Statistics On Cyber-terrorism

from student paper by Jimmy Sproles and Will Byars for a Computer Ethics Course at ETSU 1998

Who is at risk of an attack?

Most feel that military installations, power plants, air traffic control centers, banks and telecommunication networks themselves are the most likely targets. Other targets include police, medical, fire and rescue systems, which could be hurt, along with Wall Street, water systems, etc.

Who are the terrorists?

The graphic below shows that amateur hackers are by far the biggest threat on the Internet at the current time. They are responsible for about 90% of all hacking activity.

Cyber terrorism does not have to come from the average hacker or even online terrorists. The Govt. carried out a series of its own attacks on itself, in order to test its own defenses against online-based attacks. The Defense Information Security Agency (DISA) found that 88% of the 3000 defense computer systems that were attacked were "easily penetrable". Of the systems that were illegally entered, 96% of the entries were not detected. Of the 4% that were detected, only 5% of them were reported or investigated.

How common is unauthorized system entry?

A survey conducted by the Science Applications International Corp. in 1996 found that 40 major corporations reported losing over $800 million to computer break-ins. An FBI survey of 428 government, corporate and university sites found that over 40% reported having been broken into at least once in the last year. One third said that they had been broken into over the Internet. Another survey found that the Pentagon's systems that contain sensitive, but unclassified information, had been accessed via networks illegally 250,000 times and only 150 of the intrusions were detected. The FBI estimates that U.S. businesses loose $138 million every year to hackers. According to the CIA in the past three years government systems have been illegally entered 250,000.

Costs of cyber-terrorism

According to a source in Great Britain, terrorists have gained at least up to 400 million pounds from 1993 to 1995 by threatening institutions. Over the three years, there were 40 reported threats made to banks in the U.S. and Britain. In January of 1993, three separate incidents took place in London. During the sixth, a brokerage house paid out 10 million pounds after receiving a threat and one of their machines crashed. On the fourteenth incident, a blue-chip bank paid blackmailers 12.5 million pounds after receiving threats. Another brokerage house paid out 10 million pounds on the twenty-ninth incident. Some terrorists just take money, rather than resorting to blackmail. A Russian hacker, for example, tapped into Citibank's funds transfer system and took $10 million.

Case Studies Links to Other Sites Home Resources Used for this Site