Friday, March 09, 2007

Cyberterror Risk

In January the Congressional Research Service reported that the risk of cyberterror may be growing:

Persistent Internet and computer security vulnerabilities, which have been widely publicized, may gradually encourage terrorists to continue to enhance their computer skills, or develop alliances with criminal organizations and consider attempting a cyberattack against the U.S. critical infrastructure.

Reports indicate that terrorists and extremists in the Middle East and South Asia may be increasingly collaborating with cybercriminals for the international movement of money, and for the smuggling of arms and illegal drugs.

To date, the Federal Bureau of Investigation (FBI) reports that cyberattacks attributed to terrorists have largely been limited to unsophisticated efforts such as email bombing of ideological foes, or defacing of websites. However, it says their increasing technical competency is resulting in an emerging capability for network-based attacks. The FBI has predicted that terrorists will either develop or hire hackers for the purpose of complimenting large conventional attacks with cyberattacks.
The integration of physical attacks with cyberattacks is important to consider. If cyberterrorists were to take down a communication network as an isolated incident, it would be annoying and costly - but not earth-shattering. But on the other hand, if cyberterrorists were to take down the same communication network in conjunction with a physical attack, it could hinder the response and amplify the effects of the attack:
Many security experts also agree that a cyberattack would be most effective if it were used to amplify a conventional bombing or CBRN attack. Such a scenario might include attempting to disrupt 911 call centers simultaneous with the detonating of an explosives devices.
Terrorist recruiting also relies on the Internet:
The Internet is now used as a prime recruiting tool for insurgents in Iraq. Insurgents have created many Arabic-language websites that are said to contain coded plans for new attacks. Some reportedly give advice on how to build and operate weapons, and how to pass through border checkpoints.
There are also links between more common criminal activity and terrorism. Most notably, drug trafficking:
Officials of the U.S. Drug Enforcement Agency (DEA), reported in 2003 that 14 of the 36 groups found on the U.S. State Department’s list of foreign terrorist organizations were involved in drug trafficking. ... Drug traffickers are reportedly among the most widespread users of computer messaging and encryption, and often have the financial clout to hire high level computer specialists capable of using steganography (writing hidden messages contained in digital photographs) and other means to make Internet messages hard or impossible to decipher.
Terrorists need money to fund their operations and often turn to illegal activities as sources of cash. This is an ongoing vulnerability for them.

No comments: