Cyber terrorism: Definitional problems

When is a group classified as a terrorist and when is the online activity defined as terrorism? Dr Tine Munk, lecturer in Criminology at Middlesex University’s School of Law, discusses

Cyber terrorism is an emerging problem. Defining and categorising a diverse set of politically-motivated online crimes is a complicated task. New means and methods are constantly developed and tested to reach a political, ideological or religious goal. It is only their imagination and technological capabilities that limit their activities. In recent years, various political groupings have expanded their online presence. However, the use of cyber space and computer technologies to promote politically-motivated crimes and past events has not prompted policymakers to define the area and identify precisely what cyber terrorism is and what distinguishes this area from other types of politically-motivated cyber crime.

Cyber terrorism is included in the UK Terrorism Act 2000, and other UK counter terrorism legislation and strategies have extended the scope. The CONTEST strategy and the Prevent strand consists of a conceptualisation of groups that falls under the terrorism definitions, i.e. International terrorism, Northern Ireland-related terrorism, extreme right-wing terrorism and other types of terrorism which can be both religious or political. The current legislation is clear about proscribed terrorist groups, such as Islamic States (IS) and the neo-Nazi group, National Action.

Therefore, these groups’ online activities are included in the regulation. Yet, it becomes more problematic defining groups outside this list — for example, hacking groups or state-sponsored groups targeting the UK. Some politically-motivated cyber attacks will be considered under the counter terrorism legislation, whereas other forms of politically-motivated cyber crime are managed using more lenient cyber crime laws despite using the same means and methods.

Defined terrorist organisation
Several terrorist organisations have a significant online presence, and the use of cyber-space will increase. For example, IS’s use of the Internet and social media are instrumental for its offline actions. The group has mastered the online environment in a way that separated them from other conventional terrorist organisations. The group and its followers are on the UK terrorist list, so there are no definitional problems related to the activities of IS. The terrorist organisation uses cyberspace and computer technologies to raise awareness, communicate and distribute its ideology through encrypted forums, webpages and social media. So far, there has not been a devastating large-scale cyber-attack originating from this group. Yet, the group has demonstrated their ability to disrupt online traffic by using Distributed-Denial-of–Service (DDoS) attacks against governmental targets in Egypt, Jordan, Yemen and Iraq. Of course, the group has lost territory on the ground, and as a result, the group are likely to enhance its online activities using the borderless structure and anonymity of cyberspace. Thus, the threat against the UK will increase. A future scenario would be IS targeting UK critical infrastructure, critical information infrastructure as well as information and communication technologies.

The architecture and the ecosystem of the Internet, social media, encryption and online spaces, such as the Dark Web, are crucial for promoting and enable politically-motivated cyber actions. There has been a rise in the online presence of far-right groups in the UK and aboard. Far-right groups’ modus operandi is similar to IS in the use of the Internet and cyber-space to promote a political end. Forums, such as the 4chan, the 8chan, Endchan and other anon sites, are increasingly used to spread the political message of these groups and individuals. Attacks, such as the Christchurch attack in New Zealand in 2019, are live-streamed directly to these chans. The online presence of these groups is vital for their political activities and recruitments. The legislation and the CONTEST strategy are clear about the link between these groups activities and terrorism, but there is a lack of clarity and understanding of similar areas, such as to hacktivism and state-sponsored groups.