The Bush administration's top cyberdefence official has said there
is evidence that terrorist group al-Qaeda used the Internet to
gather intelligence about critical facilities in the US, and other
terrorist groups and nations may be doing the same.
So far, said Richard Clarke, head of the White House's Office of
Cyberdefences, al-Qaeda and other terrorist organisations have
limited their use of the Internet to communication and propaganda
purposes.
"None of those traditional terrorist groups has yet to attack over
the Internet," said Clarke, who appeared yesterday (13 February
before the US Senate Judiciary Subcommittee on Administrative
Oversight and the Courts, but "that may be about to change".
There is now evidence found in caves in Afghanistan, said Clarke,
that al-Qaeda "was using the Internet to do at least reconnaissance
of American utilities and American facilities".
Clarke said al-Qaeda was gathering useful information off public
Web sites. "If you put all the unclassified information together,
sometimes it adds up to something that ought to be classified," he
said.
Clarke said the US does not know whether there have been successful
penetrations of critical infrastructure networks. But, "if I were a
betting person, I would bet that many of our key networks have
already been penetrated," he said.
Trap doors, a secret means to gain network access, and logic bombs,
devices that can cause systems havoc when triggered, "may already
be in many of our key infrastructures because it is easy to do,"
said Clarke.
Committee Chairman Charles Schumer warned that a "well-planned and
well-executed cyberattack on America wouldn't just mean the
temporary loss of e-mail and instant messaging. Terrorists could
gain access to the digital controls for the nation's utilities,
power grids, air traffic control systems and nuclear power plants".
The threat isn't just from terrorists groups. Criminal
organisations, teenage hackers and nations such as Iraq, Iran,
China, North Korea and Russia have all developed information
warfare units, said Clarke.
However, Clarke added, US software makers such as Microsoft are
taking steps to improve the security of products. That effort is
coming partly in response to Sept. 11, but also to some virulent
viruses that have caused $12bn (£8.4bn) in damages last year.
That damage caused a lot of end users to ask vendors why companies
were paying so much for products that aren't secure. "I think the
word has gotten through to the IT manufacturers," he said.
Clarke said the US doesn't know the capability of potential enemy
countries or terrorists groups to conduct cyberwarfare. Unlike
physical weapons, he noted, "There's nothing for our satellites to
take pictures of."