[ISN] Tech threats: the new front in the War on Terror

[InfoSec News]

http://www.cbc.ca/news/viewpoint/vp_hughes/20040901.html

Greg Hughes 
September 01, 2004

There's little doubt nowadays that the 21st century is shaping up to 
be a very unstable era in human history. Non-state actors like 
al-Qaeda are stepping up their fight against nation-states, employing 
mostly conventional, low-tech solutions to their acts of terrorism. 

Yet there is a new frontier emerging in the War on Terror - cyber 
terrorism. As the internet continues to grow in popularity and usage 
around the globe, more malevolent forces are using the web as a means 
to spark fear and spread their messages of hate and violence. 

Cyber terrorism is a diverse set of technologies that ranges from 
viruses and denial-of-service attacks to posting messages, pictures 
and videos on websites whose purpose is to scare people. 

It's particularly effective in the West because westerners are the 
most connected people in the world. For terrorists, the web offers the 
ability to reach the common people in a way that's uncontrolled and 
unnerving. If a website or virus reaches enough people and incites 
enough chaos, it's a cheap, easy way to scare people on a level 
similar to a "real world" terrorist attack. And you don't even have to 
be in a western country to make it all happen. 

The most obvious example of cyber terrorism so far has been websites 
devoted to westerners held hostage by terrorists in the aftermath of 
the war in Iraq. The videos available on these sites have featured 
content that includes torture and live beheadings - content not 
suitable for any time of day on TV or radio. But online, the curious 
will, eventually, find it. 

More disturbing, however, is that a cyber terrorist attack could, in 
theory, help to create more damage than the events of 9/11 could ever 
have accomplished. 

Here's a potential scenario. Let's say a major city in the U.S. or 
Canada is hit with a terrorist attack similar to the attacks on the 
World Trade Center. The casualties are not as high as 9/11, but many 
people are injured and need help quickly. 

Under normal circumstances, emergency dispatchers would be sending 
medical teams to help the wounded. But what if, at the same time as 
the physical attacks were occurring, an army of viruses with 
instructions to crash communication networks - emergency radio 
frequencies and cellphone radio towers - was deployed from elsewhere? 

This isn't an unfeasible scenario; various viruses such as MyDoom have 
taken down entire networks with relative ease. Who's to say that an 
enterprising, net-savvy terrorist group couldn't make this happen? And 
how many more people could be in trouble because our high-tech 
communication networks are down after the fallout of a major 
explosion? 

The United States, the prime target of many terrorist groups, is 
charged with the greatest burden in making sure cyber terrorism 
scenarios don't actually happen. But it's a tough task, given how 
quickly things can spread online. It only takes one downloaded file, 
one opened e-mail, to spread a virus worldwide in a matter of days. 

BBC News has reported that in July of this year, a U.S. Department of 
Homeland Security internal memo described cyber terrorism as one of 
America's top five security threats. A new unit within the DHS, the 
National Cyber Security Division, was created explicitly for the 
purpose of tackling net security and addressing criticisms that the 
U.S. government has not done a good enough job of preventing future 
cyber terrorist attacks. 

Some have argued that cyber terrorism is hardly a threat in comparison 
to a weapon of mass destruction going off in a major city like Chicago 
or London. Perhaps they're right and talk of cyber terrorism is simply 
fear mongering. But the tools that could enable terrorists to gain 
possession of weapons of mass destruction are already online. And 
technology that allows terrorists to gain information required to 
create these weapons is only improving as the web continues to evolve. 

Quantum encryption - the use of photons as gatekeepers - is one such 
example. While still a few years away from being used for mass-market 
purposes, quantum encryption could be the most impenetrable form of 
encryption ever created. The use of decryption sequences employing 
quantum variables known only to the sender and recipient makes the job 
of intercepting and cracking encrypted e-mails, instant messages and 
websites nearly impossible. This is very worrisome for groups devoted 
to preventing terrorist acts, for how do you stop communications you 
can't even find a source for? 

Various websites have for years offered detailed instructions on 
bomb-making techniques. So-called "darknets" - intranets that have no 
IP addresses listed so they can't be traced - spring up overnight 
where terror groups can share information secretly and disappear 
without a trace. 

Should we be worried? Possibly. Is this a reason to minimize our 
dependence on the web? Not in the least. The internet is becoming the 
tool of choice for many aspects of our lives; abandoning what has 
become one of our greatest inventions would be to give in to fear. Yet 
like most technology, the web is a double-edged sword: for every 
benefit we gain from it, there's an equal trade-off. 

All we can do is be vigilant, be responsible and be educated about the 
web - the better informed we are, the less chance cyber terrorists 
will succeed. 

-=-

Greg Hughes is a 26 year-old freelance writer. He has written on 
culture and technology for Shift, Silicon Valley North and 
globetechnology.com, and he has also contributed to the National Post, 
the Queen's Alumni Review and other publications. He holds a Bachelor 
of Arts (Honours) from Queen's University in Kingston, Ontario.