Cyberterror Not Yet a Credible Threat, Says Policy Thinktank

Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."

That's Why We Must Be Proactive now

[Anonymous Coward]

It seems to me that even if this report was accurate, we shouldn't be resting on our laurels until the threats become credible and too late to stop.

Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages, not when the have assembled and planted the bomb. Cyberterrorism should be no different.

We wouldn't want the smoking gun to be a complete breach and shutdown of our networks would we. I favor a more proactive and preemptive approach. Attack them now before they can attack us. The best defense is a good offense.

Re:bring back the pr0n!

[sopssa]

Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.

Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet. Yeah, you can cause some minor annoyance or accidentally route traffic elsewhere like what happened with YouTube for ~30 mins a few years ago, but those are quickly fixed when upstream ISP's responsible notice.

Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

Re:"not yet credible"

[siddesu]

I am not worried about some scary foreign governments.

I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful.

For no other recourse, I participate in a complex voluntary international network, and employ significant resources internally to mitigate this cyber attack. And all I can do is keep some part of it away, barely. Sometimes I suffer from the complexities of this very same mitigation system, when my services are denied by mistake.

And the governments, who btw also suffer from it, just keep tolerating it.

What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.

My guess is, solving real problems is hard, and because of that less money are left for graft, so the interest of the politicians in solving them is significantly lower.

Re:bring back the pr0n!

[Anonymous Coward]

actually fear is easily caused online. you could do something virtual like download the entire customer database of some bank and put it up as a file on main page of google.com, you've just scared shitless the entire bank's customer base. or you could do something physical like hack google's data center, override all the security there, disable the cooling for servers, turn up all the processors to 100%, and watch as the entire server room exploded. or you could overload a nuclear power plant or something, the specifics dont really matter.
the point is that actions online are the same as actions in real life, except theres an extra layer of technology between you and the target.
terrorism has really redefined warfare in the sense that there's no more concrete enemy. therefore conventional tactics don't work against terrorists. you can't, for instance, go to some country and kill people and expect that to stop terrorism. there's really no simple solution, but what you have to do to combat terrorism is to figure out why the terrorism is happening, and try to fix that. every action has a stimulus, and if you dug deep enough, you could figure out what the initial stimulus for the terrorist was.

Re:bring back the pr0n!

[demachina]

"What are you going to on the internet,"

The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage. Its open to debate how feasible these are but they are certainly plausible and the systems involved may all interact with the Internet now in one form or another.

I find this statement amusing to no end:

"A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market."

It basically implies that advanced intelligence agencies are years ahead in developing the tools for Cyberterrorism. If that were actually true, which I doubt, then why wouldn't you still be "afraid" some advanced intelligence agency will launch a cyber terror attack, or is this submission implying that just because a nation state does it, its not terrorism?

Re:bring back the pr0n!

[Anonymous Coward]

Having worked for three letter agencies, let me say that yes, China is engaged in this activity. Certainly the Russians, French, US, British, and any other country with a foreign intelligence service. In China's case, it's very hard to officially link it to the government because the PLA owns so many companies in the country they can have one of those entities engage in the action with plausible deniability.

As far as it not being a "real" threat, I'd ask the Estonians what they think about that....

Creative thinking ahead

[HomelessInLaJolla]

Once you start down that route then your hypothetical ideas go three places: people who do not care, government investigative agencies, and actual terrorist groups.

The people who don't really care are probably the people with which you discuss these things.

The government investigative agencies, depending upon the quality of your hypothetical ideas, may begin to monitor or make inquiries about you. Many people are not comfortable with vague gray fuzzy inquiries from vague gray fuzzy characters. Look for the conditions in your workplace and the public places which you frequent to become more and more odd, discomforting, or passively hostile. Additionally, once investigative agencies begin to take notice of you because of your hypothetical musings you may find that the number of speeding tickets you receive goes up, or applications/resumes for employment are ignored or denied with vague and meaningless responses, or applications for apartment or condo rentals are similarly ignored or denied with vague and meaningless responses. Consider that paranoia does not begin with full light of black helicopters and an entourage or marked police cars. It begins with vague fuzzy gray inquiries made to your HR department, your bank manager, your insurance company, the local police department, your ISPs cybercrime response department, etc. Those things add up to create a negative stress in your life.

If actual terrorist groups take notice of your musings then they might adapt your ideas and act on them. If you have been covertly monitored, as above, you may become the object of deeper and harsher scrutiny.

Unless you are deliberately and specifically sanctioned by the government and on someone's official payroll then being brilliant, creative, and novel is not welcome in today's society of thought police and preemptive military invasion. Iraq had some things that US leaders were uncomfortable with, therefore they deserve to be invaded. A particular citizen has ideas or musings which the local chamber of commerce members are uncomfortable with, therefore they deserve to lose their job, their home, and be forced to leave town.

It all follows along perfectly from having a big brother government with unlimited financial resource and unchecked under-the-table influence.

Re:bring back the pr0n!

[iamsolidsnk]

Terrorism is meant to cause terror while performing everyday activities or a general sense of fear and paranoia in the general population. General public != internet-using public, and I find it hard to believe that any type of act committed in cyberspace would cause such feelings in any average internet-using person. Until cyber-activity gets to a point where such activity causes personal harm, whether psychologically or physically, I would say the term cyber-terrorism has no relevancy to the general public.

Re:bring back the pr0n!

[demachina]

Air traffic control and power grids are inherently networked operations. You need to transfer planes from one control center to another, and to report loads or faults on the grid to various control centers, or turn generators on and off to balance load across wide areas. Only way you wouldn't have these functions on the Internet is if you go back to using phones to call people which is brutally inefficient and error prone. One hopes these networks are very secure VPN's but who knows.

Not sure if big dams have their flood gates under computer control but I know for a fact some smaller ones have some gates under computer control, especially ones with irrigation canals hooked to them.

This is digg, not slashdot

[Anonymous Coward]

This is digg, not slashdot. Facts are not welcome here. Yes, I work for another such agency. Yup, we've even seen hostile code in silicon. The chinese are a real threat.

Re:Creative thinking ahead

[dbIII]

Iraq had some things that US leaders were uncomfortable with

Yes, things like dragging half of their equivalent of congress out the back and forcing the other half to shoot them. It makes everybody that knows it in anything faintly resembling a Democracy uncomfortable.
But that's not a reason for the invasion, earlier administrations were quite happy to deal with them and some current military allies such as Algeria are far more of a basket case. There were plenty of stupid, petty, greedy or strategic reasons to have a lot of US military sited at the head of the Persian Gulf or have a war timed nicely for an election but Iraq has nothing at all to do with the views you've expressed above.
Data crossmatching combined with the increasing blurring of the line between the public and private sector in areas such as intellegence are a problem, especially due to the lack of accountability, secret blacklists and confidential information or unverified hearsay being shared with potential employers. The future is heading more towards "Brazil" instead of "1984" where the mistakes of the inexperienced, poorly trained or poorly educated could end up putting you on some secret blacklist. Some unaccountable idiot like the one that punished an airline and a planeload of passengers to teach Cat Stevens a lesson for being a Muslim may take a dislike to you and put something nasty on your file. It really is bizzare that a perceived threat to Democracy encouraged a slow shift towards what is really the Stalinism that was written about in 1984.
The good news is that those that were firmly behind that shift to a more authoritarian government and a diminishment of Democracy are in terror of what Obama could do with such power so they are now opposed. This will slow things down and prevent crossmatching of all information on everyone or similar policies.

Re:bring back the pr0n!

[_Sprocket_]

But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv.

You're assuming that:

1) Everyone in the world understands what the Internet offers.

2) That those who would target the Internet don't see it as a symbol of Western power / pride.

3) Everyone WANTS people to have access to a worldwide medium that gives them free access to thoughts and ideas not dictated by their regional government / society.