Cyber terrorism: Definitional problems
Other politically-motivated cyber attacks
There is a rise in activities by other politically-motivated cyber-groups. Some of these groups act individually; other groups are closely linked to a national state and the state apparatus. The state-sponsored groups are not clearly defined in the context of terrorism, and there is a tendency to look at these actors from either warfare or a cyber-crime perspective. Whereas hacktivism is predominately linked to cyber crime.
The UK legislation and the CONTEST strategy are unclear about the typology of hacktivism and state-sponsored attacks – and whether these should be considered under the counter terrorism legislation or cyber crime legislation: Do they belong to ‘other terrorist groups’ or are they classified completely different? As a result of that, can these groups’ activities only be viewed as ordinary cybercrime? If these groups were directly linked to the state, their activities could be classified as cyber warfare. Yet, this is a very unclear area, and these groups tend to promote themselves as a hacktivist group or a hacking group. Hacktivism is defined as a digital protest where the motivation is not economical. Instead, these activities are carried out to make a political statement – often through ‘virtual sit-in’ or DDoS attacks disrupting data traffic for a short while. However, these activities are seen as less severe and as being a part of citizens’ right-to-protest. However, this area becomes problematic when a growing number of politically-motivated cyber-crimes are committed by actors claiming to belong to a hacktivist group. But in reality, the actors have close ties to a state promoting a patriotic or nationalistic-political agenda.
Fake news, trolling, spying, hacking are areas deeply integrated into a broader political agenda promoted by certain groups. During the 2016 UK Brexit referendum, several hacking groups were significantly active fuelled by patriotic enthusiasm. These groups were supported by foreign state actors who wanted to use the referendum to influence internal politics. Russian and Iranian Twitter accounts as well as Russian state media, RT, were used to spread misleading information online. This was a technique that was simultaneously used during the 2016 US Presidential Election campaign. Yet, it is clear that these groups are only able to carry out these activities if they are either directly sponsored or supported by a state. During the US Presidential Election campaign in 2016, hacking groups, such as ‘Cozy Bear’, ‘New World Hackers’ and ‘Fancy Bear’ interfered significantly by spreading propaganda and influence voters. This method has proven very successful and therefore, it is likely to be repeated in the 2020 US election – as well as any upcoming UK elections. Following on from 2018 novichok attack on the Skripals in Salisbury, it became clear that Russia has adopted a comprehensive propaganda and misuse of information strategy using non-state actors to circulate misinformation. This is a strategy very similar to the IS’s use of the Internet to spread their political agenda.
Adding to the complexity, the 2017 WannaCry and NotPetya ransomware attacks targeting various countries, such as Ukraine, The US and the UK are perceived to be governmentally approved attacks covered up as a ‘traditional’ cyber crime. If Russia and North Korea are behind these attacks, then the side-effects of the definition deficit where counties and actors are manoeuvring in the shadow of the current definition of cyber crime vs cyber terrorism will create problems in the future. This is an area that is likely to increase. Yet, it is not clear how these state-sponsored groups should be classified and managed. By looking at the means and methods, it is evident that these activities fall under the scope of the traditional terrorism definition.
When is a group/individual classified as a terrorist and when is the online activity defined as terrorism? In recent years, politically-motivated cyber crimes have developed significantly in a way that continually challenges the boundaries of the cyber terrorism vs cyber crime definitions. The inconsistent perception of these different politically-motivated crimes and attacks can be lead back to the definitional problems. The various groups are using the same pathways, but they are fundamentally reviewed differently and therefore, these activities are captured in the gap between counter terrorism and cyber crime. The number of illegal activities and attacks have developed in magnitude, and the likelihood of potential disturbing and damaging attacks are increasing. The question is whether the UK counter terrorism framework is broadly enough formulated to contain these new directions of online politically-motivated actors and activities or whether the whole area should be reviewed and interpreted in a new way to ensure consistency across the spectrum?