Threat Intelligence

The Likelihood of Cyber-Terrorism Today

Emanuele De Lucia
January 23, 2015 by
Emanuele De Lucia


The virtual space has over time become something of real importance for business, politics, work, communities and communications.

In becoming gradually more and more dependent and addicted to the Internet, individuals, companies, organizations and governments have raised (or are raising) awareness of being intimately vulnerable to attacks and threats of various types.

Not only can the Internet potentially be used "as it is" to conduct offensive actions that are born and die in cyber-space, but it can also be a great way to conduct complementary or parallel actions to physical threats, such as, for example, ideological/religious propaganda and information gathering of sensitive targets.

Analyzing terrorist actions conducted in the past, we saw a massive use of electronic means, and, in consideration of the fact that through such means we can ideally act "without territorial boundaries", it is certainly possible to say that the Internet ties the terrorists together. Besides the fact that, by the analysis of seized media in hot scenarios like Afghanistan, Syria and Iraq, were brought to light real intelligence campaigns conducted through its use in preparations of complex attacks.

In addition, it is not difficult to imagine that even with not so high skills, the Internet can provide a good level of anonymity, control and coordination points, as well as a multitude of techniques for the exchange of sensitive information (steganography, encryption, encoding, words schemes, etc.).

This article is intended to treat the generic elements of what is commonly called "cyber-terrorism" and the risks associated with the fact that today it really can occur.

Definition and Concepts

The term cyber-terrorism was first used by Barry Collin, a security researcher and an intelligence expert. He simply called "cyber-terrorism" as the convergence of the terms "cybernetic" and "terrorism". Today, a definition popularly used to describe it is "the use of Internet and/or ICT networks against one or more critical national infrastructures (energy, transport, communications, military, economy, finance etc. etc.) in order to hit or intimidate a society and its peoples causing casualties or injuries for ideological, political or religious reasons".

From this definition, cyber-terrorism can be considered in some ways along the lines of physical acts of terrorism, with which it shares some essential features. One of the keywords used in discriminating actions of cyber-terrorism from other types of similar actions in cyberspace is the "motivation" that pushes the attackers. An action with a clear political/ideological motivation or with obvious notations related to religion are to be considered more likely acts of cyber-terrorism. The same type of action aimed at mere economic gain (through extortion or blackmail) would be more easily placed within the various layers of cybercrime (organized and not).

Networked Agents (they are online)

But how, commonly, are computing and multimedia resources currently used for pro-terrorism and/or pro-cyber-terrorism campaigns? Is it possible to identify key areas in which are concentrated their greatest online efforts now? One of these, among the most banal and obvious even though among the most disconcerting, is the "glorification of violence".

The glorification of violence and the push to emulate bloodthirsty acts is definitely one of the first goals for which the telematic medium is used today by terrorist groups. Beyond that, however, the Internet has become a great conduit for disseminating messages and resources targeted to the training of recruits and their indoctrination.In this regard, very particular attention must be given to social networks and sites devoted to meeting, such as chat rooms or forums. Another aspect certainly not to be underestimated is the so-called "online funding research".


Recently it was discovered that some online donations to apparent benevolent institutions went instead to fund organizations in the Middle East led by terrorist groups. There's also a very wide use of the Internet for the dissemination of material devoted to "digital training".

Audio, video, online manuals and web content are increasingly devoted to the self-made training of new recruits. It is pretty clear then that the potential of the digital world is endless when viewed under this light.

Besides the activities described above, also to be taken into account are the benefits coming from the capabilities of "active" information gathering actions, which are not limited to passively seek information, but which aim to get it through campaigns of affiliate hacker groups.

Thanks to them, in close relation to their capacity of course, it is easy to assume that the quantity and especially the accuracy of the information collected is certain to increase, thereby increasing the "value" (may be better… the dangerousness) of any terrorist group. 

If we also think of the increased capacity of securely sharing this information, things seem even more threatening.

If, in fact, the attack of 11/09 has seen a design largely based on an exchange of emails totally "in clear", the terrorist groups have over time developed means and tools that are much more sophisticated to ensure the confidentiality of their communications.

One of the best known is certainly the "Mujahideen Secrets", widely used by Al-Qaeda until 2007 for the protection of online and mobile communications. Recently, however, other software have been developed over this, especially after the "leak" of Edward Snowden of June 2013, such as "Tashfeer al-Jawwal", a platform for the use of encryption developed by the "Global Islamic Media Front (GIMF)" or l "Amn al-Mujahid", a software for the use of strong encryption developed by the "Al-Fajr Technical Committee", an organization traditionally linked to Al-Qaeda.

The cyber-space, therefore, appears tied hand in glove with each stratum of the organization of terrorist groups, and the Internet is the backbone of this dimension that today is so strong that it is difficult even only to imagine the presence or evolution of such organizations without it.

The Risk Today

The theme of the real risk today about cyber-terrorism is certainly due to disagreements in opinions among the experts.

Of course, it is very easy to imagine that a government technologically abreast and in possession of specific "cyber-attack" units has on its side both the skills and the motivation to develop very effective digital weapons to be used against sensitive targets.

But what could we say about the capabilities of cyber-terrorists in a cyber-war against an international community? According to the definition above, can we attribute such advanced capabilities in the digital world to such groups?

Despite the rather simple fact to assume (or better, to recruit) an experienced hacker, or perhaps a group of them and rely on the support of affiliated "software house" (see sections above), this does not mean to pursue a program of "digital weaponry" comparable to that of some governments.

How can we identify the notations a real program of cyber-sabotage? The variables involved in this case are many, but as an evaluation term, we can consider by a practical point of view a hypothetical cyber-attack against a target among the most desirable to the eyes of a cyber-terrorist: an electrical power plant.

So, what would I need to complete a similar cyber-attack with a good chance of success?

One of the first things to consider, according to common experience, is the assured presence of redundant systems in such infrastructures.

An effective pure cyber-terrorist attack therefore should provide adequate coordination and probably the use of very sophisticated malware. In this regard, therefore, would be needed very high technical skills, good movement in the "underground" to get information about the software in use, weaknesses in the infrastructure, exploit codes, as well as a good availability of money. All this without considering that if we are going to work at certain levels, a proper hardware will be needed to ensure adequate computing power, storage space and fast lines.

Another factor not to be underestimated is certainly the human one. In fact, it seems unlikely that experienced and highly trained ICT security specialists will enlist in the ranks of these organizations. And even if this were to happen, such individuals would face many problems related to their small number. It takes indeed long time in the development of dedicated malware to reach a good level of reliability in performing the operations expected, as well as to put together all the information about the more critical targets and their vulnerabilities.

All this now seems beyond the means of even the largest and economically advantaged terrorist organization. In addition, if we make a comparison with the physical world, the operations in cyberspace, as well as being much more complex to organize, are also less spectacular in the mind of the community. Even talking about internal growth and "in house" training, it's certainly much easier to instruct at the use of weapons compared to even a "basic" training in cyber-security.


Although considered potentially devastating and almost certainly with an influence on a rather extensive geographical area, today the probabilities of a pure cyber-terrorist attack are quite low in my opinion.

For sure, this specific threat is more likely to be associated with hostile governments that own the means and the interests to develop high offense capabilities in the digital world.

This obviously does not means that the threat of cyber-attacks sourcing from terrorists is absent.

Most probably indeed it is to be expected that they will use them as a complement of physical terrorist actions in the near future.

Imagine, for example, the consequences of a denial of service attack against the emergency systems after an explosion in a subway. They would be catastrophic.

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

In addition we have to consider that the use of modern information technology, the development of software that is very effective in ensuring the confidentiality of communications, as well as hacking techniques used for collecting informations about targets and persons are gradually increasing between terrorist groups, raising exponentially their skills of organization, coordination and consequently, their dangerousness.

Emanuele De Lucia
Emanuele De Lucia

Emanuele is a passionate information security professional. He's worked as tier-two security analyst in the Security Operation Center (Se.O.C. or S.O.C.) of one of the largest Italian telecom companies, as well as a code security specialist in one of the world's largest multinational corporations.

Currently, he works as an information security manager at one of main facilities of an international organization. With a strong technical background, he specializes in offensive security, reverse engineering, forensic investigations, threats analysis and incident management.

He holds a Bachelors degree in Computer Science and a Masters in Computer Security and Forensic Investigations. He also holds the following professional certifications: CISSP, MCSE+Sec, C|EH, E|CSA/L|PT, CIFI, CREA, Security+ and CCNA+Sec.