Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberterror Not Yet a Credible Threat, Says Policy Thinktank

Posted by timothy on from the got-to-be-right-all-the-time-though dept.

Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."

15 of 165 comments (clear)

  1. Re:bring back the pr0n! by sopssa · · Score: 5, Interesting

    Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.

    Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet. Yeah, you can cause some minor annoyance or accidentally route traffic elsewhere like what happened with YouTube for ~30 mins a few years ago, but those are quickly fixed when upstream ISP's responsible notice.

    Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

  2. Re:"not yet credible" by siddesu · · Score: 4, Interesting

    I am not worried about some scary foreign governments.

    I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful.

    For no other recourse, I participate in a complex voluntary international network, and employ significant resources internally to mitigate this cyber attack. And all I can do is keep some part of it away, barely. Sometimes I suffer from the complexities of this very same mitigation system, when my services are denied by mistake.

    And the governments, who btw also suffer from it, just keep tolerating it.

    What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.

    My guess is, solving real problems is hard, and because of that less money are left for graft, so the interest of the politicians in solving them is significantly lower.

  3. Not yet - shouldn't we still care? by DeadPixels · · Score: 3, Insightful

    Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?

  4. Re:bring back the pr0n! by MichaelSmith · · Score: 4, Insightful

    A guy I work with likes to point out that we always protect against the last terrorist attack, not the next one. You have listed a bunch of things which probably won't work and are not a concern. We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.

    --
    http://michaelsmith.id.au
  5. Re:bring back the pr0n! by sopssa · · Score: 4, Insightful

    But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv. Terrorism doesn't do terror just for the fun of it, but there's always some reasoning behind it - sometimes rational, sometimes more irrational. However script kiddies do it just for the fun of it, to gain that small time period of fame for randomly hacking something.

  6. Depends on the definition. by Hurricane78 · · Score: 5, Insightful

    To me, all that fearmongering of "terrorists" (that don't exist) is creating terror itself. So all the censorship and surveillance on the net would be the actual "cyberterror". If there were a point in adding "cyber-" in front of everything. It's just plain terrorizing the people. For the usual reasons: To gain control over them.

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
  7. Re:bring back the pr0n! by demachina · · Score: 3, Interesting

    "What are you going to on the internet,"

    The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage. Its open to debate how feasible these are but they are certainly plausible and the systems involved may all interact with the Internet now in one form or another.

    I find this statement amusing to no end:

    "A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market."

    It basically implies that advanced intelligence agencies are years ahead in developing the tools for Cyberterrorism. If that were actually true, which I doubt, then why wouldn't you still be "afraid" some advanced intelligence agency will launch a cyber terror attack, or is this submission implying that just because a nation state does it, its not terrorism?

    --
    @de_machina
  8. Re:bring back the pr0n! by Anonymous Coward · · Score: 4, Interesting

    Having worked for three letter agencies, let me say that yes, China is engaged in this activity. Certainly the Russians, French, US, British, and any other country with a foreign intelligence service. In China's case, it's very hard to officially link it to the government because the PLA owns so many companies in the country they can have one of those entities engage in the action with plausible deniability.

    As far as it not being a "real" threat, I'd ask the Estonians what they think about that....

  9. Re:Of course they would say that by SilverHatHacker · · Score: 4, Insightful

    Or, in the words of Captain Jack Sparrow, "When you've only got one shot, it's best to wait for the opportune moment." If I were going to take down a government network, I would wait until my country was poised to take advantage of the confusion and disorder (either by military means or otherwise), not just launch it whenever I felt like it.
    Keep in mind that terrorist is a buzzword now, and means 'generic enemy' rather than 'psychological warrior'. Just like 'Commie' during the Cold War, or 'Nazi' during WWII.

    --
    Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
  10. Creative thinking ahead by HomelessInLaJolla · · Score: 3, Interesting

    Once you start down that route then your hypothetical ideas go three places: people who do not care, government investigative agencies, and actual terrorist groups.

    The people who don't really care are probably the people with which you discuss these things.

    The government investigative agencies, depending upon the quality of your hypothetical ideas, may begin to monitor or make inquiries about you. Many people are not comfortable with vague gray fuzzy inquiries from vague gray fuzzy characters. Look for the conditions in your workplace and the public places which you frequent to become more and more odd, discomforting, or passively hostile. Additionally, once investigative agencies begin to take notice of you because of your hypothetical musings you may find that the number of speeding tickets you receive goes up, or applications/resumes for employment are ignored or denied with vague and meaningless responses, or applications for apartment or condo rentals are similarly ignored or denied with vague and meaningless responses. Consider that paranoia does not begin with full light of black helicopters and an entourage or marked police cars. It begins with vague fuzzy gray inquiries made to your HR department, your bank manager, your insurance company, the local police department, your ISPs cybercrime response department, etc. Those things add up to create a negative stress in your life.

    If actual terrorist groups take notice of your musings then they might adapt your ideas and act on them. If you have been covertly monitored, as above, you may become the object of deeper and harsher scrutiny.

    Unless you are deliberately and specifically sanctioned by the government and on someone's official payroll then being brilliant, creative, and novel is not welcome in today's society of thought police and preemptive military invasion. Iraq had some things that US leaders were uncomfortable with, therefore they deserve to be invaded. A particular citizen has ideas or musings which the local chamber of commerce members are uncomfortable with, therefore they deserve to lose their job, their home, and be forced to leave town.

    It all follows along perfectly from having a big brother government with unlimited financial resource and unchecked under-the-table influence.

    --
    the NPG electrode was replaced with carbon blac
  11. Cyberterrorism is a silly concept by darthwader · · Score: 4, Insightful

    "Terrorism" requires terror, not inconvenience or annoyance.

    A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

    It's not about the amount of damage, it's about the effect. A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on. A car exploding next to a bistro may only kill two or three people, but it is far more effective terrorism.

    For terrorism to be effective, it has to produce terror. That's an emotional reaction, not an intellectual one. And to get that emotional reaction, there has to be real tangible threats, like flames, blood and gore, falling rocks, etc.

    --
    I hate it when I make a joke and I get modded "+5 insightful". Mod the stupid comments "funny", not "insightful", pleas
  12. Re:bring back the pr0n! by Monsuco · · Score: 3, Funny

    Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com

    You have gravely underestimated the power of goatse.

    --
    The Gospel according to lolcat
  13. Re:bring back the pr0n! by uuddlrlrab · · Score: 4, Insightful

    I think you're hitting the nail on the head with your post. Bothering Google, or various other sites, even if it's for a day or two, would likely cause nothing more than a lot of annoyed muttering and sighs. However, there are still some things to consider.
    As you say, the main goal of terror groups will be to intimidate and cause widespread panic and lasting fear. Now, how that's done depends largely on the environment. If we're talking domestically, e.g. in the US, and I'm going to assume we are, the greatest threats online IMHO are things like identity theft, financial fraud (they're always looking to fund their activities), target profiling, and causing temporary disruptions of service (power, emergency services, telecom, transportation, etc) just before an attack. Those are all places where vulnerabilities are definitely present, and where we could and should definitely make changes for the better. Such a glib assessment that there is no threat smacks of the same arrogance/ignorance that led a certain ship to be called "unsinkable."

    --
    Odi profanum vulgus et arceo
  14. Re:bring back the pr0n! by _Sprocket_ · · Score: 3, Interesting

    But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv.

    You're assuming that:

    1) Everyone in the world understands what the Internet offers.

    2) That those who would target the Internet don't see it as a symbol of Western power / pride.

    3) Everyone WANTS people to have access to a worldwide medium that gives them free access to thoughts and ideas not dictated by their regional government / society.

  15. Re:bring back the pr0n! by Jurily · · Score: 3, Insightful

    So, what's the difference between an attacker looking for fun and an attacker with a political agenda?

    Cyberterror is not a credible threat because we're already up to our necks with spammers, script kiddies, whatever. Whether or not they have reasons to do it other than "I want your money", we don't know and we don't care.