“ Tomorrow’s terrorist maybe able to do more

damage With a keyboard than with a bomb “

What is cyber terrorism?

The premeditated use of disruptive activities ,or the threat

thereof, against computers or computer networks with the
intention to cause harm or further social, ideological,
religious, political or similar objectives. Or to intimidate a
person in furtherance of such objectives.
3 most common attack methods

IP spoofing.
password cracking.
Denial of service attacks.
 IP spoofing
 Refers to a creation of IP packets with forced sources IP
address with the purpose of concealing the identity of
sender.
 Mostly used in Denial-of-Service attacks.
Most effective in computer networks where users can log
in without a username or password.
Denial-of-Service attacks

Denial-of-Service attacks focus on making a service

unavailable to intended users.
 2 forms of DOS attacks: those that crash services
and those that flood services.
 one common attack methods involves saturating the
target machine with communications requests such
that it cannot respond to the traffic.
 Password Cracking
o It can be implemented using
Brute- force attacks, Trojan horse
Programs and IP Spoofing.
o Password attacks usually refer to
repeated attempts to identify a user
account and password; these repeated
attempts are called Brute-force
attacks.
o one example is weak encryption used
by Microsoft window XP ,can easily be
attacked.
 How we can protect ourselves or what prevention
should be taken ?

 Beware of hardware theft

through a BYOO policy we should have a way to protect data
 Know what to do if we became an victim
 we should contact companies and banks about fraud ,
 place fraud alerts and get credit card reported,
 report identity theft to FTC.
Staff training
 staff should have been trained properly for emergency
situations
Keep up to date on major security breach
 if we come across security breach we should find what
Info is accessed and then we should change password immediately .
CASE STUDY - 1

2007 ESTONIA ATTACK

 INTRODUCTION
• Known as the Estonian Cyberwar.

• Started on April 27, 2007 and this attacks last

about 3 weeks.

• Series of attacks targeting government portals,

parliament portal, banks, ministries, newspapers and
broadcasters of Estonia.

• Estonians claimed this attacks as a political attack or

revenge from Russians.
WHY THIS ATTACK HAPPENED?
On 27 April 2007, the Estonian government moved a
controversial Soviet-era World War II memorial from a
square in the capital city of Tallinn to a more secluded
location.

Protests erupted in Estonia and Russia, where Estonia's

Moscow embassy was blockaded.

The Russian government protested vociferously and

issued threats.
TYPE OF ATTACK
Denial of Service (DoS) or Distributed Denial
of Service (DDoS) attacks

Denial-of-Service attacks focus on making a service

unavailable to intended users.
 How was the internet used
for Estonia attack?

Phishing
Ping flood
Udp flood
malformed web queries
e-mail spam
SQL injection
Web sites defacing
Botnets
HOW DOES THE ATTACK TOOK PLACE?

thousands of zombie computers used to bombard a website

websites were shut down

spamming of bigger portals

unavailable access to some websites

First wave of attacks (DDoS):
• 27 April 2007, a member from their DDOS group
communicated electronically

• Commands of attacks posted to various boards,

blogs and chats on the Internet.

• These commands uploaded to a web address

below:
“http://fipip.ru/raznoe/pingi.bat”
Second wave of attacks:
• 30 April 2007, posted some email address of
Estonia’s parliament deputies.

• MESSAGE - “congratulations of the Victory

Day”.

• RESULT - server failure.

A post containing email address of Estonia’s parliament deputies
Third wave of attacks:
• 3 – 9 May 2007, SQL injections used.

SQL injection
• Type of cyber attack
• SQL code ( structured query language)
• Gain information

• The attack heavily affected infrastructures

of all network
The targeted entities:
government
Parliament
Internet service providers (ISPs)
online media
……………

• Continues buffering

• Use of bot/zombie effected by botnet

 • Some web sites been Defaced.

Examples of Estonia website that was deface by Russian crackers

• posted a fake letter of apology from the pm for
removal of the statue
• Clogged country’s server
HOW ESTONIA OVERCOME THE
ATTACK?
• Closed sites for foreign users
• Implemented an online "diversion" strategy
• Cisco guard was installed
• Blockade of bots
• Various countries supported CERT (computer
emergency response team)
• Analyzed server logs
• NATO assisted Estonia in combating this attack
HOW DID THEY TRACE THE IP OF
THE ATTACKER?
 WHAT IS THE APPEAL OF
CYBER TERRORISM FOR
TERRORISTS?

• EASIER
• ANONYMOUS
• MASS EFFECT
 How real is the threat of
cyber terrorism?
 The Potential threat posed by cyber terrorism has provoked
considerable alarm.
 Psychological, Political and Economic forces have combined
to promote the fear of cyber terrorism.
 Cyber Terrorism – An attractive option for terrorist.
 Hazardous damages caused by cyber terrorism to Nation.
 Nuclear Weapons and other Sensitive Military Systems , as
well as the computer system of CIA and FBI , are “air-
gapped”, making them inaccessible to outside hackers.
CASE STUDY -2

2008 Ahmedabad bombings

2008 Ahmedabad bombings

 TV channels received e-mail from

terror outfit Indian Mujahideen
claiming responsibility for terror
attacks.
 Police arrested mastermind, Mufti
Abu Bashir in connection to
bombings.
 These bombings occurred a day after
the Bangalore blasts.
 Bombs were planted in Tiffin carrier on
bicycles.
 Blasts targeted the city bus service ripping
apart portions of the vehicles.
 Two blasts took place in hospitals, about
40 minutes after the initial series of blasts.
 Police recovered and defused two more
bombs in major city Surat.
 Two cars filled with materials required to
make explosives were also found.
Warning through e-mail!

 Agencies received a 14-page e-mail five

minutes before the explosions with the subject
line: "Await 5 minutes for the revenge of Gujarat“
 The threats went on to warn businessman
Mukesh Ambani.
 e-mail threatened Bollywood actors .
 Police questioned U.S national Ken Haywood
from whose IP address the threatening email
was sent.
 56 people were killed by the bombing and
over 200 people were injured.
 Compensation amount was announced for
those injured in the blasts.
 Both blasts of Bangalore and Ahmedabad
were executed by a network of Wahabi as
Indian Mujahideen.
 e-mail has been traced to a locality in Navi
Mumbai.
Leads in the case
 police investigation has centered
around the claims made in two
phone calls.
 The doctor described the
suspected culprit
 One of the cars had four live
bombs which were defused.
 CCTV footage of the driver was
found ,used for the bombings
 Bombs planted were made from
locally purchased wood
Suspects
 The suspects, Rasool Khan Yakoob  On 16
Khan Pathan , Sohail Khan and Mufti August
Sufiyan suspected to be key operatives.
2008 ,
 On 29 July 2008, the police detained
the case
three suspects, Abdul Qadir, Hasil
Mohammad and Hussain Ibrahim.
got
 Rasool Khan Parti and Mohammad
solved.
Sufiya Ahmed Patangiya were the
masterminds behind both the
Ahmedabad and the 2008 Bangalore
serial blasts.
Arrests
 Maulana Abdul Halim, a suspected Students Islamic
Movement of India activist, was arrested .
 On 15 August, the Gujarat police arrested Mufti Abu
Bashir, and nine others, in connection to the bombings.
 On 24 October Abdul Razik Mansuri had been arrested
along with Harun Rashid.
 On 11 November, the Madhya Pradesh Anti-Terror
Squad (ATS) arrested Qayamuddin Kapadia and
executor of the attack.
 On 26 March 2012, Maharashtra ATS arrested Abrar
Babu Khan .
 CONCLUSION
 Cyber terrorism is a scary concept for many reasons.
 It can do serious damages to human lives in various aspects .
The information age has brought us many good things, but along
with those good thongs came some bad things too.
All we can do as citizens is to protect ourselves by protecting
our information ,Who we give it to and how much we give it
out.
Our government is trying to do its part, so let’s support them
and their efforts and stop this cyber battle.
Not only these two cases , there are several cases
like 26/11 , 9/11 , ghazi attack , plane hijack ect
which our world has gone through.
THANKYOU