by Giles Trendle ,© KAM Ltd 2002, All rights reserved

Monday, 9th September 2002 - The move towards military action against Iraq is raising the possibility of an increase in electronic attacks by activists or hacking groups sympathetic to Iraq or opposed to any military attack.

One such hacker, interviewed by e-mail for this article, warned that Western governments and businesses should brace themselves for 'suicide cyber attacks' in the event of a war against Iraq. He defined a 'suicide cyber attack' as one in which the hacker sets out to cause maximum damage unhindered by any regard for being detected and caught. The hacker who issued this stark warning belongs to a group calling itself the Iron Guards which has in the past attacked Israeli government and business websites as part of the Arab-Israeli cyberwar.

Such talk may be no more than rhetorical swagger. Yet some indicators already point to an escalation of digital attacks. mi2g, a London-based company specialising in Internet security, has recorded August 2002 as the worst month for overt digital attacks ever since its records began in 1995. "It would seem highly likely that the launch of a physical attack on Iraq will see counter-attacks from disgruntled Arab, Islamic fundamentalist and anti-American groups," concludes DK Matai, Chairman and CEO of mi2g.

Hacking comes under what military theorists refer to as 'asymmetric warfare', in which unconventional tactics are used by smaller players to counter the overwhelming conventional military superiority of an adversary. Like a classic guerrilla struggle, such digital warfare is a conflict of the weak against the strong, in which the weaker force probes and attacks the vulnerable points in its enemy's defences.

The Achilles Heel of modern technology appears to be that no computer system is totally invulnerable to being 'cracked'. This has raised fears that hacking might enable an individual or small group to wreak havoc in terms of defacing or 'downing' government websites, spreading viruses and worms that infect and disrupt computer systems, or even using the Internet as a direct instrument of death by taking remote control of systems operating dam floodgates or air traffic control.

The IT proficiency of militant Islamic hackers was recently raised by American officials who admitted they have underestimated the amount of attention al-Qaeda was paying to the internet. "Al-Qaeda spent more time mapping our vulnerabilities in cyberspace than we previously thought," said Roger Cressey, the chief of staff of the White House critical infrastructure protection board, in a recent interview with the Washington Post. "The question is a question of when, not if."

The National Infrastructure Security Co-ordination Centre (NISCC), an interdepartmental organisation created by the Home Secretary in 1999 with the task of protecting the UK's infrastructure from electronic attack, says it is keeping this threat under constant review.

In a statement for this article, the NISCC said: "Although the UK is increasingly vulnerable to electronic attacks, like other technologically advanced societies, there is nothing to suggest that the UK's critical national infrastructure, including government, is at risk of widespread and disruptive electronic attack should the UK participate in any possible military campaign against Iraq."

The NISCC added, however, that in the event of a war on Iraq, what it called 'Islamic extremists' - or any other hacking groups - "may be motivated to carry out less sophisticated attacks such as website defacements or denial of service attacks." In other words, there may be more digital attacks, but nothing to get overly-worried about at this point in time.

The e-Envoy's office also says it is active vis-à-vis any cyber threat. "The government has developed a set of Security Frameworks to provide a common approach to security for eGovernment services, which the Office of the e-Envoy is publishing," said a source from the e-Envoy's office. "We believe that we are building adequate security measures into our services, but no-one can afford to be complacent."

Some experts in the private sector feel that hysteria is as bad as complacency. "I think the media overplays the hype associated with cyberterrorism," says Clifford May, chief forensic consultant at Integralis, an IT security company in the UK. "Large organisations may be an attractive target, but they have very strong security in place."

The website Vmyths.com (www.vmyths.com) has a self-declared goal of the "eradication of computer virus hysteria." With acerbic wit, the industry writers at Vmyths seek to expose what they feel lies behind the hullabaloo about computer security: namely, media ignorance, scare-mongering consultants and profit-seeking antivirus companies.

So will war on Iraq lead to an e-jihad against eGovernment? There may possibly be more digital attacks, but the levels of skill and efficacy of such attacks remains unclear. Hackers - like the Al-Qaeda network - can be dispersed, nebulous and elusive. Such a threat, because it is unseen, creates uncertainty and where there is uncertainty there is room for fear (and fear-mongering).

The response to cyber-threats from American and British officials may appear different. American officials seem more ready to conceive (even predict) the possibility of a devastating and catastrophic attack by cyberterrorists. The White House advisor for cyberspace security recently referred to the possibility of a 'digital Pearl Harbour'. British cyber-officials, on the other hand, maintain a more reserved tone. Hopefully, the difference between us and the Americans is one of cultural expression, and not in any way one of professional diligence.

Giles Trendle is a former Middle East war correspondent who today writes and speaks on advocacy networks and anti-corporate activism. His website is http://www.globalprofile.co.uk/

Giles Trendle's independent opinion appears courtesy of Prospect - a recruitment consultancy committed to 'enabling better features' and sourcing the people to drive eGovernment. For further information go to http://www.prospectmsl.com/ or email info@prospectmsl.com