WIIS Cybersecurity Study Guide
The WIIS Cybersecurity, & Technology Study Guide is comprised of original WIIS Blogs, WIIS Policy Briefs, and other forms of unique content from a myriad of sources such as Podcasts, Reports, Journal Articles, and more; focusing on topics such as: Cyber Warfare, the Internet of Things, Big Data Issues, Military Technologies, Artificial Intelligence, and more.
The Study Guide will be released weekly throughout Fall 2020 in a series of Units focused on different topics and issues. The Study Guide Units will be composed of resources across academia, government, and non-government orgs in the public and private sectors including, but not limited to, journal articles, WIIS publications, podcasts, and reports. The topics will be exhaustively researched to compile as much information as possible. Additionally, particular attention will be given to finding resources with a gender perspective on the topics. WIIS will provide a brief summary, definitions of terms, objects, and phrases in the Unit, an overview of the gender component and discussion questions for each Unit.
Unit One: Introduction to Cybersecurity
Cybersecurity is, by definition , the protection of internet connected systems and devices. However, it is often colloquially defined more broadly to encompass all aspects of virtual interactions throughout international security issues. Additionally, with the advancement of internet-based technologies in daily lives, the reality of cybersecurity issues is becoming more prevalent throughout society and diverse areas of national and international security. Cybersecurity, however, is a complex field and it is necessary to provide a base with common understanding and definitions. Therefore, Unit 1 of the WIIS Cybersecurity & Technology Study Guide will provide basic information about the history and evolution of cybersecurity in order to set the stage for more complex theoretical and technological aspects of the field.
Note from the Team
One of the complexities of cybersecurity is the broadness of its reach, it levels the security playing field in a unique way by tying individual human security directly to massive systems level security. It cannot be constrained by the definitions given to us by traditional security policy and international relations, it does not fit into the binaries we are comfortable with, we can’t pin it down as a soft or hard power, it can be wielded by states and by individuals. The first question we had with this project was where does all this come from? We wanted to understand the history of the internet and cyber-technology. Kids born in the late 90s grew up watching tapes on big boxy television, but as young adults they can their entertainment over the internet on a tiny, slim rectangle that they can carry in their pockets, make calls from and locate themselves and their families 400 miles away. This may be our norm, but this is incredible! The breakneck development of the field and its related technologies poses security challenges at an individual to a global level.
Questions for Critical Thinking
- How will the risks and benefits of new technologies be communicated to the public?
- Where does the responsibility lie for ethical use of new technologies in the cyber realm? With those who develop, disseminate, or use?
- How has the creation and evolution of this field led to discriminatory practices?
- Is there a place for intersectional feminism in the cyber realm?
- Given the relatively rapid pace of advancements in this field, what do you think the next five years will look like? The next ten?
- What do policy decisions regarding cybersecurity look like? Can the field be regulated in the same way as traditional security fields? How could they be managed differently.
Questions for Further Research: Gender Component
Thus far there is little gender analysis of the field. There have been some reports linking a gendered analysis to cybersecurity, such as the one done by Women’s International League for Peace and Freedom in April 2020, and other resources such as The International Journal of Gender, Science and Technology which publishes pieces on gendered analysis of cyber.
On the other hand, efforts to add women to leadership and technical positions in cyber and tech fields are much more common. For example, UNIDIR has a program on gender and cyber diplomacy that is mainly focused on promoting women’s leadership, and many articles and research done on gender in the field focus on the number of women in the field.
Unfortunately what we found is that besides a few articles and reports, most of the efforts undertaken to promote gender in cybersecurity or tech has been a focus on promoting women’s leadership in the field. While this is, of course, a welcome effort, the fact remains that gender perspectives throughout the history of cybersecurity and gender analysis of current cyber efforts are lacking. This means there is less focus on the evolution of cyber-technologies and the role gender dynamics have to play, nor on the repercussions of neglecting to include gender in the creation of so many cybersecurity mechanisms, practices, and efforts.
- LiveScience.com History of Computers: A Brief Timeline
- Computer History Museum: Timeline of Computer History: can be filtered to focus on AI and Robotics, Computers, Networking and the Web and more.
- Association for Progressive Communication: Why Gender Matters in International Cyber Security
- New America: The State of the Cybersecurity Gender Gap
- A Brief and Incomplete History of Cybersecurity
- Who Invented the Internet?
- Global Data Governance Part One: Emerging Data Governance Practices
Documentaries and Films
Algorithm: "a step-by-step procedure for solving a problem or accomplishing some end"
Artificial intelligence: "a branch of computer science dealing with the simulation of intelligent behavior in computers pr the capability of a machine to imitate intelligent human behavior"
Big Data: "The growth in data collection associated with scientific phenomena, business operations, and government activities (e.g., marketing, quality control, statistical auditing, forecasting, etc.) has been remarkable over the past decade. This growth is due, in part, to technology now capable of capturing lots of data at a high rate, such as information- sensing mobile devices, cameras, radio-frequency identification (RFID) readers, and wireless sensor networks. In fact, the term “Big Data” is now commonly used by companies to describe this wealth of information."
Cloud: "A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests."
Coding: "The symbolic arrangement of data or instructions in a computer program or the set of such instructions."
Computer: "A programmable electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations. Mainframes, desktop and laptop computers, tablets, and smartphones are some of the different types of computers."
Computer Science: "Computer Science is the study of computers and computational systems. Unlike electrical and computer engineers, computer scientists deal mostly with software and software systems; this includes their theory, design, development, and application. Principal areas of study within Computer Science include artificial intelligence, computer systems and networks, security, database systems, human computer interaction, vision and graphics, numerical analysis, programming languages, software engineering, bioinformatics and theory of computing. Although knowing how to program is essential to the study of computer science, it is only one element of the field. Computer scientists design and analyze algorithms to solve programs and study the performance of computer hardware and software. The problems that computer scientists encounter range from the abstract-- determining what problems can be solved with computers and the complexity of the algorithms that solve them – to the tangible – designing applications that perform well on handheld devices, that are easy to use, and that uphold security measures."
Cybersecurity: "Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems."
Cybertechnology: Cybertechnology is a hybrid term to refer to anything within the cybersphere or on a physical device like a computer.
Dark Web: The dark web is the smallest part of the internet. The dark web is "hidden" from normal search engines and is only accessible through using a Tor, or an anonymous browsing aid which hides the users IP address. The dark web is encrypted and allows users to browse anonymously. Sites on the dark web are not searchable. In order to access these sites, the user needs to know the destination URL. Because the dark web is anonymous, it has become a hub for illegal activity including drug and arms trafficking
Data Science: Data science, in its most basic terms, can be defined as obtaining insights and information, really anything of value, out of data.
Deep Web: The deep web makes up the largest part of the internet and includes all sites that are not accessible through search engines. The deep webs includes things like password protected email accounts. The deep web contains a majority of harmless/benign sites.
Domain: "A group of computers, printers and devices that are interconnected and governed as a whole. For example, your computer is usually part of a domain at your workplace."
Encryption: "Encryption is a process which protects a personal data by making sure that it is only available when a "key" has been entered."
End User: "The person who uses a product or service."
Hacking: "The process through which an unauthorized user gains access to a device or account."
Hardware: "Hardware refers to the physical components of a computer. Computer hardware can refer to everything from a laptop battery to the motherboard to the webcam; it is any physical component of a computer"
Internet: "An electronic communications network that connects computer networks and organizational computer facilities around the world —used with the except when being used attributively"
Internet Technology: "Computer Internet technology refers to devices, software, hardware and transmission protocols used to connect computers together in order to receive or send data from one computer to another within a small network or as part of a small network within a larger network, such as the Internet."
Internet of Things: "The internet of things refers to anything connected to the internet. Many of devices connected to the internet communicate with each other and collect data."
Malware: "Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware."
Phishing: "A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information."
Programming: "The process or writing and creating computer program, or functions which are designed to complete a task."
Ransomware: "Ransomware is a type of hacking which encrypts a users files and does not allow the user to access the data in these files. Typically, the hacker will ask for some sort of payment in exchange for de-encryption, hence the name ransomware."
Social Engineering: "A technique used to manipulate and deceive people to gain sensitive and private information. Scams based on social engineering are built around how people think and act. So, once a hacker understands what motivates a person’s actions, they can usually retrieve exactly what they’re looking for – like financial data and passwords."
Software: "A set of programs that tell a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software."
Surface Web: This is the part of the web that is easily accessible and includes sites like Google and Bing and is accessible through mainstream search engines. The "surface web" makes up the smallest percentage of all sites on the internet.
Tor Browser/Onion Browsing: "The Onion Router (TOR) was created in 1995 by the US Naval Research Laboratory. When Tor was created, the goal was to allow encrypted messaging, especially for government communication. However, Tor browsers are used primarily to access the dark web."
Virtual Private Network (VPN): A VPN is a tool which lets you encrypt your browser data and gives you the ability to browse the web online. When you're connected to the internet, you have an IP address which is a unique set of numbers used to identify you. A VPN hides your IP address allowing anonymous internet usage.
World Wide Web: "A part of the Internet accessed through a graphical user interface and containing documents often connected by hyperlinks"
Bonus: Indigenous People's Day
12 October 2020
Indigenous People’s Day is a public holiday that has begun to replace Columbus Day across much of North America, including in Washington D.C., “in a growing movement to end the celebration of the Italian explorer in favor of honoring Indigenous communities and their resiliency in the face of violence by European explorers like Christopher Columbus.” (NPR) One element of Indigenous People’s Day is the bringing of awareness to issues faced by indigenous peoples across North America and throughout the world. One of these issues in the United States is the tragic crisis of Missing and Murdered Indigenous Women and Girls (MMIWG). Another issue is the repatriation of native lands. The mistreatment of Indigenous peoples constitute problems of human security and sovereignty. As with many other societal issues, which will be discussed in the coming units, some Indigenous issues are facing renewed or broadened public interest through cyber-technological means like social media movements (#MMIWG). The relationship between technology and Indigenous people’s issues can also be fraught as technology can facilitate violence, but cybertech should be considered when addressing Native issues and other such facets of human security. Here is a sampling of articles exploring the relationship between cybertech and Indigenous issues.
A Sampling of Articles
- Background on MMIWG
- Tech and Indigenous Issues
- Land, Indigenous tradition and tech
- Outside of the US
Unit Two: Cybersecurity and Warfare
War is a traditional component of international security studies. Due to advances in technology, cyberwarfare - digital attacks meant to inflict damage in the physical world - are increasingly common. Ranging from the use of Unmanned Aerial Vehicles (UAV) to the oft-cited case of STUXNET (an American cyber weapon that targets hardware), the precedent has been set by actors in the international realm to carry out cyberwarfare, and military tactics and policies have had to adapt to combat this threat.
In the traditional sense, war inflicts harm, death, or conflict between groups. However, it is difficult to compare cyberwarfare to traditional warfare as cyberweapons and warfare have many contrasts to conventional weapons systems or uses. Most cyberweapons are decentralized (such as botnets), require less human-power, and it can be difficult to ascertain where cyberattacks come from. For example, cyberattacks or hacking can be masked as if they came from different origin countries, leading to tensions in international relations. In response, militaries, and private and public sectors around the world have developed their own cyber attack and defense centers and strategies to combat this growing threat and create policy guidelines.
This is a new and very unique realm of warfare where much remains unclear. The term cyberwarfare itself is an ambiguous term, at best, and in need of clear definition and global consensus on what it truly means and what actions should be taken in response to cyberattacks. Regardless of the nuances and lack of global consensus or law on cyberwarfare, cyberspace has been referred to as the ‘fifth battleground’, with the other four being air, land, water, and space, and we can rest assured it is here to stay. Technology is undeniably contributing to advances in all realms of warfare, and cyber, or digital, attacks are increasingly used as a method for nations, militaries, or non-state actors to advance conflict.
Note from the Team
As noted in Unit 1, cyber capabilities and new technologies have levelled the playing field of security in a new way. One of the questions that arose when diving into the world of cyberwarfare was how is cybersecurity changing what the field of traditional security looks like? With the internet as a medium of conflict, new actors and their goals are harder to define and they aren’t as restricted by resources as they might be in more traditional warfare. Additionally, cyber and new technologies are altering how traditional militaries fight. New technologies with internet capabilities, like drones and UAVs, are emerging onto the battlefield and merging with more traditional ballistic weapons, transforming fighting. These changes are deeply impactful of warfare on all levels including analysis.
Questions for Critical Thinking
- What are the implications of the sometimes depersonalized nature of cyber-relations and therefore cyberwarfare?
- Do cyberattacks warrant a physical warfare type of response? How does cyberwar fit into the law of armed conflict?
- Is a cyber attack a form of cyber warfare, or a tool used in broader warfare practices?
- Follow-up Question: Do you think Cyberwar is possible? If so, what would that look like?
- How can we define cyberwar for a global audience?
- What would be the difference if more women were involved in cyberwarfare? What roles do women play in conflict that are being transformed by cybertech? Are cyber-focused roles more accessible to women than traditional military and combat roles?
- How can a gender perspective be applied successfully to cyberwarfare tactics?
Questions for Further Research: Gender Component
With the advent of a new type of warfare, it is not unexpected, given traditional warfare’s historical exclusion of women, that the cyberwarfare realm is exclusionary as well. This is due to the general lack of gender balance and gender analysis in the cybersecurity field, compounded with the general history of exclusion of women and rejection of gendered analysis in military matters and in science, technology, engineering and mathematics (STEM). However, while there is a research gap between gender analysis and cyberwarfare, more has been done to integrate gender balance in the field, in much the same way as in the cybersecurity field more broadly.
The cyberwarfare realm is a unique area that brings together distinct theories and practices such as: gender and war, gender and technology, cyber and war, and traditional vs. contemporary security analysis. There is ample room for improvement in the gender and cyberwarfare realm, both in workforce diversity and in diverse understanding of cyberwarfare with a gendered lens.
It is necessary to implement a critical gendered lens in cyberwarfare now, as this relatively new area of security and warfare is beginning to evolve and take shape. Incorporating a gender perspective in cyberwarfare analysis and practice, as well as incorporating gender balance in the field, will lead to a more substantive understanding and stronger practices in the years to come.
- The History of Stuxnet: The World’s First True Cyberweapon
- What the heck is a cyber-weapon, anyway?
- Drones: What are they and how do they work?
- WarGaming Cyber Security
- Hack-and-Lead Operations and U.S. Cyber Policy
- ‘Machines set loose to slaughter’: the dangerous rise of military AI
- How The U.S. Hacked ISIS
- Rules of engagement
- "orders that soldiers fighting in a war are given about what they can and cannot do"
- "Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks."
- The conceptualization of "cyberweapons" draws from the conceptualization of a weapon. It is anything intended to cause harm, but unlike traditional weaponry, cyberweapons are doing using hard and software.
- Stuxnet is a computer worm. Originally, Stuxnet was designed to be used as an attack on Iran's nuclear facilities. Since then, however, Stuxnet has grown to be included in other energy facilities and programs. Stuxnet is a form of malware that attacks actual hardware.
- IP address
- “An internet version of a home address for your computer, which is identified when it communicates over a network; For example, connecting to the internet (a network of networks).”
- "A server is a computer that provides data to other computers. It may serve data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet."
- Human security
- “Human security is an approach to assist Member States in identifying and addressing widespread and cross-cutting challenges to the survival, livelihood and dignity of their people.” It calls for “people-centred, comprehensive, context-specific and prevention-oriented responses that strengthen the protection and empowerment of all people.”
- “A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions”
- Virtual reality
- "An artificial environment which is experienced through sensory stimuli (such as sights and sounds) provided by a computer and in which one's actions partially determine what happens in the environment"
- Drone, Unmanned Aerial Vehicle (UAV)
- "An unmanned aerial vehicle (UAV) is an aircraft that carries no human pilot or passengers. UAVs — sometimes called “drones” — can be fully or partially autonomous but are more often controlled remotely by a human pilot."
- Unmanned warfare
- Warfare conducted through the use of drones and/or autonomous weapons/machinery.
- Generations of warfare
- The concept of generations of warfare refers to the changing nature of war. This concept highlights both ideology and technology as drivers for change.
- Distributed Denial of Services (DDOS)
- DDOS refers to a cyber attack. The goal of this attack is to try and make the intended product or service unable to the user. This type of attack disrupts the connection between the user and the host
- Cyber Espionage
- Cyber Espionage refers to the process of obtaining private information through means such as hacking or other technical means.
- "Sabotage is defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information."
- “False information, as about a country’s military strength or plans, disseminated by a government or intelligence agency in a hostile act of tactical political subversion"
- Wrong or misleading information, not intended as a hostile act.
- Attribution Problem
- Cyber attribution problems refer to the inability to determine who is executing a cyber attack or even its origins.
- Chemical, Biological, Radiological, Nuclear, and high yield Explosives
- CBRNE are weapons that typically cause a great deal of damage, both bodily harm and a disruption in society.
Unit 3: Terror, Disinformation and Radicalization
The world of cyberterrorism is complex and comprises different groups focused on diverse goals. For example, hacktivists (ex. the group Anonymous), conspiracy and extremist groups (ex. QAnon and the Alt-Right), recruiters and members of terrorist organizations, and others make up different areas of what constitutes the ‘cyberterrorism’ realm.
What is Cyberterrorism?
In her testimony before the Special Oversight Panel on Terrorism Committee on Armed Services for the U.S. House of Representatives, Dorothy E. Denning defined cyberterrorism as the “convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.” There is one clarifying note - these attacks must result in violence or harm or enough fear to cause harm.
However, when talking about cyberterrorism in general, it is somewhat more prudent to cast a broad focus to encompass all aspects of attacks on information or networks, and recruitment and/or social intimidation from certain groups. It can be easier to break down the groups into three different sections: activists, hacktivists, and terrorists. When examining these groups, it is important to understand exactly how the internet is used to support and carry out various methods of terrorist activities such as: recruitment, gathering and disseminating information, financing, coordination and communication, events and execution of events, and cyberattacks.
Example of Cyberterrorism activities
The unique aspect of cyberterrorism is how different groups focus on carrying out their activities, and one of the main activities for all groups is recruitment. While some ‘activist’ Alt-Right groups, such as the Proud Boys, have open websites and social media accounts they use to spread their messages, many terrorist organizations target potential members for radicalization online through subtle means. For example, groups such as AlQaeda have targeted individuals through methods such as online video games, chat rooms, and other virtual platforms.
It is vital to note that recruitment is not the only activity that groups carry out virtually. Coordinating meetings, marches, events, attacks, and even the dissemination of further propaganda are all carried out online by not only traditional terrorist groups such as ISIS or AlQaeda, but also the emerging Alt-Right groups and Social conspiracy groups. For example, the far-right conspiracy group QAnon, while not necessarily a terrorist group itself, has separated itself from other far-right groups by opening its group online to anyone and sharing their views and agenda in the digital realm everywhere. This is unique as other far-right groups are much more insular and only approved members typically connect together in the digital realm.
One of the main cyberterrorism activities is to gather information, deny information, or to disseminate it. Many hacktivists, or people who are out to hack digital networks to achieve a political or social goal, are into crashing systems, distributing information, or otherwise causing disruption. But there are some attacks, such as the attack on Sony by a group seeking to retaliate against the company for the film ‘The Interview’ which North Korea took great offense to. This attack hacked into Sony’s digital offices, and took important information (such as personnel files and taxes) and erased many files. Countries do sometimes get involved as well. For example, hackers from China have gained access to many U.S. military personnel files, new military tech blueprints, and secret information over the years.
In addition to information control, there are other forms of digital hacktivism. While some larger companies, and even governments, get involved in this, the hacker group ‘Anonymous’ is one of the most famed groups. They are known for their DDOS (or distributed denial of service) attacks that focus on denying access to websites or certain information, and then sharing their tactics publicly.
The area of cyberterrorism is vast and, at times, uncertain. Truly understanding the different actors that operate in this realm, as well as their digital practices, is vital to future security efforts.
Note from the Team
Even before the COVID-19 pandemic broke, we were starting to talk about issues like fake news, conspiracism, the harm that can come from the internet and cybertechnology and the shape of terrorism online. These next few Units deal with how cybertechnology is interacting with our global society. Most of us live on the surface web, the mainstream, readily accessible portion of the internet that is searchable through engines such as Safari, Firefox, Google Chrome or Internet Explorer. But the internet is not simply made up of the platforms that many of us are used to, there are many alternative platforms that are not as regulated as, or indexed by, the surface web. The opposite of the surface web is the dark web, which is more difficult to access but is unregulated and anonymous. The breadth of the security risk posed by internet actors is vast. The internet, dark or surface, is a medium for information sharing that is incredibly influential in many ways including the dissemination of hate speech, disinformation and cyberweapons like bugs and ransomware. Individuals can be radicalized through the internet and can radicalize others and can also impart harm on computer systems and critical infrastructure with few resources. Now, a savvy individual with a laptop computer can inflict damage on a nation-state on a scale heretofore inconceivable. Whether offensively or defensively, this anarchic, unconquerable cyberworld is impossible to completely secure and should be paid close attention.
Questions for Critical Thinking
- What do you think is the most important aspect of cyberterrorism?
- How can policymakers incorporate a gendered perspective into cyberterrorist policies?
- Is hacktivism an act of cyberterrorism?
- Does gender perspective make a difference when looking at certain activist groups?
- What do you think would constitute a cyberterrorist attack?
Questions for Further Research: Gender Component
Gender Analysis is necessary to cybersecurity as well as to understand and combat terrorist groups and acts of terror. Activists who push an agenda, such as the majority women group QAnon, Hacktivists who seek to gain information or combat certain social issues, or terrorist groups that focus on recruitment or real-world attacks all work in realms that require a critical gender analysis.
Activists and hacktivists are unique groups of people that either advocate for social justice issues, promote their Alt-right group values (which are typically drawn on lines of sexist gender or race views, or conspiracy theories), or seek to counteract certain discourses (or bring their own discourse to the public eye). Gender is a vital component of this area. Take, for example, the Proud Boys. This Alt-right group has virtually promoted in-person activities that have sometimes turned violent, such as marches or rallies, and they ‘root their advocacy in an uncompromising gendered world’ where women and girls are subject to slurs, restrictions, and predetermined roles. As gender is a key component of their activism, it has translated online, with many members of this group, some of whom are designated as extremists by the FBI, making digital threats and undertaking virtual harassment of women leaders and activists.
Hacktivists can be more difficult to understand regarding gender balance, as their members frequently remain anonymous. However, the gender dimensions of hacking are clear. A recent study shows that there are definite linkages between gender stereotypes and the types of hacktivism that is carried out. For example, the ‘female’ stereotype hacktivists would focus on dismantling male stereotypes and patriarchal norms, whereas the ‘male’ stereotype hacktivists would focus on politics or taking down corporations.
Understanding how terrorists view gender dynamics in their own ranks can greatly influence policymakers and practitioners to understand recruitment, retention, and various terrorist activities. In fact, a study found that certain traits accompanied potential terrorist sympathizers or future recruits. For example, domestic violence, negative views towards women, and gendered cultural traditions such as brideprice or dowry practices all played a role in forming a worldview that opens individuals up to radicalization, as well as maintaining strict gender stereotypes within organizations. Additionally, online recruitment mechanisms carried out by women were typically more likely to be successful if they targeted other women, as men were less likely to listen to them.
While there are many more examples, it is clear that a better understanding of how gender impacts cybersecurity and terrorism will improve policymakers, practitioners, and academics’ understanding of cyberterrorism in all its forms.
Gender Specific Readings
Articles and Reports
- Evolving Shades of Jihadism
- New Cyber Warning: ISIS Or Al-Qaeda Could Attack Using ‘Dirty Bomb’
- Institute for Strategic Dialogue Publications
- The Genesis of a Conspiracy Theory
- The Propaganda Pipeline: The ISIS Fuouaris Upload Network on Facebook
- A Safe Space to Hate: White Supremacist Mobilisation on Telegram
- Briefing Note The Management of Terrorist Content: How Al Qaeda Texts Continue to Evade Facebook and YouTube Detection
- ‘The Baghdadi Net’: How A Network of ISIL-Supporting Accounts Spread Across Twitter
- The Online Ecosystem of the German Far-Right
- Cyberterrorism: Defining the New Vector for the Tactics of Fear
- Radicalisation in the digital era The use of the internet in 15 cases of terrorism and extremism
- The use of the Internet for terrorist purposes
- A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time
- 8Chan: Should The Far-Right Website Be Kicked Offline Forever?
- WhatsApp Is Radicalizing The Right In Bolsonaro’s Brazil
- Encrypted Extremism: Inside the English-Speaking Islamic State Ecosystem on Telegram
- QAnon’s Creator Made the Ultimate Conspiracy Theory
- QAnon and Conspiracy Beliefs
- Opinion: Mothers for QAnon
- Women of the Alt-Right: An Intersectional Study of Far-Right Extremism, Gender, & Identity in the United States
- Recognizing the Violent Extremist Ideology of ‘Incels’
Alternative Platforms: There is no official definition to what an alternative platform is, but in the context of online radicalization these are the platforms groups will decide to use in order to get around content restrictions on mainstream social media sites. For example, YouTube cracked down on the spread of alt-right propaganda on its platform. This crackdown forced many alt-right content creators, pro-gun activists and conspiracy theorists to move to different platforms with less regulation. BitChute, for example, is seen as the alt-right version of YouTube.
Click on each link below to learn more about some of these platforms, how they work and how they can be used for radicalization.
Black Hat Hackers: Black hat hackers are individuals who use their knowledge of computers and information systems in order to exploit people for their own gain. Black hat hackers can do anything from spread computer viruses/malware or to gain access to sensitive information.
Bots:"A software program that can execute commands, reply to messages, or perform routine tasks, as online searches, either automatically or with minimal human intervention (often used in combination)"
Content Cloaking: "Cloaking refers to the practice of presenting different content or URLs to human users and search engines."
Cyberterror: "The politically motivated use of computers and information technology to cause severe disruption or widespread fear in society."
Deep-fakes: "The term deepfake is typically used to refer to a video that has been edited using an algorithm to replace the person in the original video with someone else (especially a public figure) in a way that makes the video look authentic."
Gamergate: On the surface, Gamergate is just an online harassment campaign deeply rooted in misogyny. In 2014, this campaign emerged and targeted women within the gaming industry. These women were sent rape and death treats and a few even had their addresses leaked to the public. Gamergate was a coordinated effort though and individuals organized on social media platforms like 8chan and Reddit. While Gamergate itself was horrific, the links to the modern day organization of the alt-right should not be diminished. There are many similarities between the way Gamergate was organized and the modern-day organization of the alt-right, especially in regards to their structure, organization, and the tactics they use.
Grey Hat Hackers: Grey hat hackers are neither seen as good or bad. These hackers will look for vulnerabilities in websites, without the consent of the owners, and will sometimes charge a small fee to change them. Sometimes, they may post these vulnerabilities online and let others take advantage of them.
Hacktivism: "Computer hacking (as by infiltration and disruption of a network or website) done to further the goals of political or social activism"
Hashtag Hijacking: Hashtag hijacking is typically a marketing term, but is also a tactic of online groups. Essentially, people will use a hashtag to promote their own visibility. For example, in June 2020, alt-right groups used the hashtags surrounding George Flyod's death and the Black Lives Matter movement to gain visibility and spread misinformation.
US Patriot Act: Stands for: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. This act is meant to bolster US counter-terrorism efforts by providing guidelines for deterrence and detection. The act allows federal officers to treat investigations into terrorist activities as they would an investigation for drugs/organized crime, thus allowing for increased surveillance. Additionally, the act removed communication barriers between federal offices and updated the punishments for terrorist activity within the United States. The Patriot Act also includes a section on making sure the US could combat digital threats.
QAnon: QAnon is a far-right conspiracy theory that says that governments all over the world, but especially the United States, are run by a cabal of Satan worshipping pedophiles. QAnon also alleges that Donald Trump is the only one who can stop this. The FBI has classified QAnon as a domestic terrorism threat. QAnon’s theories encompass a range. Some believe that Democrats eat babies, some believe that 9/11 was an inside job and others believe that the coronavirus pandemic isn’t real. The QAnon theory isn’t cohesive at all, but at its core, it is strongly anti-establishment. Religion also plays a major role in the spread of QAnon - both through the spread of these theories and the beliefs. Christaianity, particularly Evangelicalism, has been a hallmark of the spread. Pastors in churches all over the United States have spread the message of Q and others see Q as a sort of prophet. QAnon at its core is also deeply antisemtic. The core beliefs of QAnon are comparable to The Protocols of the Elders of Zion, which portrays Jews as enemies of the state. Adolf Hitler referred to this work in his early speeches and used this work as a way to bolster anti-semtic ideology. QAnon blames Jew within the US for financing the cabal of Satan worshipping pedophiles they believe are running the country and controlling the media. QAnon has spread widely inaccurate information from everything from the current California wildfires to the Coronavirus pandemic and has contributed to real world violence. In addition, QAnon supporters are running for office now. The most notable example is Majorie Taylor Greene who is running for a seat in the US House of Representatives. Greene has been vocal about her beliefs in QAnon and has even gotten the endorsement of President Trump.
Rabbit Hole Effect (Social Media Algorithms) : The rabbit hole effect refers to the way in which social media algorithms operate. There is no one algorithm for all these sites, but at their core these algorithms work to keep the user engaged in the content they are seeing and keep them on the platform. These algorithms can be harmless. For example, if you engage with a lot of cat videos on Instagram, you'll notice that your explore page will be filled with more cat videos. In short, platforms will show you more of the content you have interacted with in the past. However, this can be harmful. Individuals can be radicalized by social media. As with the cat videos, if someone engages with a conspiracy theory they will be shown more of that content. These platforms don't distinguish between a cat video and an alt-right conspiracy theory, they are simply trying to show you something that will keep you on the site and capture your attention.
Radicalization--Internet specific:"Online radicalization to violence is the process by which an individual is introduced to an ideological message and belief system that encourages movement from mainstream beliefs toward extreme views, primarily through the use of online media, including social networks such as Facebook, Twitter, and YouTube"
Ransomware: “Ransomware is a type of hacking which encrypts a users files and does not allow the user to access the data in these files. Typically, the hacker will ask for some sort of payment in exchange for de-encryption, hence the name ransomware.”
Sabotage:"Sabotage is defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information."
White Hat Hackers: White hat hackers are sometimes referred to as "ethical hackers". These individuals are sometimes hired by companies in order to find weak spots in a company's website or ways the company could be hacked and fix them.
Surface Web: This is the part of the web that is easily accessible and includes sites like Google and Bing and is accessible through mainstream search engines. The "surface web" makes up the smallest percentage of all sites on the internet.
Meet the Decoding Cybersecurity and Technology Team!
Maeve Murphy is the creative director of the WIIS Cybersecurity & Technology project. Maeve oversees the creative direction of the project, manages content, and is the primary contributor to the main project initiatives such as the Study Guide, WIIS Blog submissions, and content curation. Maeve brings her background in international affairs, intersectionality, gender inclusivity in peace processes, warfare, and identity and peace processes to the project. Her inspiration for this project came in March 2020 when the WIIS office went completely online due to the COVID-19 pandemic and began to focus on virtual security measures for the office. In light of the ‘new normal’ Maeve recognized the need for a broader understanding of the cybersecurity realm, and, using her skills and expertise, is focused on bringing an intersectional approach to this field.
Kayla is the policy mind behind the WIIS Cybersecurity and Technology project. Kayla contributes her background in gender analysis, data gathering, and understanding of a feminist analysis of international security issues to the project. She also contributes her experience working with and consulting various US government agencies and international organizations on the topics of gender, terrorism, culture and warfare, and on data collection, retention, and use. Using her expertise in research, data analysis and policy writing, Kayla is contributing to the Cybersecurity Study Guide, as well as contributing to the forthcoming Cybersecurity & Technology PolicyBrief.
Roksana is the research powerhouse that drives the WIIS Cybersecurity and Technology project. She is the primary contributor to the Cybersecurity Study Guide index and resource page. Her organizational prowess and thoroughness have supported the project and the team. Roksana has also continued to provide excellent technical support in helping to build the Decoding Cybersecurity and Technology web platform. In addition to her key role as the team leader for communications, Roksana brings her background in research, international affairs, peacebuilding, and knowledge of personal data security to the project.