Most people don't like to contemplate the possibility of another major terrorist attack on American soil. But when they do, they tend to picture it in terms of falling buildings, subway explosions, anthrax aerosols, and the like.

There is, however, another type of hostile action that might be taken, one that doesn't involve a direct assault on human life or physical property. Cyberterrorism.

The prospect of terrorism across the Internet received some publicity recently, when the Department of Homeland Security warned that they had picked up an al-Qaeda call to attack U.S. online stock market and banking services. The threat, found on an al-Qaeda website, was a Christmas "present" pertaining to all of December, and purported to be in retaliation for the continued holding of prisoners at Guantanamo.

Russ Knocke, a spokesman for the DHS, said there was no hard evidence to corroborate the threat, but that the department's Computer Emergency Readiness team had issued a "situational awareness report to industry stakeholders." The DHS, he noted, was prepared to proceed with "an abundance of caution."

In light of stories like this, we wondered how much of a menace cyberterrorism is considered to be, and decided to look into it.

One of the first things we learned was that, in the opinion of most specialists in the field, the general public has only a dim awareness of what cyberterrorism is and what it might do. Most often, it is confused with database hacking, financial manipulations, and other forms of cyber-crime.

Characteristic of these cyber-crimes is that they are committed out of personal spite, a more general malice, or for monetary gain. Thus far, no cyber-attacks have resulted in the loss of life.

Cyberterrorism, on the other hand, has a far more malignant goal. It is, by Wikipedia's definition, "the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption with the aim of advancing the attacker's own political or religious goals."

The potential harm that can be done is substantial.

In a paper on the subject, Susan Brenner, of the University of Dayton School of Law, writes: "Imagine this scenario: Through the use of conventional computer technology, a terrorist disrupts the computer communications of major U.S. banks, financial institutions, and stock markets. The economy as we know it plummets into the abyss."

That would be bad enough. But Professor Brenner can see possibilities that are worse yet.

Supposing, she writes, that "the terrorist remotely alters the formulas for [...] medicine at a major pharmaceutical manufacturer, inserting dangerous amounts of chemical ingredients into over-the-counter medication. Allergic reactions and over-doses afflict and kill thousands."

And, "At nearly the same time, the terrorist remotely alters the pressure in suburban gas supply lines, causing explosions."

Scary. But the question is, how real are these things, in actuality? Very real, almost inevitable, if you listen to people like Professor Brenner.

"Experts and writers in the growing field of cyberterrorism generally agree that these acts are more than mere Hollywood fantasy," she writes. "With current technology, cyberterrorists are close to if not already able to carry them out."

Eric Byres, research director of the Internet Engineering Laboratory at the British Columbia Institute of Technology, basically concurs. "Our research," he writes, "shows that terrorist groups are definitely interested in attacking critical infrastructures. The good news is that we don't think they have the technical ability yet--in other words, the combined IT and control systems skills needed to penetrate a utility network. The bad news is that they're beginning to acquire some of these skills."

Cyber-attacks come in two main varieties. The one we're most familiar with involves data, such as identity theft, website vandalism, and denial-of-service overloads. These generally constitute minor annoyances (unless you're the victim whose identity is stolen).

The more dangerous one involves control-system attacks, designed to disable or take over operations used to maintain physical infrastructure, such as the supervisory control and data acquisition (SCADA) systems that regulate things like our water supplies, electrical networks, gas transmission lines, railroads, and much more.

John Blau, writing in NetworkWorld, reports that, "Confidential documents about [...] SCADA systems, for instance, have been found in al-Qaeda hiding places in Afghanistan."

Perhaps more disturbing, Blau writes, is that "talented hackers in many parts of the world are willing to peddle their expertise for the right price or political cause, according to DK Matai, chairman of Mi2g, a London security service provider. 'We have evidence of Russian hackers selling their skills to radical Islamic groups,' he says."

Reassuringly, our most sensitive systems should be safe. Nuclear weapons facilities, for example, as well as other sensitive military sites and the computer systems of the FBI and CIA, are now "air-gapped," which means that a hacker on the outside can't get in without a confederate on the inside.

But that still leaves utilities, financial and transportation systems. All are now firewalled, of course, but still vulnerable to skilled hackers. And because they are dependent on relatively simple supervisory access, vulnerable they will remain.

Gabriel Weimann, of the University of Haifa in Israel, is the author of a book on the subject, Terror on the Internet. Professor Weimann writes that "Cyberterrorism is, to be sure, an attractive option for modern terrorists, who value its anonymity, its potential to inflict massive damage, its psychological impact, and its media appeal [...] Cyber-fears have, however, been exaggerated."

Nevertheless, he adds, "the next generation of terrorists is now growing up in a digital world, one in which hacking tools are sure to become more powerful, simpler to use, and easier to access. Cyberterrorism may also become more attractive as the real and virtual worlds become more closely coupled. For instance, a terrorist group might simultaneously explode a bomb at a train station and launch a cyber-attack on the communications infrastructure, thus magnifying the impact of the event. Unless these systems are carefully secured, conducting an online operation that physically harms someone may be as easy tomorrow as penetrating a website is today.

"Paradoxically, success in the 'war on terror' is likely to make terrorists turn increasingly to unconventional weapons such as cyberterrorism. The challenge before us is to assess what needs to be done to address this ambiguous but potential threat of cyberterrorism--but to do so without inflating its real significance and manipulating the fear it inspires [...] terrorism experts conclude that, at least for now, hijacked vehicles, truck bombs, and biological weapons seem to pose a greater threat than does cyberterrorism. However, just as the events of 9/11 caught the world by surprise, so could a major cyber-assault. The threat of cyberterrorism may be exaggerated and manipulated, but we can neither deny it nor dare to ignore it."

** Advertisement **

3 Red-Hot Biotech Stocks

Discover 3 red-hot biotech stocks with the potential for huge gains. Available now in a free report. See why an independent analyst has picked these biotech stocks as best buys now and in the future. Learn more now.

Posted 12-12-2006 5:26 PM by DougHornig
Related Articles and Posts