An interesting question related to the new, current ecosystem that sees the virtual world and the real world by now inevitably coexisting.
Following the hacker attack on the Colonial Pipeline, Melissa Hathaway, a consultant to the Biden administration for cyber security, had stated that hackers are terrorists, urging to start calling them with this term and to open investigations for terrorism, as in fact happened in Italy following the ransomware attack that hit the servers of the Lazio region, which the anti-terrorism pool is also investigating.
But can we really define cybercriminals as terrorists? In the common imagination, the term terrorism certainly recalls that of Islamic origin, with the massacre of 11 September or the numerous attacks in the Middle East and African countries with Boko Haram, or the Red Brigades and the years of lead in Italy. But few people would immediately associate the term terrorism with a hacker who encrypted files and then demanded a ransom.
It is difficult to define terrorism
In fact, the definition of terrorism is not so immediate and clear and has been much debated over time. In 1937, in the context of the League of Nations Convention for the Prevention and Punishment of Terrorism, which never entered into force, it was made an attempt to define terrorism as "criminal acts directed against the State in which the purpose is to cause terror in the population or in groups of people. "
In 1972 the United Nations, in the first resolution on international terrorism, spoke of what "threats or takes away innocent human lives or endangers fundamental freedoms" while in 1994 in a declaration also in relation to the elimination of international terrorism there is talk of "criminal acts intended or calculated in order to provoke a state of terror in the general public by a group of people also for political purposes".
In 2001, the European Union in common position 2001/931 / CFSP defines terrorist acts as intentional acts which by their nature can cause serious damage to a country or an international organization, are considered crimes according to national law and are committed at purpose of intimidating the population, forcing the public powers to perform or not to perform any act, seriously destabilizing or destroying the fundamental political, constitutional, economic or social structures of a country or an international organization. Specifically, a series of acts are listed, among which there is also the destruction of government or public structures, transport systems, infrastructures, including information systems, which can endanger human lives or cause considerable economic losses.
Cyber terrorism? Cyber war?
The difficulty of establishing a certain definition of what is meant by terrorism is evident, but also the need to take into account the evolution that has taken place in the technological and IT fields. In an increasingly interconnected world, a hacker attack can truly undermine the safety of the population. The attack on the Colonial Pipeline, dating back to last May, in fact, led to the blocking of almost half of fuel deliveries in the eastern part of the United States. And if the repercussions on the population of a hacker attack are probably not even always foreseeable or intended, it is certainly very realistic to wait for them to happen. The hackers themselves in this case declared that it was not their intention to create such inconvenience.
Let's take the case of the most recent attack on the ced of the Lazio Region. The booking of vaccines and also various regional activities have been blocked for days. In this context, there was talk of a terrorist act, with the contestation of the aggravating circumstance for the purposes of terrorism.
Furthermore, according to what was declared by Professor Marco Lombardi, Director of the Department of Sociology of the Catholic University, in a recent interview published on the site formiche.it, even a cyber attack can be defined as a terrorist attack taking as a reference a definition based on the effects rather than on the reasons. According to the professor, in this sense terrorism is placed in that now everyday environment that is digital, a synthesis of those two worlds, virtual and real, which can no longer be separated but constitute a single operational and relational scenario. In this new ecosystem, even traditional terrorism can find new opportunities to finance itself in view of the objective that in fact does not change. But the means change. So if cyber attacks yield huge economic profits, traditional terrorist groups can also be expected to take advantage of them, either directly or by relying on experienced cybercriminals. In fact, in this digital world, the citizen is not threatened in his physical identity but in the digital one.
Terrorism wants to undermine the security of everyday life, which becomes, with everything that is part of it, central to the strategies of terrorists. If digital is now our everyday life, then it is also the new environment in which criminal acts can find a much greater range of action than what is traditionally known.