CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
That's been two hours you've been unable to get on-line now. So much for always-on, you think, as you go to fill the kettle. You turn the tap and - nothing, there's no water. And that's when the lights go out. Now the phone line is down, too. There's always the mobile - but why is it dialling 999 all by itself?
This is the kind of scenario that government and private computer experts will be studying as they look into the growing possibility of a "cyber-terrorist" attack on what is known as our "critical information infrastructure" - the electronic systems vital for government, armed forces, business, finance, telecommunications, utilities, or emergency services.
There have been warnings from parts of the IT community that terrorists could attempt something like this for at least 10 years, but now governments are taking it much more seriously. Last week the FBI issued an alert warning that the threat of war with Iraq, and increased tension with North Korea, could lead to increased numbers of attacks on US infrastructure. Meanwhile Erkki Liikanen, European Commissioner for the Information Society, announced the formation of the European Network and Information Security Agency, a new body to improve cross-border cooperation and offer advice on computer security. "Network security has become a key concern, especially in the aftermath of the September 11 events," he says. "The malfunctioning of networks and information systems concerns everybody: citizens, businesses and public administrations."
The Cabinet Office, too, has announced a new unit, the Central Sponsor for Information Assurance, to be headed by its e-envoy, Andrew Pinder. This unit "brings together IT security expertise from across government," says the department, and "it will be working with the public and private sectors to ensure that risks to the national information infrastructure are appropriately managed."
The language is reserved, the discussions kept within a close circle of specialists, but security experts say the government is taking the threat seriously. In the United States, repeated warnings of an "electronic Pearl Harbor" from terrorism and technology experts have given the subject more public prominence. The White House is due to release a national strategy to secure cyberspace within the next few weeks. The UK's parallel effort, the "national information assurance plan", was revealed last May but is "still in its early stages", a spokesman for the e-envoy's office admitted.
This scenario is not just a dim vision of the future. The National Security Agency simulated a cyber-terrorist attack with 35 hackers in 1997. They managed to hack into department of defense networks, "turn-off" sections of the power grid, "shut down" parts of the 911 emergency service and even managed to "hack" into a Navy cruiser's systems.
But it's the events of September 11 2001 that have turned cyber-terrorism from a theoretical threat into a very real one. The warning signs are there for all of us to see in al-Qaida's public statements, says Richard Clarke, chairman of the president's critical infrastructure board. He was America's first counter-terrorism coordinator and has now advised three presidents on cyber-security. His argument is quite simple: before September 11, al-Qaida tended to talk about taking human lives - killing as many people as possible. But afterwards its rhetoric shifted towards threats against the economic infrastructure of the west. This is too dispersed and diverse to bring down with bombs, he argues, but it could do a lot of damage in cyberspace.
Clarke is not alone. There will be a major attack this year, says research firm IDC after polling its 700 analysts to make predictions for 2003. Network Associates vice president Terry Benzel told the House of Representatives science committee: "People will die, the nation's economy will be crippled and protec tive services systems will be weakened."
Al-Qaida is just one group interested in waging cyber-terrorism. A CIA report for the Senate Intelligence Committee adds Sunni extremists, Hezbollah and Aleph (formerly Aum Shinrikyo, responsible for the Tokyo underground poison gas attack) to the list. Clarke says Iraq, Iran, North Korea, China and Russia are already training people in cyber-warfare. "There are a lot of different people who can conduct cyber-warfare," says Clarke. "There are countries that are creating cyber-warfare units. There are criminal groups engaging in cyber-crime. There are also some terrorist groups we know are looking at using cyber-attack tools."
A Home Office spokesman said assessments by its national infrastructure security coordination centre, which works with intelligence services such as GCHQ to gather information, conclude there is "no imminent threat" of a cyber-terrorist attack, "but that issue is kept under onstant review."
The motive for most hackers and virus writers has always been one of ego or intellectual challenge rather than financial gain or political belief. But now ideologically motivated hacking is rising fast, says UK computer security consultancy Mi2g. Its study of major hacker groups active in 2002 notes: "Attacks on the west show a spurt of growth mainly coming from radical groups and individuals based in predominantly Islamic countries." It reports that there were 5,589 attacks on the UK last year, with ideologically motivated attacks coming from Egypt, Pakistan, Morocco and Turkey. Mi2g says there were surges of attacks before both the Bali bomb in October and the arrests of suspected terrorists in Italy last month. "The true extent of the shared agenda between hacktivisim and terrorism is only now becoming visible," says the report. "There is a requirement for government-funded network monitoring to go deeper into ideological hacking and to establish the common connections between digital attacks and physical terrorism."
But Clarke argues that we should be worrying about how to protect our critical systems, rather than where the next attack will come from. Every new technology is a potential target for cyber-terrorists. Viruses in Spain and Japan have tricked mobile phones into dialling the local emergency numbers. "Now, if you're a terrorist, the first thing you might want to do before an attack is take down the 911 system," says Clarke.
There are also concerns over the latest hot technology known as wireless local area networking (WLAN, or Wi-Fi in the US). This is now appearing in notebooks, laptops and PDAs for business people to get online access in "hot spots" such as cafes, airports or even on the street outside companies that have it installed. The Worldwide Wireless Wardrive, whose members drive around to find these "hot spots", found that most access points don't even have the most basic wireless security software turned on.
More households are signing up for broadband internet services because they offer faster access and an "always on" connection. "This, of course, increases the vulnerability of systems and multiplies the probability of some sort of cyber-attack," says Erkki Liikanen.
[an error occurred while processing this directive]