Since the start of the conflict in Iraq, the number of
web attacks has risen. Simon Moores argues we should be more
concerned about real threats.
After a Distributed Denial of Service (DDoS) attack on
the No 10 website this week, the familiar argument arose again that
if Mr Blair had more faith in open-source apache rather than
internet information server, the symbolic heart of government
wouldn’t be interrupted by protests of this kind.
I asked Microsoft’s UK chief security officer Stuart Okin, whether
protecting a web server from a DDoS attack involves rather more
than simply parking an armed Penguin at the front door?
He replied that any environment requires the presence of a good
security policy which integrates "people, process and technology",
a foundation principle of Microsoft’s own Trustworthy Computing
strategy.
This month the Mi2G intelligence service reported a dramatic
increase in the number of web attacks since the start of the
military campaign against Iraq. It predicted that March may well
become the worst month for digital attacks since records began in
1995.
What I find most interesting is that 71% of all digital attacks
recorded to date this month are against Linux systems, and only 24%
involve Microsoft Windows.
Forget mass protest, DDoS can prove much more effective as a
nuisance to the authorities and it doesn’t involve carrying a
banner on a bus ride to the nearest city or even country where you
might wish to stage your protest.
Whether you choose to place your faith in God, Apache or IIS is
debatable, even if enough effort and intellect are concentrated
against your server.
This, of course, would have to be fully patched and up to date
if it were to offer even token resistance against being "pinged to
death" or attacked with a library of other exploits, many of which
I can find on my latest "Tiger Tools" CD.
As government comes to rely increasingly on technology, it becomes
more vulnerable to the threat of interruption.
Before the arrival of the PC, the old way of running a country
was painfully slow and marginally less efficient than it is today,
but the essential command and control systems could always function
by post or by telephone.
Interrupt the Inland Revenue’s systems for 24 hours or more in
the information age and the mind boggles at the chaos that might
follow.
I believe that Mi2G is going completely over the top, warning us
that: “There is no doubt about the linkages between physical
terrorism and waves of digital attacks that act as a barometer of
negative sentiment. It should not come as a surprise if US, UK or
Australian assets are attacked by terrorists anywhere in the world
in the coming days and weeks."
Rather like the threat of weapons of mass destruction I have yet to
see any real evidence of link between terrorism and digital risk. I
see lots of evidence of protest moving "web-side" as an intelligent
manifestation of popular feeling, but no sign of Ernst Stavro
Blofeld or some other shadowy Bond character out there preparing to
bring the country to its knees with an attack on UK-Online.
Microsoft’s chief security strategist Scott Charney sums up his
opinion on cyber-terrorism by remarking:
“First, it's not actually so easy to bring down the networks.
There's a lot of redundancy and a lot of resiliency. Second, it
doesn't create the kind of graphic pictures that terrorists often
want. Third, it doesn't create the kind of fear that terrorists
want.”
Instead, the best that cyber-warriors can do is pick on the
relatively soft target of the No 10 website, which is far more
likely to draw applause from the population than leave them in fear
of the prospect of cyber-terrorism.
Let’s be honest. This month we should all be more worried by things
that go bang than by things that go buzz but employing a Penguin as
a defensive measure may not be the most effective means of
defending 10 Downing St from the reach of world opinion.
What do you think?
Do you think the threat of cyber-terrorism has been hyped?
Tell us in an e-mail>> CW360.com
reserves the right to edit and publish answers on the website.
Please state if your answer is not for
publication.
ZentelligenceSetting the world to rights with the collected thoughts and
opinions of the futurist writer, broadcaster and Computer Weekly
columnist Simon Moores.