A

Seminar Report
for
Cyber Warfare & Terrorism
in partial fulfillment
for the award of the Degree of
Bachelors of Technology
in Department of
Computer Science & Engineering

Submitted To:

Submitted By:

Ms. Sapna Kumari

Charchit Taneja

Lecturer

11EIACS026

CS Department

CSE A Batch

IET Alwar
Department of Computer Science & Engineering
Institute of Engineering and Technology
Alwar
February, 2014

Candidates Declaration
I hereby declare that the work, which is being presented in this report, entitled Cyber
Warfare & Terrorism in partial fulfillment for the award of Degree of Bachelor of
Technology in department of Computer Science & Engineering, Institute of Engineering
and Technology, Alwar affiliated to, Rajasthan Technical University is a record of my
own investigations carried under the Guidance of Ms. Sapna Kumari, Department of
Computer Science & Engineering, IET Alwar.

I have not submitted the matter presented in this report anywhere for the award of any other
Degree.

Charchit Taneja
11EIACS026
Computer Science

Counter Signed by
Ms. Sapna Kumari
Lecturer
Computer Science Dept. IET

Abstract
As long as nations rely on computer networks as a foundation for military and economic power
and as long as such computer networks are accessible to the outside, they are at risk. Hackers can
steal information, issue phony commands to information systems to cause them to malfunction,
and inject phony information to lead men and machines to reach false conclusions and make bad
(or no) decisions.
Yet system vulnerabilities do not result from immutable physical laws. They occur because of a
gap between theory and practice. In theory, a system should do only what its designers and
operators want it to. In practice, it does exactly what its code (and settings) tells it to. The difference
exists because systems are complex and growing more so.
In all this lies a saving grace. Errors can be corrected, especially if cyber-attacks expose
vulnerabilities that need attention. The degree to which and the terms by which computer networks
can be accessed from the outside (where almost all adversaries are) can also be specified.
There is, in the end, no forced entry in cyberspace. Whoever gets in enters through pathways
produced by the system itself. It is only a modest exaggeration to say that organizations are
vulnerable to cyber-attack only to the extent they want to be. In no other domain of warfare can
such a statement be made.

ii

Acknowledgement
It is a matter of great pleasure and privilege for us to present this seminar report on our project,
Cyber Warfare & Terrorism that we had developed for fulfillment of our Bachelor of
Technology in Computer Science and Engineering.
I have received enormous help, guidance and advice from many people and we feel that it will be
not be right to mention a line about at least some of them. The author would like to express their
utmost gratitude to the Institute of Engineering and Technology, Alwar for providing
opportunity to author to pursue for the degree of Bachelor of Technology.
I am grateful to our chairman Dr. V.K. Agarwal for providing me the opportunity to study in this
institution as well as providing us with all the necessary facilities.
Our principal Dr. Anil Kumar Sharma has been source of inspiration to us in our work sincerely.
I am also thankful to Dr. S. K. Singh (H.O.D., CSE) for their encouragement and guidance. Their
words of encouragement led us to finish our work successfully.
I am also thankful to my project guide Ms. Sapna Kumari and also to all faculty members of
Computer Science & Engineering and Information Technology Department and all other for help
given to us directly or indirectly for the success of this project.
Charchit Taneja

Roll No. 11EIACS026

iii

Table of Contents
Candidates Declaration ................................................................................................................... i
Abstract ........................................................................................................................................... ii
Chapter 1 ......................................................................................................................................... 1
1. Introduction ............................................................................................................................. 1
Chapter 2 ......................................................................................................................................... 4
2.1 Types of Cyber Warfare........................................................................................................ 4
2.1.1 Vandalism ...................................................................................................................... 4
2.1.2 Propaganda ......................................................................................................................... 5
2.1.3 Denial Of Services ......................................................................................................... 6
2.1.4 Network Based Attacks against Infrastructure .............................................................. 8
2.1.5 Non-Network Based Attacks against Infrastructure .................................................... 10
2.2 Phishing Techniques ........................................................................................................... 11
2.2.1 Link Manipulation ....................................................................................................... 11
2.2.2 Filter Evasion ............................................................................................................... 12
2.2.3 Website Forgery ........................................................................................................... 13
2.2.4 Phone Phishing............................................................................................................. 13
2.2.5 Covert Redirect ............................................................................................................ 14
iv

2.2.6 Other Techniques ......................................................................................................... 14

Chapter 3 ....................................................................................................................................... 16
Conclusion ................................................................................................................................ 16
Chapter 4 ....................................................................................................................................... 17
References ................................................................................................................................. 17

Chapter 1
1. Introduction
Cyber war is a form of war which takes places on computers and the Internet, through electronic
means rather than physical ones. Cyber-warfare, as it is also known, is a growing force in the
international community, and many nations regularly run cyber war drills and games so that they
are prepared for genuine attacks from their enemies. With an increasing global reliance on
technology for everything from managing national electrical grids to ordering supplies for troops,
cyber war is a method of attack which many nations are vulnerable to.
In cyber war, people use technological means to launch a variety of attacks. Some of these attacks
take a very conventional form. Computers can be used, for example, for propaganda, espionage,
and vandalism. Denial of service attacks can be used to shut down websites, silencing the enemy
and potentially disrupting their government and industry by creating a distraction. Cyber war can
also be utilized to attack equipment and infrastructure, which is a major concern for heavily
industrialized nations which rely on electronic systems for many tasks.
Using advanced skills, people can potentially get backdoor access to computer systems which hold
sensitive data or are used for very sensitive tasks. A skilled cyber warrior could, for example,
interrupt a nation's electrical grid, scramble data about military movements, or attack government
computer systems. Stealthier tactics might involve creating systems which can be used to
continually gather and transmit classified information directly into the hands of the enemy or using
viruses to interrupt government computer systems.
As with other forms of warfare, each development in cyber war leads nations to develop numerous
counterattacks and defenses to protect themselves, and these developments spur enemies on to
create more sophisticated attack options. The arms race of the computer world makes it impossible
for nations to stop investing in cyber war research. Civilian computing actually benefits from some
research, as governments may release safety patches and other techniques to civilians to keep them
safe from attacks over the Internet and through computer systems.

For warriors, cyber warfare is significantly less deadly than conventional war, because people can
be located far from the front lines in heavily secured facilities. Cyber warriors are active in many
regions of the world, continuously scanning computer systems for signs of infiltrations and
problems, and proactively addressing issues like propaganda. Students in military colleges can
choose cyber war as a focus and area of specialty, and rival colleges often hold competitive games
and challenges with each other to test their cyber warriors. The emergence of cyberspace adds an
additional dimension to warfare: with and without clashes of traditional troops and machines of
war. Cyber warfare is often defined as major disruptions to critical infrastructure. However, this is
the least likely outcome. Attacking a nation via the Internet will have extreme consequences to the
attacker as well as collateral global damage. No nation-including both public and private
infrastructure-is immune from attack.
Cyber warfare occurs continuously across cyberspace connections, resulting in minor disruptions,
website defacement, theft of national defense information, and intellectual property theft. As
Michael Riley and Ben Elgen write in China's Cyberspies Outwit Model for Bond's Q, China is
one country that is actively invading U.S. infrastructure, stealing defense secrets, and walking
away with industrial technology useful in narrowing industrial and military gaps. According to
The Economist, "Some experts believe that such thefts have cost hundreds of billions of dollars in
stolen R&D" (para. 2). While some of this is simply related to criminal activity, much of it is
attributable to nation-sponsored espionage.
A country or group does not need a strong military or economy to wage warfare against industrial
powers. Sreeram Chaulia writes in Cyber warfare is the new threat to the global order,
"Cyber war capacities are not the domain of only big guns like China and the U.S. They are
spreading horizontally to middle and even minor powers" (para. 5).
Anyone with the right tools and legal/political environment can launch attacks against large or
small targets, regardless of how may guns and tanks the objective has. Table B lists several
characteristics of current cyber threats.

Table A

Chapter 2
2.1 Types of Cyber Warfare
There are many different kinds of cyber-warfare attacks. Check out the pages below to read more
information about each type of cyber-warfare attack.

Vandalism
Propaganda
Denial of Service
Network Attacks Against Infrastructure
Non-Network Attacks Against Infrastructure

2.1.1 Vandalism
Definition
Web vandalism is characterized by website defacement and/or denial-of-service attacks.
Details
Website defacement is the most common form of web vandalism, so both terms are used
interchangeably throughout this wiki. Denial-of-Service (DoS) attacks are further examined in its
own page on this wiki.
Website defacement is a major threat to many internet-enabled businesses. It negatively affects the
public image of the company. Companies may suffer from loss of customers.
How does website defacement work?
1. Find a username (e.g., by posing as administrator and calling an employee; administrator
information can be retrieved from a whois database)
2. Retrieve the password for that username (e.g., brute-force)
3. Obtain administrative privileges
4

4. Begin defacing the website (and install a backdoor)

How to defend against website defacement?

Avoid using the server as a client (e.g., web browser)

Remove buffer overflow vulnerabilities in your programs

Use a different user(s) other than root for managing the website contents

Enable access logs

Update

2.1.2 Propaganda
Definition
Propaganda is deliberate collection of messages intended to influence the opinions and actions of
large numbers of people. The information provided in these messages is not done so impartially
or necessarily truthfully, as the basic purpose of propaganda is to influence the audience towards
the side of the propagandist.
Propaganda is the deliberate, systematic attempt to shape perceptions, manipulate cognitions, and
direct behavior to achieve a response that furthers the desired intent of the propagandist. Garth
S. Jowett and Victoria O'Donnell, Propaganda And Persuasion
Importance
Propaganda is a powerful recruiting tool. The web provides a way in which propaganda can be
quickly and cheaply disseminated. The cost of publishing propaganda may simply be a webhosting fee. Through the use of the web's video and file-sharing sites along with social networking
sites, propaganda can reach large audiences in a very short manner of time.

Terrorism
Terrorist group Al-Qaeda uses their media arm, As-Sahab, to spread the groups propaganda. AsSahab releases audio and video messages through the web, and is doing so at a growing rate (one
video every six days in 2006, one video every three days in 2007). The production quality of the
videos have also increased, with current videos having sets that would not appear out of place on
American news shows like 60 Minutes.
Terrorist groups are also recruiting computer-savvy jihadists to produce sophisticated web videos
and other multimedia products. In one case, a militant group in Iraq advertised a website design
competition where the prize was the chance to fire three remote-controlled missiles at an American
army base in Iraq. Similarly, the Global Islamic Media Front has posted on radical Islamic websites
advertisements asking for job applications for a variety of posts for a jihadist-perspective weekly
video bulletin.
2.1.3 Denial Of Services
Definition
A denial of service attack is an attempt to consume all of an available resource in order to keep
that resource from its intended users.
More Information
The denial of service attack is one of the most common attacks on the Internet. Its use is so
widespread because it is relatively easy to implement and it is very difficult to defend against.
Generally, an attacker creates a flood of bogus requests to a service, ignoring the results. The server
is bogged down by the large number of incoming requests, taking a long time to handle both the
fraudulent requests and any legitimate requests that come in during the attack. In extreme cases,
the server will not be able to handle the strain of the incoming connections and will crash,
permanently breaking the server until it is manually restarted. A denial of service attack may also
consist of a request which is crafted to exploit a specific vulnerability in the server, causing it to
crash without requiring a large number of requests.
6

There are many kinds of denial of service attacks. We will go over some of them below.
A smurf attack is a denial of service attack based on creating a large flow of traffic to the targeted
machine. The attacker sends a "ping" packet to a broadcast address on the network; this broadcast
address is a special IP address which specifies all of the computers in a given network.
Additionally, the ping packet is forged to have its source IP address set to be the source IP of the
targeted computer. Each of the computers which receives the ping packet sends a "pong" packet
to the targeted computer; thus an attacker is able to multiply the amount of network traffic he can
create to a target by the number of machines on a network vulnerable to this technique.
Ping flooding is sending a large number of ping packets to a target computer. Other than
consuming the victim's bandwidth, unless the target computer is configured properly it will also
respond to each ping packet with a pong packet, wasting CPU time as well as network bandwidth.
A SYN flood is an attack based on sending forged TCP/IP connection requests to the target
computer. The target computer opens a connection and responds with a handshake SYN/ACK
packet, awaiting an ACK packet from the remote attacker. Because the original request was forged,
however, the SYN/ACK is received by no one in particular and thus the request will remain open
on the victim's computer until it times out. This used to be a very useful attack: in 1996, for
example, the most common TCP implementation had an "awaiting response" queue only eight
entries long, and a timeout of three minutes. An attacker could completely remove a server's ability
to respond to legitimate clients by sending eight packets every three minutes!
A distributed denial of service attack is a denial of service attack which uses many computers
in order to consume the target computer's bandwidth. This is a class of attacks rather than a single
attack technique; smurf attacks, above, are an example of a distributed denial of service attacks.
Ping flooding and SYN flooding can also be implemented as distributed denial of service attacks.
Most denial of service attacks today are distributed, for the simple reason that modern defenses
make it easy to block all traffic coming from a single source. Distributed attacks are also
advantageous for resource-consumption attacks; the more computers you have consuming
resources, the easier it is to consume all of the resource.

Defenses
Defending against denial of service attacks is notoriously difficult. While a single-source attack
can be blocked simply by ignoring the attacking computer, a distributed attack cannot be blocked
so easily: with many computer requesting resources, it is difficult to detect (and ignore) each
attacking computer. In pathological cases, the number of attacking computers may be increasing
faster than these computer can be blocked, even with an automated detection solution!
Defending against distributed denial of service attacks is largely a matter of proper router
configuration on a level beyond that of the victim's control; even if you can ignore every fraudulent
request, it still takes some computing power to determine the validity of each request, and many
distributed attacks are on such a scale that even that little loss of computing power is enough to
completely shut down the target's computer. However, higher-level routing solutions are possible.
Smurf attacks, for example, can be defended against if computers configure themselves not to
respond to ping packets sent to broadcast addresses; alternatively, the routers can be configured to
not pass along ping packets which are sent to broadcast addresses. SYN flooding has become much
less useful in recent years as more and more modern implementations remove arbitrary limits on
the number of open connections.
Solving a denial of service attack often requires the cooperation of the administrators of individual
systems and administrators of ISPs or internet backbones. The defenders must react to each new
attack, determining the proper way to configure their routers so that valid packets are allowed
through while fraudulent requests are automatically blocked.
2.1.4 Network Based Attacks against Infrastructure
Definition
As in conventional warfare, critical infrastructure serves as a target to cyber attacks. Although
often regarded as the most severe type of cyber attack that includes power, water, fuel,
communications, and transportation, few critical infrastructure attacks have been perpetrated to
8

this day. Previously, it was thought that the worst a network based attack could do was denial of
service. As recently as this year however, hackers were able to inflict physical damage on
machinery.
1) Power, Water, Fuel
Electrical power, water, and fuel supplies are at the core of a country's infrastructure. The
disruption of any of these services would have a chain reaction effect and cause severe
repercussions. Many of these critical infrastructure pieces are owned and operated by private
companies in the United States. For efficiency and cost saving purposes, the control systems of
power plants, water pump stations, and fuel lines have been networked and can be controlled
remotely. This opens the possibility of an attacker gaining access and taking control.
Economist Scott Borg, who produces security-related data for the federal government, projects
that if a third of the country lost power for three months, the economic price tag would be $700
billion.
"its equivalent to 40 to 50 large hurricanes striking all at once," Borg said. Its greater economic
damage than any modern economy ever suffered. It's greater than the Great Depression. It's
greater than the damage we did with strategic bombing on Germany in World War II."
2) Communications
Nearly all telephone calls are routed at some point through an IP network. This fact, along with
the increasing use of pure VOIP calling subjects telephone communications to the same attacks
that have plagued data networks since their inception.

3) Transportation
Traffic Control
In major metropolitan areas such as Los Angeles, traffic lights are monitored and controlled from
a central location.
9

"ATSAC is a computer-based traffic signal control system that monitors traffic conditions and
system performance, selects appropriate signal timing (control) strategies, and performs equipment
diagnostics and alert functions. Sensors in the street detect the passage of vehicles, vehicle speed,
and the level of congestion. This information is received on a second-by-second (real-time) basis
and is analyzed on a minute-by-minute basis at the ATSAC Operations Center"
With central control and networking comes the chance that an outsider will gain access. Two
engineers were recently arrested for tampering with the traffic system in Los Angeles during a
union protest. Four days were needed to restore the signals.
Air Traffic Control
Another transportation system connected via a network is the air traffic control system employed
at hundreds of airports nationwide. As far back as 1997, the first case of an attack on air traffic
control systems was reported
"As a result of a series of commands sent from the hacker's personal computer, vital services to
the FAA control tower were disabled for six hours in March of 1997."

2.1.5 Non-Network Based Attacks against Infrastructure

Electromagnetic Pulse
Equipment disruption can also occur from non-computerized attacks. An Electromagnetic Pulse
(EMP) occurs after a nuclear device is detonated, and disables all electronic devices within range.
However EMPs can also be generated without a nuclear explosion. Non-nuclear EMPs can be
loaded in cruise missiles or as the payload of bombs and cause widespread equipment failure
Submarine Cable Disruption
The majority of inter-continental telecommunications traffic is carried by undersea cable
connecting all the continents except Antarctica. In early 2008 there was a series of submarine cable
10

disruptions that affected much of the Middle East and India. Egypt suffered a disruption of 70%
of their internet traffic and India suffered up to 60% disruption. Other countries such as Bahrain,
Bangladesh, Kuwait, Pakistan, Saudi Arabia, and United Arab Emirates were also affected to
varying degrees. In total over 80 million Internet users were affected.
Although none of these disruptions appear to be intentional or malicious in nature, the disruptions
do suggest that a physical attack against undersea cables could be used to disrupt an enemys
communications.
Anti-Satellite Weapon
Satellites represent an important part of modern warfare, whether they are spy or
telecommunications satellites. Disrupting or destroying an enemys satellite has the potential to
hinder intelligence and communication which are two important aspects of waging war.
Three countries, the United States, China, and the former U.S.S.R. are known to have developed
anti-satellite missiles. In 1985 the Unites States successfully shot down a failing scientific satellite,
which was the only satellite to have been shot down until 2007. Then in January 2007 China
successfully shot down a defunct weather satellite. The United States then shot down a satellite
that was decaying from orbit in February 2008.
Although no country has shot down an enemys satellite, these events demonstrate the ability of
China and the United States (and possibly Russia) to shoot down a satellite, which could be quite
a blow when waging cyber-warfare in the context of a war.
Cyber war can also be termed in Phishing and many malware practices over the internet.

2.2 Phishing Techniques

2.2.1 Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an
email (and the spoofed website it leads to) appear to belong to the spoofed organization.
11

Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following
example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to
the example section of the yourbank website; actually this URL points to the "yourbank" (i.e.
phishing) section of the example website. Another common trick is to make the displayed text for
a link (the text between the <A> tags) suggest a reliable destination, when the link actually goes
to the phishers' site. The following example link, http://en.wikipedia.org/wiki/Genuine, appears to
direct the user to an article entitled "Genuine"; clicking on it will in fact take the user to the article
entitled "Deception". Many email clients or web browsers will show previews of where a link will
take the user in the bottom left of the screen, while hovering the mouse cursor over a link. This
behaviour, however, may in some circumstances be overridden by the phisher.
A further problem with URLs has been found in the handling of Internationalized domain
names (IDN) in web browsers, that might allow visually identical web addresses to lead to
different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN
spoofing or homograph attack, phishers have taken advantage of a similar risk, using open URL
redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted
domain. Even digital certificates do not solve this problem because it is quite possible for a phisher
to purchase a valid certificate and subsequently change content to spoof a genuine website, or, to
host the phish site without SSL at all.

2.2.2 Filter Evasion

Phishers have even started using images instead of text to make it harder for anti-phishing filters
to detect text commonly used in phishing emails. However, this has led to the evolution of more
sophisticated anti-phishing filters that are able to recover hidden text in images. These filters use
OCR (optical character recognition) to optically scan the image and filter it.

12

Some anti-phishing filters have even used IWR (intelligent word recognition), which is not meant
to completely replace OCR, but these filters can even detect cursive, hand-written, rotated
(including upside-down text), or distorted (such as made wavy, stretched vertically or laterally, or
in different directions) text, as well as text on colored backgrounds (such as in this case, where
you can see the otherwise unfilterable text, if it weren't for IWR.)
2.2.3 Website Forgery
Once a victim visits the phishing website, the deception is not over. Some phishing scams
use JavaScript commands in order to alter the address bar. This is done either by placing a picture
of a legitimate URL over the address bar, or by closing the original bar and opening up a new one
with the legitimate URL.
An attacker can even use flaws in a trusted website's own scripts against the victim. These types
of attacks (known as cross-site scripting) are particularly problematic, because they direct the user
to sign in at their bank or service's own web page, where everything from the web address to
the security certificates appears correct. In reality, the link to the website is crafted to carry out the
attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in
2006 against PayPal.
A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-touse interface that allows a phisher to convincingly reproduce websites and capture log-in details
entered at the fake site.
To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun
to use Flash-based websites (a technique known as phlashing). These look much like the real
website, but hide the text in a multimedia object.
2.2.4 Phone Phishing
Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users
to dial a phone number regarding problems with their bank accounts. Once the phone number
(owned by the phisher, and provided by a Voice over IP service) was dialled, prompts told users
13

to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID
data to give the appearance that calls come from a trusted organization.
2.2.5 Covert Redirect
"Wang Jing, a School of Physical and Mathematical Sciences Ph.D. student at the Nanyang
Technological University in Singapore, discovered that the serious vulnerability "Covert Redirect"
flaw can masquerade as a log-in popup based on an affected site's domain. Covert Redirect is based
on a well-known exploit parameter."
"Normal phishing attempts can be easy to spot, because the malicious page's URL will usually be
off by a couple of letters from that of the real site. The difference with Covert Redirect is that an
attacker could use the real website instead by corrupting the site with a malicious login popup
dialogue box." So, Covert Redirect is a perfect phishing method.
Once the user login, the attacker could get the personal data, which in the case of Facebook, could
include the email address, birth date, contacts, work history, etc.
But, if in case the token has greater privilege, the attacker could obtain more sensitive
information including the mailbox, friends list, online presence and most possibly even operate
and control the users account.
"The general consensus, so far, is that Covert Redirect is not as bad, but still a threat.
Understanding what makes it dangerous requires a basic understanding of Open Redirect, and how
it can be exploited."
2.2.6 Other Techniques

Another attack used successfully is to forward the client to a bank's legitimate website,
then to place a popup window requesting credentials on top of the page in a way that makes
many users think the bank is requesting this sensitive information.

One of the latest phishing techniques is tabnabbing. It takes advantage of tabbed browsing,
which uses multiple open tabs, that users use and silently redirects a user to the affected
14

site. This technique operates in reverse to most phishing techniques that it doesn't directly
take you to the fraudulent site, but instead phishers load their fake page in one of your open
tabs.

Evil twins is a phishing technique that is hard to detect. A phisher creates a fake wireless
network that looks similar to a legitimate public network that may be found in public places
such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network,
fraudsters try to capture their passwords and/or credit card information.

15

Chapter 3
Conclusion
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit
card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an
electronic communication.
Phishing is a very big problem now a days and it has to be stopped. To stop phishing and beware
from the effects of phishing government is working and making such laws and rules which will
help in fighting with this phishing.

16

Chapter 4
References
1. http://en.wikipedia.org/wiki/Phishing
2. http://www.webopedia.com/TERM/P/phishing.html
3. http://searchsecurity.techtarget.com/definition/phishing
4. http://computer.howstuffworks.com/phishing.htm

17