Attack of the cyber terrorists
by MICHAEL HANLON Last updated at 22:54pm on 24th May 2007 http://www.dailymail.co.uk/pages/live/articles/technology/technology.html?in _article_id=457504 <http://www.dailymail.co.uk/pages/live/articles/technology/technology.html?i n_article_id=457504&in_page_id=1965> &in_page_id=1965 At first it would be no more than a nuisance. No burning skyscrapers, no underground explosions, just a million electronic irritations up and down the land. Thousands of government web pages suddenly vanish to be replaced with the Internet's version of the Testcard - that dreaded screen '404 - Not Found' or, more amusingly, some pastiche or parody. Then the Labour website starts to promise a wholesale renationalisation of the railways. The popular response this generates turns to amusement then bemusement as everything from Jaguar to BT is, the sites claim, to be taken back into state hands. When conservatives.org.uk starts to promise compulsory repatriation and the return of capital punishment, bemusement turns to alarm. The disruption continues: thousands of popular websites, from eBay to YouTube, start malfunctioning or are replaced by malicious parodies. Tens of millions of pounds are wiped off the share price of companies like Amazon as fears grow that the whole Internet credit card payment network is now vulnerable and insecure. Eventually, reports start to flood in that hundreds of thousands of personal bank accounts have been raided overnight. Panicked bank chiefs and PR men go on TV to try to reassure, promising that this is no more than an electronic glitch, but thousands of anxious citizens take to the streets, many in tears, and pour angrily into the banks to demand their savings in cash. When the ATM system goes down, the government steps in. A task force is appointed. There is a rush on hard cash that leads to a shortage of notes and coins. Soon, it is clear that the United Kingdom (and much of Europe) has been subjected to a sustained and effective cyber-terrorist attack. Disaster is narrowly avoided when a series of sophisticated viruses disrupt the workings of the National Air Traffic Control System. Slowly, the computer network is disinfected; the viruses, botnets and worms that are the electronic versions of bombs and bullets are defused and rendered harmless. No one has died, but the attack has cost Britain £10bn, and share prices take months to recover. Such a scenario, say some experts, is not only possible but likely in the near future. Look, for example, at what happened to Estonia last week. Ever since the government of the Baltic state decided (rather tactlessly it must be said) to remove a war memorial to the Red Army from a square in the capital, Tallinn, Russian outrage has ensued. This took the form of demonstrations and even riots. But then something extraordinary happened: quickly, and wholly without warning, the whole country was subjected to a barrage of cyber-warfare, disabling the websites of government ministries, political parties, banks and newspapers. Techniques normally employed by cybercriminals, such as huge remotely-controlled networks of hijacked computers, were used to cripple vital public services. Nato has sent its top cyber-terrorism experts to Tallinn, with western democracies caught on the hop over the implications of such an attack. The Estonian defence ministry said: "We've been lucky to survive this. If an airport, bank or state infrastructure is attacked by a missile, it's clear war. But if the same result is done by computers, then what do you call it? Is it a state of war? These questions must be addressed." Estonia has blamed Russia, predictably enough - which, if true, would mean this is the first cyber attack by one sovereign state upon another. To be fair, no one ever discovered where the plot was hatched, who carried it out, nor what their motives were. It is more likely that the attacks on Estonia were similar to the attacks seen on Danish websites a couple of years ago, after a Jutland newspaper published cartoon images of the Prophet Mohammed. The Estonian attacks were more likely to be the work of angry young Russian hackers working alone than any sort of organised blitz by the Kremlin. But either way, the implications are serious. The Internet, developed as a rather ad hoc joint venture between the American military and academia as a way of sharing information quickly and reliably, has become - 30 years later - a vast worldwide infrastructure. It is now a huge, ungoverned electronic machine upon which we are all more and more dependent. We don't only bank and shop online, our governments use the infrastructure of the Net to do their business too. Secure information is entrusted to cyberspace, information held by the likes of MI5 and the Pentagon, as well as various financial authorities, health services and treasuries. The attacks on Estonia show that cyber-terrorism is real, but how worried should we be? After all, the history of the Internet and IT in general is littered with false alarms and, to be frank, in Estonia no one died. In the Nineties, fear and then some panic resulted from the claims that at the stroke of midnight at the end of the decade, a simple glitch in the way that some computer software is programmed to deal with dates would lead to a global catastrophe. The Millennium Bug was, of course, a false alarm - hyped up by greedy and, frankly, mendacious computer consultants who persuaded the planet's companies and governments to spend what is now estimated to be about $1 trillion fighting a threat that saner voices always said was either non-existent or easily containable. Is the same thing true of cyberterrorism? It is certainly the case that there is money to be made hyping the threat. Books, such as the 2001 tome Cybershock by Winn Schwartau have sold well on the back of general post-9/11 fear of terror. Scenarios have included hackers gaining control of atomic power plants or even America's nuclear missiles. So far we have seen no such disasters. Such attacks as there have been have mostly been the work of bored young hackers making mischief. But as computer systems have grown in extent and power (and as the amount of information and power we entrust to them has also grown) they are inevitably more vulnerable to attack. Apart from Estonia, one example of a real cyber attack was when hackers in Romania illegally gained access to the computers controlling an Antarctic research station, potentially endangering the lives of the scientists there. Other attacks have been the result of disgruntled ex- employees taking revenge on their former employers. That is why people fired from organisations where a large amount of sensitive data is stored electronically are often escorted out of the building before they get a chance to unleash electronic mayhem. Certainly the potential for mischief is enormous. Greg Day, security analyst at Internet software firm McAfee, says: "The challenge with the Internet is the ease in which the average person can either recruit others to achieve such attacks or pick up the skills to do it themselves. As the Internet is a global entity, tracing the origin can be a complex and very timeconsuming task." There is certainly no doubt that cyberspace is vulnerable. As British Middle East expert Mark Allen pointed out in his recent book entitled Arabs, modern Islamism, although grounded in an ideology that is both puritanical and deeply conservative, has nevertheless managed to master the power of information technology and the Internet with some aplomb. In the United States, the Joint Task-Force Global Network Operations, part of the Department of Defense, is charged with combating cyber-terrorism. Its UK equivalent is the Centre for Protection of the National Infrastructure, a multi- departmental body which comes, ultimately, under the control of MI5 and MI6. But policing the Net will probably prove futile. Cyberspace is part of the world's infrastructure, but it less resembles the railways and airports of commerce and travel than the oceans upon which so much of the world's trade is conducted. The genie is out of the bottle. Controlling - and policing - the Net, still less trying to shut the thing down, will probably prove to be as impossible as trying to stop the waves and the tides. If you bank online, best keep an eye on your account. [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
