Threats posed by cyber-terrorism include:
1. Web site defacement: used for propaganda, which is usually amplified by media reports and therefore especially effective.
2. Stealing money to finance terror: Gartner’s identity guru, Avivah Litan, reported the arrest of approximately 50 people in Egypt and Lebanon in 2006. This was the first definitive proof that data hacks have been instituted by or for Middle Eastern extremist groups.
3. Identity theft: to commit theft as well as camouflage terrorist activity.
4. Information theft: According to S. Korea, a N. Korea hacking unit is targeting government agencies and research institutes. Terrorists may also target companies and service providers who work with the military or the government but spend fewer resources on security.
5. Economic damage: As shown by the recent attack on the Internet’s DNS root servers, Internet infrastructure is vulnerable to cyber-war. In Kyrgyzstan, for example, a politically-motivated DDos attack provoked the interruption of Internet services for over 400,000 users.
As the dependence of society on online information and service grows, successful attacks can seriously disrupt our lives.
What can I do?
Web site administrators need to protect their sites against criminals. There is no silver bullet for cyber-terrorism, but plain old Web site security is essential for the international effort against terrorism.
Network security solutions, such as firewalls and IPS, are commonly deployed by companies with a web presence. Such measures provide effective network level protection, stopping traffic that is not legitimate web usage. However, their very ubiquity and efficiency discourages terrorists from attacking the network, and forces them to turn to other vulnerabilities in the web environment, i.e. to application attacks.
Application attacks consist of seemingly legitimate HTTP/ HTTPS requests that contain malicious code. Examples include SQL injection, cross-site scripting, session manipulation and more. A good solution is to install web application firewalls that analyze incoming traffic and stop harmful requests.
Deploying application firewalls can protect Web sites against a wide variety of common attacks. A cost-effective solution is dotDefender™, a software-based web application firewall, deployed as a plug-in for both IIS and Apache. It does not require security expertise to provide a high level of security, so all Web sites can use it effectively.
The war on terror and crime cannot be solved by one measure alone, but rather necessitates a concerted effort by all levels of society. From a technological perspective, general availability of easy-to-use security solutions will create an additional significant obstacle to cyber-terrorism.
Applicure Technologies is exhibiting at Infosecurity Europe 2007 , Europe’s number one dedicated Information security event. Now in its 12th year, the show continues to provide an unrivaled education program, new products & services, over 300 exhibitors and an expected 11,600 visitors from every segment of the industry. Held on the 24th – 26th April 2007 in the Grand Hall, Olympia, this is a must-attend event for all professionals involved in Information Security. www.infosec.co.uk
About Applicure Technologies
Applicure Technologies Ltd creates software-based products for web application security and application compliance. IT Week recognized Applicure’s achievements and named it one of the Top 100 Vendors.