ISLAMIC MILITARY COUNTER TERRORISM COALITION
The internet is globally decentralized, which allows for anonymity and contributes to its use as a platform for illegal activities, including property crimes and the promotion of violent extremism. Against such a backdrop of susceptibility — the exploitation of the internet by extremists and terrorists — governments face a challenge to contain these criminals who seek to undermine the legitimacy of the state and commit acts of violence.
Cyber terrorism is the No. 1 national threat to many governments; it brings about enormous damage because of the global dependence on information technology. The main targets of cyber terrorism may be governments and associated institutions, banks, communications infrastructure, and public utilities such as water, electricity, oil and gas. Attacks on these can cause great economic, political and physical damage.
Cyber-terrorist groups have become more cunning and coordinated. They can take advantage of any computers connected to the internet to support any attack. As such, cyber terrorism has become a threat to large organizations and all citizens who use computers.
Cyber operations attract terrorists for several reasons. They are less expensive than traditional terrorist methods, requiring little more than a personal computer and an internet connection. There is no need to buy weapons and explosives. The creation and transmission of computer viruses by traditional telephone lines or wireless communication is one of the most common electronic terrorist methods, and it can cripple systems as effectively as physical bombs.
The definition of a cyber weapon is still couched in ambiguity. It occupies a murky area of programming codes used for malicious purposes. In distinguishing between a weapon and a tool, one must consider the intent of the offender, which is to cause harm through destruction or intimidation. This is an integral part of the definition of a cyber weapon.
For instance, a hammer is a tool used for various purposes. If it is used to cause bodily or material harm, a hammer becomes a dangerous weapon. This logic can also apply to the use of software that, though harmless in certain applications, becomes a destructive weapon when misused.
The extent to which a cyber weapon causes damage depends on the population’s dependence on the targeted network. Thus, the effects of cyber weapons targeting critical infrastructure such as electrical networks are more severe.
There is a constant risk that terrorist organizations will acquire such weapons. For instance, a group known as Shadow Broker hacked the U.S. National Security Agency and claimed to have stolen national cyber weapons with the intent of auctioning them off. That suggests that cyber weapons may be traded like conventional weapons by virtual “arms dealers.”
Malware software programs are an overarching term for any type of software designed to harm or exploit a programmable device, service or network. They are commonly used by cybercriminals to extract data for financial gain. Targeted data includes financial and heath records, email messages and personal passwords. The types of information subject to hacking is endless.
Type of attacks
The use of a zero-day exploit — finding a computer software vulnerability for which a patch has not been developed — is one of the most devious ways to access and harm a system. This vulnerability can be exploited by hackers to access restricted information, in addition to creating and using malware and spyware.
Distributed denial-of-service attacks, data theft and other intrusions can be performed by a botnet. Botnets or bots are several devices connected to the internet; each device runs one or more bots. An attacker can control the robots using command and control software.
Viruses are the most notorious and oldest types of malware program. They are programs attached to computers or files that multiply to infect other files or computers and can destroy or delete data. A computer may not be infected unless the compromised program is run, and the virus may lie dormant until the infected file or attachment is opened. Viruses require the user’s input to circulate and infect other files and systems, such as running an infected program in a mailing list.
Terrorists often attack victims using a form of cyber sabotage called logic bombs, which involves inserting software to set off a malicious function when certain conditions are met. Logic bombs can also be used for less harmful reasons such as free trials of programs that are disabled after a predetermined period of usage. Terrorists understand the importance of logic bombs; the infrastructure of most of the world depends on computer networks, and a specific series of logic bomb attacks can disrupt many global banking and transportation systems.
Critical infrastructure supports basic services that society needs, such as transportation, food production, energy and health care. Severe disruption of such services can make many people vulnerable. Reliance on electronic logistics supply chains for these services worsens the negative effects of a cyberattack because these services are the backbone of a national economy, especially security, health, energy, water, transportation, freight services, communications, banking and financial services.
Critical infrastructure can be vulnerable to cyber terrorism. The increase in the availability and interdependence of data, combined with the use of industrial control systems, public communications infrastructure and artificial intelligence, requires attention to cybersecurity at the national level. Furthermore, the increase in new electronic-physical systems, such as self-driving cars, creates new vulnerabilities.
The rapid development and interdependence of technologies is also a cause for concern, largely due to the emergence of the Internet of Things, which has created many new attack vectors for cybercriminals and terrorists to exploit.
On April 8, 2020, the Cybersecurity and Infrastructure Security Agency and the National Cyber Security Centre in the United Kingdom issued a warning about security incidents that targeted the vital infrastructure of health care and pharmaceutical agencies. Victims included companies, medical research institutions and universities, and the attacks corresponded to the emergence of the COVID-19 pandemic.
In the United States in February 2021, hackers infiltrated a water plant in a small Florida city to try to raise levels of potentially dangerous chemicals in the water supply. Fortunately, the attack was detected before anyone was hurt.
That same month, the U.S. Department of Homeland Security revealed a ransomware attack that targeted the critical infrastructure of a natural gas compression facility. The attacker used spear phishing, a targeted attack designed to trick people into providing sensitive information such as passwords to gain access to the networks of the institution, which resulted in the closure of the facility for two days.
As virtual attacks become more sophisticated, those tasked with defending national security, including the armed forces, cannot let down their guard. Not every destructive assault on national sovereignty requires the use of traditional weapons.
Identifying Extremist Platforms on Social Media
ISLAMIC MILITARY COUNTER TERRORISM COALITION
Online social networks have become dominant agents of communication: Facebook boasts many billions of users, YouTube 2.2 billion users, WhatsApp 2 billion users, Messenger 1.3 billion users,
and Instagram 1.2 billion. Each month, nearly 4 billion engage on such platforms.
The use of social networking continues to snowball rapidly and is a favored recruitment method of violent extremists. Governments interested in countering terrorism ignore social networks at their peril. They must employ emerging technologies like artificial intelligence (AI) to counter these ideological extremists lurking online.
Terrorism and social networks
Former British Home Secretary Amber Rudd describes combating online extremist content as an arms race between extremists and law enforcement agencies. Rudd revealed that as of November 2017, violent extremists established about 40,000 new websites and applications. Like any arms race, this requires state-of-the-art technologies. Enter a new technology called Conversation AI.
Conversation AI is a research project that aims to detect online extremist content and remove as much as possible. Of note, the use of machine learning in achieving such goals has significantly contributed to reducing such content.
The United Nations Counter-Terrorism Committee Executive Directorate launched the Counter-Terrorism Technology initiative, which actively monitors more than 500 extremist channels over more than 20 content platforms and messaging applications.
Terrorist organizations use social networking for different purposes. They raise money, strengthen collective identity and combine efforts. Such groups have employed these networks to achieve a set of goals, such as coordination, recruiting followers and spreading ideologies, using such networks as a virtual training ground while obtaining financial and moral support.
AI techniques have become the most prominent emerging technologies in combating online extremist content. About 99% of the content of al-Qaida and ISIS that was removed from Facebook was detected by AI systems before it was detected by people, according to Facebook.
This has made AI the best counterterrorism weapon in the world of big data in its automatic ability to detect extremist and terrorist content, individuals with extremist and terrorist susceptibility, and extremist virtual communities. AI helps anticipate, prevent and mitigate future terrorist risks.
Beyond a shadow of a doubt, the use of AI counterterrorism programs produces accurate predictions that lead to the reduction of unnecessary actions applied to large numbers of the population and reduces human bias in decision-making. AI directs its attention with greater precision, reducing the number of citizens subject to further monitoring.
AI predictive counterterrorism capabilities have been confirmed. Security and intelligence services use automated data analytics to assess the risks of air travel and reveal links between terrorist organizations and their associates. Some technology companies use advanced predictive measures to monitor and disrupt terrorist activities on social media platforms as well as using AI in the financial services sector to report suspicious money transfers.
AI is also used to analyze social networks, identify suspects and their online relationships, classify them as per characteristics, analyze their communication relationship, and detect extremist susceptibility in virtual communities. Through the SKYNET software program used by the U.S. National Security Agency, which includes an AI-based algorithm, about 15,000 out of 55 million domestic mobile phone users were identified as potential terrorists.
Another technique for weeding out radical content is natural language processing technologies, which potentially raises the efficiency of combating online extremist content, said Dr. Majdal bin Sultan bin Safran, professor of AI at the University of King Saud.
Such technologies help us to train devices to understand our communication with them and discover information in exceptionally large text groups without human intervention to discover the different linguistic patterns enlisted by extremists and terrorists.
Despite progress made by AI technologies in combating online content of extremism and terrorism, such technologies are still riddled with problems of linguistic content analytics, especially with the spread of hybrid languages such as Franco, colloquial dialects, and the analytics of nonverbal signals and images. This impedes full reliance on digital analytics of exceptionally large and highly developed content, which cannot be monitored by human experiences only.
We have a long way to go to reach models that can capture the true, precise meaning behind language and go beyond memorizing specific words and phrases. We must go a step further to interpret data in context, which has become a key factor in understanding online behavior.
Claudia Wallner, analyst at the Terrorism and Conflict Research Group at the Royal United Services Institute for Defence and Security Studies, is pessimistic about the success of the new European Union strategy to remove terrorist content.
Wallner describes it as having limited feasibility for several reasons, including the ambiguity of extremist or terrorist content due to challenges of legal definitions. Governments offer shifting definitions of violent extremism and terrorism, while national classification lists often include only a small portion of active extremist or terrorist groups.
Detecting extremist content is a gray zone. It’s sometimes hard to define what is extremist and what is not. Some content from extremist groups and individuals includes no statement or insinuations supporting hate or violence, but rather employs humor and irony to feed anger and discontent.
Unfortunately, targeting online extremist content causes extremists and terrorists to migrate to large platforms and hide among the millions of sites on these platforms, making it difficult for law enforcement agencies to detect their activities.
Small social networking sites are now more polarized and exploited by al-Qaida, Daesh and other groups because of the limited resources such platforms have to efficiently remove terrorist content.
Disclaimer: The views and opinions expressed in this article are those of the author. They do not necessarily reflect the official policy or position of any agency of the U.S. government, Diálogo magazine, or its members.