Computer Crime Research Center



Date: September 19, 2004
By: Robert Lenzner and Nathan Vardi

Four years ago al Qaeda operatives were taking flying lessons. Today they are honing a new skill: hacking. How much damage could a cyberterrorist do to an electric grid or the Internet? We don't know yet.

Jason Larsen is a master hacker. He sports the de rigueur black shirt, black slacks, glasses and ponytail. A 31-year-old programmer at the secretive Idaho National Engineering &Environmental Laboratory in Idaho Falls, he obsesses about the ways in which a terrorist intruder might go online and trip circuit breakers on the electrical grid or open valves at chemical storage tanks.

"I could easily turn off the power in a couple dozen cities by the end of the day," says Larsen. He has hacked into the automated control systems at several big utilities; usually it takes him all of a week.

Experts like Larsen make a living by stoking cyberfear in the rest of us. They say that terrorists could shut down chunks of the Internet, the phone system or the electric grid by hacking into computers. We're not spending enough on computer security, they say, and the consequences could be devastating.

These experts have an ax to grind. But they might be right. As the Internet spread like a virus in the 1990s, hundreds of utilities, chemical factories, wastewater plants and the like went online to enable remote monitoring and more instant communications. Yet their antiquated control systems lack protection against digital intrusion, providing an easy target.

The most destructive terrorist act in history began with Islamic radicals going to flight school and ended when they turned airliners into flying bombs. As the third anniversary of Sept. 11 passes, the next threat could be aNet threat:Solid evidence shows that al Qaeda agents and other terrorists are trying to attain the online skills needed to wage cyberwar. Terrorists could use the Internet to disrupt the communications systems of the military's Pacific Command or turn off the lights in Los Angeles or Chicago; they could open the massive floodgates of Arizona's Roosevelt Dam or disable huge parts of the World Wide Web.

Yet in the U.S. and elsewhere no urgent crusade has emerged to fix the flaws. The National Strategy to Secure Cyberspace, signed last year by President Bush, proposes a sweeping overhaul of U.S. networks. In it the White House's former counterterrorism chief, Richard Clarke, urged a wholesale reboot of government computer systems and new security rules for electric utilities and Internet access providers. But few of his proposals have been adopted, Clarke says. "All the regulated industries--the electric utilities, the gas pipelines and oil refineries, the water and transportation systems--are still vulnerable to cyberattack."

Washington lacks any consensus on what to do about the Net threat--or whether it even constitutes a threat. "The idea that hackers are going to bring the nation to its knees is too far-fetched a scenario to be taken seriously," asserts James Lewis, a former State Department and Commerce Department official. He has dismissed cyberterror in reports for the nonpartisan Center for Strategic &International Studies.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2004-10-01 15:54:59 - Mr. James Lewis is an absolute idiot! mmurphy
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo