It is our sheer belief that terrorism is a physical activity and is solely aimed at targeting physical assets with an objective to kill people and destroy property. Study of recent terrorist attacks reveal that most terrorist strikes are based on a highly precise and well-coordinated strategy, penetrating the victim anonymously through the least resistive paths with an aim of creating a psychological impact along with the monetary losses.

Recently the US White House, State Department and Pentagon Websites were among those targeted in a coordinated cyber attack that also crippled sites in South Korea. Closer home, investigations post the recent Mumbai 26/11 terrorist attack have revealed that terrorists are skillfully making use of technology to plan and coordinate their activities.

The ever-increasing reliance on information technology and Internet has also grabbed the attention of most criminals and vandals who have made technology-enabled business processes susceptible to attacks.

The usage of Internet as a means for reconnaissance and attack assumes significant importance to terrorists, thereby giving rise to cyber terrorism.

Enlisted below are the some of the advantages that propel the terrorist to use the internet as a means for carrying out terrorist activity in comparison to the traditional approach.

Reconnaissance:Recent terrorist attacks have raised the alertness level of governments across the world and various law enforcement agencies are mapping the risk involved in the active reconnaissance of the target. The avenues for passive reconnaissance such as Websites offering detailed map of locations, employees divulging sensitive information through social networking sites are easily available since most of them cannot be controlled by the government.

Target diversity:In a traditional approach, logistics is of major concern. Concentrated efforts and advanced strategy needs to be chalked out before launching a physical assault on the selected target. For a cyber terrorist, selection of target is easier, as the assault activity is to be carried out remotely.

Risk of detection:Risk of detection for a terrorist before or after carrying out the terrorist attack is especially high in the current state where the government and law enforcement bodies are in a state of high alter. For a cyber terrorist, the risk of detection is negligible as there are enough camouflaging avenues offered by the cyber world.

Risk of injury:Risk of injury for a terrorist carrying out a physical assault on a target is extremely high. For a cyber terrorist, the risk of injury is low since most of the activities are to be carried out from a remote location which may be located miles away from the target or in may be on a different continent itself.

Financing avenues: Avenues for obtaining finance in the real world for a terrorist have become less since the transactions can be easily tracked and traced.

In cyber world, the avenues of finance are ever increasing by the usage of legitimate and illegitimate means to transfer funds across the globe by hacking bank Websites or hosting Websites that ask for donations to support their cause.

Availability of mercenaries:With profusion of the Internet across the world, the availability of technologically skilled mercenaries has made it easier to launch a cyber attack on a selected target in shortest possible time frame. This is not the case with mercenaries who are used to launch a physical assault on a target since an enormous amount of time is required for training and changing the mindset of such individuals before allocating them such a pernicious task.
Propaganda: Websites hosting indoctrinating material or martyr videos or inflammatory speeches by terrorist group leaders are effective tools to gather mass support and help spread the ideology.

Some of the major cyber attacks are as described below:

Cyber stalking:This is usually an information gathering attack. In this attack method the terrorist makes extensive use of Websites portraying detailed maps and social networking sites to gather clear and concise information about the attack target.

Website vandalism:In this attack scenario, Websites are defaced and indoctrination content is posted on them mainly as means to increase the propaganda.

DDOS attacks:Distributed Denial of Service (DDoS) attacks are aimed at attacking the availability of resources. This attack may include attacking the availability of Websites, telecommunication infrastructure and various other critical infrastructure components such as power grids, water plants, military and transportation to deliver a lethal attack aimed at crippling the various interdependent processes to cause panic and enormous losses.

Today cyber terrorism has moved from being an envisaged threat to become a real threat against which the efficacy of security controls needs to determined. The world needs to develop strategies to deal with this ever increasing grave threat and undertake coordinated activities by building a central anti-cyber terrorism task force to deal effectively and help thwart such terrorist activities to prevent long term damages and destruction of critical resources.

Business enterprises also need to realise that fighting against terrorism cannot be only left to the government and other law enforcement agencies. The onus to prevent such activities is also on the business enterprises by establishing public private partnerships and developing well coordinated and effective strategies which may include reviewing their current security postures and changing their risk appetite levels in light of this newly discovered threat to timely detect and respond to such menaces.