Cyber terrorism: a clear and present danger, the sum

Crime Law Soc Change
DOI 10.1007/s10611-007-9061-9
Cyber terrorism: a clear and present danger, the sum
of all fears, breaking point or patriot games?
Michael Stohl
# Springer Science + Business Media B.V. 2007
Abstract Over the past two decades there has developed a voluminous literature on the
problem of cyber terrorism. The themes developed by those writing on cyber terrorism
appear to spring from the titles of Tom Clancy’s fiction, such as Clear and Present
Danger, The Sum of All Fears and Breaking Point, or somewhat more cynically, Patriot
Games. This essay examines both the gap between the presumed threat and the known
cyber terror behaviors and the continuing literature which suggests an attack is imminent. It
suggests that at least part of the explanation lies both in the continuing failure to distinguish
between what Denning (Activism, hacktivism, and cyber terrorism: The internet as a tool
for influencing foreign policy, 1999) referred to as hactivism and cyberterrorism and also
the failure to distinguish between the use of digital means for organizational purposes
(information, communication, command and control) and the use of digital communications
to actually commit acts of terror.
Over the past two decades there has developed a voluminous literature on the problem of
cyber terrorism. The themes developed by those writing on cyber terrorism appear to
spring from the titles of Tom Clancy’s fiction, such as Clear and Present Danger, The Sum
of All Fears and Breaking Point, or somewhat more cynically, Patriot Games. But perhaps,
as we shall see, the appropriate Tom Clancy titles to describe the state of the cyber terrorism
literature should be State of Siege, Without Remorse and Hidden Agendas; to distinguish
between the literature and the empirical reality of cyber terror.
M. Stohl (*)
Department of Communication,
University of California, Santa Barbara,
CA 93106, USA
e-mail: [email protected]
M. Stohl
Much before 9/11 there had been great angst about the possibilities of cyber terrorism,
including oft stated fears about a digital Pearl Harbor.1 This fear was further enhanced by
the Y2K problem often referred to as the millennium bug by those who sought to dramatize
the threat.2 Despite the fact that these fears have yet to be matched by real events,3 in the
context of the post 9/11 concern with terrorism and the global war on terrorism, the threat
of cyber terrorism remains high on the list of public and professional fears.4 In the post 9/11
world, journalists and governmental officials have often tied the threat of cyber terror to Al
Qaeda and other terrorist organizations to obtain maximum effect. For example Lenzner
and Vardi [22] write, “Four years ago al Qaeda operatives were taking flying lessons. Today
they are honing a new skill: hacking.” However, “[t]here is little concrete evidence of
terrorists preparing to use the Internet as a venue for inflicting grave harm ([9]:24). In
summary, there have been no instances where cyber terrorism has mirrored a catastrophic
loss of life or physical destruction associated with the most violent acts of “conventional”
terrorism. The study of terrorism routinely exaggerates both the threat of WMD terrorism
and the spectacular and deadly events that have infrequently occurred. It creates an
assumption that most terrorism events involve large numbers of deaths and enormous
property damage. However, the spectacular events actually account for a relatively small
portion of what occurs within the rubric of the terrorism experience and while enormously
important and correctly feared, must not stop us from looking at the overall problem and the
entirety of the threat.5 The same is true with respect to cyber terrorism. It is thus important
to examine both the divergence from reality with respect to cyber terrorism prevalent in the
literature and to consider why there appears to be such a large gap between the presumed
threat and the known behaviors.
“The most popular term, ‘electronic Pearl Harbor,’ was coined in 1991 by an alarmist tech writer named
Winn Schwartau to hype a novel. For a while, in the mid-1990s, ‘electronic Chernobyl’ was in vogue. Earlier
this year, Sen. Charles Schumer (D-N.Y.) warned of a looming ‘digital Armageddon.’ And the Center for
Strategic and International Studies, a Washington think tank, has christened its own term,”digital Waterloo
See also Debrix [7]. “Cyberterror and Media-Induced Fears: The Production of Emergency Culture,”
Strategies: Journal of Theory, Culture and Politics, Vol. 14, No. 1, 149–168.
Of course the millennium bug was not the result of a terrorist threat but rather the result of an outdated
programming system which had not accounted for the transition from 1999 to 2000. See for example http://
By 1999 Crypt newsletter noted that “Electronic Pearl Harbor” and variations on it, could be found in over
500 citations for the phrase in on-line news archives, military research papers and press releases.
Simpson [32] writes “The nearest thing to cyber terror involved the March 2000 case of Vitek Boden, who
infiltrated the systems of a sewage treatment plant in Australia. His attacks resulted in the release of an
estimated 265,000 gallons of untreated sewage into local water courses... ...Boden had been employed by the
company that installed the control network and his laptop contained a software application needed to access the
system. The motive was revenge for rejection of his job application by the local authority in Queensland.”
“The consensus among security experts is that there has never been a recorded act of cyberterrorism pre- or
post-September11” ([15]:388).
Whether or not this appreciation of terrorism actually receives its due in the formulation of counter terrorist
policy, particularly in the post 9/11 environment, it was clearly articulated in the 1999 State Department
report on global terrorism. “Furthermore, terrorist acts are part of a larger phenomenon of politically inspired
violence, and at times the line between the two can be difficult to draw” (2000:5).
Cyber terrorism
State of siege
It is clear that despite the continuing reality that cyber terror remains a potential threat
rather than an ongoing series of events, there has not developed a sense of security, comfort
or complaisance in the popular press but rather a fear that this year or next is “in fact” the
year of maximum danger. The public is constantly reminded that “we” remain vulnerable to
cyber attack and that it is only a question of time before we are surprised by the still lurking
digital Pearl Harbor.
Many different factors converge to keep the concept of cyber terrorism on the public
agenda. Cyber terror concerns serve many different and often unconnected actors, whose
collective needs are served by keeping the threat on the public’s list of concerns.
Underlying much of the concern with the misunderstood nature of the threat of cyber
terrorism is a combination of fear and ignorance.6 Embar-Seddon citing Richard Lazarus
(“An unknown threat is perceived as more threatening than a known threat.”) argues that
The most destructive forces working against an understanding of the threat of Cyber
terrorism are a fear of the unknown and a lack of information or, worse, too much
misinformation. The word cyber terrorism brings together two significant modern
fears: the fear of technology and the fear of terrorism. Both technology and terrorism
are significant unknowns ([11]:1034).
Likewise, Weimann argues “from a psychological perspective, two of the greatest fears
of modern time are combined in the term ‘cyber terrorism’ ([42]:131).” Thomas ([39]:115–
116) elaborates further
The Internet produces an atmosphere of virtual fear or virtual life.People are afraid of
things that are invisible and things they don’t understand. The virtual threat of
computer attacks appears to be one of those things. Cyberfear is generated by the fact
that what a computer attack could do (bring down airliners, ruin critical infrastructure,
destroy the stock market, reveal Pentagon planning secrets, etc.) is too often
associated with what will happen (emphases in original).
There is a regular cycle of cyber sector and government press releases which are eagerly
reported by both the mainstream press and trade sector publications. The vast majority of
these releases discuss the threat and the precautions, investments and critical needs of the
cyber sector. Rarely, do such releases call attention to the lack of actual cyber terror events,
as opposed to, cyber crime, hacking or hoaxes and rarely do they inform the reader that the
same type of threat and the same “crisis mode” of release appeared in each of the previous
years since the early 1990s.
The cycles and concerns mirror the types of competition between administrations and
their opposition that took place in the 1950s and 1960s with respect to nuclear weapons and
the arms race. Both incumbents and challengers sought to demonstrate potential weaknesses
and emerging threats and the need therefore to remain vigilant and invest in preventive
measures and improved systems. What we find therefore are systematic leaks tied to the
budgetary cycles of various states and systematic leaks tied to the election cycle.
Governments also engage in the creation of systematic studies and blue ribbon panels,
none of which are likely to report that they can guarantee that no threat exists and that it
This fear of cyberterror mirrors the fear of crime found in many studies during the past quarter century. (See
Glassner [16]; Gerbner and Gross [14]; Altheide [1])
M. Stohl
won’t grow larger in the future for fear of looking weak or contributing to a state of
unpreparedness (see Barnett [4]). In the cyber terrorism realm, Richard J. Clarke emerged
from bureaucratic obscurity and became a media favorite when he resigned from and
authored his critique of the Bush administration’s handling of the terrorism threat. Clarke,
who had long been acknowledged within Washington as a capable bureaucratic infighter,
had for many years regularly referenced the threat of an electronic Pearl Harbor at budget
time and kept the issue “boiling” during much of the rest of the year.7
After 9/11 Clarke incorporated the concept of the post 9/11 world to continue to
advance his agenda. Thus Weimann [42]:133) argues that “Following an October 2001
meeting with high-tech executives, including several from the security firm Network
Associates, President Bush appointed Richard Clarke as his first special advisor on
cyberspace security. After 11 September, Clarke created for himself the position of
cybersecurity czar and continued heralding the threat of cyberattack. Understanding
that in Washington attention leads to resources and power, Clarke quickly raised the
issue’s profile. “Dick has an ability to scare the bejesus out of everybody and to make
the bureaucracy jump,” says a former colleague.”
After another of the Clarke briefings, Squitieri [33], writing in USA today wrote:
The vast array of potential targets and the lack of adequate safeguards have made
addressing the threat daunting. Among the recent targets that terrorists have discussed,
according to people with knowledge of intelligence briefings:
The Centers for Disease Control and Prevention, based in Atlanta. It is charged
with developing the nation’s response to potential attacks involving biological
The nation’s financial network, which could shut down the flow of banking data.
The attack would focus on the FedWire, the money-movement clearing system
maintained by the Federal Reserve Board.
Computer systems that operate water-treatment plants, which could contaminate
water supplies.
Computer networks that run electrical grids and dams.
As many targets as possible in a major city. Los Angeles and San Francisco have
been mentioned by terrorists, intelligence officials say.
Facilities that control the flow of information over the Internet. Richard Clarke, the
White House special adviser on cybersecurity, says such sites, of which there are
20 to 25, are “only secure in their obscurity.”
For example see Ryter [29]. “You might say 1999 – the year of the Y2K fears – was ‘the year of the Clarke.’
For a very brief period, Clarke became a second tier player with a first string chorus – but only because it
served the interests of the Clinton–Gore Administration to promote Clark’s fantasies about cyberarmageddon. It helped Clinton and the liberals in Congress push through a legislative agenda that likely
could never have been enacted without the Y2K fantasy fodder fed by Clarke. And Clarke enjoyed the
limelight.” “Can we trust the guy who gave us Y2K??” Jon Christian Ryter March 27, 2004 NewsWith Retrieved on February 1, 2006 from and
George Smith Crypt Newsletter 1999 Like old Jacob Marley, Richard Clarke – the broken record of the
National Security Council – is produced to rattle his electronic chains and howl menacingly for the rubes. “...
Richard A. Clarke of the National Security Council, repeatedly warns them that ‘cyberterrorists’ could launch
computer attacks ‘shutting down a city’s electricity, shutting down 911 systems, shutting down telephone
networks and transportation systems,’ as he said in a recent interview.”
Cyber terrorism
The nation’s communications network, including telephone and 911 call centers.
Air traffic control, rail and public transportation systems.
But it was not simply Richard Clarke who was interested in the use of the cyber terror
threat within the Bush administration. Stanton ([34]:1020) recounts the story of the Code
Red Scare in the July–August 2001 period. He characterizes the campaign as “an example
of either an ongoing government disinformation campaign designed to demonize the
Internet and frighten the public or just plain government ignorance and fear of how the
Internet might be used by the public.” (W. Madsen, personal communication, June 2001)8
Hidden agendas
Further, there are also many security firms that have services to sell which are designed to
protect us from “them.” Since 1997 the Computer Security Institute (CSI) has produced an
annual survey which “documents” the increasing number of attacks against corporate
networks and the increasing dollars placed at risk because of these attacks. The Institute
asks respondents to report on various security issues and to estimate the costs of protection
and the costs of the attacks. These include various forms of system penetration from the
outside, detected denial of service attacks, and detected computer viruses. Despite
numerous methodological problems (including a non-random sample of respondents),
CSI has been particularly adept at obtaining widespread media coverage. The media, for
their part, report but do not evaluate the methodology or the calculations. In addition other
security firms have been quick to build upon the survey for their own benefit.
After this year’s release the following appeared:
IBM has released a new product that tackles internal network security threats...
In a 2005 survey by the FBI and US Computer Security Institute it was found that
56% of US firms had reported internal security breaches [30].
and there followed software fixes advertised by other enterprising organizations. As has
been noted many times (see e.g., Weimann [42], Green [18], Flemming and Stohl [12])
there are many incentives for security firms to advertise vulnerabilities and sell “solutions”
as the number of digital users increases and the importance of digital transactions expands
to every sector of our daily lives.
Patriot games
As with the exploitation of legitimate and expanding concerns with digital transactions in
the private sector, there are also opportunities beyond simply improving bureaucratic
material and influence resources within the governmental sector. As with the debates about
national security during the cold war, the discussion about cyber security also involves
Stanton continues “Why the Code Red Scare? Well, maybe its just coincidence, but sometime over the next
couple of months President Bush is expected to issue a new Executive Order on Cybersecurity and, of
course, the new budget cycle starts. He will appoint an interagency cybersecurity and Continuity of
Operations Board. Soon after the hype surrounding Code Red, [then head of the] National Information
Infrastructure Protection Commission, Ron Dick, got a jump start on things with a press conference on
cybersecurity at the National Press Club. Hyping Code Red was a sure fire way to ensure the conference was
covered by all the talking head networks. And it didn’t hurt that Code Red provided a convenient backdrop
while then-FBI Director designate Robert Mueller was fielding some questions during his Senate
conformation hearings on what the FBI will do on cybersecurity during his watch.”
M. Stohl
some misinformation (also called disinformation within the foreign policy realm) and
exploitation of fears and risk. After 9/11 the discussion of cyber security and cyber
terrorism has been no exception. Much investigation and analysis has been conducted with
respect to the development of the Bush administration case against Iraq as a justification to
declare war in 2003, and in addition to its case with respect to WMD it is important to
remember there was also an attempt to tie Saddam Hussein to Al Qaeda and the “Global
terror network.” Those terror ties were not limited only to what many refer to as the BTKP
(Break things, kill people) forms of terrorism (see [15]). Some “packaged” Saddam and
Hussein within the cyber frame.
In the Fall of 2001 when the Bush administration began to trumpet the connection
between Saddam Hussein and Al Qaeda, Joshua Dean reported the assertions of terrorism
analyst Yonah Alexander of the Potomac Institute connecting Iraq and cyber terrorism.
Iraq has quietly been developing a cyber arsenal called Iraq Net since the mid-1990s.
Alexander said it consists of a series of more than 100 Web sites located in domains
throughout the world. Iraq Net, he said, is designed to overwhelm cyber-based
infrastructures by distributed denial of service and other cyber attacks. “Saddam
Hussein would not hesitate to use the cyber tool he has,” Alexander said. “It is not a
question of if but when.
Like the assertions of Iraq’s cache of WMD, the existence of Iraq Net has yet to be
proven ([40]:134).9
Six months later FBI officials and Richard Clarke discussed their fears that Al Qaeda
would employ the web as a “Tool of Bloodshed.” Gellman [13] reported, “Cyber-Attacks
by Al Qaeda Feared, Terrorists at Threshold of Using Internet as Tool of Bloodshed,
Experts Say.” And the media, when they report the possibilities raised by various
governmental officials, bureaucrats as well as elected officials, don’t necessarily
discriminate between those threats which are possible and/or possible and those which
are not. These articles persistently remind the public of the continued danger of, and the
lack of preparations to defend against, cyber attacks and the continuing emergence of ever
greater threats, even while all the old threats such as a digital Pearl Harbor never disappear.
As Weimann ([42]:132) reminds us, they also frequently fail to distinguish between hacking
and cyber terrorism and exaggerate the threat of the latter by reasoning from false analogies
such as the following: “If a 16-year old could do this, then what could a well-funded
terrorist group do?”10
“Until recently, Ridge has seemed basically levelheaded about the real dangers of cyberterrorism. Someone
who’s close to Ridge told me that the secretary simply doesn’t care that much about the topic, which would
explain his silence. But now that agency budgets are up for review, Ridge seems to be treading the same
alarmist path as did his former cybersecurity deputy, Richard Clarke, who quit in January. Clarke was a
professional paranoiac, a modern-day Chicken Little blinkered by a career spent in the cloistered intelligence
community. It didn’t help that Clarke’s résumé featured such harrowing tasks as planning for the ‘continuity
of government’ after a nuclear strike on Washington – a job where no precaution is too extreme. Soon after
President Clinton appointed him to a ‘national coordinator’ post in 1998, Clarke became infamous for
darkling warnings about the spectre of a ‘digital Pearl Harbor’ that would snarl computers and roil the
world’s economy.” Declan McCullagh Cyberterror and professional paranoiacs March 24, 2003 retrieved on
1 February 2006 from
See also Lemos et al. [21]. It is also useful to recognize that all “cyberspace-based threats.” are not
terrorism. Rand analysts Hundley and Anderson ([20]:1) consider these as, “adverse actions involving and
mediated by computer and telecommunications systems and networks.” Accordingly, there are a wide
spectrum of possibilities for “evil actions” in cyberspace. “These include attacks on the data contained within
the systems, the programs and processing hardware running those systems, and the environment
(communications, networks, etc.) in which they operate” ([20]:12).
Cyber terrorism
There can be no denial that the continuing expansion of the role of cyber activities in
every dimension of organizational and personal life creates both increasing possibilities of
potential harm and continuing pressures to alleviate potential threats and opportunities for
harm. The increasingly digital environment has and will continue to transform how people
interact, how they maintain connections, form groups and organize. Digital technologies
thus offer contemporary terrorists and terrorist organizations a wide range of opportunities
to support their campaigns of violence and if they are proficient, significantly further their
political objectives.11 Therefore, some label any use of digital technology by terrorist
organizations as cyber terrorism; some are even more expansive and label any use of digital
networks which can damage critical infrastructure as terrorism. For example, Weimann
([42]: 130) argues that Cyber terrorism is “the use of computer network tools to harm or
shut down critical national infrastructures (such as energy, transportation, government
operations).” However, this expansive definition does not serve us well.
It still remains important that we distinguish among cyber terror, cyber attack, and cyber
crime as well as many other possibilities. Rollins and Wilson ([28]: 3) argue that
At least two views exist for defining the term Cyber terrorism:
Effects-based: Cyber terrorism exists when computer attacks result in effects that
are disruptive enough to generate fear comparable to a traditional act of terrorism,
even if done by criminals.
Intent-based: Cyber terrorism exists when unlawful or politically motivated
computer attacks are done to intimidate or coerce a government or people to
further a political objective, or to cause grave harm or severe economic damage.
I would maintain that it continues to be very important to distinguish between cyber
crime and cyber terror and that we restrict cyber terrorism to activities which in addition to
their cyber component have the commonly agreed upon components of terrorism. In
previous work ([37], forthcoming) I have argued that all the definitions include some form
of intimidate, coerce, influence as well as violence or its threat. To illustrate, Stohl ([36]:3)
defines terrorism as
The purposeful act or the threat of the act of violence to create fear and/or compliant
behavior in a victim and/or audience of the act or threat.12
In addition, using the web, while it provides additional organizational opportunities, also introduces
potential threats. As Conway ([5]:20–21) argues
The more terrorist groups use the Internet to move information, money, and recruits around the
globe, the more data that is available with which to trail them. Since 9/11 a number of groups
have undertaken initiatives to disrupt terrorist use of the Internet, although a small number of
such efforts were also undertaken previous to the attacks. .. Perhaps most importantly, however,
the Internet and terrorist Web sites can serve as a provider of open source intelligence for states’
intelligence agencies. Although spy agencies are loathe to publicly admit it, it is generally
agreed that the Web is playing an ever-growing role in the spy business.
In addition Warner argues that Intelligence agencies are also said to be deploying the classic spy tactic of
establishing so-called ‘honey pots’ with a high-tech twist: in this case, setting up bogus Web sites to attract
those people they are seeking to monitor (Warner [40]).
Similarly the United States Department of State since 1983 has the same elements but restricts the target to
noncombatants and the perpetrators to subnational groups or clandestine agents
Premeditated, politically motivated violence perpetrated against noncombatant* targets by
subnational groups or clandestine agents, usually intended to influence an audience.”
M. Stohl
Thus, there is no good theoretical or practical argument for rejecting the approach
advocated by Denning [9] who argued that:
Cyber terrorism is the convergence of terrorism and cyberspace. It is generally
understood to mean unlawful attacks and threats of attack against computers,
networks, and the information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives. Further, to
qualify as cyber terrorism, an attack should result in violence against persons or
property, or at least cause enough harm to generate fear. Attacks that lead to death or
bodily injury, explosions, plane crashes, water contamination, or severe economic loss
would be examples. Serious attacks against critical infrastructures could be acts of
cyber terrorism, depending on their impact. Attacks that disrupt nonessential services
or that are mainly a costly nuisance would not.13
As indicated above, scholarly analyses of cyber terrorism, as opposed to sensational
news stories and futurist scenarios concur that at present cyber terrorist events as defined by
Denning have yet to occur. But there is no doubt that cyber technology has dramatically
influenced how terrorists may choose to organize, communicate amongst themselves and
transmit their messages. Conway ([5]:3) argues that there are five core terrorist uses of the
Internet: information provision, financing, networking, recruitment, and information
gathering. Grabosky and Stohl [17] cite intelligence, communications, propaganda,
psychological warfare, fund raising, recruitment and training, while Thomas [39] identifies
16 different ways that the internet can be used for cyber planning and organizational
activities which offer further elaborations of the uses mentioned above.
In short, terrorist groups increasingly use computer technology (as many political,
commercial and criminal entities do) to secure many of their organizational goals.14 It is to
be expected that organizations will adopt those aspects of digital technology that will enable
them to operate and grow with a greater degree of efficiency. In this sense, terrorist groups
are simply exploiting modern tools to accomplish the same goals they sought in the past.
Terrorist thus might employ digital technologies to enhance ease of operations; information
acquisition and distribution; and increase the ease of anonymous communication. None of
these activities are easily detected or countered (but as we shall see below, they do lead to
other interesting counterterrorism and information gathering possibilities) and therefore
See also Bruce Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World (New York:
Copernicus Book 2003); Joshua Green, “The Myth of Cyberterrorism,” Washington Monthly, November 2002,
available at (;Andrew Donoghue “Cyberterror: Clear and present danger or phantom menace?,” ZDNet, 2004, available at (
specials/networksecurity/0,39025061,39118365-2,00.htm).Lewis, James, “Assessing the Risk of Cyber Terrorism, Cyber War and Other Cyber Threats” (Washington,DC: Center for Strategic and International Studies,
December 2002), available at ( tech/0211_lewis.pdf) and Dorothy Denning, “Is Cyber
Terror Next?” In Understanding September 11, edited by C. Calhoun, P. Price, and A. Timmer (2001), available
at ( essays/denning.htm).
The Report of the National Commission on Terrorism ([26]:12) concurs suggesting that “[t]errorists are
using the same modern technology as the rest of us....”
Likewise, Denning [9] argues Terrorists do use cyberspace to facilitate traditional forms of terrorism
such as bombings. They put up Web sites to spread their messages and recruit supporters, and they use
the Internet to communicate and coordinate action. However, there are few indications that they are
pursuing cyber terrorism, either alone or in conjunction with acts of physical violence.
Cyber terrorism
terrorist groups may use digital technology to great advantage in furthering their tactical
and strategic goals on a more global as well as local basis.15
Specific examples of the facilitation of terrorism through the use of digital technology
illustrate the appeal this technology has for terrorist groups interested in advancing their
particular agendas. The use of the Internet for propaganda and disinformation purposes is
an especially popular one. Rathmell recounts the exploitation of the web by exiled political
opposition groups emanating from such states as Iran, Iraq, Mexico, Northern Ireland and
Saudi Arabia ([27]:4–5). In Western Europe and the United States, Neo-Nazi groups [43]
have been major users of the web as have the Colombian ELN, Hezbollah and Zapatistas
([41]:1) all of whom have also adopted similar tactics.16 Broadcasting videos via web sites
has become a favorite tool. One of the first examples involved the December, 1996
takeover of the Japanese Ambassador’s residence in Lima, Peru by the Tupac Amaru
Revolutionary Movement (MRTA). The MRTA not only employed the Web to
communicate their revolutionary message via a European website, they even offered a
video clip of its members preparing for their mission ([6]:216).17 More recently, groups
have added even the most gruesome videos to their websites, to horrifying effect. The
beheadings of Wall Street Journal Reporter Daniel Pearl in February 20-04 and Nick Berg,
an American seeking employment in Iraq in May 2004, were broadcast via videos posted
on Islamic Web sights and then broadcast and reported via the mainstream media. In
August 2005, the self proclaimed “Jihad Brigades in Palestine” claimed missile attack on a
Jewish settlement in Gaza by posting a video to a German server that allows visitors to
upload materials and also shows apparent members setting up a missile, readying it for
launch and firing it off.18
The Web thus enables sometimes previously anonymous groups to establish a presence
and perhaps exploit their activities far beyond the impact of previous terrorist organizations
with far less danger. Thomas ([39]: 115–116) argues that the Web thus
empowers small groups and makes them appear much more capable than they might
actually be, even turning bluster into a type of virtual fear. The net allows terrorists to
amplify the consequences of their activities with follow-on messages and threats
directly to the population at large, even though the terrorist group may be totally
impotent. In effect, the Internet allows a person or group to appear to be larger or more
important or threatening than they really are.”
When mainstream news then incorporates the reporting of events via these web sites,
they also often then repeat the major themes of their campaigns and thus increase the
propaganda message’s reach.
Organizations employing terrorism have also brought materials which in the past could
only be distributed clandestinely and often with much danger to the attention of not only
current members but future recruits and anyone else who might “benefit” from the
As early as the 1998 (1999:17) report on terrorism in the United States, the Federal Bureau of Investigation
finds: “Terrorists are known to use information technology and the Internet to formulate plans, raise funds,
spread propaganda, and communicate securely.”
In the case of the Zapatistas, group of supporters called the Electronic Disturbance Theater (EDT) have
used the Internet stage disturbances as a means of on-line protest ([9], 2).
Internet sites were also established in Canada and the United States in support of the MRTA’s activity
(Anti-Defamation League [2]:1).
M. Stohl
destructive capabilities which are taught. Thus, training videos featuring instructions on
how to build explosive devices and prepare gunpowder have recently appeared on several
Web sites regularly used by militant Islamic groups. These sites also feature tips on money
laundering and many other organizational needs.19
Some organizations also use the web to provide recruitment videos. Thus Al Qaeda in
Iraq, an Al Qaeda affiliated terrorist group led by Abu Musab al-Zarqawi, posted the second
edition of its recruitment magazine on the Internet in June 2005 (see
main_Terrorism/qaedamag_2_62005.htm).20 Terrorist groups using computers for communication are likely to move beyond hierarchical organizational structures and employ
networked ones.21
The foregoing notwithstanding, we must reemphasize the conclusions of Denning [9],
Flemming and Stohl [12] and subsequently Weimann ([42]:133) that “Terrorist use of
computers as a facilitator of their activities, whether for propaganda, recruitment,
datamining, communication, or other purposes, is simply not cyber terrorism.” Focusing
upon the types of activities that the cited authors above would argue fall under the rubric of
cyber terrorism, such as attacks on critical infrastructure it is important to investigate the
conditions under which terrorists would choose to employ digital means to advance their
cause over conventional methods. Denning [9] suggests that
To understand the potential threat of cyber terrorism, two factors must be considered:
first, whether there are targets that are vulnerable to attack that could lead to violence
or severe harm, and second, whether there are actors with the capability and
motivation to carry them out.
To determine motivation we have to ask not simply if they desire to cause harm and
exploit fear but also if the investments needed to create the event are more or less
“costly” than traditional means of terror.
An expected utility approach provides useful insights into the process of understanding
why oppositional organizations might choose not only terrorism as a tactic or strategy and
which groups are more likely to do so as well as the conditions under which it would make
sense (from their perspective) to employ digital rather than conventional tools to
accomplish their ends. Duvall and Stohl [10] argued that that an expected utility model is
useful for understanding the choice of terrorism as a tactic or strategy in domestic affairs
and Stohl [35] argued that it could be applied to behaviors in the international realm as well.
Such an approach calculates the benefit thought possible from the desired outcome, the
believed probability with which the action will bring about the desired state of affairs and
the believed probable cost of engaging in the action. Two kinds of costs, response costs and
productions costs, can be distinguished. Response costs are those costs which might be
imposed by the target group and/or sympathetic or offended bystanders. The bystanders
(See and
For many other earlier examples see Damphousse and Smith [6]; Arquilla et al. [3]:91–92, Stanton [34] for
many other examples.
See Arquilla, Ronfeldt and Zanini [3] for a detailed discussion of this point especially as it relates to Al
Qaeda and Stohl and Stohl ([38], forthcoming) on network research on terrorism since 2001.
Cyber terrorism
may include domestic and foreign audiences and the target audience may be wider than the
attacking party may have intended when choosing the victims and the actions. Production
costs are the costs of taking the action regardless of the reactions of others. In addition to
the economic and organizational costs – paying the participants, acquiring the weapons and
the like, there is the psychological cost of behaving in a manner which most individuals
would, under normal conditions, characterize as unacceptable behavior. More recently
Giacomello ([15]:390) argued:
The terrorists are faced with budget constraints that depend on the cost of cyber
terrorism and other activities. Assuming that terrorists are rational actors, the shape of
the indifference curve is determined by (a) the preferences of terrorists and also (b) the
effectiveness of cyber terrorism in achieving the terrorists’ goals. The moment of
calculating costs, risks, and advantages is the focus of this analysis, supposing that a
terrorist organization is about to consider cyber terrorism as a more efficient
alternative compared, for example, with suicidal bombs.
Thus as Flemming and Stohl [12] argued:
“at one level, the use of cyber technology for inflicting harm on a victim requires a
greater level of sophistication than merely using the same technology for
communication or propaganda. Not only, must there be some level of expertise in
translating the “raw” cyber technology into a weapon of destruction, there must be a
recognition that the effectiveness of this alternative supersedes conventional options.
Simply stated, a cyber attack against an opponent should produce similar or greater
results22 for less effort than a conventional one.23
In other words we are asking if the cyber disruption of an air traffic control system
(with the intent of endangering civilian air traffic) can be undertaken with less effort,
the same chances of detection, produce the same results and have a greater likelihood
of success than an attack on the same system by conventional means (armed attack, or
bombing), or a conventional attack that bypasses the air traffic control system in favor
of a direct attack on an airliner? When the answer is yes, there is room to believe that
cyber terrorism would be a rational choice of terrorist groups. When the answer is no,
terrorists would be more likely to remain tied to their traditional methods. Denning [9]
Further, terrorists may be disinclined to try new methods unless they see their old ones
as inadequate, particularly when the new methods require considerable knowledge and
skill to use effectively. Terrorists generally stick with tried and true methods. Novelty
and sophistication of attack may be much less important than assurance that a mission
will be operationally successful. Indeed, the risk of operational failure could be a
deterrent to terrorists. For now, the truck bomb poses a much greater threat than the
logic bomb.
These can be thought of as a greater degree of terror or longer lasting fear on the part of the victim.
Less effort is defined in terms of fewer resources, less manpower and quicker/easier planning, all of which
should translate into reduced risk/greater likelihood of logistical success.
M. Stohl
The second consideration influencing the choice of cyber means is tied to its ability to
effectively terrorize an opponent.24 Embar-Seddon ([11]:1038) argues
As a terrorist tactic, cyber terrorism differs from the more traditional tactics, which
entail a more direct threat of violence. However, the directness of the threat of
violence does not correspond to the level of fear that an action creates, and it is the
fear that a terrorist act engenders that is important. In this respect, cyber terrorism can
be at least as terrifying as the more traditional terrorist tactics. The level of fear that
would result from the threat of shutting down a large portion of the power grid would
very likely be as great as, if not greater than, the level of fear that would result from
the threat of downing an airliner.
However, people react very differently to the downing of an airliner which often
provides and easily conjures up images of death and destruction far different than the
images of shutting down a power grid. We also have “real world” reactions to the shutting
down of power grids that have occurred. The outpouring of emotions is very different than
what occurs when for example an airliner crashes (regardless of the cause). The failure of
the entire northeast power grid in 1965, for example, did not lead to widespread fear and
anger. Nor did the Northeast blackout of 2003 despite the initial concern that it had been
caused by terrorists.25 The same response occurred in 2003.
Cyber terror was at first suspected in the 2003 Northeast blackout. The cause turned
out to be incompetence and falling trees. The widespread blackout did not degrade U.
S. military capabilities, did not damage the economy, and caused neither casualties nor
terror [24].
From the audience perspective then the taking down of a power grid – what happens in a
blackout – is not likely to cause the same type of immediate fear and emotion and conjures
up very different images than does a plane crash or the bombing of buildings.
Further we have evidence from experimental work that people react very differently to
different types of events depending upon the types of emotions that these events instill in
them. Nabi [25] argues “Results suggested that anger promotes deeper information
As Giacomello ([15]:391) argues
Professional military around the world are used to judge the effectiveness of weapons systems
according to the “break things, kill people” principle. Projectiles or germs, kinetic or chemical–
biological agents are normally required to achieve a BTKP outcome.
He then goes on to argue that
Under certain circumstances, however, even employing bytes (the basic units of all CNO) may
lead to the same results. If CNO target the critical application software of certain infrastructures,
they may well yield a BTKP outcome.... If the main outcome of those attacks had been the
SCADA (Supervisory Control and Data Acquisition) management systems of critical
infrastructure, the potential physical damage would have been considerable. However, thus
far, there is no conclusive evidence that this is indeed possible.
The 1965 blackout in fact led to a sense of community and was the subject of many humorous tales
including the 1968 Hollywood film Where Were You When the Lights Went Out?
Cyber terrorism
processing than fear, and a main effect for reassurance certainty level, with uncertainty
promoting deeper information processing.” And Lerner et al. [23] found that respondents
exposed to a fear-inducing manipulation assigned, on average, a higher probability to five
negative consequences of terror than did respondents exposed to an anger-inducing
manipulation. The specter of the grid blowing up, bombs falling, etc., might create that fear
but not the throwing of a switch. The effects would be the same but it would be a different
type of act. With the growing interconnectedness of infrastructures relying on cyber
technology, the targeting selection of cyber terrorism is likely to be significantly influenced
by those targets that allow for a maximum level of disruption. The same, however, is not
necessarily true with respect to the mode of attack. Cyber technology allows for an
additional variable to be introduced into tactical equations, but clearly represents a single
choice in terms of overall modes of operation. Furthermore, Denning [9] argues that
Cyber terrorism also has its drawbacks. Systems are complex, so it may be harder to
control an attack and achieve a desired level of damage than using physical weapons.
Unless people are injured, there is also less drama and emotional appeal.
Thus we must ask what else might be inhibiting terrorist groups from doing so beyond
the simple cost benefit analysis. Part of the answer lies in their understanding of audience
reactions. Many of these groups, such as Al Qaeda, are quite sophisticated in terms of their
understanding of audience reactions and use their resources with great calculation.26
Conclusion: breaking point or without remorse? assessing the cyber terror threat
Speaking to the Special Oversight Panel on Terrorism of the Committee on Armed Services
of the U.S. House of Representatives Dorothy Denning [9] concluded:
Thus, at this time, cyber terrorism does not seem to pose an imminent threat. This
could change. For a terrorist, it would have some advantages over physical methods. It
could be conducted remotely and anonymously, and it would not require the handling
of explosives or a suicide mission. It would likely garner extensive media coverage, as
journalists and the public alike are fascinated by practically any kind of computer
attack. Indeed cyber terrorism could be immensely appealing precisely because of the
tremendous attention given to it by the government and media.
This sophisticated audience analysis is seen in the letter sent in July 2005 by Ayman al-Zawahri,
purportedly the number 2 in al Qaeda to Abu Musab al-Zarqawi, leader of the organization now named al
Qaeda in Iraq.
In the absence of this popular support, the Islamic mujahed movement would be crushed in the
shadows, far from the masses who are distracted or fearful, and the struggle between the Jihadist
elite and the arrogant authorities would be confined to prison dungeons far from the public and
the light of day. This is precisely what the secular, apostate forces that are controlling our
countries are striving for. These forces don't desire to wipe out the mujahed Islamic movement,
rather they are stealthily striving to separate it from the misguided or frightened Muslim
masses.....Therefore, the mujahed movement must avoid any action that the masses do not
understand or approve, if there is no contravention of Sharia in such avoidance, and as long as
there are other options to resort to, meaning we must not throw the masses-scant in knowledgeinto the sea before we teach them to swim.
M. Stohl
Thus far as indicated above, terrorists either continue to find the allure of cyber terrorism
unappealing or they remain incapable of mounting significant attacks. Yet the fear of cyber
terror remains and the willingness of the authorities and the private sector to use the fear of
potential catastrophic harm.27
Part of the explanation lies in the continuing failure to distinguish between what Denning
[8] referred to as hactivism and cyberterrorism. “Hacktivism,” describes the marriage of
hacking with political activism. (“Hacking” is here understood to mean activities conducted
online and covertly that seek to reveal, manipulate, or otherwise exploit vulnerabilities in
computer operating systems and other software.) Hacktivists have four main weapons at
their disposal: virtual sit-ins and blockades; automated e-mail bombs; web hacks and
computer break-ins; and computer viruses and worms. Arquilla and Ronfeldt further muddy
the waters with their concept of netwar, which they defined originally (1996: 5) as conflict
and crimes at societal levels that are measures short of war or protagonists who rely on
network forms of organization, doctrine, strategy and communication. Thus many then
confuse more general organizational uses of digital technology with acts of terror.
This confusion continues to this day as the following headline and introductory
paragraph in the aftermath of the Danish cartoon controversy illustrates
Cyber Terrorists Target Danish Websites Peter Diversi – Thursday, 9 February 2006
The cyber terrorists have defaced over 500 Danish Websites, however Danish
Internet security companies say the Website owners are fighting back relatively easy.
Cyberspace is a new front to attack; a form of protest by what a Danish Internet
security expert called “scriptkiddies.” These scriptkiddies, who could be compared to
the incensed rock-hurlers seen in real-life protests, attack Websites with weak
Finally, the spectre of the digital Pearl Harbor remains. On the same day as the Danish
cartoon story above, news stories across the United States, Australia, Canada and the U.K.
reported the lead that the Department of Homeland Security had provided:
– It had the makings of a “digital Pearl Harbor (my emphasis),” a potentially
catastrophic computer attack that crossed oceans and continents to target governments,
companies and the infrastructure that underpins them [19].
The debate will continue with respect to the degree of cyber threat that actually exists
today, or in the near future. The confusion between cyber criminal activity and cyber terror
Schwarts, 2003
New vulnerabilities that could leave the way open to a cyberattack are being discovered all the
time: according to Symantec, one of the world’s corporate leaders in the field of cyber security,
the number of “software holes” (software security flaws that allow malicious hackers to exploit
the system) reported in the nation’s computer networks grew by 80 percent in 2002. Still, the
company says it has yet to record a single cyberterrorist attack – by its definition, one
originating in a country on the State Department’s terror watch list. That could be because those
inclined to commit terrorist acts do not yet have the know-how to inflict significant damage, or
perhaps because hackers and adept viruswriters are not sympathetic to the goals of terrorist
organizations. However, should the two groups find common ground, the results could be
Cyber terrorism
will also continue. Future events will determine the costs of this confusion. There is no
doubt that cyber criminals will become more sophisticated and, in the absence of continuing
investments in cyber security, will cause more damage. But in the meantime how we
prepare, and how we talk about our preparations are important. Building defenses against
criminals and terrorists are essential. But we must remember that generating an unwarranted
fear of potential attack, even while preparing to defend against it, serves the cause of the
terrorist even if the security precautions are ultimately successful. Unlike the criminal who
simply wishes to succeed in their operations, the terrorist also wishes to undermine
confidence in the political structure and create difficulty within the body politic.
1. Altheide, D. (1997). The news media, the problem frame and the production of fear. The Sociological
Quarterly, 38(4), 647–668.
2. Anti-Defamation League (1999). CyberTerrorism – Terrorism update. Retrieved March 1, 2006, from
3. Arquilla, J., Ronfeldt, D., & Zanini, M. (1999). Networks, netwar and information-age terrorism. In Z. M.
Khalilzhad & J. P. White (Eds.), The changing role of information in warfare. Santa Monica, CA: Rand.
4. Barnett, R. J. (1973). Roots of war: The men and institutions behind U.S. foreign policy. Baltimore:
Penguin Books.
5. Conway, M. (2005). Terrorist “use” of the internet and fighting back. Paper prepared for presentation at
the conference Cybersafety: Safety and security in a networked world: Balancing cyber-rights and
responsibilities. Oxford Internet Institute (OII), Oxford University, UK, 8–10 September, 2005.
Retrieved February 1, 2006, from
6. Damphousse, K. R., & Smith, B. L. (1998). The internet: A terrorist medium for the 21st century. In H.
W. Kushner (Ed.), The future of terrorism: Violence in the new millennium. Thousand Oaks, CA: SAGE.
7. Debrix, F. (2001). Cyberterror and Media-Incluced fears: The production of emergency culture,
Strategies: Journal of Theory, Culture and Politics, 14(1), 149–168.
8. Denning, D. E. (1999). Activism, hacktivism, and cyber terrorism: The internet as a tool for influencing
foreign policy.” Presented to “The Internet and International Systems:Information Technology and
American Foreign Policy Decision Making,” The World Affairs Council, San Francisco, December 10,
1999. Retrieved February 1, 2006, from
9. Denning, D. E. (2000). Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism
Committee on Armed Services U.S. House of Representatives, May 23, 2000. Retrieved February 1,
2006, from
10. Duvall, R. D., & Stohl, M. (1983). Governance by terror, chapter six. In M. Stohl (Ed.), The politics of
terrorism (2nd ed., pp. 179–219). New York: Marcel Dekker.
11. Embar-Seddon, A. (2002). Cyber terrorism: Are we under siege? American Behavioral Scientist, 45(6),
12. Flemming, P., & Stohl, M. (2001). Myths and realities of cyber terrorism. In A. P. Schmid (Ed.),
Countering terrorism through international cooperation (pp. 70–105). Vienna, Austria: ISPAC
(International Scientific and Professional Advisory Council of the United Nations Crime Prevention
and Criminal Justice Program.
13. Gellman, B. (2002). Cyber-attacks by Al Qaeda feared: Terrorists at threshold of using internet as tool of
bloodshed, experts say,” Washington Post June 27: A01. Retrieved December 1, 2005, from http://www.
14. Gerbner, G., & Gross, L. (1976). The scary world of tv’s heavy Viewer. Psychology Today, 89–91, April.
15. Giacomello, G. (2004). Bangs for the buck: A cost-benefit analysis of cyber terrorism. Studies in Conflict
and Terrorism, 27, 387–408.
16. Glassner, B. (1999). The culture of fear: Why Americans are afraid of the wrong things. New York:
Basic Books.
17. Grabosky, P. N., & Stohl, M. (2003). Cyberterrorism Reform 82, Autumn:8–13. Retrieved September 15,
2005 from
M. Stohl
18. Green, J. (2002). The myth of cyber terrorism. Washington Monthly, November. Retrieved February 1,
2006, from
19. Hoffman, L. (2006). ‘Cyber Storm’ simulation aims to head off computer assault, February 9, 2006.
Retrieved March 1, 2006, from
20. Hundley, R. O., & Anderson, R. H. (1996). A qualitative methodology for the assessment of cyberspacerelated risks. Santa Monica: Rand.
21. Lemos, R., Borland, J., Bowman, L., & Junnarkar, S. (2002). E terrorism-threats. Have Digital Myths
Diverted Attention from True Threats?” CNET Retrieved August 26, 2002, from http://news.
22. Lenzner, R., & Vardi, N. (2004). Cyber-nightmare. Forbes. Retrieved September 20, 2004, from http://
23. Lerner, J. S., Gonzalez, R. M., Small, D. A., & Fischhoff, B. (2003). Emotion and perceived risks of
terrorism: A national field experiment. Psychological Science, 14, 144–150.
24. Lewis, J. A. (2006). The war on hype: The deadly terror lurking around the corner may not be such a big,
ominous threat after all. San Francisco Chronicle, February 19, 2006. Retrieved March 1, 2006, from
25 Nabi, R. L. (2002). Anger, fear, uncertainty, and attitudes: A test of the Cognitive-Functional Model.
Communication Monographs, 69(3), 204–216.
26. National Commission on Terrorism. (1998). Countering the Changing Threat of International Terrorism.
Report of the National Commission on Terrorism,
27. Rathmell, A. (1997). Cyber-terrorism: The shape of future conflict. Royal United Service Institute
Journal. October, 40–46. Retrieved March 1, 2006, from
28. Rollins, J., & Wilson, C. (2005). Terrorist capabilities for cyberattack: Overview and Policy Issues,
Congressional Research Service, October 20, 2005. Retrieved February 1, 2006, from http://www.fas.
29 Ryter J. C. (2004). Can we trust the guy who gave us Y2K?? Jon Christian Ryter March 27, 2004 retrieved on February 1, 2006 from
30. Savas, A. (2006). IBM launches internal network protection. Computer weekly. Com, Monday, 27
February 2006. Retrieved March 1, 2006, from
31. Schwartz, J. (2003). Decoding computer intruders. The New York Times, April 24, 2003. Retrieved
March 1, 2006, from
32. Simpson, P. (2005). Don’t fear e-terror hype Computer Weekly March 7. Retrieved February 1, 2006,
33. Squitieri, T. (2002). Cyberspace full of terror targets , USA Today, May 5, 2002. Retrieved February 1,
2006, from
34. Stanton, J. J. (2002). Terror in cyberspace terrorists will exploit and widen the gap between governing
structures and the public. American Behavioral Scientist, 45(6), 1017–1032.
35. Stohl, M. (1986). The superpowers and international terrorism. In M. Stohl & G. Lopez (Eds.),
Government violence and repression: An agenda for research. Greenwood Press, 207–228.
36. Stohl, M. (1988a). Demystifying terrorism: The myths and realities of contemporary political terrorism.
In M. Stohl (Ed.), The politics of terrorism (3rd ed.). New York: Marcel Decker.
37. Stohl, M. (2006). Knowledge claims and the study of terrorism. In S. Melnick & J. Victoroff (Eds.),
Psychology and terrorism. Amsterdam, the Netherlands: Ios Press (forthcoming).
38. Stohl, C., & Stohl, M. (2007). Networks of terror: Theoretical assumptions and pragmatic consequences,
Communication Theory. (forthcoming).
39. Thomas, T. L. (2003). Al Qaeda and the internet: The danger of “cyberplanning.” Parameters, 33(1),
112–23. Retrieved February 1, 2006, from Carlisle
40. Warner, B. (2003). Intelligence experts comb web for terror clues. Reuters News Service, November 12.
Retrieved March 1, 2006, from
41. US News and World Report. (1998). Terrorists on the web: Electronic ‘safe haven’ guerrillas use guns,
bombs and home pages. 124(24), 46, June 22.
42. Weimann, G. (2005). Cyber terrorism: The sum of all fears? Studies in Conflict and Terrorism, 28, 129–149.
43. White, C., K., C. (1998). Cyber-terrorism: Modem mayhem. Carlisle Barracks, Pennsylvania: U.S. Army
War College. Retrieved March 1, 2006, from