'Cyberterrorism' is Here to Stay

17 February 1999
Every day, more commerce and sensitive information flows over the Internet. People and organizations are becoming dependent on electronic data while paper trails are diminishing. This dependence on electronic information makes for an inviting target for a new breed of delinquents that some are calling "cyberterrorists."

Barry Collin, a senior research fellow at the Institute for Security and Intelligence at Stanford University, is quoted by the Air Force News as defining cyberterrorism as "hacking with a body count."

In the world according to Tom Clancy, "In the year 2010, computers are the new superpowers. Those who control them, control the world. To enforce the Net Laws, Congress creates the ultimate computer security force agency within the FBI: Net Force."

If you think that this is far-fetched, then consider this: On January 22, 1999 President Clinton proposed adding $515 million to the fiscal year 2000 budget to protect the nation's computer-dependent critical infrastructure, such as power, banking and emergency services. The federal government has already created special offices within the FBI and the commerce department to protect critical systems against cyber attack. The president even coined the phrase "Cyber Corps," which "will encourage federal agencies to train and retrain computer specialists, as well as recruiting gifted young people out of college."

The Threat is Real

In March 1998, several NASA, Navy, and university websites received "denial of service" attacks (also known as "New Tear" or "Boink" attacks). The attacks targeted computers with Microsoft Windows NT and Windows 95 operating systems. They prevented servers from answering network connections and crashed computers, causing a blue screen and a "fatal error" message to appear (a.k.a. "the blue screen of death"). The systems were restored by rebooting the computers and no permanent damage occurred, but some of the targeted organizations have sought help from the FBI. Microsoft provided a patch for fending off this kind of attack.

In February 1998, over a two-week period, the defense department had its worst attack to date. The unclassified networks were penetrated (sources said the classified networks had not been breached), and the hackers accessed personnel and payroll information. Deputy Defense Secretary John Hamre called it a "wake-up call." Two teenage hackers allegedly perpetrated the attacks, one of whom is a California sophomore in high school who goes by the handle "Makaveli."

In 1997, a Swedish hacker jammed the 911 emergency telephone system throughout west-central Florida. FBI Director Louis Freeh called the incident "a dress rehearsal for a national disaster."

The Cyberterrorist's Advantage

Cyberterrorism is an attractive way to mount an attack. It starts with the advantage of anonymity. The simple fact is that it's difficult to track a cyberterrorist. There are no checkpoints or physical evidence. The terrorist could even be half way around the world.

It can also be a low-budget form of attack. The only real costs may be some computer equipment and programming time. Unlike a real world attack, the terrorist needn't make or transport a bomb. Customs isn't an issue. Delivery may be as easy as a PC and a telephone line.

In our computer dependent world, the potential targets are endless. Consider the damage that could be done by attacking Wall Street's computers, traffic light control computers, prison computers, banks, the Pentagon or AOL. This is not about childish pranks; it's about a form of warfare and no country is more vulnerable than the United States.

The legal systems of the world are ill-prepared for this new type of terrorism. Just consider the unique jurisdictional issues raised by an attack launched by a programmer in Russia who installs his attack program on a system in Iran, which automatically launches the war months later by satellite link to a computer in Canada that uses the Internet to destroy a computer in New York.

Cyberterrorism is here to stay. We're vulnerable electronically and it's just too tempting a way to attack the United States. It can also cause much more damage than a truck bomb. You can expect to hear much more about this in the years to come.

CyberTips--Registering Domains in Foreign Countries

Did you ever go to a website and the address ended in some bizarre two-letter "combination like ".im" or ".tr" instead of something familiar like ".com" or ".net?" Those two-letter combinations generally appear when a domain name (cnn.com is an example of a domain name) is registered in a country other than the United States.

In case you were wondering, ".im" would tell you that the domain had been registered in the Isle of Man and ".tr" tells you that it was registered in Turkey. These foreign registrations can be an option if somebody else has already registered "WhatEverYouWanted.com." For example, you might be able to register "WhatEverYouWant.co.im" instead.

In case you wanted to know, the domain registry site for the Isle of Man says, "The 'im' is the national Top Level Domain (TLD) for the Isle of Man. The Isle of Man is in the centre of the British Isles, and is a jurisdiction governed independently from the United Kingdom. The Isle of Man is a proud nation, and the 'im' domain has been formed to uniquely represent the Island on the Internet stage." The cost is only GBP 40.00 per year. (No, I don't know the exchange rate. Maybe the word "only" is inappropriate.)

You can find a list of these TLDs at http://www.uninett.no/navn/domreg.html. This site is a useful reference source, but it can also be fun. With a click, you can glimpse into other countries and the way they administer their part of the Internet. It's the ultimate in low-budget travel.

One that I found intriguing was the listing for U.S.S.R. (former) and its ".su" TLD. I wondered why a former country is administering domain names. (Perhaps the "Artist Formerly Known as Prince" has registered his domain there.) So I clicked on the link and journeyed to http://www.ripn.net/nic/. While it's possible that the site held my answer, I may never know since it was in Russian.

When I clicked on Iraq, my modem disconnected. Really.

Iran's site (http://www.nic.ir/) is all business. It provides registration forms. No burning American flags or even national pride a la the Isle of Man.

Switzerland (.ch) and the Principality of Liechtenstein (.li) share a site at http://www.nic.li/. Here, you'll also find information on registering trademarks in Switzerland and "A White Paper on Domain Requirements."

Finally, you'll be pleased to know that the Falkland Islands proudly administers (http://www.fidc.org.fk/domain-registration/home.htm) the .fk TLD and that the use of this domain is being encouraged to allow the Falkland Islands as a community to present a distinct identity to the international community which would not otherwise be possible using generic TLDs such as .com.

Legal Best of the Web

If you need to find information on state law, a great starting point is a site maintained by the Washburn University School of Law at http://lawlib.wuacc.edu/washlaw/uslaw/statelaw.html. It has links to all 50 states. In each state, you'll find links to various sites including online statutes, state offices, state courts and other materials. It's a website worth a bookmark.

One of the premier legal information and research sites is undoubtedly the "FindLaw" site at http://www.findlaw.com/. If you've never been there, it's a treat. A four-star site.

Disclaimer: The advice given in the Computer Law Tip of the Week should not be considered legal advice. This newsletter only provides general educational information. You must never rely upon the advice given here. Your individual situation may not fit the generalizations discussed. Only your attorney can evaluate your individual situation and give you advice.

Except as provided below, you may feel free to forward, distribute and copy the Computer Law Tip of the Week if you distribute and copy it without any changes and you include all headers and other identifying information. You may not copy it to a Web site.




Mark Grossman's "TechLaw" column appears in numerous publications. Mark Grossman has extensive experience as a speaker as well. If you would like him to speak before your group or corporate meeting, please call (305) 443-8180 for information.

You can find a TechLaw archive at: www.DeWittGrossman.com.

If you have any comments, please send them to MGrossman@DeWittGrossman.com.

Disclaimer: The advice given in the TechLaw column should not be considered legal advice. This newsletter only provides general educational information. You must never rely upon the advice given here. Your individual situation may not fit the generalizations discussed. Only your attorney can evaluate your individual situation and give you advice.

Except as provided below, you may feel free to forward, distribute and copy the TechLaw column if you distribute and copy it without any changes and you include all headers and other identifying information. You may not copy it to a Web site.