The increasing use of technologies by law enforcement organizations has opened them to a new risk: offensive cyber operations by terrorist groups.
Just like everyone in today’s digital environment, terrorists rely on the internet and digital technologies to support their organizational activities and attain their goals. Stricter border defenses have limited the operational effectiveness of terror groups, which is why they’re now using virtual means to execute their offensive plans.
Law enforcement organizations are among the prime targets of terrorists having cybercrime capabilities. Terror organizations could hold the internet systems of law enforcement agencies hostage, destroy evidence, steal critical data, and endanger public safety.
Law enforcement departments using outdated technologies and lacking strong cybersecurity defenses are particularly vulnerable. Terror organizations with cybercrime expertise could easily exploit these weaknesses to carry out offensive cyber operations.
Terrorists are growingly improving their computer skills and collaborating with hackers to launch attacks against critical government infrastructures and law enforcement agencies. Cybersecurity experts have already warned that extremist and terrorist organizations based in South Asia and the Middle East are partnering with cybercriminals to launder money and target police and other security agencies.
The strong linkages between terrorists and hackers could refine the former’s computer and IT skills. This means they could get expertise in offensive cyber operations and use the same to target law enforcers. The 2005 terrorist attacks in England are examples that terrorists and their sympathizers with huge technological manpower are already present in our society.
The June 2020 cyberattack on the Minneapolis city government and law enforcement computers exposed law enforcers’ vulnerability to cyber-attacks. While the attack was carried out by hacktivists to protest the killing of George Floyd, terror organizations could easily exploit such vulnerabilities and carry out operations that could endanger public safety and national security.
Another incident of law enforcers falling victim to cyberattacks happened in Dec. 2016 when a law enforcement agency in Texas experienced a phishing attack. Reports suggest that the incident occurred after one of the agency’s employees clicked on a phishing email link. The attackers stole a massive cache of digital files, including critical video evidence.
In March 2018, cybercriminals targeted the Atlanta Police Department and servers of the city government with ransomware. During the same period, cybercriminals launched denial of service attacks against the City of Baltimore. Also, in Oct. 2016, the 911 centers in 12 US states were targeted with denial of service attacks, compromising public safety.
In January 2021, cybersecurity firm Clearsky said they identified at least 250 servers hacked by Lebanese Cedar, a hacking group linked to the Hezbollah militant group.
“Law enforcement IT systems are one of the key targets of terrorists. Some groups leverage offensive cyber similar to advanced persistent threat (APT) groups and nation-states leveraging zero-day exploits, sophisticated methods of vulnerability exploitation and proprietary tradecraft” – said Andrei Komarov, cybersecurity expert, who previously investigated high-profile cyber attacks including Yahoo! data breach.
“By attacking those systems terrorists are aiming to collect important information for them, including details of law enforcement and intelligence staff, their missions and objectives, as well as search warrants and other details which may signal their members about risk” – added Gene Yoo, CEO of Resecurity, Inc, Los Angeles-based cybersecurity company.
These incidents underscore the importance of cybersecurity and better and advanced cyber defenses for law enforcement agencies.
A close collaboration between the government, law enforcers, and cybersecurity experts can protect law enforcement organizations from offensive cyber operations carried out by terrorist groups. At the same time, cybersecurity training and awareness programs for law enforcement and security personnel could go a long way toward preventing possible breaches.
Government decision-makers and leaders of law enforcement agencies must take proactive actions to make cybersecurity a top priority. Doing so will help prevent the looming threats to public safety and national security.