by Giles Trendle ,© KAM Ltd 2002, All rights
Monday, 9th September 2002 - The move towards military
action against Iraq is raising the possibility of an increase in electronic
attacks by activists or hacking groups sympathetic to Iraq or opposed to
any military attack.
One such hacker, interviewed by e-mail for this article, warned
that Western governments and businesses should brace themselves for 'suicide
cyber attacks' in the event of a war against Iraq. He defined a 'suicide
cyber attack' as one in which the hacker sets out to cause maximum damage
unhindered by any regard for being detected and caught. The hacker who issued
this stark warning belongs to a group calling itself the Iron Guards which
has in the past attacked Israeli government and business websites as part
of the Arab-Israeli cyberwar.
Such talk may be no more than rhetorical swagger. Yet some
indicators already point to an escalation of digital attacks. mi2g, a London-based
company specialising in Internet security, has recorded August 2002 as the
worst month for overt digital attacks ever since its records began in 1995.
"It would seem highly likely that the launch
of a physical attack on Iraq will see counter-attacks from disgruntled Arab,
Islamic fundamentalist and anti-American groups," concludes
DK Matai, Chairman and CEO of mi2g.
Hacking comes under what military theorists refer to as 'asymmetric
warfare', in which unconventional tactics are used by smaller players to
counter the overwhelming conventional military superiority of an adversary.
Like a classic guerrilla struggle, such digital warfare is a conflict of
the weak against the strong, in which the weaker force probes and attacks
the vulnerable points in its enemy's defences.
The Achilles Heel of modern technology appears to be that
no computer system is totally invulnerable to being 'cracked'. This has
raised fears that hacking might enable an individual or small group to wreak
havoc in terms of defacing or 'downing' government websites, spreading viruses
and worms that infect and disrupt computer systems, or even using the Internet
as a direct instrument of death by taking remote control of systems operating
dam floodgates or air traffic control.
The IT proficiency of militant Islamic hackers was recently
raised by American officials who admitted they have underestimated the amount
of attention al-Qaeda was paying to the internet. "Al-Qaeda
spent more time mapping our vulnerabilities in cyberspace than we previously
thought," said Roger Cressey, the chief of staff of
the White House critical infrastructure protection board, in a recent interview
with the Washington Post. "The question
is a question of when, not if."
The National Infrastructure Security Co-ordination Centre
(NISCC), an interdepartmental organisation created by the Home Secretary
in 1999 with the task of protecting the UK's infrastructure from electronic
attack, says it is keeping this threat under constant review.
In a statement for this article, the NISCC said:
"Although the UK is increasingly vulnerable to electronic attacks,
like other technologically advanced societies, there is nothing to suggest
that the UK's critical national infrastructure, including government, is
at risk of widespread and disruptive electronic attack should the UK participate
in any possible military campaign against Iraq."
The NISCC added, however, that in the event of a war on Iraq,
what it called 'Islamic extremists' - or any other hacking groups - "may
be motivated to carry out less sophisticated attacks such as website defacements
or denial of service attacks." In other words, there
may be more digital attacks, but nothing to get overly-worried about at
this point in time.
The e-Envoy's office also says it is active vis-à-vis
any cyber threat. "The government has developed
a set of Security Frameworks to provide a common approach to security for
eGovernment services, which the Office of the e-Envoy is publishing,"
said a source from the e-Envoy's office. "We
believe that we are building adequate security measures into our services,
but no-one can afford to be complacent."
Some experts in the private sector feel that hysteria is as
bad as complacency. "I think the media
overplays the hype associated with cyberterrorism," says
Clifford May, chief forensic consultant at Integralis, an IT security company
in the UK. "Large organisations may be
an attractive target, but they have very strong security in place."
The website Vmyths.com (www.vmyths.com) has a self-declared
goal of the "eradication of computer virus hysteria." With acerbic
wit, the industry writers at Vmyths seek to expose what they feel lies behind
the hullabaloo about computer security: namely, media ignorance, scare-mongering
consultants and profit-seeking antivirus companies.
So will war on Iraq lead to an e-jihad against eGovernment?
There may possibly be more digital attacks, but the levels of skill and
efficacy of such attacks remains unclear. Hackers - like the Al-Qaeda network
- can be dispersed, nebulous and elusive. Such a threat, because it is unseen,
creates uncertainty and where there is uncertainty there is room for fear
The response to cyber-threats from American and British officials
may appear different. American officials seem more ready to conceive (even
predict) the possibility of a devastating and catastrophic attack by cyberterrorists.
The White House advisor for cyberspace security recently referred to the
possibility of a 'digital Pearl Harbour'. British cyber-officials, on the
other hand, maintain a more reserved tone. Hopefully, the difference between
us and the Americans is one of cultural expression, and not in any way one
of professional diligence.
Giles Trendle is a former Middle East war correspondent
who today writes and speaks on advocacy networks and anti-corporate activism.
His website is http://www.globalprofile.co.uk/
Giles Trendle's independent opinion appears courtesy of
Prospect - a recruitment consultancy committed to 'enabling better features'
and sourcing the people to drive eGovernment. For further information go
or email firstname.lastname@example.org