Dr. Rajash Rawal is a researcher at the European Public Management Research Group and a lecturer at the Haagse Hogeschool in the Netherlands, but most of all he specializes in the role of media in European politics. Rawal has published and contributed to many articles regarding the topics of e-democracy, e-government, social inclusion and Cyberterror and its impacts on freedom and security in the Web. Having had Rawal as a lecturer here in The Hague, when I started doing some research on cyberterrorism I thought that, with his background, he would be the perfect candidate for a cyber-terrorism 101 interview. Hope you find it as stimulating as I did.
Q: Cyber-terrorism has been a big threat to governments for a long time. What do you think, generally speaking, are cyber-terrorism’s greatest weaknesses and greatest strengths?
A: I suppose the greatest strength is that, from the eyes of the terrorist, it is total anonymity and unpredictability. So think, for example, if you have a bomb you still have to go through the process of putting it there and you still have to go through the process of perhaps warning somebody that you’ve done it, if you like. On the other hand, in cyber-terrorism that’s not necessary, there’s absolutely no way anyone can know if an attack can happen and in that sense it debilitates the system quite quickly. So that is its greatest strength, from the eyes of a terrorist.
Its greatest weakness from the eyes of the terrorist is that, to a certain extent, it requires technical knowledge and this is where we have a difference between cyber-terrorism and terrorism with the use of the Internet.
The difference is that for example, the 9/11 bombers bought their tickets online, so this shows how on the Internet there’s a whole new market to purchase, to learn.. I mean, yesterday the big news was a Texan man who posted online how to make a gun with a 3D printer. To be perfectly honest, I don’t know how many people own a 3D printer, but ok. So that is use of the Internet for, in a sense, terrorist means. I’m not saying the man is a terrorist but that is what it is. Whereas cyber-terrorism, the recent attack on Dutch banks, the recent attack on newspapers, etc are different. You need to have technological know-how to do that, you can’t just do that yourself. Ironically, you can probably find how to do that on the Internet but you’ll still need to know how to push all the right buttons in the right places.
Q: Years back, when the topic of terrorism would come up, one would think that “what happened over there won’t affect us over here”, but with cyber-terrorism, the risk of anyone being a target no matter where they are, has increased. How do you think governments should deal with this type of decentralized threat?
A: Well they can’t, basically. That’s the doom and gloom. The governments will never present something that they can’t stop, make us feel safe, can’t control. There’s always going to be a side of denial, if you like. But how can you stop something if you don’t know where it’s going to happen? How can you prevent something if you don’t know what its target is? So in that respect I don’t think it can deal with a decentralized threat in terms of eradicating it. However, it can be better prepared for it and that’s 90% of where the problems are. The big attraction for the cyber-terrorist is that huge amounts of data, personal data, information data, is out there online and in big quantities. Until very recently, we used to think- I used to think- that the private sector was very good at policing that. Very few big companies have been breached. SONY was breached a few years back and now we’ve had this state where the banks have been attacked in the Netherlands, but they spend money to keep themselves safe. If you think about it, Apple, for example, is very very safe; I’m not saying it can’t be attacked but it’s very unlikely. Governments don’t spend money on this. Governments basically went to the E-Government model because it was cheaper, but they didn’t invest in the infrastructure or in making sure that the systems where they are putting all of this data is safe. So, obviously, it becomes attractive to terrorists, the more information is out there, the more you can attack that information. So what the governments should do, what they didn’t do, is invest enough money there. This is what a lot of governments around are noticing, one of the first things Obama stated when he went into government was that they had to address the online security of the Pentagon. This bamboozles the general public but that’s the case, they didn’t really spend enough money. So that’s one way that they can deal with this as well. They can never stop it, because even conventional terrorism can’t be stopped- who would’ve thought somebody would bomb the marathon in Boston? There’s a certain amount of, and I use the word loosely, “imagination” in terrorism that you can never eradicate, I think. But governments should be better equipped to deal with it and that implies spending money.
Q: It has been said that Internet and social media were the main weapons of the Arab Spring. Would you agree with this statement?
A: No, I wouldn’t. Change was always going to come. What the Internet did was facilitate the change to happen quicker, but I wouldn’t say it was the main weapon but rather, a catalyst. The same thing has happened with Central and Eastern Europe, there was always going to be change, the fact that Gorbachov allowed certain freedoms meant that it was going to happen quicker, because he allowed certain countries to go first. The same thing happens here, if you think about the statistics there is plenty of information on the use of Facebook and Twitter in Syria and it was actually quite low when it started. It was only two months, I mean the actual uprising started a lot earlier before we got to hear about it, that there started to be better access to Facebook and Twitter and so on. What it did do, and this is where it was successful, is that it raised our attention towards it, so it got the fuel of recognition that the activists, the protesters, needed. But it didn’t change anything there, it didn’t make more people go out on the streets because half of these people didn’t have Facebook and that is because to have Facebook you need the technological know how, to have an IP address elsewhere, etc. I don’t think that it was the main weapon, but it certainly facilitated the process.
Q: There has been a lot of talk about the increasing presence of “hacktivism”, especially with the role it had during the Arab Spring and more recently, in Syria. In what ways do you think hacktivism has evolved?
A: It has become more sophisticated. It has become easier to do so you don’t need as much technical knowledge to debilitate a site as you used to before and, in some ways, it attacks the credibility of particular sources. We don’t know what real information is anymore, and some sites have been attacked in such a way that you don’t really know they’re being attacked, so you can channel people off without them even realizing it. Another example of how sophisticated this can be, not particularly related but easy to understand, is Amazon: you have to be very careful when you buy something because there’s a page where you go to pay that takes you to a completely different site, and you’re paying into someone else’s bank account! And you really wouldn’t notice, the real difference is the address in the address bar, but how many people look at the address bar of a link? Less than 5%. This is what happens here as well, I think, and this has positive and negative aspects too. With regards to the Arab Spring we can look at hacktivism as a positive force, because it attacked government credibility- if we’re assuming that the government is bad- but then there’s the flipside where the government is in fact attacking the so-called rebels and is crediting them. It has become a battle ground, it has become a field of war, and that’s one of the things where I think has evolved.
5. A couple of weeks ago there was a scandal about Twitter being hacked by the Syrian Electronic Army..Do you think these types of attacks achieve the purpose they are meant to have?
It’s about credibility. One of the things that Twitter managed to do was come out of the Arab Spring as being one of the saviors, it was one of the things that saved the people. Again, whether that’s true or not I would debate it, but there is a sentiment that it did and the people felt that was as well, even though most of the people didn’t use it, they still felt it liberated them. So, yes, if it can take away a force that people feel has helped them, then it means it succeeded. I think it can, but we have to keep in mind the credibility factor because we don’t know what is out there and there is so much malicious spread that was put out there by the Syrian Electronic Army that it suddenly feeds doubts of who’s side is who on.
Q: The Syrian Electronic Army has stated that their main goal is that of fighting the distorted representation, shown by Western channels, of what is happening in Syria, however, they deny affiliation with the government. Do you believe them to operate independently or do you, like many, consider the idea that it was founded by Assad long ago?
A: I don’t know if it was actually founded, I think there is definitely some form of affiliation. The question is whether it was a long time ago because I don’t think there is enough long-term perspective, going historically, as to whether or not somebody would do such a thing. But it’s very dangerous, look at what happens with the Red Army, the Red Army have a cyber faction, although the Chinese government denies it despite the clear evidence. I think the same thing happens here, I think it’s a group that was created with a particular stamp-point, a particular view, but whether or not its directly affiliated to the government or the government is just riding in on its storm and viceversa I don’t know. But it’s not independent, I don’t think it can be.
7. If someone reading this interview wanted to work in an area such as cyber-terrorism, what would you advise them to study or do?
The thing about the studies is that it’s very difficult because it’s very new. When I started doing research on cyber-terrorism, about 6 or 7 years ago, the nice thing was that there was very little that had been done, so it’s all speculation. In that respect the point is also that technology is changing all the time therefore it’s very difficult to know what the weaknesses and strengths of that technology is. So the studying, I think, is still conventional terrorism because in order to understand what the cyber-terrorist wants, you just take away the “cyber” and try to understand what the terrorist wants. You need to understand what the purposes and means of terrorism are, cyber is just a tool, and like I previously mentioned, there’s discrepancy between what is direct, technological cyber-terrorism and what is using the Internet to promote terrorist means; like having a website. Conventional terrorism would be an advisable study area and I suppose the most important thing is to keep an open mind. As easy as it sounds, it’s very very important to realize that terrorism is not just the killing of people, it involves the killing of people but you could also say that its an illegal warfare; it is a warfare and there are always two sides to this. In order to understand this you have to really try to look at why people are doing what they’re doing and that’s why you get that blur, because often it’s just the oxygen of publicity, but sometimes there’s a real political cause behind it and you have to try to understand why they have this political cause.
Interview by Chiara Romano Bosch.