When is a group classified as a terrorist and when is the online activity defined as terrorism? Dr Tine Munk, lecturer in Criminology at Middlesex University’s School of Law, discusses
Cyber terrorism is an emerging problem. Defining and categorising a diverse set of politically-motivated online crimes is a complicated task. New means and methods are constantly developed and tested to reach a political, ideological or religious goal. It is only their imagination and technological capabilities that limit their activities. In recent years, various political groupings have expanded their online presence. However, the use of cyber space and computer technologies to promote politically-motivated crimes and past events has not prompted policymakers to define the area and identify precisely what cyber terrorism is and what distinguishes this area from other types of politically-motivated cyber crime.
Cyber terrorism is included in the UK Terrorism Act 2000, and other UK counter terrorism legislation and strategies have extended the scope. The CONTEST strategy and the Prevent strand consists of a conceptualisation of groups that falls under the terrorism definitions, i.e. International terrorism, Northern Ireland-related terrorism, extreme right-wing terrorism and other types of terrorism which can be both religious or political. The current legislation is clear about proscribed terrorist groups, such as Islamic States (IS) and the neo-Nazi group, National Action.
Therefore, these groups’ online activities are included in the regulation. Yet, it becomes more problematic defining groups outside this list — for example, hacking groups or state-sponsored groups targeting the UK. Some politically-motivated cyber attacks will be considered under the counter terrorism legislation, whereas other forms of politically-motivated cyber crime are managed using more lenient cyber crime laws despite using the same means and methods.
Defined terrorist organisation
Several terrorist organisations have a significant online presence, and the use of cyber-space will increase. For example, IS’s use of the Internet and social media are instrumental for its offline actions. The group has mastered the online environment in a way that separated them from other conventional terrorist organisations. The group and its followers are on the UK terrorist list, so there are no definitional problems related to the activities of IS. The terrorist organisation uses cyberspace and computer technologies to raise awareness, communicate and distribute its ideology through encrypted forums, webpages and social media. So far, there has not been a devastating large-scale cyber-attack originating from this group. Yet, the group has demonstrated their ability to disrupt online traffic by using Distributed-Denial-of–Service (DDoS) attacks against governmental targets in Egypt, Jordan, Yemen and Iraq. Of course, the group has lost territory on the ground, and as a result, the group are likely to enhance its online activities using the borderless structure and anonymity of cyberspace. Thus, the threat against the UK will increase. A future scenario would be IS targeting UK critical infrastructure, critical information infrastructure as well as information and communication technologies.
The architecture and the ecosystem of the Internet, social media, encryption and online spaces, such as the Dark Web, are crucial for promoting and enable politically-motivated cyber actions. There has been a rise in the online presence of far-right groups in the UK and aboard. Far-right groups’ modus operandi is similar to IS in the use of the Internet and cyber-space to promote a political end. Forums, such as the 4chan, the 8chan, Endchan and other anon sites, are increasingly used to spread the political message of these groups and individuals. Attacks, such as the Christchurch attack in New Zealand in 2019, are live-streamed directly to these chans. The online presence of these groups is vital for their political activities and recruitments. The legislation and the CONTEST strategy are clear about the link between these groups activities and terrorism, but there is a lack of clarity and understanding of similar areas, such as to hacktivism and state-sponsored groups.
Other politically-motivated cyber attacks
There is a rise in activities by other politically-motivated cyber-groups. Some of these groups act individually; other groups are closely linked to a national state and the state apparatus. The state-sponsored groups are not clearly defined in the context of terrorism, and there is a tendency to look at these actors from either warfare or a cyber-crime perspective. Whereas hacktivism is predominately linked to cyber crime.
The UK legislation and the CONTEST strategy are unclear about the typology of hacktivism and state-sponsored attacks – and whether these should be considered under the counter terrorism legislation or cyber crime legislation: Do they belong to ‘other terrorist groups’ or are they classified completely different? As a result of that, can these groups’ activities only be viewed as ordinary cybercrime? If these groups were directly linked to the state, their activities could be classified as cyber warfare. Yet, this is a very unclear area, and these groups tend to promote themselves as a hacktivist group or a hacking group. Hacktivism is defined as a digital protest where the motivation is not economical. Instead, these activities are carried out to make a political statement – often through ‘virtual sit-in’ or DDoS attacks disrupting data traffic for a short while. However, these activities are seen as less severe and as being a part of citizens’ right-to-protest. However, this area becomes problematic when a growing number of politically-motivated cyber-crimes are committed by actors claiming to belong to a hacktivist group. But in reality, the actors have close ties to a state promoting a patriotic or nationalistic-political agenda.
Fake news, trolling, spying, hacking are areas deeply integrated into a broader political agenda promoted by certain groups. During the 2016 UK Brexit referendum, several hacking groups were significantly active fuelled by patriotic enthusiasm. These groups were supported by foreign state actors who wanted to use the referendum to influence internal politics. Russian and Iranian Twitter accounts as well as Russian state media, RT, were used to spread misleading information online. This was a technique that was simultaneously used during the 2016 US Presidential Election campaign. Yet, it is clear that these groups are only able to carry out these activities if they are either directly sponsored or supported by a state. During the US Presidential Election campaign in 2016, hacking groups, such as ‘Cozy Bear’, ‘New World Hackers’ and ‘Fancy Bear’ interfered significantly by spreading propaganda and influence voters. This method has proven very successful and therefore, it is likely to be repeated in the 2020 US election – as well as any upcoming UK elections. Following on from 2018 novichok attack on the Skripals in Salisbury, it became clear that Russia has adopted a comprehensive propaganda and misuse of information strategy using non-state actors to circulate misinformation. This is a strategy very similar to the IS’s use of the Internet to spread their political agenda.
Adding to the complexity, the 2017 WannaCry and NotPetya ransomware attacks targeting various countries, such as Ukraine, The US and the UK are perceived to be governmentally approved attacks covered up as a ‘traditional’ cyber crime. If Russia and North Korea are behind these attacks, then the side-effects of the definition deficit where counties and actors are manoeuvring in the shadow of the current definition of cyber crime vs cyber terrorism will create problems in the future. This is an area that is likely to increase. Yet, it is not clear how these state-sponsored groups should be classified and managed. By looking at the means and methods, it is evident that these activities fall under the scope of the traditional terrorism definition.
Conclusion
When is a group/individual classified as a terrorist and when is the online activity defined as terrorism? In recent years, politically-motivated cyber crimes have developed significantly in a way that continually challenges the boundaries of the cyber terrorism vs cyber crime definitions. The inconsistent perception of these different politically-motivated crimes and attacks can be lead back to the definitional problems. The various groups are using the same pathways, but they are fundamentally reviewed differently and therefore, these activities are captured in the gap between counter terrorism and cyber crime. The number of illegal activities and attacks have developed in magnitude, and the likelihood of potential disturbing and damaging attacks are increasing. The question is whether the UK counter terrorism framework is broadly enough formulated to contain these new directions of online politically-motivated actors and activities or whether the whole area should be reviewed and interpreted in a new way to ensure consistency across the spectrum?
