Today, terrorists are making the best use of information technology to carry out their objectives. The NATO definition of cyber terrorism is “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or to intimidate a society into an ideological goal” (Everard P, 2007 p 119). Cyber terrorism is achieved using most of the elements of cybercrime. Terrorist groups adopt technologies of two types of goals with reasonable risks. The first goal includes those that improve the organization’s ability to carry out activities relevant to its strategic objectives, such as recruiting and training. The second goal is those that improve the outcome of its attack operations (Bruce W et al, 2007 p 15). To date, there are not any known international code of ethics and law that govern the investigation of transnational and state-sponsored cyber terrorism. The playing field is better prepared for terrorist organizations and world security forces have been holding international conferences and workshops to develop best practices and policies that would enable them to be match fit for any future terrorist strikes. Sadly, little has been achieved. This paper critically examines different international guidelines for investigating transnational and state-sponsored cyber terrorism and the need for an International Code of Ethics and Law in combating these attacks.
Oorn and Tikk named the Cyber Crime Convention (ETS No. 185), which, with the Convention on the Prevention of Terrorism (CETS No. 196), as “the most important international instrument for fighting cyber terrorism and other terrorist use of the Internet”(Oorn R and Tikk E 2007, p 91). Unfortunately, many states are not in agreement with Oorn’s and Tikk’s assertions. Furthermore, at the 11th meeting of Committee of Experts on Terrorism (CODEXTER) Council of Europe, with regard to possible legal responses to terrorism and cyber terrorism, Professor Sieber outlined in particular the harmonisation of national substantive criminal law and of national procedural law; the improvement of international co-operation; and other important aspects, such as, inter alia, the duty to protect infrastructures/data security certifications and preventive monitoring of data. Having examined the previous conventions, none of the above adequately covers serious threats to commit terrorist acts and this shortcoming is not supported by the capabilities of other international organizations.
In 2001, the European Commission prepared a document entitled “Network and Information Security: Proposal for a European Policy Approach (Ozeren S, 2008). The first two conditions dealt with legislative provisions and training of law enforcement officers to deal with both domestic and transnational criminal activities.
Furthermore, the second condition was augmented at the Tenth United Nations Congress on Crime Prevention and Treatment of Offenders that was held in Vienna, Austria in 2000. It was stressed that the exchange of technical and forensic expertise between national law enforcement authorities was imperative for faster and more effective investigation of such crimes (Tenth United Nations Congress, 2000). From 27 April to 18 May 2007, Estonia came under heavy Distributed Denial of Service (Ddos) attacks. One person residing in Estonia was charged and legal cooperation was requested from Russia, however this request remained unanswered as Russia had not criminalized computer crimes (Oorn R and Tikk E, 2008). As such the mentioned recommendation from Tenth United Nations Congress tends can address issues such as best practices in terms of obtaining and preserving evidence, maintaining the chain of custody of that evidence across borders and may clear up any difference in language issues. This highlights that there is the urgent need for International Law and Code of Ethics in combating cyber terrorism.
Interpol, (International Criminal Police Organization), through the collaboration of experts from members of national computer crime units has developed the Computer Crime Manual, now called the Information Technology Crime Investigation Manual (ITCIM). It is considered a best practice guide for the experienced investigator, and includes numerous training courses in order to share its expertise with other members, a rapid information exchange system which essentially consists of two elements, and preparing training video/CD-ROM for international law enforcement (Interpol, 2003). These best practises were hammered out from the Interpol’s collaboration with five major working parties namely: a)European Working Party on Technology Crime, b) American Regional Working Party on Information Technology Crime, c) African Regional Working Party on Information Technology Crime, d) Asia Steering Committee for Information Technology Crime and e) Steering Committee for Information Technology Crime (Interpol, 2003). These working parties supplies representation from the majority of the continents and much use can be made from their experiences and strengths. As such, the ITCIM can be used as the foundation on which an International Code of Ethics for Cyber Crime and Cyber Terrorism can be built.
The majority of the Conventions have emphasized collaboration and cooperation from other states in combating cyber terrorism. Different world security forces have all put forth policies and key conditions for international law enforcement to exist. However, there is little mentioned on the barriers to achieving international law and the detection and prosecution of transnational and state-sponsored cyber terrorism. Some states are not cooperating.
Professor John Walker, at an international crime conference in London, has accused China of state-sponsored terrorism and has said that the Chinese government was responsible for the ‘Titan Rain’ attacks on the United States and United Kingdom. He further lamented, “No matter how much collaboration you have internationally, if you have a state-sponsored terrorist coming out of China or Russia you are not going to get them. If they are state-sponsored e-criminals they are doing it for a purpose. And you cannot extradite them”(Blincoe R, 2008). But if Russia and China are doing it, so must the West; either to develop counter strategies or to develop their own proactive capabilities. It has been said that the next world war will be fought with bits and bytes, not bullets and bombs (Gaur K 2006). Until such time as both/all nations agree to stop, there will be no stopping this escalation in International State Sponsored Terrorism. To make matters worse, leading internet company Google, has censored its search services in China in order to gain a greater market share and to satisfy the Beijing authorities. This resulted in censored information being disseminated to users. These acts, together with Professor Walker’s assertions justify the need for International Law and Code of Ethics to address state-sponsored and transnational cyber terrorism. To avoid territorial differences in terms of protection and to practical problems in the detection and prosecution of cyber terrorist activities any draft International Law and Code of Ethics must be ratified by all states. However, due to the existence of non-cooperative and communist states, these requirements are long coming.
In conclusion, it appears that only lip service has been paid to combating cyber terrorism. In the absence of an International Code of Ethics and law to combat cyber terrorism, security forces must become better informed of terrorists’ use of the internet and better able to monitor their activities. They must also explore measures to limit the usability of this medium by modern terrorists. Finally, security forces must adhere to individual or selected best practices and guidelines to ensure that the integrity of any evidence seized in the few cases detected is beyond reproach and that successful prosecution may eventually pursue.
Blincoe R (2008) China Blamed for Cyber-Terrorism Retrieved November 14 2009 from http://www.itservicesconnected.co.uk/News/July-2008/China-Blamed-for CyberTerrorism.aspx
Colarik A M (2006) Cyber Terrorism – Political and Economic Implications. IGI Publishing
Don B W, Frelinger D R, Gerwehr S, Landree E, Jackson B A (2007) Network Technologies for Networked Terrorists Assessing the Value of Information and Communication Technologies to Modern Terrorist Organizations, Prepared for the Department of Homeland Security. RAND Retrieved on October 11 2009 from: http://www.rand.org/pubs/technical_reports/2007/RAND_TR454.pdf
Gaur,K. (2006). Cyber warfare – malicious code warfare. Retrieved from http://my.opera.com/kalkigaur/blog/show.dml/450195
Google censors itself for China (2006) Retrieved November 14 2009 from http://news.bbc.co.uk/1/hi/technology/4645596.stm
Ozeren S (2008) Cyberterrorism and International Cooperation: General Overview of the Available Mechanisms to Facilitate an Overwhelming Task (pp 78-82)
Sieber U, Brunst P (2009) Cyberterrorism and Harmonization of Criminal Prosecution
Retrieved November 3 2009 from:
Tikk E, Oorn R (2008) Legal and Policy Evaluation: Internation Coordination of Prosecution and Prevention of Cyber Terrorism Responses to Cyber Terrorism. . Amsterdam, IOS Press (pp 64-67)
Weimann G (2008) WWW.AL-Qaeda: The Reliance of al-Qaeda on the Internet, Responses to Cyber Terrorism. . Amsterdam, IOS Press (pp 64-67)