It is impossible to really understand any sort of terrorism without understanding that it is fundamentally an information warfare technique. The goal of terror-ism is to strike terror - not to overwhelm the enemy with force, to out-pace them, to out stealth them, but only to effect the will to fight or otherwise influence the enemy's decision process.
Mogadishu - a classic example - pictures on US television show the dead bodies of US soldiers dragged naked through the streets - urinated on - defecated on - abused - burned - ripped apart. From a military standpoint, this could have no real effect on the ability of the United States to do battle, and even from a moral standpoint, it could serve only to strengthen the resolve of US forces to defeat the enemy in as harsh a fashion as possible. But from the standpoint of the will of the United States government to fight, these images did their job quickly and effectively. The United States left.
This is a form of cyber-terrorism. It is the use of information - in the form of images - and information warfare - in the form of exploiting these images to affect the enemy's information process - to bring terror to the United States and influence the top-level decision-making process.
The reason this cyber-terrorist attack worked is that it was well-planned, well-executed, and poorly defended against by the United States. You may call it propaganda - and of course the defense against it in this case would also have been propaganda of a form - but it is just a special case of deception and perception management. The deception was the implication that the United States was over-matched and that thousands of US soldiers would follow in the path of these poor soldiers. The perception management was the way the US media was exploited, along with various political forces and viewpoints of the US population regarding this particular military venture, to cause an executive decision that could never have been forced based on sound military principles.
The objective of the cyber-terrorist is to bring fear of one form or another to the minds of a population. Using the descriptions of information warfare described by Winn Schwartau in his "Information Warfare" book, if the population is one, then it is individualized terrorism - as exemplified by cyber-stalkers, while organizations can also be terrorized - often in the form of extortion of some sort, as can larger populations such as nation-states - which we would normally think of as large-scale information warfare such as that cited above. Clearly there are other sorts of populations that can be targeted for cyber-terrorism - such as religious groups, customers of some group, everyone that uses hair spray, and so forth.
The objective of counter-cyber-terrorism is somewhat more complex. It is not just the prevention of successful cyber-terrorist attack, although this would be nice. It may also involve detection of and reaction to attempts, inoculating a population against these attacks, responding to attacks in a variety of ways, and convincing the potential attacker that the attempt is not desirable.
The remainder of this discussion surrounds the relationship between cyber-terrorism and perception management - particularly in the role of deception - but more generally as well. I will rely heavily throughout the remainder of this piece on two excellent works of other authors - which I will cite here but not cite repeatedly throughout. They are A Cognitive Model for Exposition of Human Deception and Counter-deception by D. R. Lambert (NOSC Technical Report 1076 - October, 1987) and Victory and Deceit - Dirty Tricks at War by Jim (James F.) Dunnigan and Albert A. Nofi (William Morrow and Co., 1995).
The direct approach to cyber-terrorism is to use the cyber-infrastructure to directly influence the mind of the victim through the inducement of fear.
The simplest examples of this are the cases of cyber-stalking wherein individuals target other individuals and use the Internet and/or the telephone system to scare them. The most common process here is to find out information about the victim and exploit it against them. Medical history is particularly effective because it is usually particularly personal and implies that the attacker is able to see everything about the victim. Surveillance of the victim is often involved in such attacks because it allows the attacker to interrupt the victim when they are in the shower with obscene phone calls or threats of bodily harm.
Tools that attack personal computers are very effective in aiding these sorts of attackers because it allows them to enter the victim's computer remotely and learn information stored on their personal computer. The attacker can read their email, personal writings, see what web sites they visit, get a list of their appointments and telephone contacts, names of relatives, banking details, credit information, and so forth. Consider how much information your family stores in personal computers and the effect of that information getting into the hands of a stalker, and you will start to understand how terrifying it can get for the individual - who is often alone and doesn't know who to turn to or who to trust.
While individuals are easily victimized in this way, such an attack takes a substantial amount of effort. While select targets, such as key decision-makers or those with access to vital information, might be exploited for greater effect through individual terrorism, larger scale direct attacks are also undertaken. For larger scale effects, larger populations must be effected, and this involved a different approach.
Such approaches have been taken against corporations, and particularly against large corporations. In this form of terrorism, attacks against the corporate assets are used to induce the organization to do the attacker's bidding. In some cases, the attacks are physical - such as the bombings of computer centers of large financial corporations in London as part of the IRA campaign of terror. In these cases, the financial institutions were being bullied to change their investment strategies to support the goals of the IRA. Of course there were beneficial general-purpose terrorist side effects for the IRA because these attacks induced fear in the general population as well, with the implication that big business was being targeted and that if you patronize big business you are taking your life into your hands.
The bombing of computer centers is a cyber-terrorist act because cyber-systems are the target - rather than the means of delivers as in the case of the cyber stalker. It is directed against the minds of the top-level decision-makers in the corporations as well as against the minds of the workers who run cyber-systems and for whom fear of death is not considered part of the job as it is in the military.
Large scale cyber-terrorism can also be directed against other sorts of groups. For example, the Internet is used by terrorist organizations under the rubric of free speech to bring fear into the homes of police officers. Assassination politics is an example where a group lists personal information about police officers on the Internet and asserts an award for their death. In order to avoid the obvious legal problem, they run a lottery in which people can bet on when a particular person will die, and they win if they are the closest. This clearly gives an edge to the person who can put in a bid for a particular date and time and assure victory through their own actions. In this case, the cyber-infrastructure is used as the means for communicating terrorist acts and as a means for bringing terror to the potential victims and their families.
Hate groups find the cyber infrastructure ideal for pushing hate on others. A listing of hate-group web sites from the Anti-Defamation League (www.adl.com) can give you an idea of what's out there:
Don Black: White Pride World Wide Stormfront, Don
Black's gateway to bigotry is a veritable supermarket of online hate.
David Duke: White Revolution on the Internet Duke has embraced the Internet as a key to the future of the white supremacist movement.
The National Alliance: Pierce's Cybernauts This group has skillfully embraced the Internet to promote its Nazi-like ideology
NAAWP: Duke's Progeny Online The National NAAWP Web site offers clear examples of the bigotry that underlies its talk about "white rights."
The Ku Klux Klan: Burning Crosses in Cyberspace The Klan has turned to the Internet to revitalized itself and attract new supporters
The Identity Church Movement: The Worship of Hate This pseudo-theological manifestation of racism and anti-Semitism has established a Web presence. - Posse Comitatus - Aryan Nations
Neo-Nazis: Stormtroopers of the Web The symbols associated with Hitler's Nazis are attractive to bigots on the Web. - Young Neo-Nazi Propagandists - Longtime Hitlerian Activists
Holocaust Denial: The Big Lie Revisited Thousands of denier web pages claim that the Holocaust is a Jewish fabrication, not a product of Nazi hatred. - Institute For Historical Review - Committee for Open Debate on the Holocaust - David Irving - Ernst Z|ndel & Ingrid Rimland - David Cole & Roger Garaudy - Ahmed Rami
Mirror Image: African-American anti-Semites African-American anti-Semites on the Web often engage in their own form of fallacious "revisionist" history.
Female White Supremacists: 'Aryan' Women Online Female extremists have appropriated feminism for the purpose of spreading intolerance online.
World Church of the Creator: 'Racial Holy War' on the Web WCTOC has spawned dozens of sites to spread the message that the enemies of the "White Race" are "inferior mud races" and the "Jewish race"
Neo-Nazi Skinheads & Racist Rock: Youth Subculture of Hate Many bigoted music companies are selling hateful music on the Web.
Alex Curtis: Unity through Hate A rising star among bigots using the Internet.
Homophobia Online: The Westboro Baptist Church Some Web sites focus their hatred primarily on gays and lesbians.
Anti-Abortion Extremism in Cyberspace: The Creator's Rights Party
Militias & 'Common Law Courts': 'Patriots' of the Web
Bomb-Making Manuals: Explosive Content
In many cases, individuals who have been caught participating in terrorist activities against religious groups, political groups, and minorities have been found to have copies of information from these hate groups as well as bomb-making instructions and related materials - all delivered over the Internet - with cyber systems as the means used to foment hate and direct that hate against their targets, and with cyber-systems used to instruct the terrorists on how to carry out their plans of terror, to order, and to deliver the mechanisms used to carry out those terrorist acts.
How long will it be till mass email campaigns are used to strike fear into the minds of millions? Not long. The seeds of discontent have been planted and the growing wave of hatred is only now beginning to take root. Already mass emailings have been used to solicit members for such groups, and with the widespread use of specialized mailing lists and other fora for delivering messages to select groups, how long can it be before a threatening email to every black minister on the Internet gets sent.
As individual acts, these attacks terrify, but as part of organized movements to threaten groups of people, they may act to divide a nation or invigorate hate groups on mass scales. Consider the beginnings of Nazi Germany, when a general economic condition bred great discontent into a population. The exploitation of peoples' fear of starvation and loss of all they had combined with coordinated terrorism on a grand scale ultimately brought Hitler to power. The potential for exploitation is clearly there, and the infrastructure that supports it is being exploited for cyber-terrorism today.
It seems to be a fundamental of understanding military strategy that the indirect approach is more often the key to success than the direct approach. The direct approach has the advantage that when used with superior force, it may be difficult to defeat. But terrorism is, at its heart, a strategy for the weak to use against the strong. While strong forces use the enemy's fear, this is almost always as a part of a larger overall strategy involving other forms of force in which the fear factor aides but does not replace the other options being exercised. Terrorism is itself normally an indirect approach to other goals. Those goals may be personal, political, military, financial, or of other sorts, and terror is the means to that end. But terror can often be achieved in the cyber-domain in a more indirect approach.
A good example of fear-based indirect attack in the cyber domain is the use of computer viruses to target individuals who do not themselves get the viruses. Such attacks are being run against me even as this is being written. In this case, computer virus authors who were identified publicly by me have decided to get even. Their tool is a set of computer viruses that spread throughout the Internet with the goal of attacking my computers and my reputation. The objective is presumably to make me and others afraid of pursuing the attackers. This approach is based on previous successful attacks against reporters and others who have fought against malicious virus writers.
This is basically an approach wherein the attackers break into credit bureaus and plant false information about the individuals, attempt to steal credit card information and charge lots of goods against the individuals' credit cards, and try to get members of the public to believe that the person who is chasing them is a malicious virus writer. Every time they are allowed to succeed, they become more brazen and gain ground in the struggle against individual rights for those they attack. All along the way, they claim to be advocating freedom, but only freedom for them to launch attacks against others and not freedom for others to strike back.
In the case of the current attacks against me and my sites, the FBI has asserted to me that they have identified many of the individuals involved, but the government - presumably based on prosecutorial discretion will not arrest them despite their violations of law. I cannot gain access to the details of who they are from the FBI because they have a policy to not reveal information about ongoing investigations, and this investigation will likely not be formally closed until it is too late to do anything practical about the attacks. I could try to track these people down on my own, but this involves time and expenses and I would not likely be able to do it without violating some laws, or at least lying to a lot of people along the way. The attackers know this and they count on it for their success, and until the government starts to act responsibly, these sorts of attacks will continue. I will talk about successful defenses against such attacks later, but for now, it is sufficient to say that this indirect approach to terror is far more successful than any direct approach would be against a stronger defender.
The characteristics of these terrorist acts all involve deceptions. The deception of the viruses used to attack me personally are their attempt to attribute authorship to me and their use of deceptions to gain early and rapid introduction and spread. They, for example, introduce the viruses to public bulletin boards used for distributing sexually explicit material, and include lists of user IDs and passwords to pornographic sites to induce the reader to use them. As the user uses the files, their computer is turned into a weapon directed against my site. Another one has my name and address included in the virus, while a third one puts up a text box that points to the all.net web site and insults the user. Further examples of deceptions directed against my reputation. Now it is not my intention to become an example of a cyber-terrorist target, and there are certainly many others who have been so attacked. I use myself as an example only because I don't want to further disturb the privacy of other victims by adding their names to the growing list of victims.
In the case of corporations, indirect approaches abound, largely because corporations depend on their reputation for their success. An excellent example of an indirect terrorist attack against Microsoft is the release of Trojan Horse software that is directed toward reducing the public confidence in their products. These products are publicly released at media events, are intentionally designed to subvert system security, are packaged for ease of use by their designers so that anybody with a minimal amount of experience using a computer can exploit them against others, and in the latest such public release, were packaged with a computer virus which was asserted to be an accidental inclusion.
This sort of cyber-terrorism is so much the more effective because nobody will arrest the people who released this malicious software. The authors have announced themselves and yet the police cannot find any charges to level against them. But of course the police themselves may also live in fear of these terrorists. After all, many police organizations have been successfully attacked by such terrorist groups who target the FBI and other government departments for their attacks precisely because they want to put forward their political agenda. And what is their agenda? Generally, in the case of the cyber-attacks against government, while they claim to be fighting for freedom and democracy, they are really putting forth the values of anarchy.
The indirect approach to cyber-anarchy is the widespread release of attack tools, the attempt to make network usage anonymous, the distribution of high quality cryptoghraphic systems in easily usable form, and the exploitation of the media and innocent well-intentioned people to forward their goals.
The widespread release of attack tools to the Internet has not improved computer security at all - despite the assertions by those who produce and publish these attack scripts to the contrary. In fact, they simply make vulnerabilities that used to be exploitable by a few people exploitable by the masses. But as an indirect side effect, they have increased the number of attacks to the point where it is very difficult to differentiate the serious attacker from the high-school student on a romp through cyber-space. The increase in noise makes it harder to tell when a serious attack is underway, and indeed the young innocent attacker is often being exploited by the real attackers whose goals include everything from criminal intent - to intelligence gathering for foreign government - to military exploitation - to cyber-terrorism. The most common deceptions are picked up by the media and widely spread, and attempts to dispel them are commonly rebuffed or not given coverage at all.
While anonymity would seem to be a good thing for protecting individual privacy, it also allows anonymous stalkers to go untraceable by their victims and permits terrorist threats and descriptions of the use of weapons against victims to be promulgated without fear of reprisal. The ability to conceal your real identity and real motives means that foreign intelligence organizations can start paramilitary groups in the United States with the stated goals of protecting the nation when in fact they are misleading to susceptible participants into fomenting revolution. Anonymous release of attack tools, anonymous postings that trash an individual's reputation, anonymous servers that shield criminals from responsibility, and anonymous financial systems that provide the means for criminals to escape without the defenders being able to 'follow the money' are all tools in the cyber-terrorist's arsenal.
High quality cryptography is the third leg of the cyber-terrorists tool-kit - and it can also be one of the most potent tools available for defending against the cyber-terrorist today. The unfortunate part of it is that most defenders have well-defined fairly stationary targets, and while cryptography may help them defend themselves, they typically have many other vulnerabilities that lead to their overthrow despite their use of cryptosystems. Terrorists on the other hand tend to use inexpensive throw-away systems, and their use of cryptography makes it far more complex to legally track them down, figure out what they are doing, and counter their moves.
The indirect approach to cyber-terrorism through deception of people with hatred of one form or another seems like a natural, and it is not therefore a surprise that it has been used for all manner of attacks against religious, political, racial, and other groups.
The mass-scale direct terrorist attack has yet to emerge against critical infrastructures in the United States, but it is an idea whose time may well have come. Attacking cyber infrastructure has the potential for large scale effects and the characteristics of an ideal terrorist attack. While specific scenarios of this sort are covered elsewhere, a flavor of things that could be will help.
Direct terrorist attacks against critical infrastructures are still indirect in the sense that the real intent is to convince the general public that they are vulnerable and thus to make them fear reprisals from those who could not otherwise generate such fear. The intended indirect target is not the infrastructure but the general population. The infrastructure is merely the direct target of the attack. Of course not all infrastructure attacks need be terrorist in nature. There are legitimate military targets in infrastructure attacks, and our military opponents may exploit the same vulnerabilities that cyber-terrorists might exploit - or even take the opportunity given by a successful attack of this sort - to gain other advantage. Indeed, many nation-states would be, and have historically been, well served to use terrorist organizations as routes for their low-grade military attacks against infrastructures and against the will of the population to sustain a war.
There is legitimate fear in this world, but terrorism is based on fears that are more legitimized by media than by realities. The potential exists for nuclear war and thus some fear of nuclear war is legitimate - the question is - how much? The fear of a plane crash is legitimate because plane crashes happen, but again, the question is - how much? Because terrorism is based on unrealistic exaguration of fear, it only works when it is deceptive in nature. After all, it is not terrorism to come with a massive army and threaten to bomb the opponent into oblivion unless they yield to your will. It is simply force. Because terrorism is based on deception, we can gain insight into cyber-terrorism by viewing it as a special case of deception - and we can view counter-terrorism in the same manner.
A cognitive model for deception posits that the external world presents information to our sensors. The information may then be sensed and responded to in a variety of ways. The first defense against terrorism is therefore to prevent knowledge of the terrorist acts. In World War 2, for example, the Japanese successfully fire-bombed the mainland of the United States by using balloons that traveled all the way from Japan to the US and then started forest fires when they dropped to Earth. The American public was kept from knowing about this as a counter-terrorism defense. It was successful in that Americans never really feared Japanese invasion of the mainland US and were largely immune from the terror intended by the Japanese. This tactic is increasingly difficult with modern telecommunications and media unless the media is controlled or controls itself - something that is not likely to happen in the free societies of today's world, but a defense that is effectively used in many of the less free societies even today.
Sensory information can directly cause responses in people - such as knee jerk reactions and similar reflexes. Such responses - if truly reflexive - are hard to suppress except with drugs or surgery. Other responses tend to go through memory and analysis processes involving brain functions, and these may be more flexible in terms of their exploitation.
In the end, if all sensory data is under the control of the enemy and if it all points consistently toward things that tend to generate fear and that are not so far out of the norm that they are not credible, there is little you can do to mitigate the fear. The attacker's challenge is therefore to produce fear by creating a consistent set of sensory inputs within the range of normal expectation over time, so that states of increased fear are raised in the mind of the victim of their attack. In the more indirect sense, the goal is to exploit these fear responses in the victims to affect the, perhaps indirect, target of the attack.
Information that is sensed and analyzed is typically held in short and long-term memory, which is selective in its collection and retention, as dictated by the overall control systems of the brain. For example, when under great stress, short term memory and access to long term memory is impeded by chemical processes in the brain. This is invoked by the physiological response of the amigdala - a portion of the brain that becomes very active during periods of high stress such as physical attack or when you are stuck in a cage with a tiger. By creating a high degree of stress in a short period of time, memory can be negatively affected with one of the side effects being a reduction in rational thought and an amplification of fear. Contrast this to a slow increase in threat over an extended period of time which has the result of making a very real threat seem somehow less important.
While individuals operate in this way, organizations have quite different operational characteristics, and are thus susceptible to terrorism in different ways. Relatively small organizations tend to be highly dependent on individuals, so striking fear into one of those individuals can cause severe impacts on the organization as a whole. Organizational structure has a lot to do with how one might try to influence organizational decision-making, as do the character and goals fostered in the organization. Organizational input is often very limited compared to to aggregate inputs of the individuals within the organization. For example, there is a tendency for hierarchical organizations such as militaries and governments to react far more strongly to the sensor inputs of the leader than those of the subordinates. That is why the leaders are the primary target of perception management in general and the deceptions of terrorism in particular. A leader who is particularly sensitive to particular groups within the organization will be more sensitive to attacks against those groups than against others. Leaders don't hear regularly from everyone in their organization, so influencing the relatively small number of people who have the ear of the leader is far more important to the terrorist than getting to large numbers of people.
Organizational memory also varies significantly based on situation and the ability or inability of organizations to remember the effects of previous attacks and their reactions can lead to exploitations that induce organizational fear. The terror of the anticipated layoffs to those who fear they will lose their jobs can be magnified by rumors which tend to spread more effectively in such an environment. These sorts of rumors seem to work again and again because the underlying fear is real and organizations don't remember past layoffs very well - in part because those who were laid off are not longer part of the organization.
Conditioned response is another important aspect of terrorist attack. In many cases, the victim or the target responds nearly identically to nearly identical attacks. By identifying these behavioral patterns, an attacker can create a deception to induce a desired response. In the case of fear-producing responses, novelty is an important aspect of the approach, and perhaps even more important, is the notion that effective terror can be effectively induced by exploiting conditioned responses and producing dramatically different outcomes.
Individuals have conditioned responses and can be further conditioned to the terrorist's need. For example, we can ring the bell or open the CD-ROM drive on an individual's CD just before we call on the telephone with heavy breathing, and pretty soon, the normal ringing of the bell or opening of the CD-ROM drive will induce fear of the anticipated telephone call. When the combination happens again, even though it is coincidental rather than intentional, the fear will return.
As an organizational example we will use a government process. If we track the behavior of individuals surrounding the President whenever a particular type of attack takes place and then create a series of attacks that take advantage of that response to produce more terror - perhaps by killing key advisors that routinely go to the White House - the effect is greatly magnified. There is the implied notion that they know where the key people are at all times and can kill them at will. How many of the President's friends do you have to kill before you induce terror in the White House? Probably not very many.
Terrorists know that the media has been prepared for a cyber Pearl Harbor, and routinely over-react to viruses of different sorts that reach a particular level of severity. You can bet that a well-thought out attacker would evoke this conditioned response as part of the overall plan of inducing fear. The way the media reacted to the nationally distributed race-crimes in mid-1999 is a predictable response that can be exploited to magnify the fear of a nation. This appears to have been a mildly coordinated attack in Indiana and California, but consider what a better organized attack could have yielded.
It is considerably more complex to induce large-scale fear in a nation than it is to induce terror in small groups. One of the reasons is that, as the time scale goes up and the number of people involved increases, there is an increased tendency for the people to use higher and higher levels of analytical thinking in their processing and there are far more sensors involved in the process. Thus the difficulty of deception goes up. As the saying goes: "You can fool some of the people all of the time and all of the people some of the time, but you can't fool all of the people all of the time." In order to have effective large scale deceptions that produce terror, you need to combine a credible large scale threat (e.g., against the United States China or the Soviet Union - against Bosnia, the United States and much of the European Union) with a set of authentic sensory demonstrations (e.g., some serious incident such as a series of airline crashes identified as resulting from information warfare attack) in order to produce effective widespread terror. This is, of course, very dangerous business, because if you apply too much force, you may create a backlash. The IRA has been walking the fine line between too much force and effectively swaying the minds of the British government for many years, and it is starting to gain real success.
We will assume for the moment that attacks against cyber-systems and deceptions exploiting our cyber-infrastructure for increased effect will not be prevented in the large for the foreseeable future and that those who practice the art of deception for cyber-terrorism understand the issues I have discussed in this piece. We will also assume that the 'free world' will not erode freedoms far beyond the level of erosion today as part of the political knee-jerk reaction to attacks. How then can the free peoples of the world defend themselves against the fundamental deception and out craving for new and media-enhanced experiences of exagurated reality.
The answer would seem to be simple - and at the basic level it is. Cool, rational thought must be delivered with a certain panache. The cool rational thought is necessary in order to keep the acts of terrorism in their proper perspective, while the panache is required in order to meet the entertainment requirements of the mass media of today. The net effect is to dampen the feedback mechanisms of terror that cause us to undergo amigdala attacks, to over-react, to believe the worst, and to buy into the deceptions used by those who stand to gain by crying wolf.
Deep throat said it so well - "follow the money". In the case of cyber-terrorism, you have to follow the cause-effect chain in order to understand what is really going on. Counter-deception is best attained by ascertaining the truth of what is going on and revealing it. In the best case, this means having a good enough intelligence system to allow you to anticipate and track the preparations for deceptions, attempts to launch deceptions, and the effects of deceptions. With this information, the truth of the situation can be revealed, and the truth is the best defense against deceptions.
More and better intelligence is an advantage, and truth is a great defense against deception, but since the full truth - your truth - is not always available to you as a defender, there are a lot of alternatives for counter-deception. Perhaps the most successful ones I have used are based on presumptuous truths. They are my views on the truth but without the full details to back them up, and they are often backed up with implied threats or - even more effective - twisting the attacker's means to meet my ends.
Recall that the objective of the cyber-terrorist is to bring fear of one form or another to the minds of a population. Even if we cannot tell the population the full truth about the situation, we can often do a good enough job by presenting a plausible explanation that reduces or eliminates the fear and replaces it with resolve. In my case, I prefer twisting the cyber-terrorist acts - directed toward twisting the computer user population against me - into a form of subtle advertisement. I respond something like this:
This type of response to this sort of attack is directed both toward those who launch such attacks and toward those who might be deceived by them. While I don't know for a fact that the specific people launching the specific viruses are the same people that I have caught perpetrating cyber-crimes, the explanation is sufficiently plausible that it is believed, and it angers the bad guys and thus has some effect at limiting these actions.
I should point out that a better attacker would have anticipated this defense and tried to counter it. For example, they could have made the claim (and still could - I will likely be sorry that I told you this so publicly) that I launched these viruses for the very purpose of claiming I caught the bad guys and that it was all a big advertisement in the first place. Today, this claim would be hard to support with facts because the ground work was not properly laid ahead of time, but merely claiming it would force me to counter it with more complex explanations and more detailed facts - which would make it that much harder for the average user to understand or make judgments.
Another example of a twist on a deception attack was the attack directed against the all.net Web site several years ago in which somebody announced that the site was available for access to "warez" - illegal copies of software made available on FTP sites by someone breaking into the site and depositing the illegal copies there. I was, at the time, responding to each unauthorized attempted entry to my site by notifying the systems administrators at the source site of the illicit attempt and providing enough information for them to trace down the bad guy and get them in trouble. Some person who was affected by this decided to claim that my site was a warez site and publish this in an Internet Relay Chat room where lots of folks went to search out illegal software. As thousands of attempted entries were made on my site in a very short time frame, it fell on me to figure out what they were doing and counter it. The intelligence function was carried out through the assistance of remote systems administrators, some portion of whom, upon getting my responding email, questioned their users. One user told one administrator the truth, the administrator told me, and I started counter-deception. From that point forward, every time someone tried to access Warez from my site, they were told something like this:
The effect was astounding. In the beginning of the attack, the number of attempted entries to our site went from near-zero (per hour) to more than 1,000 per hour. After implementing the counter-deception the rate fell back to under 1 a minute within 15 minutes and to less than one per hour within 6 hours. The person who announced us as a warez site was abused rather severely by those he told, and I did indeed send all of the details to the SPA - an industry group that takes legal action against those who take illegal copies of software. Several months later, a large number of organizations were confronted with legal actions based on this incident.
Such countermeasures can have some very large scale effects, perhaps altering the course of elections, trashing the reputations of legitimate people, and even creating national or international panics. This is particularly true in financial systems where perception is the key to valuation. In a recent example, some people decided to post adverse information on a company to the Internet in a forum where many investors look for content. The effect was a dramatic decrease in share value in a very short time. The people who made these postings are being sued as of this writing, but as a countermeasure this is poor at best. While it may deter some people from doing the same thing in the future, manipulation of share prices can have very large financial effect, and law suits have never gained the lost equity from such an incident. Far more effective response involves gathering real-time information and having prepared responses to quickly counter such attacks. For example, there are companies that watch such postings rather closely and respond directly and immediately to any information that is asserted as insider or that might have significant effect on share value. Such countermeasures are highly effective if done properly, but care must be taken regarding issues of legality and - of course - lying in such a posting to prop up share value would be illegal as well.
Cyber-terrorism in the large can often be countered by good intelligence, responsible analysis, and proper public and private response. In the public eye, responses that are factual in nature and don't over-blow or underplay the activity are most appropriate. An accurate description of a forest fire created by a Japanese balloon along with the details of the total impact on the war effort would help to mitigate fear if fear were generated by such an attack and it were publicly known. Of course the fact that nobody - including the Japanese knew about it was very beneficial because, in addition to preventing the need to counter it with public relations, the Japanese didn't believe the balloons had made it and thus discontinued their attacks. This type of deception in the form of concealment is a very important tool in the counter-terrorism arsenal.
If we break down counter-deception as we did deception, we find that we can defeat deceptions by altering sensory inputs and interpretation, reflexive and conditioned response, and logical analysis.
In the defenses against personal terrorism above, we effectively altered (1) the logical processes in the minds of the attackers to defeat their desire to attack and (2) the logical processes in the minds of the victims by presenting alternative explanations that met better with their expectations and were more believable.
In the case of personal terrorism against individuals in the form of cyber-stalking, it is important that the victim have a way to get help. An example is the presence of police on the Internet. While physical threats are countered in many cases by calls to police, the lack of widely understood police presence on the Internet greatly inhibits this ability to respond, and as a result, the terrorist attacks against individuals are likely to accelerate.
In the case of the organization defending itself from near-real-time attacks on share value via Internet postings, the defense is much closer to altering sensory inputs and conditioned responses. By adding information to the reader's sensory inputs, this defense conditions the victim to expect that postings of this sort will be shown false in short order and the natural expectation follows that any attempt to sell the shares at a lower value will result in a net loss. If such a response is not rapidly forthcoming, however, the backlash can be substantial as the market comes to believe that the deceptive information is true. An effective counter-attack would be to wait until the conditioned response is embedded in the system and then prevent the response by the company from getting through. In this case, a cyber-based denial of service attack is used to augment a perception management attack and defeat the countermeasure.
On the national scale, effective defense involves all aspects of the deception model. Sensory inputs can be greatly augmented by effective intelligence. The decisions about which intelligence information to share with which people is key to addressing the equities issue which seeks to balance the defensive benefit of revealing select information to select individuals against the potential harm that might be done to sources and methods by the revelation of this information. This limitation of sensory data to select individuals also limits the effectiveness of that information in countering terrorism on the one hand while allowing the source of information to continue to be reliable and less susceptible to counter intelligence on the other hand.
Reflexive responses can be moderated or changed around on a regular basis with the decision process sufficiently obscured so as to limit its utility to an enemy. Again this is a counter-intelligence activity. Conditioned responses can be countered by intentional deconditioning or altered conditioning so that those responses become less predictable, but generally, the higher up a decision-maker is, the less likely they are to be willing to allow themselves to be so conditioned. After all, their conditioning is part of the reason they got to where they are and deconditioning them might cause them to be less able to do their job effectively.
The top-level analytical process is of course key to counter-terrorism, particularly in the ability to effectively use the other forms of response to cause the media to react to terrorist acts in a manner less conducive to the success of the attacker. This is exemplified by the politician being willing to ignore select poles for periods of time and to counter the deception of the body politic with a perception management campaign of their own.
Finally, any counter-deception discussion would not be complete without the discussion of the use of deception against those who would practice cyber-terrorism against us. The media is one of the major feedback mechanisms used by terrorists largely because they are not able to build an effective intelligence organization due to their relative weakness. Thus the ability to use the media against the terrorist by destroying the effectiveness of their use of its intelligence machinery is a key to successful defense. Examples include false attribution - wherein the terrorist group responsible for an attack it not given credit for the attack or the credit is diffused among several claimants - perception management - wherein the terrorist is led to believe that their attack is futile or that it failed or perhaps that the public is more sensitive to something they are less sensitive to - and sabre rattling wherein military actions an other large-scale force is threatened in order to feint a response that might cause the terrorist to think twice.
But by far the most effective defense against anyone who would practice terror is the swift identification of the terrorist, attribution of actions, and prosecution of forceful countermeasures. The terrorist depends on their anonymity to produce fear, and once their identity is revealed to the victims and the potential for returning fire is presented, the likelihood of fear being replaced by forceful response is adequate both to stop the effect of the terror and to present a real enough threat to the terrorist that they are themselves afraid of the retribution.