top of page

From Terrorism to Cyber-terrorism: The Case of ISIS

Dominika Giantas, University of Piraeus, and Dimitrios Stergiou, University of Peloponnese address ISIS's success in the cyberspace. How did they manage to go that far?


Cyber-space is a new battlefield. “Physical” Activities ranging from a simple greeting gesture to warfare have been cybernized and terrorism does not constitute an exception. From the days of Robespierre to the post 9/11 era, terrorism has been constantly transmuting in context, means and objectives and recently is making its first steps in cyberspace. Exploiting the advantages that this new field of expression, operations and confrontation has to offer like relative anonymity and abundance of easy targets, cyber-terrorism has been added to the cyber-vocabulary. The so-called Islamic State (ISIS) after its phenomenal expansion on the ground has become very active and innovative in the realm of cyber-terror. A number of organizations and individuals have pledged allegiance to ISIS and are employing their cyber-tactics in line with this terrorist organization’s cyber-strategy.


Today, the use of technology has become an inextricable part of everyday life. Individuals, governments and other actors conduct a significant part of their transactions and activities electrically and especially through the Internet. As Bryant (2001) indicates these developments in the technology sector have created a new field of action, the cyber-space.

Cyber-space has evolved to another dimension of legal and illegal activities. The prefix cyber- has been added to a great number of terms describing most of the time confusing and overused notions like cyber-war, cyber-attack, cyber-crime etc. Generally speaking a cyber-activity has the same motives and objectives with its corresponding “physical” one, but the means employed lie in the realm of cyber-space. One cannot comprehend the cyber- without the understanding of the physical.

Consequently this growing cyber-space activity has also a significant impact on the practice of terrorism, by providing new means and field for action. The use of cyber-space by terrorist organizations is becoming increasingly apparent and creates a new international threat, cyber terrorism. The definitions of the cyber- terrorism are to a great extent a reformulation of the definitions of the terrorism, which have been redefined in the light of developments in the information technology and of the use of cyber-space as a new field for terrorism.

The so-called Islamic State (ISIS) from its creations has been a “pioneer” in cyber-terrorism activities. A number of groups, some of them not directly linked to ISIS are responsible of a great number of cyber-attacks promoting the terrorist group agenda. The purpose of this essay is a brief presentation of ISIS cyber-terror affiliated groups and their contribution to the application of ISIS cyber-terror strategy. The first part offers an introduction to the terms of cyber-space, cyber -terrorism and cyber-attacks and also an historical overview of cyber-terrorism. The second part is dedicated specifically to ISIS cyber-terror groups and their activity.


The existing literature offers a variety of definitions regarding cyberspace. According to the United States Army College (2016) cyber-space is a three-layer structure: physical network, logical network, and cyber –persona layers. All three layers are inseparable and irreplaceable parts of the cyberspace, which cannot be perceived without the reference to them jointly. Each of these layers may be a target of adversaries in order to disrupt, degrade, or destroy cyber-space capabilities, (United States Army War College, 2016).

The physical network layer of cyber-space consists of all the physical elements of the network and the geographical area, in which they are located (such as hardware, software and servers). It is also the area of transmission of various data (United States Army War College, 2016). According to David Clark, a senior research scientist at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), the physical network layer is considered to be the most easily perceived layer of cyber-space because it has apparent material assets; it is tangible and easily graspable. The logical network layer reflects the data that is transmitted over the cyberspace. It is the abstract portion of the physical layer, where the creation, capture, storage and processing of information occurs (Clark, 2010). Finally, the cyber-persona layer is the extension of the logical network layer and involves all the users, actors and organizations, which are active in the cyber-space. Consequently, any extremist organizations operating in cyberspace are part of this third layer.

From Terrorism to Cyber-terrorism

International terrorism is not a contemporary phenomenon and its concept and definitions varied through time and are dependent from the historical context. During the French revolution and specifically during the Reign of Terror (1793-94), when mass executions, imprisonments and acts of persecutions against the enemies of the Revolution where orchestrated by the State, Robespierre defined terrorism as “nothing else than immediate justice, severe and inflexible” and “consequence of the general principle of democracy applied to our country's most urgent needs”. (Easson & Schmid, 2011)

Later on terrorism was analyzed in the light of four waves: the anarchist in Russia in the decades 1880-1920, the anti-colonialism in the 1920s and 1960s, the wave of the New Right of the 1960s and lastly, the religious wave which began in the decade of 1970 and continues to date. (Rapoport, n.d).US Central Intelligence Agency defines terrorism as “the calculated use of unlawful violence or threat of unlawful violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological” (Best & Nocella, 2004). European Union defined terrorism as “an international act which may seriously damage a country or an international organization where committed with the aim of: seriously intimidating a population; or unduly compelling a Government or international organization to perform or abstain from performing any act; or seriously destabilizing or destroying the fundamental political, constitutional, economic or social structures of a country or an international organization” (European Union, 2002). The point of convergence of these definitions is that terrorism combines violence, fear and intimidation to create terror and achieve given purposes.

The term “cyber terrorism” was coined in 1980s by Barry Collin. He claimed that the convergence, of these two worlds - the virtual and physical - forms the vehicle of cyber-terrorism (Collin, n.d). Since then, cyber-terrorism has received great attention by the academic community. In the past decades, a significant number of definitions of cyber terrorism have been formulated. Pollitt (1998, cited in Conway, 2014 cited in Chen, Jarvis & Macdonald, 2014) uses the term “cyber-terrorism” to denominate “the premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against non- combatant targets by sub-national groups or clandestine agents.” Denning defines cyber-terrorism as a highly damaging computer-based attacks or threats of attack by non-state actors against information systems. Non-state actors launch attacks to intimidate or coerce governments or societies in order to achieve political and social goals. Denning emphasizes that “cyber-terrorism is the convergence of terrorism with cyberspace, where cyberspace becomes the means of conducting the terrorist act” (Denning, 2006).She notes that cyber-terrorists, instead of turning against individuals or physical property, cause destruction and disruption in cyberspace.

There are specific lines separating the concept of cyber-terrorism from cyber-crime as well as a cyber-attack from a malicious act. Cyber-crime is defined by Halder and Jaishankar (2011, cited in Kurnava, 2016) as “offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as the Internet”. Kurnava (2016) claims that the motive behind a cyber-crime is to achieve a personal gain. The key element that distinguishes an act of cyber terrorism from a cybercrime is that the first contains the element of terror. Cyber-terrorist attacks cause terror and a sense of insecurity by causing extensive disturbances. Furthermore, an essential feature of cyber terrorism, which separates cyber terrorism from cybercrime, is the existence of political expediency of an extremist actor. Farhat, McCarthy and Raysman (2011) allege that cyber attack is every attack “initiated from a computer against a website, computer system or individual computer that compromises the confidentiality, integrity or availability of the computer or information stored on it”. According to Marshall & Saulawa, (n.d) a cyber-attack is any form of assault or retreat operation engage by individuals or organizations that focuses on computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malevolent acts. Examples of cyber-attacks are disruption or denial of service attacks, distribution of viruses or malware installation and gaining unauthorized access to a computer system or its data. (United States Army War College, 2016).Consequently, a cyber attack constitutes a deliberate act, which targets specific element of the logical network layer with the purpose of causing significant damage.

For the purpose of this essay, we broadly define cyber-terrorism as the deliberate use of cyberspace by terrorist organizations or individuals in order to achieve objectives related with the spread of fear, misinformation, political and economical disruption.

From cyber-attacks to cyber-terrorism

According to Havlíček (2012), the war in Kosovo in 1998 is believed to be the “first war on the Internet”. He states that, during the war, the governments and non-governmental institutions used the Internet and the cyber-space to spread propaganda messages, to defame political and war adversaries and to fortify their positions. Furthermore, according to Kostadinov (2012) during the Kosovo war, the systems of many governments and the NATO computers were subjected to distributed denial-of-service attacks and email bombs1.The first recorded cyber-attack with a terrorist aspect is believed to have occurred in 1998 by the rebel group Black Tigers. (Kostadinov, 2012). The group flooded the Embassies of Sri Lanka with thousands of emails for a period of two weeks.

During the 1990s, the extensive use of the Internet and the emergence of information society2 fueled studies on the possible risks that USA could face, due to the high degree of networking and technological dependency (Weimann, 2004). One of the CIA directors, John Deutsch, declared that extremist groups may launch attacks on data infrastructure of the USA. Concurrently, he emphasized the growing use of the Internet by the extremist groups as a means of communication.

Since then, cyber-attacks have been multiplied. In 2007, a massive cyber attack occurred in Estonia. For almost 2 months, the websites of government, several banks and media experienced service denial attacks (Ottis, 2008).No organization claimed the responsibility for the cyber-attacks, Estonian officials like Foreign Minister Urmas Paet accused Russia of perpetrating the attacks, but both the European Commission and NATO technical experts were unable to find credible evidence of Kremlin participation in the DDoS (Distributed Denial of Service) strikes (Herzog, 2011).On November 24th, 2014 the so-called group Guardians of Peace conducted a cyber attack on Sony Pictures Entertainment and leaked personal data of Sony employees and several of the studio's unreleased feature films. According to Siboni and Siman-Tov (2014) “the purpose of the attack, attributed to North Korea, was to deter Sony Pictures from releasing amovie, which was understood as ridiculing that country’s dictator and portraying the North Korean regime and its leader, Kim Jong-Un, with sarcasm and mockery ”.

In comparison with “physical” terrorism, cyber-terrorism offers a number of important advantages. First of all, cyber-terrorism absorbs fewer resources than the conventional terrorism, while cyber-terrorism is exerted through the cyber-space, while traditional terrorists use standard physicalworld methods, such as bombings, hijackings and murders (Saint-Claire, 2011), operations that require ample financial resources.

Secondly, cyber-terrorism ensures anonymity and protection of identity. The perpetrators can use nicknames or be active in cyberspace as uninvited visitors. As a result, the detection and identification of the extremists by the security agencies become difficult and technologically complex. As United Nations Office on Drugs and Crime (2012) points, “the use of technological barriers to entry to recruitment platforms also increases the complexity of tracking terrorism-related activity by intelligence and law enforcement personnel.” Consequently, cyber-terrorism offers a number of advantages with relatively small risk of detection.

Thirdly, cyber-space offers a great variety and number of potential targets. Specifically, it represents a global and complex virtual space, where an increasing number of transactions and other activities take place, and most importantly activities of the military and financial sectors of many states. Actors which are active in the cyber-space include state governments, businesses, individuals and various organizations. For example, cyberterrorists can cause severe damage the economy of the country by attacking the critical infrastructure in the big towns such as electric power and water supply (Ganguly, 2011). Weimann (2004) notes that “cyber-terrorism has the potential to affect directly a larger number of people than traditional terrorist methods”.

Lastly, cyber-terrorism is not limited by geographical boundaries. There are no physical obstacles, borders or checkpoints that have to be crossed by the perpetrators, who do not endanger their lives, since their actions do not take place in the physical world but in a virtual environment. Cyber-terrorism can therefore be carried out remotely from anywhere in the world.

Keep reading and access the full article here.

Suggested Citation:

Giantas, Dominika and Stergiou, Dimitrios, From Terrorism to Cyber-Terrorism: The Case of ISIS (March 7, 2018). Available at SSRN: or


bottom of page