ebook img

At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare PDF

99 Pages·2013·5.81 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare

Journal of Criminal Law and Criminology Volume 97 Article 2 Issue 2 Winter Winter 2007 At Light Speed: Atribution and Response to Cybercrime/Terrorism/Warfare Susan W. Brenner Follow this and additional works at: htps://scholarlycommons.law.northwestern.edu/jclc Part of the Criminal Law Commons, Criminology Commons, and the Criminology and Criminal Justice Commons Recommended Citation Susan W. Brenner, At Light Speed: Atribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2006-2007) Tis Symposium is brought to you for free and open access by Northwestern University School of Law Scholarly Commons. It has been accepted for inclusion in Journal of Criminal Law and Criminology by an authorized editor of Northwestern University School of Law Scholarly Commons. 0091-4169/07/9702-0379 THEJ OURNAOL FC RIMINAL LAW & CRIMINOLOGY Vol. 97. No. 2 Copyright 0 2007 by NorthwesterUnn iversity. Schoool f Low Printeidn U .S.A. "AT LIGHT SPEED": ATTRIBUTION AND RESPONSE TO CYBERCRIME/TERRORISM/WARFARE SUSAN W. BRENNER* This Article explains why and how computer technology complicates the related processes of identifying internal (crime and terrorism) and external (war) threats to social order of respondingt o those threats. First, it divides the process-attribution-intot wo categories: what-attribution (what kind of attack is this?) and who-attribution (who is responsiblef or this attack?). Then, it analyzes, in detail, how and why our adversaries' use of computer technology blurs the distinctions between what is now cybercrime, cyberterrorism, and cyberwarfare. The Article goes on to analyze how and why computer technology and the blurring of these distinctions erode our ability to mount an effective response to threats of either type. Finally, it explores ways in which we can modify how we currently divide responsibilityf or identifying and responding to the three threat categories among law enforcement and the military, respectively. The goal here is to identify techniques we can use to improve attribution and response processesf or emerging cyberthreats. 1. INTRODUCTION The speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult ....I In October 2006, a "sensitive Commerce Department bureau"-the Bureau of Industry and Security (BIS)-suffered a "debilitating attack on 2 its computer systems." The attack forced the BIS to disconnect its NCR Distinguished Professor of Law & Technology, University of Dayton School of Law. I THE WHITE HOUSE, THE NATIONAL STRATEGY TO SECURE CYBERSPACE 19, 64 (2003), available at http://www.whitehouse.gov/pcipb/ ("Cyber attacks cross borders at light speed ....) . 2 Alan Sipress, Computer System Under Attack, WASH. POST, Oct. 6, 2006, at A21, available at http://www.washingtonpost.com/wp-dyn/content/article/2006/10/05/AR2006 SUSAN W. BRENNER [Vol. 97 computers from the Internet, which interfered with its employees' ability to 3 perform their duties. It was traced to websites hosted by Chinese Internet service providers (ISPs), but the attackers were never identified. Consider for a moment the statement: the attackers were never identified. This statement has several implications, the most obvious of which is that the individuals who carried out the attack were never identified. That is far from remarkable; given the opportunities cyberspace creates for the remote commission of attacks and attacker anonymity, it is more common than not for cybercriminals to go unidentified and un- 5 apprehended. That, though, assumes we are dealing with cybercriminals, which brings us to another implication of the statement above: Not only were the BIS attackers never identified, the nature of the attack was never identified. 6 It was apparently clear the attack came from China, but what kind of attack was it? Was it cybercrime-the Chinese hackers launching a counting 7 coup on U.S. government computers? Was it cyberterrorism-an initial effort toward a takedown of U.S. government computers by terrorists (who may or may not have been Chinese) pursuing idiosyncratic ideological goals? Or was it cyberwarfare-a virtual sortie by People's Liberation 8 Army hackers? 10050178l.html ("[T]he Bureau of Industry and Security ... is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses."). 3 Id. "A source familiar with the security breach said the hackers had penetrated the computers with a 'rootkit' program, a stealthy form of software that allows attackers to mask their presence and then gain privileged access to the computer system." Id. The BIS computers were so compromised that officials decided they could not be salvaged, so they will be replaced with "clean hardware and clean software." Id. 4 Id. 5 See Susan W. Brenner, Toward a CriminalL aw for Cyberspace: DistributedS ecurity, 10 B.U. J. Sci. & TECH. L. 1, 65-76 (2004) [hereinafter Brenner, Toward a CriminalL aw for Cyberspace]. 6 Sipress, supra note 2 ("The attacks were traced to Web sites registered on Chinese Internet service providers, Commerce officials said."). Cyberattackers can route their attacks through intermediate systems to disguise the true originating point of an attack. See, e.g., Tiny Nevada HospitalA ttacked by Russian Hacker, USA TODAY, Apr. 7, 2003, available at http://www.usatoday.com/tech/webguide/intemetlife/2003-04-07-hospita-hack-x.htm (reporting that the Russian hacker routed an attack on a Nevada hospital through Al- Jazeera's website to make it appear the attack came from Qatar). 7 Counting coup-Wikipedia, http://en.wikipedia.org/wiki/Counting-coup (last visited Apr. 21, 2007). 8 See, e.g., Dawn S. Onley & Patience Wait, Red Storm Rising, Gov'T COMPUTER NEWS, Aug. 21, 2006, available at http://www.gcn.com/print/2525/41716-1.html; John Rogin, China Fielding Cyberattack Units, FCW.coM, May 25, 2006, http://www.fcw.com/article94650-05-25-06-Web; see also JOHN ROLLINS & CLAY WILSON, 2007] "AT LIGHT SPEED" The BIS episode illustrates why we need to assess how we approach attribution (Who launched the attack? What kind of attack is it?) and the corresponding problem of response (Who should respond to an attack- civilian law enforcement, the military, or both?). As Sections II, III, and IV explain, the essentially ad hoc approaches we currently use for both attribution and response worked well in the past but are becoming increasingly unsatisfactory as cyberspace becomes a viable vector for attacks, of whatever type. My goal in this Article is to explore these issues in terms of the conceptual and legal issues they raise. I will also analyze some non- traditional ways of structuring our response to ambiguous attacks, such as the one that targeted the BIS computers. My hope is that this Article provides a basis for further discussion of these issues, the complexity of which puts their ultimate resolution outside the scope or ambitions of any single law review article. Section II constructs a taxonomy of cyberthreats (crime, terrorism, and war) and explains why these evolving threat categories can make who- and what-attribution problematic. Section III explains how these difficulties with attribution impact the process of responding to cyberthreats. Section IV continues our examination of this issue by analyzing how we might improve our response capability without surrendering principles we hold dear. Section V is a brief conclusion, which summarizes the preceding arguments and analysis and offers some final thoughts on both. II. IDENTIFYING CYBERCRIME, CYBERTERRORISM, AND CYBERWARFARE: TAXONOMY [T]he... "blurring of crime and war" at the operational level.... has accelerated over 9 the last few decades. As Section I noted, the continuing evolution and proliferation of computer technology has created a new class of threats-"cyberthreats"- which societies must confront. These cyberthreats can be generically defined as using computer technology to engage in activity that undermines 0 a society's ability to maintain internal or external order.' CONG. RESEARCH SERV., TERRORIST CAPABILITIES FOR CYBERATTACK: OVERVIEW AND POLICY ISSUES 14-15 (2005), availablea t http://www.fas.org/sgp/crs/terror/RL33123.pdf. 9 Robert J. Bunker, Combatants or Non-Combatants?, J. INT'L PEACE OPERATIONS, July 2006, at 17, available at http://ipoaonline.org/journal/index.php?option=com-content &task=view&id=96&Itemid=28. 10 See Brenner, Toward a CriminalL aw for Cyberspace, supra note 5, at 6-49. SUSAN W. BRENNER [Vol. 97 Societies have historically used a two-pronged strategy to maintain the order they need to survive and prosper. Societies maintain internal order by articulating and enforcing a set of proscriptive rules (criminal law enforcement) that discourage the members of a society from preying upon each other in ways that undermine order, such as by killing, robbing, or committing arson." Societies maintain external order by relying on military force (war) and, to an increasing extent, international agreements." I call this the internal-external threat dichotomy, and the choice between law enforcement and military the attack-response dynamic. As we will see, computer technology erodes the empirical realities that generated and sustain this dichotomous approach to maintaining order. This approach is based on the assumption that each society occupies a territorially-defined physical locus-that, in other words, sovereignty and "country" are indistinguishable.' 3 One consequence of the presumptive isomorphism between sovereignty and territory is that threats to social order are easily identifiable as being either internal (crime/terrorism) or external (war). Computer-mediated communication erodes the validity of this binary decision tree by making territory increasingly irrelevant; as a study of cybercrime laws noted, "In the networked world, no island is an 14 island."' In the twenty-first century, those bent on undermining a society's ability to maintain order can launch virtual attacks from almost anywhere in the world. As a result, these attacks may not fit neatly into the internal- external threat dichotomy and the attribution hierarchy (crime/terrorism, war) derived from that dichotomy. Section II outlines a taxonomy of the three categories of cyberthreats: cybercrime, cyberterrorism, and cyberwarfare. Section III explains how these online variations of real-world threat categories challenge the processes we currently use for threat attribution. A. CYBERCRIME An online dictionary defines "cybercrime" as "a crime committed on a 15 computer network."' The basic problem with this definition is that I See id. 12 See id. 13S ee RESTATEMENT (THIRD) OF FOREIGN RELATIONS LAW § 201 (1987); see, e.g., BLACK'S LAW DICTIONARY 377 (8th ed. 2004) (defining "country" as "a nation or political state"); see also Country-Wikipedia, http://en.wikipedia.org/wiki/Country (last visited Apr. 21, 2007). 14 MCCONNELL INT'L, CYBER CRIME... AND PUNISHMENT? ARCHAIC LAWS THREATEN GLOBAL INFORMATION 8 (2000), available at http://www.witsa.org/papers/McConnell- cybercrime.pdf. 15C ybercrime-definitions from Dictionary.com, http://dictionary.reference.com/ 20071 "AT LIGHT SPEED" American lawyers need to be able to fit the concept of "cybercrime" into the specific legal framework used in the United States and into the more general legal framework that ties together legal systems around the world in 6 their battle against cybercrime.1 That leads me to ask several questions: Is cybercrime different from regular crime? If so, how? If not, if cybercrime is merely a boutique version of crime, why do we need a new term for it? The first step in answering these questions is parsing out what cybercrime is and what it is not. When we do this, we see that the definition quoted above needs to be modified for two reasons. The first reason is that this definition assumes every cybercrime constitutes nothing more than the commission of a traditional crime by non- traditional means (using a computer network instead of, say, a gun). As I 17 have argued elsewhere, that is true for much of the cybercrime we have 8 seen so far. For example, online fraud such as the 419 scam' is nothing 9 new as far as the law is concerned; it is simply "old wine in new bottles."' Until the twentieth century, people had only two ways of defrauding others: they could do it face to face by offering to sell someone the Brooklyn Bridge for a very good price; or they could do the same thing by using snail 20 mail. The proliferation of telephones in the twentieth century made it possible for scam artists to use the telephone to sell the bridge, again at a 2 very good price. 1 And we now see twenty-first century versions of the same scams migrating online. The same is happening with other traditional crimes, such as theft, 22 extortion, harassment, and trespassing. Indeed, it seems reasonable to browse/cybercrime (last visited Apr. 21, 2007). 16 It might be more accurate to cite the evolving framework that is intended to unite legal systems in the battle against cybercrime. See Convention on Cybercrime, Council of Europe, Nov. 23, 2001, C.E.T.S. No. 185, available at http://conventions.coe.int/ Treaty/en/Treaties/Html/1 85.htm [hereinafter Convention on Cybercrime Treaty]; Convention on Cybercrime, Council of Europe, Signatures and Ratifications, Nov. 23, 2001, C.E.T.S. No. 185, available at http://conventions.coe.int/Treaty/Commun/ ChercheSig.asp?NT= 185&CM=8&DF= 12/11/2006&CL=ENG. 17 See Susan W. Brenner, Is There Such a Thing as Virtual Crime?, 4 CAL. CRIM. L. REV. 1 120-29 (2001), http://www.boalt.org/CCLR/v4/v4brenner.htm [hereinafter Brenner, Virtual Crime]. 18 See Advance fee fraud-Wikipedia, http://en.wikipedia.org/wiki/Advance fee-fraud (last visited Apr. 21, 2007); Nigeria-The 419 Coalition Website, http://home.rica.net/alphae/419coal/ (last visited Apr. 21, 2007). 19S ee Advance fee fraud-Wikipedia, supra note 18. 20 See, e.g., DAVID W. MAURER, THE BIG CON 31-102 (1999). 21 See, e.g., FED. TRADE COMM'N, PuTTING TELEPHONE SCAMS... ON HOLD (2004), availablea t http://www.ftc.gov/bcp/conline/pubs/tmarkg/target.htm. 22 See Brenner, Virtual Crime, supra note 17, 39-50, 61-68. SUSAN W. BRENNER [Vol. 97 believe that many, if not most, of the crimes with which we have traditionally dealt will migrate online in some fashion. Admittedly, a few traditional crimes-such as rape and bigamy-probably will not migrate online because the commission of these particular crimes requires physical activity that cannot occur online (unless, of course, we revise our definition of bigamy to encompass virtual bigamy). The same cannot be said of homicide: while we have no documented cases in which computer technology was used to take human life, this 24 scenario is certainly conceivable and will no doubt occur. Those who speculate on such things have postulated instances in which someone would hack into the database of a hospital and kill people by altering the dosage of 25 their medication. The killer would no doubt find this a particularly clever way to commit murder because the crime might never be discovered. The 26 deaths might well be put down to negligence on the part of hospital staff; and even if they were identified as homicide, it might be very difficult to determine which of the victims were the intended targets of the unknown killer and thereby begin the investigative process. My point is that while most of the cybercrime we have seen to date is simply the commission of traditional crimes by new means, this will not be true of all cybercrime. We already have at least one completely new cybercrime: a distributed denial of service (DDoS) attack. A DDoS attack overloads computer servers and "make[s] a computer resource [such as a 27 website] unavailable to its intended users. In February 2000, a Canadian known as "Mafiaboy" launched attacks that effectively shut down websites 28 operated by CNN, Yahoo!, Amazon.com, and eBay, among others. 23 Id. I 104-26. 24 There are reports of attempts to use computer technology to cause injury or death: "[H]ackers have infiltrated hospital computers and altered prescriptions .... [A] hacker prescribed potentially lethal drugs to a nine-year old boy who was suffering from meningitis. The boy was saved only because a nurse caught the deviation prior to the drug being administered." Howard L. Steele, Jr., The Prevention of Non-Consensual Access to "Confidential" Health-Care Information in Cyberspace, 1 COMP. L. REV. & TECH. J. 101, 102 (1997), available at http://www.smu.edu/csr/Steele.pdf. This same interloper had also prescribed unnecessary antibiotics to a seventy-year-old woman. Id. 25 Stealing the Network: How to Own A Continent outlines a creative cyber-homicide scenario: Uber-hacker Bob Knuth tricks Saul, a student, into hacking into a hospital's wireless network. FX ET AL., STEALING THE NETWORK: HOW TO OWN A CONTINENT 39-75 (2004). 26 See id. 27 Denial of service attack-Wikipedia, http://en.wikipedia.org/wiki/Denial-of- service attack (last visited Apr. 21, 2007). 28 See, e.g., Pierre Thomas & D. Ian Hopper, CanadianJ uvenile Charged in Connection with February "Denial of Service" Attacks, CNN.coM, Apr. 18, 2000, http://archives.cnn.com/2000/TECHIcomputing/04/18/hacker.arrest.01/. 2007] "A T LIGHT SPEED" 29 DDoS attacks are increasingly used for extortion. Someone launches an attack on a website, then stops the attack and explains to the website owner that the attack will continue unless and until the owner pays a sum 30 for "protection" against such attacks. This is the commission of an old crime (extortion) by a new means, little different from tactics the Mafia 3 used over half a century ago, though they relied on arson instead. ' But a "pure" DDoS attack, such as the 2000 attacks on Amazon.com and eBay, is not a traditional crime. It is not theft, fraud, extortion, vandalism, burglary, or any crime that was within a pre-twentieth century 32 prosecutor's repertoire. It is an example of a new type of crime: a "pure" 33 cybercrime. As such, it requires that we create new law that would make 34 it a crime to launch such an attack. To summarize, one reason why the definition quoted above is unsatisfactory is that it does not encompass the proposition that cybercrime can consist of committing "new" crimes--crimes we have not seen before and therefore have not outlawed-as well as "old" crimes. The other reason I take issue with this definition is that it links the commission of 35 cybercrime with the use of a computer network. Certainly, use of computer networks is usually true for cybercrime. In fact, it is probably the default model of cybercrime. But it is also possible that computer technology, not network technology, can be used for illegal purposes. A non-networked computer can, for example, be used to 36 counterfeit currency or to forge documents. In either instance, a 29 See, e.g., MCAFEE NA VIRTUAL CRIMINOLOGY REPORT 6-19 (2005), available at http://www.softmart.com/mcafee/docs/McAfee%20NA%20Virtual%20Criminology%2ORep ort.pdf, Paul McNamara, Addressing "DDoS Extortion, " NETWORK WORLD, May 23, 2005, available at http://www.networkworld.com/columnists/2005/052305buzz.html; Jose Nazario, Cyber Extortion, A Very Real Threat, IT-OBSERVER, June 7, 2006, http://www.it- observer.com/articIes/ 1153/cyber extortionvery real threat/. 30 See, e.g., Erik Larkin, Web of Crime: Enter the Professionals, PC WORLD, Aug. 22, 2005, availablea t http://pcworld.about.com/news/Aug222005id 122240.htm. 31 See, e.g., PRESIDENT'S COMM'N ON LAW ENFORCEMENT AND ADMIN. OF JUSTICE, CRIME IN A FREE SOCIETY: EXCERPTS FROM THE PRESIDENT'S COMMISSION ON LAW ENFORCEMENT AND ADMINISTRATION OF JUSTICE 192-209 (1968). 32 See Brenner, Virtual Crime, supra note 17, 73-76. 31 See id. 34O therwise, there is no crime. In fact, until recently th is was the case in the United Kingdom: the U.K.'s 1990 Computer Misuse Act outlawed hacking and other online variants of traditional crime, but it did not address DDoS attacks. Tom Espiner, U.K. Outlaws Denial-of-Service Attacks, CNET NEWS.COM, Nov. 10, 2006, http://news.com.com/2100- 7348_3-6134472.html. 35S ee Cybercrime-definitions, supra note 15. 36 See, e.g., Convention on Cybercrime Treaty, supra note 16; United States Secret Service: Know Your Money-Counterfeit Awareness, http://www.secretservice.gov/ SUSAN W. BRENNER [Vol. 97 computer-but not a computer network-is being used to commit a crime. Here, the computer is being used to commit an "old" crime, but it is at least conceptually possible that a non-networked computer could be used to commit a "new" crime of some type. Thus, a better definition of cybercrime is the use of computer technology to commit crime; to engage in activity that threatens a society's ability to maintain internal order. This definition encompasses both traditional and emerging cybercrimes. It also encompasses any use of computer technology, not merely the use of networked computer technology. This generic definition does not, of course, provide the legal predicate needed to respond to cybercrime, as it is a conceptual definition of a category of crime rather than the definition of a particular offense or particular offenses. To ensure they can respond to new types of cybercrime, societies must monitor online activity in an effort to identity emerging activities that constitute a threat to their ability to maintain internal order. Once identified, these activities should be criminalized, just as the United 37 Kingdom recently criminalized DDoS attacks. B. CYBERTERRORISM [G]et ready .... terrorists are preparing ... cyberspace based attacks .... 38 Generically, cyberterrorism consists of using computer technology to 39 engage in terrorist activity. This definition mirrors the generic definition of cybercrime articulated in the previous section, which is appropriate given that societies treat terrorism as a type of crime. However, societies conflate crime and terrorism because both threaten their ability to maintain internal order. The assumption, which derives from the dichotomy noted earlier, is 4° that all threats to internal order should be dealt with in the same way. money-technologies.shtml (last visited Apr. 21, 2007). 37 See, e.g., Espiner, supra note 34. 38 John Arquilla, Waging War Through the Internet, S.F. CHRON, Jan. 15, 2006, at El, available at http://www.sfgate.com/cgi-bin/article.cgi?f-/c/a/2006/01 / 15/ING2AGLP 021 .DTL [hereinafter Arquilla, Waging War Through the Internet]. 39 See, e.g., CLAY WILSON, CONG. RESEARCH SERV., COMPUTER ATTACK AND CYBERTERRORISM: VULNERABILITIES AND POLICY ISSUES FOR CONGRESS (2005). 40 For the proposition that crime and terrorism both threaten internal order, see supra Section I. The move to criminalize terrorism began in the 1930s as a reaction to the assassination of King Alexander I of Yugoslavia. See Ben Saul, The Legal Response of the League of Nations to Terrorism, 4 J. INT'L CRIM. JUST. 78, 79 (2006). It resulted in the adoption of the 1937 League of Nations' Convention for the Prevention and Punishment of Terrorism, which required parties to adopt legislation criminalizing terrorism. See Reuven Young, Defining 2007] "A T LIGHT SPEED " Although societies conflate crime and terrorism, we need to distinguish them because they differ in ways that are relevant to how societies need to respond to them. Basically, crime is personal while 41 terrorism is political. Crimes are committed for individual and personal reasons, the most important of which are personal gain and the desire or 42 need to harm others psychologically and/or physically. Terrorism often results in the infliction of harms indistinguishable from those caused by certain types of crime (such as death, personal injury, or property destruction), but the harms are inflicted for very different 43 reasons. A federal statute, for example, defines "terrorism" as committing acts constituting crimes under the law of any country to intimidate or coerce a civilian population; to influence government policy by intimidation or coercion; or to affect the conduct of government by mass destruction, 44 assassination, or kidnapping. We will return to the issue of terrorism-as- crime in a moment, but first we need to focus on what precisely is involved in the commission of terrorist acts. As the above definition suggests, terrorism is usually intended to 45 directly or indirectly demoralize a civilian population; this distinguishes Terrorism: The Evolution of Terrorism as a Legal Concept in InternationalL aw and Its Influence on Definitions in Domestic Legislation, 29 B.C. INT'L & COMP. L. REv. 23, 35-36 (2006). One proponent of the 1937 Convention, Czechoslovakia, said that "criminalization was necessary to protect 'security of life and limb, health, liberty and public property intended for the common use."' Saul, supra, at 81 (quoting J. Starke, The Conventionf or the Prevention and Punishment of Terrorism, 19 BRITISH YEAR BOOK INT'L. L. 60 (1938)). As one author noted, "Ordinary criminal offences aim to achieve the same object." Saul, supra, at 82. The 1937 Convention never went into effect, but its approach proved influential; its successor, the United Nations, has consistently defined terrorism as criminal activity. See Young, supra, at 36-40; see, e.g., G.A. Res. 49/60, U.N. Doc. A/RES/49/60 (Feb. 17, 1995), availablea t http://www.un.org/documents/ga/res/49/a49rO60.htm. 41 See, e.g., PAUL R. PILLAR, TERRORISM AND U.S. FOREIGN POLICY 13-14 (2001). 42 Id. 43 See, e.g., Pippa Norris, Montague Kern & Marion Just, Introduction: Framing Terrorism, in FRAMING TERRORISM: THE NEWS MEDIA, THE GOVERNMENT, AND THE PUBLIC 3, 8 (Pippa Norris, Montague Kern & Marion Just eds., 2003) [hereinafter FRAMING TERRORISM] (distinguishing terrorism from "crimes motivated purely by private gain, such as blackmail, murder, or physical assault directed against individuals, groups, or companies, without any political objectives"). 44 18 U.S.C. § 2331 (2000). For more definitions, see, e.g., Mohammad Iqbal, Defining Cyberterrorism, 22 J. MARSHALL J. COMPUTER & INFO. L. 397 (2004). 45 We are familiar with terrorist acts that are intended directly to demoralize a civilian population, such as the 9/11 attacks in the United States and the 3/11 Madrid bombings. In both instances, violence was used for symbolic purposes, and the goal was to shock and demoralize the populace of societies with which A1-Qaeda deems itself to be at war-an ideological war aimed at allowing the restoration of the "ancient Islamic caliphate." See

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.