Where does criminal hacking end and cyber-terrorism begin? There’s no clear delineation, says Matthew Devost, the founding director of a United States-based think-tank called the Terrorism Research Centre. Devost was in Australia last week as a guest of the US State Department and found time to brief groups such as the Australian Federal Police on the threat posed to the nation and its businesses by cyber-terrorists.
Devost says that research has found significant links between criminal organisations and terrorist groups. “There’s a high level of convergence,” he says, “from the highest levels all the way down to street gangs.”
This sounds a little like scaremongering, but Devost says that one of the easiest ways for cyber-terrorists to wreak their havoc is to infiltrate people into an organisation, perhaps as temporary employees or salaried workers operating under cover. And that’s where organised crime can help out with identification, passwords and the like.
Cyber-terrorism’s goals are parallel to those of traditional terrorism: create fear and distrust in public institutions, or to cause a loss of life by disrupting critical infrastructure. But it’s worth bearing in mind, he says, that there hasn’t yet been a recorded case of a cyber-terrorist act.
The threat is from established terror groups, as well as nation states. “I don’t see al Qaeda dropping its existing acts for cyber-terrorism,” says Devost. “But there are at least 100 nations developing cyber-weapons.”
The figure comes from CIA intelligence, but the question that remains is how many of the nations are actually worth worrying about. He acknowledges that the United States has a longstanding cyber-weapons program, but that its use is hampered by legal and technical issues. Most cyber-weapons, from denial of service attacks that flood servers with data requests through to traditional hacking, are single use. Fire a cyber-weapon once and the target as well as other potential targets can defend itself against further attack. The legal issue comes to the fore because network trunk lines cross national boundaries. “If you launch a cyber-attack, and it crosses national boundaries on its way to its target, does that mean that the nations that are crossed are complicit or does it mean that they’ve had their sovereignty compromised?”
Regardless of the legal issues, now is probably the right time to launch a cyber-attack because of what is described as the “blame bin Laden” factor. Any attack would be chalked up to existing terror cells, and not one country trying to compromise another. What makes it even trickier is that a cyber-weapons installation would look like any other technology facility. Weapons inspectors would never spot it.