Cyber bomb hoaxes: The new cyberwarfare intimidation tactic and ways to counteract it

Hoax bomb threats are not a new idea – they have been used since telecommunication technology became widely available. We can be reasonably confident that the world faced similar threats in the form of letters before that. But bomb threats delivered widely by digital means incorporate elements of cyberwarfare – diminished relevance of geographical boundaries and the ease of execution of such threats – to this age-old problem.

The recent wave of mass cyber bomb threats in Europe this year has reminded us how even a single bad actor with the technological means can now have a disproportionately large impact. The impact has already disrupted daily life and essential services for many states in 2023.

Back in the autumn of 2023, a wave of cyber bomb threats across the Baltic states – Lithuania, Latvia, and Estonia – illustrated criminals’ ability to disrupt societal functions and strain law enforcement resources in a low-effort way.

In Lithuania, the situation escalated with an overwhelming number of threatening emails targeting schools. These emails, sometimes containing political content, were part of what Lithuanian authorities identified as a "coordinated mass attack". Estonia faced a wave of spam emails containing bomb threats, many of which targeted Tartu, the nation's second-largest city. Most schools in the area closed as a precautionary measure.

In Latvia, around 300 schools received similar threat emails, causing a range of reactions from evacuation to continued operation under heightened alert. The Latvian police classified these as low-risk threats but recognized the broader intention of these actions: to instil fear and disrupt the normal functioning of educational and other public institutions.

Similar tactics have been observed in other parts of Europe, suggesting a broader pattern of digital intimidation and disruption. In France, authorities took note of a series of fake bomb threats that tapped into prevailing social anxieties with targets including schools, airports and museums.

In the case of Ukraine, these cyber tactics took on a more ominous tone, especially in the period leading up to the Russian invasion. Ukraine reported a combination of bomb threats and cyberattacks, which were seen as part of a broader hybrid warfare strategy.

The impact of these mass cyber bomb threats on the infrastructure of law enforcement agencies was significant. In all countries, authorities were compelled to treat each threat seriously, allocating resources for investigation and response. This response often entailed deploying personnel to the threatened locations, conducting thorough searches of the premises, and sometimes implementing evacuation protocols.

The sheer volume of threats created an environment where law enforcement agencies were stretched thin, struggling to adequately respond to each potential threat while maintaining their regular duties. This both strained their resources and revealed vulnerabilities in existing security frameworks, which were not designed to handle threats at such a scale.

The alarming efficiency of mass cyber bomb threats in recent years can be attributed primarily to two factors: their scalability and the significant psychological and operational impact they exert on public targets.

Attackers can easily generate large volumes of threatening emails or messages with little cost or effort from a required network infrastructure. Cybercriminals’ abilities have increased with the global introduction of rapidly evolving large language models, which can generate plausible threats in multiple languages. This scalability allows bad actors to target a wide array of institutions simultaneously, from schools and childcare facilities to other public organizations.

The second factor contributing to the effectiveness of these threats is the high psychological and operational impact they have, especially on sensitive targets like educational and childcare facilities.

Security officials and decision-makers are often compelled to respond with maximum capacity, even in low-risk instances. As a result, even a perceived low-level threat can trigger a full-scale emergency response, including evacuations and extensive on-site searches, disrupting normal operations and causing significant stress and anxiety among the public.

There is a clear difference in intent between bad actors wanting to inform authorities of an actual bomb threat and bad actors wanting to incite panic and chaos within a state or targeted organization. The main goal for the latter is for their message to be read by as many people as possible.

So to effectively counteract the growing issue of mass cyber bomb threats, a potential strategy lies in putting up barriers to these low-cost, low-effort attacks so that they become more resource-intensive and challenging to execute. Increasing their difficulty requires a collaborative approach, particularly between email service providers, state governments, cybersecurity experts, or involved NGOs.

Email providers play a crucial role in the dissemination of these threats. Focused dialogue with these providers could lead to more effective strategies to identify and block mass threat emails. These strategies could involve advanced filtering algorithms or enhanced monitoring of suspicious email patterns through automated processes and utilization of machine learning algorithms. A discussion could be held about more non-invasive approaches that could potentially minimize the impact of mass cyber bomb threats.

The dialogue between governments, cybersecurity experts, email providers and internet rights NGOs is vital in this fight. By working together, these entities could introduce new guidelines and legislation to make it more challenging for bad actors to mass distribute anonymous threatening communications, which potentially include threats made with tools other than email, like voice over internet protocol (VoIP), or could even limit social media’s ability to disseminate such threats.

Transforming mass cyber bomb threats from low-cost, high-impact attacks into high-cost, high-effort endeavours is vital in reducing their prevalence and effectiveness. Through such initiatives – as well as enhanced cybersecurity measures, improved threat assessment protocols and international cooperation – the scalability and reach of these threats could be effectively reduced, enhancing overall cybersecurity and public safety.