Cyber-terrorism: a struggle between states or acts of independent groups?

When we talk about terrorism, cyber or another, it is hard to believe that states themselves are engaged in terrorism. However, according to the situational analysis of certain cyber-attack cases, there are clear indications that states are involved in this struggle, particularly on the form of state sponsored terrorism. State sponsored does not mean that cyber-attacks have to be sponsored with money in order to be classified as such, but it is the infrastructure, networks, organizational and technical expertise owned by the states which enable hackers to launch cyber-attacks. Highly sophisticated means owned by states are sometimes easily possessed by hackers or groups by enabling them to conduct cyber-attacks.

As a security challenge, cyber-terrorism is becoming very dangerous and one of the most challenging security threats in the world. With regard to independency of the groups conducting cyber-terrorism, it is an issue of further discussion as to what being ‘independent groups’ in this case means. But, in order to set up some kind of margins as to within what perspective this issue is observed, by being independent in this context may relate to groups divided from the state, but this hardly excludes the chance of a state-sponsored cyber-terrorism. Again, state sponsored cyber-terrorism is what many cyber-security related experts talk about, since different cyber-attacks have involved states as the real actor behind the scene. Furthermore, given the facts such as cost and growing complexity (such as technical expertise as well as organizational skills) in conducting especially large scale cyber-attacks, the following lines try to bring some examples on the state-sponsored cyber-terrorism.

One of the large scale cyber-attack which includes state interference is that of 2007 in Estonia. Since it was closely linked with Russian minority protests in Estonia and the two states relations afterwards, large-scale effects it produced, organizational skills and technical expertise needed for, the vast majority of writings referred to Russia’s involvement on that. The whole incident started when the government in Estonia decided to move a soldier statute from the central park of Tallinn to a less visible place, specifically in the cemeteries of Tallinn. For Russia, the statute symbolized the Russian liberation of Estonia from Germany while for Estonians it symbolized the Russian oppression of Estonia. This situation triggered riots of Russian-speaking minority which then caused the cyber-attack targeting Estonia’s political and economic infrastructure. The cyber-attack had large scale effects by shutting down websites of all government ministries, two major banks and several political parties and internet communications for 24 hours. By cyber or technical experts, the cyber-attack was labeled as Distributed Denial of Service Attack (DDoS). Besides the tensions and the situation created with the reallocation of the statute and Russian-speaking minority protests afterwards, given the large scale effects produced to Estonia’s political and economic infrastructure, it is easily concluded that this sort of cyber-attack needed professional expertise as well as organizational skills which could not have been provided neither by an individual nor groups of hackers. Nevertheless, experts committed to this case could never found real evidence of Russia’s involvement in this cyber-attack against Estonia.

Unlike an easy to read history of a very likely state sponsored cyber-terrorism in the case of Estonia, China is another country largely suspected of having been involved in cyber-attacks against U.S. private companies. More specifically, Chinese hackers have long been accused of targeting American companies which have been characterized differently by proponents and opponents in U.S. and China. While U.S. had released reports and hundreds of cases as evidence of cyber-attacks coming from China, the latter has opposed this as irresponsible and unprofessional accusations. Although the state itself as in every case denies its involvement, there are surrounded indicators which make cyber-attacks be classified as state-sponsored ones. For instance, in several electronic and press media in U.S., the 12 stories white building in Shanghai which is the Headquarters of People’s Liberation Army in China has been targeted as the epicenter where more than 90% percent of cyber-attacks were coming from.

The third case which has also clear indicators of a state sponsored cyber-attack is that which involves U.S., Israel and Iran. Although in the assumption level, there are speculations that U.S. and Israel community intelligences have been involved in a cyber-attack against Iran, specifically on nuclear power plant by aiming to slow down or even stop the uranium enrichment facilities in Iran. By cyber-security and experts of these related issues, the cyber-attack was done by using a computer virus known as ‘Stuxnet’. The virus was estimated to be quite damaging which got spread from one computer to another and very hardly to be detected. According to such experts, building such a sophisticated thing takes time, a lot of expertise, and needs a lot of money. Thus, all these elements serve as points which hardly can be obtained or provided by individuals or groups without being supported or sponsored by the state.

Be it like that or not, it is undeniable that cyber-terrorism is becoming one of the most challenging threats in the world. This phenomenon is largely suspected to include states as real actors behind, which sponsor or back up the cyber-attack in one way or another.