I will be presenting at EISIC 2012 (European Intelligence and Security Informatics Conference). The topic of my contribution is „Information Security Aspects of the 22/7 Attacks“.
We explore the use of information technology involved in the preparation of the July 22nd attacks in Oslo and on Utøya island in 2011 and recommend policy changes. Our investigation is based on the document distributed by the suspect prior to the attacks. Information security is touched with respect to IT-supported military training, collection of person-related information, hiding and destruction of evidence, and use of distribution channels.
The use of information technology is what could be expected from a Norwegian of the suspect’s age. He used existing tools to protect confidentiality of network communication and devoted care to store his documents on reliable media. Policy on information security could address attack preparation and investigation by:
- restriction of available internet content (like import restrictions on physical goods),
- monitoring of time spent on violent games (like monitoring of gambling),
- access to sites with multiple accounts (enforcing limitations on a per-account basis).
