Breaking through the vulnerabilities of fear
From here, a perspective will be addressed regarding the power of information security as the most effective current tool in the fight against terrorism via the network.
The individual with information has a moral duty to face this global threat, which has become the virus of our generation, based on research and historical surveys that show the defense power of those who have access to information.
With the modernization of security systems, with constant anti-virus updates and increasingly advanced firewalls, we have a constant need for investments in the technological sector, due to the constant advance of malicious attacks.
According to the Cambridge dictionary, terror is:
“Violent action or threats designed to strike fear among the common people,
in order to achieve political goals”
However, it is possible to add to this definition several current motivations for terrorist actions, such as religious issues, financial issues and various personal reasons inherent in human beings with an extreme level of perversity, which may even be bullying (that's right, motivations of young people to commit acts of terror due to psychological changes in schools and the internet), that can be used to alienate terrorist groups, that is, an attempt to affect a person's freedom.
For this, it is necessary to understand some practical aspects of terrorism in order to carry out the transfer of our thinking between the physical and digital actions of this type of threat; mainly to remove from its mentality any discriminatory aspect commonly present in western civilization, that a terrorist is just an explosive guy in a turban.
As this article is an introductory fragment of research on the topic, it will be summarized between Indirect Plan & Direct Plan based more on the interaction of terror in the digital age:
INDIRECT PLAN
These plans have an undefined focus and form the basis of the terrorist's interaction, but have profitable consequences for them:
• Approach: Use of ways to approach a possible victim, or future, be it work environment, school or community groups.
• Sharing of ideas: Attempt to attract by common subjects, in order to create new ideas to alienate, be it sports, games, etc.
• Affinity: Creating a bond with the individual, be it friendship, dating or marriage
DIRECT PLAN
These plans have a defined focus, using tools or indirect actions to carry out an active threat:
• Communication: Access and collection of information and data from the individual, and use of psychological aspects.
• Manipulation: Use of alienation methods, transforming the mentality or changing the individual's attitudes leading to the purpose of violent acts.
• Action: Perform acts of violence, or manipulate to act on your orders.
Now that we know some characteristics of indirect and direct actions of a terrorist, who is the one who commits an act of terrorism, we will be able to focus on transfering to the digital medium the use of these methods and then plan our digital defense.
IN DIGITAL:
This whole process can be done mostly by networks that allow socializing - common ones, like Instagram and Facebook, and public forums that go from the surface, like Reddit, to the Dark Web, like 4Chan, or even direct attacks.
So what is the most used process with regards to cyber security and terror?
- Social Engineering –
It can be described as the number one tool that we can use to intensify our defense, being a form of manipulation, which does not always involve studying this specific subject. Sometimes, malicious individuals manage to do this just because they are easily convinced, and not even always because they necessarily studied social engineering.
Knowing this type of subject, even if you are a layman in the digital world, will create a critical view in you, which will make the use of the network more cautious. If you have children, you will be able to take care of their access to the network.
As we know, attacks on schools are a routine topic in many parts of the world, and most of the reports involving attacks are made by people who have radically changed their thinking, whether moved by the motivations that we mentioned earlier, or manipulations made by somebody.
In the adult population, terror is carried out through access to personal data, communication blackmail (e-mail, telephone), and the manipulation of radical ideas, which make people who are not always fragile, agree with violent acts.
ATTACKS INVOLVING SOCIAL ENGINEERING:
In addition to theoretical knowledge on the subject, the most important thing is to have knowledge of the enemy's tools and ways of using them, as described below:
- Phishing: The term literally refers to fishing. You might receive messages or contacts that seek to “fish” for information that may privilege an attacker, or introduce malware into the system to perform this data search task, often through a simple click on a malicious email.
Below is a comparative graph of ages in relation to the phishing attack:
Access and learn more at: https://truelist.co/blog/phishing-statistics/
- Spear Phishing: Used on specific individuals
- Whaling: Attack on high-level individuals (CEO, CFOs, Politicians)
- Pharming: Attack that redirects web traffic to a fraudulent website by installing malicious software on a personal computer or server
- Spimming: Spam variant, which exploits instant messaging platforms to flood spam networks
- Mobile Based: Publishing malicious apps, fake security apps, Phishing SMS- You can use the repacking technique, where a developer repacks the app with a malicious file along with the original app, and when it installs it gets infected (so be careful installing an APK app directly from Google)
“Social engineering takes how humans are wired to make decisions and exploits vulnerabilities in those processes.”
– Book: Social Engineering by Christopher Hadnagy /2nd Edition - 2018
YOU ARE THE TARGET
Taking all the considerations made with the basic knowledge of social engineering, in relation to the manipulations that are carried out psychologically by terrorism, we can approach the problem of informational filtering in the internet network, where YOU ARE THE TARGET.
We can see a practical illustration of this information by watching the documentary series The Social Dilemma, that I recommend watching, which addresses in an exemplified way how we can have our mindset changed and directed towards something that is harmful. We are currently bombarded by information at all times, and the determining factor to remedy this problem is to have a critical view.
A critical view will make you always analyze correctly and ask questions about the information that comes to you, reliable sources, being protected from fake news, all this combined with social engineering countermeasures will be the set for your effective defense.
TERROR - DIGITAL COUNTERMEASURES
• Pay attention to which sites and forums you have access to – Those responsible for children/adolescents on the internet, always check the access history, and have the option of dialogue to correctly instruct young people about the risks of radical information.
• Don't open emails and attachments from suspicious sources – If you don't know the sender in question, you don't need to answer an email. Even if you do know them and are suspicious about their message, cross-check and confirm the news from other sources, such as via telephone or directly from a service provider’s website. Remember that email addresses are spoofed all of the time; even an email purportedly coming from a trusted source may have actually been initiated by an attacker.
• Use multifactor authentication – One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account's protection in the event of system compromise.
• Be wary of tempting offers – If an offer sounds too enticing, think twice before accepting it as fact. Googling the topic can help you quickly determine whether you're dealing with a legitimate offer or a trap.
• Keep your antivirus/antimalware software updated – Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day. Periodically check to make sure that the updates have been applied, and scan your system for possible infections.
• Report it – The act of doing nothing also has drastic consequences, so whenever you are aware of or have access to possible acts of terror or radicalism, in which someone or a place is disseminating this type of content, report it to the digital protection agency in your country and the police.
CONCLUSION
The power of those with information is something really impactful, therefore, by following the guidelines of the relationship between cyber security and terrorism that were described earlier, it is expected that the reader will be able to absorb this introductory part of an ongoing research on this topic. This will help their critical and defensive thinking, enabling people to survive and giving them a chance to make a digitally safer world, as it is fully connected to the external world, outside the network.
ABOUT THE AUTHOR
Lucas Maclaud, security consultant at Ghost Level Security (Brazil), IBM Certified Cybersecurity Analyst, Veteran of the Brazilian Marine Corps, former member of the Special Operations Battalion.
ACT - Counterterrorism Certificate by the Security Industry Authority (SIA – United Kingdom), Counterterrorism Training Certificate from the Academy of Counter Terrorism (LSU/NCBRT - USA) and the Defense Counterintelligence and Security Agency (DCSA - USA) and Cyber Warfare from Charles Sturt University (AUS).
C|EH and ISC certification student and anti-terrorist investigator.
Founder of Ghost Level Security (G.L.S), a consultancy focused on complete enterprise defense, offering Blue Team and Red Team analysis as a Pentester, and offering organic security support.
Business contact:
E-mail: gl_security@protonmail.me
Instagram: @ghostlevelsecurity
On the Web:
Movie: https://www.thesocialdilemma.com/
Bibliography:
- Concept reference
- Resource about Violence in the school
- Book: 2nd edition (31 July / 2018) - Social Engineering - Author Christopher Hadnagy
- Social Engineering Theme by Global Tech Council Web Site
- Graphical Imagem for Social Engineering
- Document: Towards an Ontological Model Defining the Social Engineering Domain – 2020