Threat Management, Malware, Threat Management

Cyber-terrorism: the next logical threat to come from IS

History demonstrates that terrorism, like any other entity, is constantly evolving, with earlier groups such as the IRA and Basque separatists ETA notorious for their breadth of tactics.

Scholars agree that prior to its recent territorial setbacks, including ejection from Mosul, one of the reasons IS had managed to successfully preside over such a vast swathe of land was because of its unique blend of a combination of guerrilla, infantry and organised crime tactics.

As IS looses territory in the Middle East we have seen an upsurge in IS attacks focussing on softer and less protected targets in the West, such bars and bridges; the flexibility the organisation has demonstrated in the past suggest it is unlikely to ignore cyber for long and several prominent terrorism authorities argue “It is no longer a matter of if cyber-terror will emerge, but when”.  States have demonstrated that they can bring down power stations (Stuxnet in Iran or BlackEnergy in Ukraine), so non-state actors have a template to follow.

Given both the significant funds still available to IS even now, and the ease by which hacking tools are available to purchase on the dark web, a combination of cyber-crime and jihadism is a likely future threat.

If, for example, the motivations behind the WannaCry NHS ransomware attack had been clearly ideological rather than financial (assuming that is the case), then the consequences could have been a lot worse.

Hypothetically, if an IS supporter modified off-the-shelf hacking tools in an attempt to take down the national grid or gain access to computers at Heathrow airport, the consequences could be dire. That's before we entertain the possibility that the wealth the group enjoys could easily be channelled into a state sponsored hacking collective similar to that purported to be orchestrated by the Chinese and Russian governments.

While there has only been one confirmed cyber-terrorism case, another case involving a Trojan infecting computers at a Madrid airport in 2008 outlines the potential impact – the resulting crash saw a hundred and fifty-four injuries –  although there was no evidence of terrorist involvement.

While this should not be overstated, it is not inconceivable that the two major threats of our time could come together.

The combination of increased reliance on technology, allied with the increase in cyber-criminals' capabilities, will give terrorists the motivation and capacity to carry out a new vector of attack capable of producing mass casualties without requiring the perpetrator to leave their home.

With a world almost totally reliant on computers the potential damage caused by hackers is limitless, combine this with the ideological fanaticism showed by groups such as IS and you have an issue that cannot be ignored.

Given that the government is struggling to get to grips with surges in both terrorist attacks and cyber-crime, it is undeniable there is some serious thinking to be done at governmental level to ensure that, should IS exploit the available technology, the UK isn't left paralysed by tech savvy jihadis.

Solving one of these mammoth issues would be difficult enough, but getting to grips with both may prove the challenge of our time. With no end in sight for either, the Government must get to work.

Contributed by Chis Allen, journalist specialising in policing, crime and security.

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.