information-psychological war allows for a variety of processes to have an intensive impact on all levels of government and society in any country or region. The main target of new wars is the information infrastructure and psyche of the enemy (even the term “human network” came into existence).

Since October 1998, the US Department of Defense has introduced the concept of “information operation” along with the “information war”. The main reason for this is to distinguish these two concepts. Thus, the concept of information processing is to compromise the functioning of the information systems of the enemy, to collect, store, process information, and to protect the information and information systems. The concept of information warfare has a complex impact on the state and military control system of the host country (the total of information operations), which will lead to the adoption of fertile decisions by the parties in peacetime and the full collapse of the enemy's control infrastructure during the conflict. There is such a joke in the Pentagon: “Information warfare is computer security plus money” [18].

Human-type information wars include the opponent's certain peace model, which provides the type of behavior that is desirable, and attacks on information structures and research processes. The main forms of the technical warfare include the use of radio-electronic warfare, electronic intelligence and directives, precise air strikes, psychotropic warfare, fight against hackers, and cyber-warfare. The main issue in this area is that information war is never accidental or alone. Such wars are a coordinated activity on the use of the information as a weapon in the real battlefield, or in economic, political, as well as in social spheres. In this war, the opponents are interfering with the command and control of each other’s military facilities and systems, and military networks are routinely brought out of operation.

Result

In the modern world, the methods and weapons of war change according to scientific and technical development. Due to this precise reason, no one in the information war is a soldier, but everybody is a warrior.

It is important to note that a number of important measures should be taken to organize cyber terrorism protection. One of them is the creation of the Cyber Army. What is the Cyber Army?

It is the army created by information security experts who can protect cyber threats against cyber threats and, if required, cyber attacks. All the soldiers who are members of the cyber army, have to know very well the methods of attack and defense.

There are two kinds of cyber army:

• State-run official sections
• voluntary, but informal sections.

Let’s take into account that Azerbaijan is located in electronic space, where active cyber attacks are taking place. However, to what extent our country is resistant to a cyber-attack? Taking into account the National Security Concept 2007 of the Republic of Azerbaijan, one can see that the significance, importance and strategic importance of cybersecurity in the article on information security were not taken into account. That’s what accounts for this matter that our country is exposed to hacker attacks periodically from various addresses. Our country is located in the Russia-Iran-Armenia cyber triangle, and it is strongly organized to provide information security, including cyber-defense. No need to mention that the 3rd World War will be a cyber war. Israeli Prime Minister Benjamin Netanyahu's key cyber security expert, Isaac Ben, notes: “Cyber war has a great power and if you want to strike a country, make cyber attacks against its water and energy sources. Cyber technologies are capable of causing destruction without a single shot”.

One of the NATO officials, R. Hugers, writes: “The first bullet of a large-scale war that can take place in the near future, will be made throughout the Internet”.

Gordon Brown, Former British Prime Minister said “Modern domination is a prerequisite for dominant states not only for the seas, but also for the Internet”.

The military technologies adherence to the Internet is rapidly increasing; modern weapons, reporting hostile sites complexes and confidential messaging systems are controlled by the Internet [17].

One of the most important issues of protecting countries from cyberterrorism and other cyber threats is the training of cyber-spies. Cyber spies are part of the Cyber Army. The name’s given to those who know and specialize in all aspects of information security, with at least 3 years of special training. The tasks of cyberspies are to leak information using information systems [21].

To understand cyber wars and terrorist activities, it is important to understand their components. The components of the cyber warfare are: physical and public components, hackers, “volunteer zombie” armies, government and military organizations, intelligence services, attack and defense programs, Nmap, Metasploit, Nessus, Snort, Packet Filter, purpose and method, internet access stop, data leak, download agent app [31; 35].

 The significant expansion of the country’s information infrastructure in recent years, thanks to investments in e-government, e-education, e-health, e-commerce, and other areas, can be considered as an increase in the number of potential targets of cybercrime. The attacks on the information infrastructure are mainly carried out through deliberate destruction, wiping, derating, replacement, blocking, falsification or seizure of computer systems or data which are also subject to the Convention on Cybercrime as well as the Criminal Code of the Republic of Azerbaijan [2, p.56-58]. It is worth mentioning that the Republic of Azerbaijan joined the Convention on Cybercrime on September 30, 2009 [3] and since that time, significant reforms have been carried out in the Republic on combating Cybercrime. In addition to the criminal law to effectively combat cybercrime, the need for the development of criminal procedural legal mechanisms and relevant characterization (research) techniques is also reflected in an explanatory report to the Convention on Cybercrime.

The crimes in the field of computer information in the Criminal Code of the Republic of Azerbaijan include:

1. Illegal access to computer information [Article 271];
2. Creating, disposing or disseminating malicious programs for electronic computers [Article 272];
3. Infringement of the rules for the use of electronic computers (EHM), exposure system or their networks [Article 273] [1, s.167-168].

Conclusion

Finally, it may be said that cybercrime and the prevention of terrorist activity are extremely necessary. Thus, cybercrime can stop the work of government agencies seriously dependent on information technologies. At the same time, cyber terrorism can lead to massive public problems. Given all this, it is necessary to strengthen the fight against cyber terrorism at national and international levels.

References

1. Azərbaycan Respublikasının Cinayət Məcəlləsi. Bakı 2017, 868 s., s.167-168.
2. Balacanov E. Kibercinayətlərlə mübarizə: çətinliklər və imkanlar. // İnformasiya təhlükəsizliyinin multidissiplinar problemləri üzrə II respublika elmi-praktiki konfransı, 14 may 2015-ci il. s.56-58.
3. “Kibercinayətkarlıq haqqında” konvensiyanın təsdiq edilməsi barədə Azərbaycan Respublikasının Qanunu. Bakı şəhəri, 30 sentyabr 2009-cu il.
4. Atıcı, B., Gümüş, Ç., “Sanal Ortamda Gerçek Tehditler: Siber Terör”. // Polis Dergisi, Yıl:9, Sayı:37, 2003. s. 56-68.
5. Bünyamin A., ve Gümüş Ç., “Sanal Ortamda Gerçek Tehditler: Siber Terör.” Polis Dergisi, yıl 9, sayı 37 (Ekim-Kasım-Aralık 2003), s. 57-66.
6. Çolak, H. Siber Terör, Yargılama Usulü ve Önleyici Tedbirler. // Kazancı Hakemli Hukuk Dergisi, 2011 Ocak-Şubat, s. 62-142. s.79-80.
7. Çora N. Uluslararası terörizm ve failleri. İstanbul, TDY 2008, 400 s. s. 360.
8. Kara O., Aydın Ü., Oğuz A. Ağ ekonomisinin karanlik yüzü: Siber terör. // 5. Bilgi, Ekonomi Ve Yönetim Kongresi, İzmit, 03/11/2006. s. 1-14.
9. Özcan M. “Yeni Milenyumda Yeni Tehdit: Siber Terör”, Türk Harb-İş Dergisi, Sayı:210, Ekim 2004, s.39-45.
10. Cybercrimes: Infrastructure Threats from Cyberterrorists, Cyberspace Lawyer, 4 No 2 Cyberspace Law 23.
11. Furnell, S. M., Warren, M. J., Computer hacking and cyber terrorism: The real threats in the new millennium? Computers and Security, 1999., vol. 18, no. 1, pp. 28-35. p. 33-35.
12. Jarrett H. M., Bailie M.W., Prosecuting Computer Crimes. Published by Office of Legal Education Executive Office for United States Attorneys. Washington DC 2010. 203 pp., p.1, 9, 17-22.
13. National Cyber Security Framework Manual. (Ed.) Klimburg A. // The NATO Science for Peace and Security Programme.NATO CCD COE Publication, Tallinn 2012. 253 pp., p.156.
14. National strategy for Switzerland’s protection against cyber risks.Eidgenössisches Departement für Verteidigung, Bevölkerungsschutz and Sport VBS. 19 June 2012. .42 pp. p.15.
15. Ruggieri F. Comments on the Italian ‘Code for the Digital Administration’. // Digital Evidence and Electronic Signature Law Review, Vol 5. Pario Communications Limited, 2008. 29-40 pp. p. 36.
16. Stohl, M. Cyber terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games? // Crime, Law and Social Change. An Interdisciplinary Journal, December 2006, Volume 46, Issue 4, pp. 223–238.
17. About Army Cyber / https://www.goarmy.com/army-cyber.html.
18. İnformasiya müharibəsi: “Heç kim əsgər deyil, lakin hamı döyüş iştirakçısıdır”. // http://rabitadunyasi.info.az/News/?newsID=779&lang=az.
19. Kartepe Kriterleri. / http://bt-stk.org.tr/kartepe.html.
20. Keçeci O. Siber Suçlar ve Terörizm. / http://www.academia.edu/2333087/Siber_Su%C3%A7lar_ve_Ter%C3%B6rizm.
21. Ozan U. Siber Tehditler ve Savunma Yöntemleri Osmangazi Üniversitesi Eskişehir 2011, 30s. s 25. / http://docplayer.biz.tr/711855-Siber-tehditler-ve-savunma-yontemleri-ozan-ucar-certified-ethical-hacker-ozan-ucar-bga-com-tr.htm.
22. Uçkan Ö. “Kartepe Kriterleri”/ https://www.bthaber.com/kartepe-kriterleri.
23. Central Information Systems Security Division. / http://www.ssi.gouv.fr/archive/en/dcssi/index.html.
24. Collin B.C. The Future of Cyber Terrorism: Where the Physical and Virtual Worlds Converge // 11th Annual International Symposium on Criminal Justice Issues. Institute for Security and Intelligence / http://www.crime-research.org/library/Cyberter.htm.
25. Computer Crimes Squad. Dallas Police Department / http://www.dallaspolice.net/divisions/Pages/Computer-Crime-Squad.aspx.
26. / http://searchsecurity.techtarget.com/definition/cyberterrorism.
27. Cyber attacks on the rise, says security firm. / http://www.smh.com.au/articles/2002/07/09/1025667131627.html.
28. B.I. National Computer Crime Squad / http://www.sabronet.com/contacts/fbi.html.
29. Federal Bureau of Investigation National Computer Crime Squad / http://www.tscm.com/compcrim.html.
30. Federal Law of December 19, 1986 on Unfair Competition. / http://www.wipo.int/wipolex/en/details.jsp?id=660.
31. Hackers Tools. Secure Communication Networks integrated privacy and network securety solutions to protect and accelerate business. // Falken Secure Networks 2008./ http://falkensecurenetworks.com/securityThreats4.html.
32. http://informationwarfarecenter.com/; https://www.ipredator.co/cyber-terrorism.
33. Krasavin S. What is Cyber-terrorism? Computer Crime Research Center (CCRC). / http://www.crime-research.org/library/Cyber-terrorism.htm.
34. National Infrastructure Protection Center (NIPC). / http://www.encyclopedia.com/doc/1G2-3405300334.html.
35. Nicola U. Carlo Tools for penetration tests 2. HT FHNW With extracts from documents of Google; Wireshark; nmap; Nessus, metasploit /
36. http://web.fhnw.ch/plattformen/ns/vorlesungsunterlagen-1/network-analysis-tools/network-tools-2.
37. Report to the President's Commission on Critical Infrastructure Protection. / http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=12731.
38. Revision of the Swiss Unfair Competition Act (UCA) (Gesetz gegen den unlauteren Wettbewerb (UWG)). / http://www.ssplaw.ch/site/assets/files/2312/sspnewsletter_revision_of_the_swiss_unfair_competition_act.pdf.
39. Riptech Internet Security Threat Report Attack Trends for Q1 and Q2 2002. Volume II July 2002. p.43. Symantec. / http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_ii.pdf.
40. The FBI and the National Infrastructure Protection Center Publicly Introduce the National InfraGard Program. Washington, D.C. January 06, 2001. FBI National Press Office. (202) 324-3691. / https://archives.fbi.gov/archives/news/pressrel/press-releases/the-fbi-and-the-national-infrastructure-protection-center-publically-introduce-the-national-infragard-program.
41. Weimann G. Cyberterrorism. How Real Is the Threat? // United States Institute of Peace. Washington, December 2004, Special Report 119. / https://www.usip.org/sites/default/files/sr119.pdf.