Executive Summary 13 Chapter 1. Introduction I. Research Purpose 1 II. Research Scope and Content 2 III. Research Method 10 Chapter 2. General Issues of of Cyberterrorism I. Definition of Cyberterrorism 13 1. Introduction 13 2. What is Cyberterrorism? 14 3. Definition of Terrorism, Cybercrime, and Cyberterrorism 16 A. Comparison between Related Concepts 16 B. Cyberterrorism vs. Information Warfare 20 C. Cyberterrorism vs. the Terrorist Use of the Internet 22 4. Typology and Threat of Cyberterrorism 22 A. Cyberterrorism Threats to Critical Infrastructure 23 B. Debate on the Threat of Cyberterrorism towards Critical Infrastructure 26 C. Cyberterrorism Threats to Information Systems 27 D. Other Threats from Cyberterrorism 29 E. Fear of Cyberterrorism 31 5. Case Studies of Cyberterrorism Attacks 33 A. Information System Attacks 33 B. Logic Bomb Case 35 C. Conficker Worm 35 D. Stuxnet Worm 36 E. Distributed Denial-of-Service(DDoS) 37 F. The Use of the Internet by Al Qaeda 37 6. Typology of Cyberterrorism 39 A. Basic Typology 41 B. Detailed Typology 43 7. Conceptual Overview from an Overall Perspective 43 A. Introduction 44 B. International Conceptualization of Cyberterrorism 45 C. Discussion 48 II. International Cooperation System in Cyberterrorism Response 52 1. International Characteristics of Cyberterrorism 52 A. International Perspectives on Cyberterrorism 53 B. The Experiments on Cyberterrorism 56 2. Rules, Conventions and Laws regarding International Cooperation 56 A. Establishment and Operation of International Rules 56 B. Relationship with Cybercrime 57 C. International Cooperation and Jurisdiction 58 1) International Cooperation 58 2) Jurisdiction 62 3. International Conventions 65 A. The Montreal Convention 65 B. The Convention for the Suppression of Terrorist Bombings 66 4. Conclusion 67 III. Analysis of Cyberterrorism Response System of Major Countries 71 1. Cyberterrorism Response System of the United States of America 71 A. Overview 71 B. Cyberterrorism Policy 73 1) Before the 911 attacks 73 (1) Law 73 (2) Other Policies 75 2) After the 911 attacks 76 (1) National Strategy for Establishing Cyberspace Security 76 (2) National Strategies against Threats to Cyberspace and its Vulnerabilities 77 a. Threats to Cyberspace and its Vulnerabilities 77 b. National Policy and Principles on Cyberterrorism 79 C. The Legal System 31 1) The USA Patriot Act 81 (1) Main Contents of the USA Patriot Act 81 (2) Problems of the Patriot Act 86 2) The Cyber Security Enhancement Act as Incorporated into the Homeland Security Act 89 (1) Contents 89 (2) Problems of the Homeland Security Act 94 3) The Cyber Security Research and Development Act 95 (1) Contents of the Cyber Security Research and Development Act 95 (2) Problems of the Cyber Security Research and Development Act 96 4) Other Efforts to Deal with Cyberterrorism 97 D. Organizations against Cyberterrorism 98 E. Law Enforcement and Prevention 98 1) Law Enforcement Response to the Cyberterrorism Threat 98 (1). Law Enforcement in the Cyber World 99 (2) Need for Federal Cooperation and Guidance 100 (3) Global Cooperation in Cyberterror Enforcement 102 2) Prevention Efforts from State/Local and Federal Law Enforcement Agencies 103 (1). Prevention at the Federal Level 104 (2) Prevention at the State/Local Level 105 3) Educating the Public and Corporate Entities on the Cyberterrorist Threat 105 4) Law Enforcement Training Initiatives to Combat Cyberterrorism 107 5) Research on Law Enforcement and Cyber Terrorism 109 2. Cyberterrorism Response System of the United Kingdoms 110 A. Overview 110 B. The Legal System 111 C. Organizations against Cyberterrorism 111 3. Cyberterrorism Response System of the Federal Republic of Germany 113 A. Overview 113 B. Legal System 113 C. Organizations against Cyberterrorism 114 4. Cyberterrorism Response System of the French Republic 115 A. Overview 115 B. Legal System 116 C. Organizations against Cyberterrorism 117 5. Cyberterrorism Response System of Japan 117 A. Overview 118 B. Legal System 119 C. Organizations against Cyberterrorism 121 6. Cyberterrorism Response System of India 123 A. Overview 123 B. Legal System 123 C. Organizations against Cyberterrorism 129 7. Implications 130 8. Conclusion 135 Chapter. 3. Terrorist Use of the Internet and Counterterrorism Measures I. Introduction 137 II. Theoretical Discussions 139 1. Terrorist Use of the Internet and Cyberterrorism 139 2. Physics and Strategic Advantage of Cyberspace 142 3. Threats from Cyberspace and Existential Crisis of Nation-State 145 III. Terrorist Threats though Cyberspace: Terrorist Use of the Internet 149 1. Terrorist Use of the Internet 149 2. Types of Terrorist Use of the Internet 151 A. Propaganda 151 B. Financing 153 C. Training 155 D. Planning 156 E. Execution 157 F. Cyber-attacks 159 3. Terrorists' use of the Internet 160 IV. Transformation of Mode of Warfare: Marriage between Terrorism and Cyberspace 162 1. Overview 162 2. Marriage between Terrorism and Cyberspace 164 3. Qualitative Changes on Mode of Warfare 166 4. The Fifth Generational Warfare 168 V. Counterterrorism Measures: C&C(Communication & Cooperation) and Infiltration 175 1. Overview 175 2. Counterterrorism Measures against Terrorist Use of the Internet 176 VI. OSINT(Open Source Intelligence) as a Counterterrorism Measure 179 1. Overview 180 2. The Concept of OSINT 180 3. OSINT Practices 181 4. Things to Consider for the Use of OSINT 184 VII. Conclusion 187 Chapter 4. Terrorist Use of the Internet: an Analysis of Strategies, Objectives and Law Responses I. Introduction 189 II. The Strategies Used to Harness the Power of the Internet 194 III. Understanding the Rationale for Using the Internet 203 1. Propaganda 204 2. Recruitment & Radicalization 208 3. Strategic Tactics 213 IV. Law Enforcement Response to Terrorism on the Internet 218 V. Conclusion 227 Chapter 5. Current Status of Cyberterrorism in the Republic of Korea I. An Overview of the Republic of Korea's Penal Measures and Cases pertaining to Cyberterrorism 233 1. Overview 233 2. Case Study of Cyberterrorism in Korea 233 A. Major Cases 233 1) The 2003 January 25th Crisis 233 2) 2004 Government Institute Hacking Case 234 3) 2009 North Korean July 7th DDoS Attack 235 4) 2011 North Korean March 4th DDoS Attack 235 5) 2011 National Agricultural Cooperative Federation (NACF) Hacking 236 6) Central Election Management Committee Cyberterrorism Case 236 B. Implications 237 3. Analysis on Cyberterrorism Penal Measure in Criminal Law 238 4. Analysis on Cyberterrorism Penal Measure in Special Law 244 A. Act on the Protection of Information and Communications Infrastructure 244 1) Background 244 2) Behavior Pattern and Statutory Punishment 245 3) Examination 246 B. Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. 247 1) Background 247 2) Behavioral Pattern and Statutory Punishment 248 3) Examination 251 C. Special Law relative to Regulations on Cyberterrorism 253 D. Conclusion 258 II. Response System and Conditions on Cyberterrorism in the Republic of Korea 259 1. Cyberterrorism Cases 259 A. Overview 259 B. Case Analysis on July 7th DDoS Attack 262 1) Outline of the Organization of July 7th Attack 262 2) Characteristics of July 7th DDoS Attack 264 (1) Constructing Automatic Attack System 264 (2) Using Network-type C&C Server 265 (3) Zeroday-type DDoS Attack 266 2. Overview of Response System on Cyberterrorism 266 A. Legal Foundation on Cyberterrorism 266 B. Response System on Cyberterrorism 268 C. Master Plan for National Cyber Security 269 D. Reestablishment of its Function and Role 269 3. Problems Confronted by Response System on Cyberterrorism 270 A. Initial Response and Variety of Legislations Causing Confusion 270 1) Lack of Systemized Legislation 270 2) Limitations in System of Initial Threat Estimation 271 3) Limitation in Initial Attribution of the Attack 271 B. Limitation on Cooperation with Information Institutes and Law Enforcement Agencies 274 C. Limitation on Expedited Responses due to Division of Functions amongst Public, Private, and National Defense 275 III. Countermeasures for Cyberterrorism 275 1. Intelligence 276 2. Expert System and Founding National Digital Evidence Research Institute 276 3. Improvement on Cyberterrorism Legislation 277 A. Necessity of Enacting Legislations on Cyberterrorism 277 B. Necessity for Act on Zombie PCs 279 C. Restricting the Remote Update Function 280 D. Recommending Diversification in Operating Systems and Installation of Firewall Programs 280 E. Fostering Professional Investigators 280 4. Examination of Cybercrime Investigation Cooperation System 281 A. Private-Private Cooperation 281 1) Necessity 281 2) Countermeasure 282 B. Law Enforcement-Private Cooperation 282 1) Necessity 282 2) Countermeasure 283 C. National LE-National LE Cooperation 284 1) Necessity 284 2) Countermeasure 285 Chapter 6. Conclusion 287 Reference 305 Abstract 327

I. Research Purpose   After the 911 attacks on the 11th of September, 2001, terrorism has evolved to a new form of terrorism and this new form of terrorism has become more networked, diverse, and complex. In the center of this evolution is cyberspace being used as a means of terrorism. With the coming of the information age, cyberspace pervades many aspects of our everyday life, both real and imaginary, and directly influences our life and society. Thus, it is hard to simply ignore cyberterrorism and threats to cyberspace, which is already deeply ingrained into our everyday life. Cyberterrorism threatens our live in diverse ways. For example, recent DDoS attacks and hacking of national government agencies initiated from China prove these threats are real. Examples of direct forms of cyberterrorism are DDoS attacks, the Stuxnet worm, hacking and use of botnets. Other forms of cyberterrorism are utilization of the Internet for logistics of traditional terrorist activity, recruitment, propaganda, training, education, financing, command & control, and procurement of supplies. UNODC defined this type of activity as "the use of the Internet for terrorist purposes" and classified this as issues with special concerns. In particular, after the 911 attacks, there is no systematic analysis of the characteristics and the level of threat of various types of cyberterrorism, and most of the existent policies are narrow and solely focus on technical matters. UNODC recognizes cyberterrorism as a fundamental risk to national security and takes comprehensive approaches on cyberterrorism. Cyberterrorism is globally recognized as fundamental threats to national security as well. Therefore, there is a need to look into the topic with a more strategic approach, and consider more systematic and inclusive policies and responses. In this regard, this research aims to introduce cyberterrorism as a new form of threat to our society, which reflects the distinctive characteristics of information society of the 21st century. By promoting public awareness of this threat, mass confusion can be prevented in case of a real cyberterrorist attack. Also, through analysis of new trends of cyberterrorism, this research intends to propose effective and systematic responses to cyberterrorism.   II. Research Scope and Content   This research is an international joint research conducted as a part of UN Cooperation. Foreign agencies and experts participate in this research. This research intends to come up with effective, systematic, legal and political countermeasures by conducting scientific research on cyberterrorism, which threatens not only our everyday lives, but also national security. Primary research method is review of legal systems and ary evidence. The study is conducted cooperatively with foreign counter-cyberterrorist agencies and professionals whose empirical methodologies use qualitative data such as interviews with specialists and professionals in the fields and press release. Also, the most important theme dealt by UN agencies and international society, use of the Internet for terrorist purposes, is included in the study. As terrorists use the Internet as a means to committing terrorist acts, there is necessity to conduct research on this emerging issue. Thus, this study aims to analyze trends of cyberterrorism and propose countermeasures. For this purpose, Yoon, Hae-sung(Associate Research Fellow, Ph.D. in Law) jointly conducted this research with eminent professionals in terrorism fields namely Joshua Freilich(Associate Professor, John Jay College of Criminal Justice, Director of START program), Steven Chermak(Professor, Michigan State University), Robert G. Morris(Assistant Professor, The University of Texas at Dallas), and Yun. Minwoo(Professor, Department of Police Science and Security, Gachon University). The joint researchers from different specializations divide their roles as follows. First, Yoon, Hae-sung, as the principal researcher, i) organizes contents of the joint researchers’ study to avoid repetitions and gives feedback to improve quality of this research by complementing and amending the materials within researchers’ initial intention, ii) tries to conceptualize cyberterrorism and suggest ideas to facilitate international cooperation after reviewing response systems with other joint researchers, iii) analyzes and compares legal systems of different countries to find drawbacks in the system, and discuss implications of the findings, iv) analyzes South Korea’s penalty code regarding cyberterrorism and the current status of cyberterrorism in South Korea, and reviews response and cooperation systems against cyberterrorism, v) sums up joint materials and discusses overall proposals on countermeasures against cyberterrorism. This covers chapter 1, chapter 2, chapter 5, and chapter 6. In chapter 3, Professor Yun, Minwoo empirically analyzes interviews of professionals on activities of law enforcement and intelligence agencies on use of the Internet for terrorist purposes in the United States and European countries. Also, he tries to suggest solutions on problems regarding cyberterrorist acts by traditional terrorists. According to Yun’s research, Terrorism can be categorized by the type of support activities conducted for an attack and the organization itself. Such activities can be intelligence, human resources, recruitment, training, education, propaganda, instigation, financial support, weapon supplies and other forms of support activities. The advent of cyberspace has made such support activities easier, more clandestine, less costly and faster. This allows terrorists to act with more destructive impact with less resources and capabilities. On the other hand, it makes counter-terrorist activities, such as detection and elimination of terrorists and prevention of terrorism, more difficult for government agents. As such, this research discusses the terrorism of today that occurs not only in the real space consisting of sky, ocean and earth, but a new form of real space consisting of cyberspace. Also, against the backdrop of convergence of national security, public security, crime and warfare, this research discusses the threat against national security of complex terrorism, and presents the relevant counter-terrorist response systems in major international institutions and countries. For this purpose, this research synthesizes materials from observations, training sessions, seminars, conferences during visits to the United States, the Russian Federation, Israel and Austria during the last several years, and materials from interviews with various professionals on the subject through various opportunities such as personal contact, and materials from official reports and academic papers from various national security think tanks and government agencies, and also media reports. Through this synthesis of materials from diverse sources, this research describes the reality of the threat of a more complex form of terrorism of today observed in various major countries around the world and integrative counter-terrorist response systems in international institutions and individual countries. Joint researcher Professor Joshua Freilich categorizes cyberterrorist cases after the 911 attacks into a typology, explicates the characteristics of each type of cyberterrorism and discusses their implications. Also, with another joint researcher Professor Steven Chermak, he conducted a research on enforcement of the law on the use of the Internet for terrorist purposes in the United States. This research material is covered in detail in chapter 4. In this research, a review was conducted on previous research on how the Internet is used by terrorists, political extremists and their supporters, and three major issues are extrapolated for discussion, which are as follows. First, the research examines how internet is being used by terrorist organizations, and discusses the contents posted on websites of terrorist organizations. Second, the research discusses purposes of terrorist organizations for using the Internet, and emphasizes the reason why terrorist organizations use the Internet as one of their resources. Third, the research examines how law enforcement agencies respond against terrorist threats from the Internet. Results from Freilich’s research indicate terrorist organizations use the Internet for various purposes. Accessibility of prohibited information on the Internet makes it a useful propaganda tool for terrorist organizations, and another advantage of the Internet for terrorist organizations is that they can contact potential recruits through websites, chat rooms and online discussion pages. Also, information on tactics, ways to collect information on targets, ways to avoid capture can be found on the Internet, making it a valuable tool in performing certain operations. Meanwhile, law enforcement agencies are aware of the emerging threat of use of the Internet by terrorists, and police response to this threat is mainly strategic, focusing on establishing the necessary infrastructure and policy mechanisms. Furthermore, emphasis is given to the importance of understanding the relationship between terrorism and technology in the evolving information society Results from Chermak’s research indicate law enforcement agencies attempt to monitor use of the Internet by terrorists, and this involves several tasks in the process. First, law enforcement agencies must expand their technological capability to monitor targeted terrorist organization. As strategies to disseminate information via internet keep evolving, understanding implications from the information is getting harder. Second, it is difficult to focus on a specific target, because interactions in cyberspace is almost exclusive. Third, while there are positive changes in law enforcement agencies such as establishing information reception capabilities and improving information sharing across all agencies, but there is still room for improvement. Most major terrorist organizations pose a threat to the world, and this requires international cooperation between government agencies. The point is that significant time and effort is needed to establish relations and trust to develop a cooperative relationship. Joint researcher Professor Robert G. Morris’s research proposes counter-cyberterrorist policies based on legal responses and cyberterrorism trends in the United States. This research material is covered in detail in chapter 2.In this research, it is pointed out that in case of the United States, although there is no definitive evidence that there was a cyberterrorist attack against her citizens, nevertheless there were a political cyberattacks in the past, and therefore a real cyberterrorist attack is only a matter of time. Thus, efforts at all levels of law enforcement agencies are necessary to deal with cyberterrorist attacks and prevent them. Also, it is of utmost importance that threat and impact of cyberterrorism be minimized through education programs on cybersecurity for the general public and the private sector. In light of this, the research examines law enforcement response systems, international cooperation, and education and training programs for the general public and the private sector on the cyberterrorist threat. Furthermore, the research examines trends in academic research in the United States on cyberterrorism, and discusses the future prospect of this trend in chapter 6. The basis of this research scope is first the difficult task of conceptualizing cyberterrorism, and second the important consideration that this is an international joint research. Conceptualization of cyberterrorism affected the entire organization of this research, and the efforts to integrate research materials was an almost impossible task due to different thoughts and research materials from different joint researchers. Furthermore, this was a multidisciplinary research, with researchers specializing different fields of expertise such as the law, criminology and international law. This diversity inevitably lead to different arguments and conclusions from different joint researchers, each with their own conceptualization of cyberterrorism. To integrate this diverse research material, the principle researcher took a broad approach to the conceptualization of cyberterrorism. Another important factor in the decision to use the broad conceptualization of cyberterrorism is that it includes the ‘Terrorist use of the Internet’ of the UNODC as an aspect of cyberterrorism. Despite the logical fallacies in dealing with cyberterrorism in general and use of the internet by terrorist organizations as the same subject matter, this field is rapidly emerging, and the current trend of the conceptualization of terrorism is becoming more inclusive and broader after the 911 attacks, and thus the same trends in the conceptualization of cyberterrorism is an issue that cannot be ignored. Broadening of the conceptualization of terrorism is inextricably linked to the broadening of the conceptualization of cyberterrorism. Therefore, terrorist use of the Internet should be examined as a form of cyberterrorism. With these considerations in mind, the broad conceptualization of cyberterrorism was necessary for setting the scope of this research, integrating research materials on trends of terrorist use of the Internet, counterterrorist measures, strategy and objectives on the use of the Internet by terrorist organizations and law enforcement response to cyberterrorism. With this research scope, this research is organized as follows. Chapter 1 examines trends of cyberterrorism and responses to cyberterrorism and discusses necessity and purpose of this research. Chapter 2 reviews general issues of cyberterrorism. This chapter is divided into 3 parts, which are definition of cyberterrorism, international cooperation system in cyberterrorism response, and analysis of and implication from cyberterrorism response system of major countries. Chapter 3 explains terrorist use of the Internet and counterterrorism measures. The discussions go through part 1 and part 2. In relations to terrorists use of the Internet, terrorist threats though cyberspace is reviewed in part 3. In following parts 4 and part 5 transformation of mode of warfare and counterterrorism measures are reviewed. Lastly, in part 6, Open Source Intelligence is suggested as a counterterrorism measure. In Chapter 4, strategies, objectives, and legal response revolving around terrorist use of the Internet is analyzed. This chapter consists of 5 parts, which are introduction, the strategies used to harness the power of the Internet, understanding the rationale for using the Internet, law enforcement responses to terrorism on the Internet, and conclusion. Chapter 5 introduces current condition and legal system of cyberterrorism in the Republic of Korea. In part 1, the author overviews the Republic of Korea's penal measures and cases pertaining to cyberterrorism. Part 2 introduces response system and conditions on cyberterrorism in the Republic of Korea, and countermeasures for cyberterrorism in the Republic of Korea is referred in Part 3. Last in chapter 6, core issues from each chapters are summarized. and implications from the research are suggested. Also, trends in academic study on cyberterrorism and importance of further research are pointed out.