Cyber Terrorism: A Comprehensive Analysis of Sri Lanka's Readiness

Verified

Added on 2023/06/13

AI Summary

This report examines Sri Lanka's preparedness for cyber terrorism, addressing the increasing threat of cybercrime and the country's vulnerabilities in the digital landscape. It defines cyber terrorism, differentiates it from hacking, and reviews major global hacking incidents. The report analyzes Sri Lanka's existing legislation and compares it with that of the United States, while also referencing the Budapest Convention on Cybercrime. It assesses the government's perspective and actions taken to combat cyber threats. The research utilizes both primary data from interviews and questionnaires, and secondary data from books, journals, and international conventions. The study identifies objectives such as analyzing vulnerabilities and identifying relevant rules, regulations, and proactive measures against cyber terrorism, ultimately providing recommendations to enhance Sri Lanka's cyber security framework. Desklib provides access to similar solved assignments and past papers for students.

RESTRICTED
CYBER TERRORISM; IS SRI LANKA READY?
1
RESTRICTED

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RESTRICTED
CONTENT
1. Chapter One Introduction
2. Chapter Two Problem Statement
 Research Hypothesis
 Objective
 Methods of Data Collection
 Limitations
3. Chapter Three Data presenting and analysing
 Definition of the cyberterrorism
 The major hacking events world has experienced
 Sri Lanka’s experiences of cyber terrorism
4. Chapter Four Governments perspective
 Sri Lanka’s legislations on cyberterrorism
 Action taken by the government
5. Chapter Five Legal background
 United States of America’s legislations on
cyberterrorism
 Summary of Europe Budapest Convention on
cyberterrorism
2
RESTRICTED

RESTRICTED
 Comparison of Sri Lankan legislation and U.S.A
6. Chapter Six Reccomendation
7. Chapter Seven Conclusion
3
RESTRICTED

RESTRICTED
CHAPTER ONE
INTRODUCTION
1. Traditional crime has long ago moved online. Crimes like money laundering, child
pornography, sexual exploitation of children, sale and trafficking of illegal drugs,
prostitution, internet fraud, credit card fraud, illegal gambling, hate propaganda, racism
crimes, intellectual property theft, piracy harassment, stalking threats, extortion identity
theft and many more.
2. Cybercrime is rather a novel aspect of criminal activity to the Sri Lankan society.
With the advancement of information technology and knowledge of computer science in Sri
Lankans, some individuals have turned cybercrime as a mean of acquiring wealth in an
unlawful and undetected manner and also to achieve political and social status. Cybercrime is
mostly committed by the educated youth. There has been an increasing of cybercrime
complains within the last year according to the Sri Lanka, Computer Emergency Response
Team (SLCERT). In the recent past, an increase in the number of cyber-criminal activities in
Sri Lanka had been observed. A representative of SLCERT said that most complaints are
related to hacking of passwords, stealing of information, demanding ransoms in addition to
Facebook and credit card related crimes.
3. In the wake of the recent computer attacks, many have been quick to jump to
conclusions that a new breed of terrorism is on the rise and Sri Lanka must defend itself with
all possible means. As a society we have a vast operational and legal experience and proved
techniques to combat terrorism, but are we ready to fight terrorism in the new arena – cyber
space?
4
RESTRICTED

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RESTRICTED
CHAPTER TWO
PROBLEM STATEMENT
4. This onset of the information-dependent third wave provides opportunities for
spectacular gains and serious losses for individuals, corporations, and states. It is within this
world that the cyber terrorists will operate. In the same manner that terrorists have exploited
widely accepted technology such as dynamite and the airplane (for bombing and hijacking),
they may exploit the tools of the "information age" to bring their case before the citizens of
the world. To defend against a threat, one must understand its critical elements.
5. Cyber terrorism, like "conventional" terrorism, will strive to change the mind of its
intended audience. However, cyber terrorism may utilize a different means to this end. In the
wake of the recent computer attacks, many have been quick to jump to conclusions that a new
breed of terrorism is on the rise and Sri Lanka must defend itself with all possible means. As
a society we have a vast operational and legal experience and proved techniques to face
combat terrorism but we have to know if we are ready to face this new aspect of terrorism.
RESEARCH HYPOTHESIS
6. Sri Lanka is having a high risk in near future in the area of information technology.
This threat has not been a complicated one for the time being but with the availability of
resources and with the developing technology over time, the potential of being attacked
through the means of information technology has increased but our government haven’t acted
in an effective manner to mitigate these risks.
5
RESTRICTED

RESTRICTED
OBJECTIVES
7. The main objective of this research is to analyse the vulnerabilities of Sri Lanka to a
cyber-terrorist attack.
8. Secondary objectives of this research are :
i. To identify the rules and regulations regarding cyber-security
and privacy
ii. To identify the proactive and reactive measures that can be
taken against Cyber Terrorism
METHODS OF DATA COLLECTION
9. The required data for the research were drawn from the following sources;
i. Primary sources -Information collected by interviewing
resource personnel in the relevant field and by distributing a
questionnaire among the selected sample of the population.
ii. Secondary sources -Information was gathered from
relevant books, journals, internet, treaties and conventions and
also international and local enactments of relevance.
LIMITATIONS
i. We have to limit the scope of this research to the
population which is aware about the Information technology.
ii. Secondary data collection has to be limited to the books
available on the relevant field, internet and newspapers.
iii. Difficulties in obtaining information from the required
personal in detail.
6
RESTRICTED

RESTRICTED
CHAPTER THREE
DATA PRESENTING AND ANALYSING
DEFINITION OF THE CYBERTERRORISM
10. The term cyber-terrorism was coined in 1996 by combining the terms cyberspace and
terrorism.(Larry, 2009) Defines cyber terrorism as "The use of computer network tools to
shut down critical national infrastructure (such as energy, transportation, government
operations) or to coerce or intimidate a government or civilian population"
11.The United States Federal Bureau of Investigation (FBI) defines ‘Terrorism’ as the unlawful
use of force or violence, committed by a group(s) of two or more individuals, against persons
or property, to intimidate or coerce a government, the civilian population, or any segment
thereof, in furtherance of political or social objectives”.
12. Former Chief Strategist at Netscape, Kevin Coleman defines cyber terrorism as “The
premeditated use of disruptive activities, or the threat thereof, against computers and/or
networks, with the intention to cause harm or further social, economic, ideological, religious,
political or similar objectives or to intimidate any person in furtherance of such objectives”.
13. It has to be noted that the general public misinterpret hacking as cyber terrorism yet
these two terms has a drastically different meanings. Hacking is the deliberate and
unauthorized access, use, disclosure, and/or taking of electronic data .The computer crime of
hacking is committed when a person wilfully, knowingly, and without authorization or
without reasonable grounds to believe that he or she has such authorization, attempts or
achieves access, communication, examination, or modification of data, computer programs,
or supporting documentation residing or existing internal or external to a
7
RESTRICTED

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RESTRICTED
14. Computer system or computer network. Computer hacking is the most popular form
of hacking nowadays, especially in the field of computer security, but hacking exists in many
other forms, such as phone hacking, brain hacking, etc. And it's not limited to either of them.
15. Since cyber terrorism covers a vast area of technical aspects it is required to know the
exact differences between the following:
i. Hacker: A term used by some to mean "a clever programmer" and by others,
especially those in popular media, to mean "someone who tries to break into computer
systems."
ii. White hat: A hacker who identifies a security weakness in a computer system
or network but, instead of taking malicious advantage of it, exposes the weakness in a
way that will allow the system's owners to fix the breach before it can be taken
advantage by others.
iii. Black hat: A hacker who breaks into a computer system or network with
malicious intent. Unlike a white hat hacker, the black hat hacker takes advantage of
the break-in, perhaps destroying files or stealing data for some future purpose. The
black hat hacker may also make the exploit known to other hackers and/or the public
without notifying the victim. This gives others the opportunity to exploit the
vulnerability before the organization is able to secure it.
iv. Grey hat : A hacker who exploits a security weakness in a computer system or
product in order to bring the weakness to the attention of the owners. Unlike a black
hat, a grey hat acts without malicious intent. The goal of a grey hat is to improve
system and network security. However, by publicizing vulnerability, the grey hat may
give other hackers the opportunity to exploit it. This differs from the white hat who
alerts system owners and vendors of vulnerability without actually exploiting it in
public.
v. Phishing: An e-mail fraud method in which the perpetrator sends out
legitimate-looking email in an attempt to gather personal and financial information
8
RESTRICTED

RESTRICTED
from recipients. Typically, the messages appear to come from well-known and
trustworthy Web sites. Web sites that are frequently spoofed by phishers
include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing
expedition, like the fishing expedition it's named for, is a speculative venture. The
phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
vi. Rootkit: A collection of tools or programs that enable administrator-level
access to a computer or computer network. Typically, a hacker installs a rootkit on a
computer after first obtaining user-level access, either by exploiting a known
vulnerability or cracking a password. Once the rootkit is installed, it allows the
attacker to mask intrusion and gain root or privileged access to the computer and,
possibly, other machines on the network.
vii. Spam: The use of electronic messaging systems to send unsolicited bulk
messages, especially advertising, indiscriminately. While the most widely recognized
form of spam is e-mail spam, the term is applied to similar abuses in other
media: instant messaging spam, Usenet newsgroup spam, Web search engine
spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging
spam, Internet forum spam, junk fax transmissions, social networking spam, social
spam, television advertising and file sharing network spam.
viii. Spyware: Any technology that aids in gathering information about a person or
organization without their knowledge. On the Internet (where it is sometimes called
a spybot or tracking software), spyware is a programme that is put in someone's
computer to secretly gather information about the user and relay it to advertisers or
other interested parties. Spyware can get in a computer as a software virus or as the
result of installing a new program.
ix. Trojan horse: A program in which malicious or harmful code is contained
inside apparently harmless programme or data in such a way that it can get control
and do its chosen form of damage, such as ruining the file allocation table on
your hard disk. A Trojan horse may be widely redistributed as part of a computer
virus.
9
RESTRICTED

RESTRICTED
x. Virus:A program or programming code that replicates by being copied or
initiating its copying to another program, computer boot sector or document. Viruses
can be transmitted as attachments to an e-mail note or in a downloaded file, or be
present on a diskette or CD. The immediate source of the e-mail note, downloaded
file, or diskette you've received is usually unaware that it contains a virus. A virus that
replicates itself by resending itself as an e-mail attachment or as part of a network
message is known as a worm.
10
RESTRICTED

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RESTRICTED
THE MAJOR HACKING EVENTS WORLD EXPERIENCED.
16. Hacking has been around for decades. During the 1960s, the word "hacker" grew to
prominence describing a person with strong computer skills, an extensive understanding of
how computer programs worked, and a driving curiosity about computer systems. Hacking,
however, soon became nearly synonymous with illegal activity. While the first incidents of
hacking dealt with breaking into phone systems, hackers also began diving into computer
systems as technology advanced. Today’s crimes are often financially-motivated fraud. There
are some major hacking incidents that made some of the biggest headlines in history.
17. In 1994 Summer: Russian hackers siphon $10 million from Citibank and transfer the
money to bank accounts around the world. Vladimir Levin, the 30-year-old ringleader, uses
his work laptop after hours to transfer the funds to accounts in Finland and Israel. Levin
stands trial in the United States and is sentenced to three years in prison.
18. In 1996:
i. Hackers alter Web sites of the United States Department of Justice (August),
the CIA (October), and the U.S. Air Force (December).
ii. Canadian hacker group, Brotherhood, breaks into the Canadian Broadcasting
Corporation.
iii. The U.S. General Accounting Office reports that hackers attempted to break
into Defence Department computer files some 250,000 times in 1995 alone.
According to the report about 65 percent of the attempts were successful.
19. In 1997:
i. A 15-year-old Croatian youth penetrates computers at a U.S. Air Force base
in Guam.
ii. First high-profile attacks on Microsoft's Windows NT operating system.
11
RESTRICTED

RESTRICTED
20. In 1998 :
i. January: Yahoo notifies Internet users that anyone visiting its site in recent
weeks might have downloaded a logic bomb and worm planted by hackers claiming a
"logic bomb" will go off if Kevin Mitnick is not released from prison.
ii. Ethnic Tamil guerrillas swamped Sri Lankan embassies with over 800 e-mails
a day for more than two weeks. The messages read as “We are the Internet Black
Tigers and we're doing this to disrupt your communications.” Intelligence authorities
characterized it as the first known attack by terrorists against a country's IT
infrastructure.
21. In 1999 :
i. Software security goes main stream in the wake of Microsoft's Windows 98
release, year 1999 become a banner for security (and hacking). Hundreds of
advisories and patches were released in response to newly found (and widely
publicized) bugs in Windows and other commercial software products. A host of
security software vendors release anti-hacking products for use on home computers.
ii. The Melissa worm is released and quickly becomes the most costly malware
outbreak to date.
iii. “Level Seven” hacks The U.S Embassy in China's Website and places racist,
anti-government slogans on embassy site in regards to 1998 U.S. embassy bombings.
22. In 2000 the I LOVE YOU worm, also known as VBS/Love letter and Love Bug
worm, is a computer worm written in VB Script. It infected millions of computers worldwide
within a few hours of its release. It is considered to be one of the most damaging worms ever.
It originated in the Philippines; made by an AMA Computer College student for his thesis.
12
RESTRICTED