Cyberattack threat grows as war looms

Terrorist groups may seek to infiltrate IT departments, says UK infrastructure chief.

The head of the UK's National Infrastructure Security Co-ordination Centre (NISCC)has advised organisations to review the security of their systems as the prospect of war with Iraq raises the threat of cyber-attacks by Islamic groups.

Stephen Cummings, director of NISCC, a Home Office unit created three years ago to alert government departments and businesses about threats to the IT infrastructure, said that war would almost certainly lead to an increase in low-level cyber-attacks. "There will be groups attacking US government and Department of Defense websites, and similar groups carrying out activity against the websites of any country involved in military action."

Government systems are likely to be the prime targets for any attack but businesses that appear to support the US or the UK over their actions against Iraq could also come under threat, NISCC believes.

"There have been companies perceived to be in line with US support for Israel in the past which have been attacked by pro-Palestinian groups. We could expect to see the same thing again from difference sources," Cummings said.

Evidence collected by NISCC suggests that some Islamic countries are turning a blind eye to extremist hacking groups operating from within their borders, in what he said almost appeared to be state support.

In other cases, state-sponsored organisations have been hacking into commercial, academic and probably government organisations to gain access to sensitive information.

"There are parts of the world where even at a state level, there is great interest in economic espionage. Commercial companies can have information on their systems about product development and technology that a state would want to access."

Terrorist organisations such as Al-Qaeda do not yet have the technology to mount hacking attacks or release computer viruses, but there is a risk that they could buy the skills in or use coercion to obtain them.

Cummings urged businesses to plan for the possibility that terrorist groups may actively seek to plant people inside IT departments of critical organisations.

"My view is that terrorist groups have identified the potential value in having people inside organisations rather than just respond passively as they have done in the past. There are already non-cyber examples of this."

UK-based pressure groups, such as anti-capitalist and environmental groups, are also posing a threat to commercial and government websites and services, Cummings said.

Anti-capitalist groups in particular are targeting the financial service sector, with a view to disrupting services through hacking, website defacements and denial-of-service attacks.

Read more on IT risk management