Is the fear of cyberterrorism from the Middle East causing us to neglect the security of our own systems, asks Simon Moores.
This month, I’ve been asked to research any potential or actual convergence between cybercrime and terrorism.
Just back from a short tour of the Middle East, I don’t see any immediate evidence of one touching upon the other, but in the coming weeks I’ll be knocking on the doors of friends at the different law-enforcement and intelligence agencies in a bid to find out.
Georgetown University professor, Dorothy Denning pointed out as far back as 1999 that the internet presented a tool for influencing foreign policy.
She commented, “What can be said is that the threat of cyberterrorism, combined with hacking threats in general, is influencing policy decisions related to cyberdefence at both a national and international level.”
When asked, "who are the cyberterrorists", Dr Mudawi Mukhtar Elmusharaf of the Computer Crime Research Centre writes, “From an American point of view the most dangerous terrorist group is Al-Qaeda.”
Evidence indicates that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure.
Dr Elmusharaf also points out that a study, which covered the second half of 2002, showed that the most dangerous nation for originating malicious cyberattacks is the US with 35.4% of the cases down from 40% for the first half of the same year.
South Korea came next with 12.8%, followed by China (6.7%), Germany (6.2%) and France (4%). The UK came ninth with 2.2% - a figure which should please David Blunkett.
Former Middle East war correspondent Giles Trendle, who presented an ITN documentary with former hostage John McCarthy on Easter Sunday, has visited the Ain il-Hilweh refugee camp in south Lebanon to see how guerrilla leader "Colonel" Mounir Maqdah is harnessing the power of information technology to grow a networked organisation to extend his strike capabilities beyond all borders.
Trendle writes, “Maqdah is a bullet-scarred, die-hard guerrilla fighter: a practised exponent of asymmetric war. For this reason, he is using IT tools to offset his disadvantages and increase his capabilities to strike big against his conventionally more-powerful enemy.”
And, in this case, this is the state of Israel - but he is prepared to be flexible and last year issued a threat, issued via a local magazine, that should the US attack Iraq then "hundreds of martyrs are ready to send America into hell".
In reality, fears of cyberterrorism may owe more to statistics from leading anti-virus suppliers or even press releases from consultancy mi2G, which, in 2002, prompted Richard Forno, security consultant to the US Department of Defense, to launch a broadside against the company, accusing it of spreading fear, uncertainty and doubt over cyberterrorism risks, questioning its estimates of damage caused by cyberattacks and cybersecurity "intelligence" sources.
The Computer Crime Research Centre does, however, find one statistic that both Symantec and mi2G can agree upon, that “more than half of recorded digital attacks in the past, have been the result of misuse and abuse of networks by employees”.
This may tell us that in 2004, we have far more to fear from the people inside the corporate firewall than we have to be concerned with ideologically motivated terrorist attacks from the outside.
What do you think?
What measures have you taken to secure your systems from cyberterrorism? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com
This was first published in April 2004