The document discusses the rise of cyberterrorism and hacktivism, highlighting incidents such as the 2012 cyberattack on Al Jazeera and the significant increase in attacks on critical infrastructure globally. It details notable cases of cyberwarfare, including the stuxnet attack on Iranian nuclear facilities, which exemplifies the potential for state-sponsored cyber weapons. The text underscores the complex and evolving nature of cyber threats, driven by technological advancements and the anonymity of the internet.

1. Case Study - Cyberterrorism—A New Reality:
When hackers claiming to support the Syrian regime of Bashar
Al-Assad attacked and disabled the website of Al Jazeera, the
Qatar-based satellite news channel, in September 2012, the act
was another act of hacktivism, purporting to promote a specific
political agenda over another. Hacktivism has become a very
visible form of expressing dissent. Even though there have been
numerous incidents reported by the media, the first case of
hacktivism was documented in 1989 when a member of the Cult
of the Dead Cow hacker collective named Omega coined the
term in 1996. However, hacktivism is not the only form of cyber
protest and conflict that has everyone from ICT professionals to
governments scrambling for solutions. Individuals, enterprises,
and governments alike rely in many instances almost completely
on network computing technologies, including cloud computing.
The international and ever-evolving nature of the Internet along
with inadequate law enforcement and the anonymity the global
architecture offers creates opportunities for hackers to attack
vulnerable nodes for personal, financial, or political gain.
The Internet is also rapidly becoming the political and advocacy
platform of choice, bringing with it both positive and negative
consequences. Increasingly sophisticated off-the-shelf
technologies and easy access to the Internet are significantly
increasing incidents of cyberterrorism, netwars, and
cyberwarfare. The following are a few examples.
• According to The Israel Electric Company, Israel is attacked
1,000 times a minute by cyberterrorists targeting the country’s
infrastructure—water, electricity, communications, and other
services.• The New York Times, quoting military officials, said
there was a seventeen-fold increase in cyberattacks targeting the
US critical infrastructure between 2009 and 2011.• The 2010
Data Breach Investigations Report has data recording more than

2. 900 instances of computer hacking and other data breaches in
the past seven years, resulting in some 900 million
compromised records. In 2012, the same study listed 855
breaches, resulting in 174 million compromised records in 2011
alone, up from 4 million in 2010.• Another study of 49 breaches
in 2011 reported that the average organizational cost of a data
breach (including detection, internal response, notification, post
notification cost) was $5.5 million. This number was down from
$7.2 million in 2010.14 The Telegraph (London) reported that
“India blamed a new ‘cyber-jihad’ by Pakistani militant groups
for the exodus of thousands of people from India’s north-eastern
minorities from its main southern cities in August after text
messages warning them to flee went viral.”
There have been recorded instances of nations allegedly
engaging in cyberwarfare. The Center for the Study of
Technology and Society has identified five methods by which
cyberwarfare can be used as a means of military action. These
include defacing or disrupting websites to spread propaganda, to
conduct espionage and gain access to critical information, to
disrupt enemy military operations, and to attack critical
infrastructure. In 1999, pro-Serbian hacker groups, including
the Black Hand, broke into NATO, US, and UK computers
during the Kosovo conflict. In 2000, both pro-Israeli and pro-
Palestinian groups created panic for government and financial
networks, and in 2001, the world saw hacking with a patriotic
flavor when Chinese and US hackers traded attacks on
computers in both countries.
One of the first widely documented cases was the cyberattack
on the Republic of Georgia in 2007. On April 26, a series of
distributed denial of service (DDoS) attacks targeted
government, media, and financial networks and Internet
infrastructure. Many other servers were hacked, and websites
changed to display pro-Russian messages. Many of the initial
attacks were said to have originated from Russia and, in some

3. cases, allegedly from Russian government computers. The first
wave of attacks against Estonian websites fizzled out after the
Estonian foreign minister publicly declared that many of the
attacks had originated from Russian government computers.
The Estonian Internet infrastructure was subjected to more
attacks. On April 30, 2007, attackers utilized so-called robot
networks (botnets) from numerous sources around the world.
About a week later, there were more DDoS attacks, including
one on Estonia’s Hansabank, which reported a loss of about $1
million because of the attacks. The attacks continued
intermittently for a few weeks before finally dying off in the
summer of 2007.
Another incident was the South Ossetia conflict between Russia
and Georgia in 2008. This Russian-Georgian conflict is
classified as the first cyberspace conflict that was synchronized
with traditional combat actions. Just as Russian troops were
crossing the border, websites for communications, finance,
government, and many international organizations in Georgia
became inaccessible. These actions included various DDoS
attacks that disrupted communications and information networks
in Georgia. The attackers also defaced Georgian websites,
adding pro-Russian images, supposedly for propaganda
purposes. One of the first networks attacked was a popular
hacker forum in Georgia. Consequently, pro-Georgian hackers
made successful attacks against Russian networks as well.
Although both the Estonian and Georgian attacks were widely
believed to be the work of state-sponsored Russian hackers, no
proof has ever been found conclusively linking Russian
authorities to the incidents.
The “First Cyberwarfare Weapon”: Stuxnet
In June 2010, an Iranian nuclear facility in Natanz was said to

4. have been attacked by a sophisticated, standalone malicious
malware that replicated itself to spread to other computers. The
malware, called Stuxnet, initially spread via Microsoft Windows
operating system and targeted industrial software and
equipment—in particular, certain specific industrial control
systems made by Siemens. In all, versions of Stuxnet targeted
five Iranian organizations, all allegedly linked to the Iranian
nuclear program, and may have caused significant damage to the
Iranian nuclear enrichment program facility located at Natanz.
Stuxnet is said to have been in use since 2009 and was first
identified in July 2010 by VirusBlokAda, an information-
technology security company in Belarus, after it was said to
have “accidently spread beyond” its intended target, Natanz, via
infected USB sticks. However, some experts have argued that
Stuxnet is not a “worm,” since it was propagated via removable
media—CDs, DVDs, thumbdrives—and did not distribute
through self-replication over the Internet.
In any event, the 2010 version of Stuxnet has been called the
“largest” and “most sophisticated attack software ever built,”
and one investigative article said that the event foreshadowed
the destructive new face of 21st century warfare, writing that
“Stuxnet is the Hiroshima of cyberwar.” According to a report
by Symantec, data from the early days of the Stuxnet attack
showed that Iran, Indonesia, and India accounted for the bulk of
the infected computers. The report also said that Stuxnet was
the first piece of malware to exploit the Microsoft Windows
shortcut “LNK/PIF” files’ automatic file execution
vulnerability36 to spread.
Overview of Stuxnet Symantec found that not only did versions
of Stuxnet exploit up to four “zero-day” vulnerabilities in the
Microsoft Windows operating system, at half a megabyte it was
unusually large in size and seemed to have been written in
several languages, including portions in C and C++. Another

5. sign of the sophistication was the use of stolen digital
certificates from Taiwanese companies, the first from Realtek
Semiconductor in January 2010 and the other from
JMicronTechnology in July 2010. The size, sophistication, and
the level of effort has led experts to suggest that the production
of the malware was “state-sponsored,” and that it is “the first-
ever cyberwarfare weapon.” The effects of Stuxnet have been
likened to a “smart bomb” or “stealth drone,” since it sought out
a specific target (programmable-logic controllers made by
Siemens), masked its presence and effects until after it had done
the damage (the operation of the connected motors by changing
their rotational speed), and deleted itself from the USB flash
drive after the third infection. As programmed, Stuxnet stopped
operating on June 23, 2012, after infecting about 130,000
computers worldwide, with most of them said to be in Iran.
THE QUESTION IS
-What does the threat do?