NZ Takes Cyberterrorism Threats Seriously

Jay Garden, the man charged with protecting New Zealand’s critical infrastructure says a cyberterrorism threat by an al-Qaeda associate last week is just the latest in a series since September 11 last year.

Sheikh Omar Bakri Muhammad, founder of the London-based group Jama'at Al-Muhajirun, told Computerworld US that the Internet would be used to launch attacks against the west.

"In a matter of time you will see attacks on the stockmarket," Bakri is quoted as saying, referring specifically to the markets in New York, London and Tokyo.

Garden, head of the Wellington-based Center for Critical Infrastructure Protection (CCIP), says the government takes such threats seriously.

"This kind of threat was one of the drivers for establishment of the (CCIP). Various rumors of the al-Qaeda group or supporters planning attacks through this medium have appeared since the September 11, 2001 attacks. The CCIP is assessing the level of risk from them on an ongoing basis."

Computerworld US , however, suggests this is the first time such a threat has been made so publicly, by a person allegedly so well connected with Osama bin Laden's movement and allied terrorist organisations.

It quotes a former chief of counterterrorism at the CIA, Vince Cannistraro, calling Bakri a "fire breather" with no special insight into al-Qaeda operations or plans. But he too says the cyberterrorism threat is real.

A strategist at Auckland-based security specialist Esphion, Kevin Black, says terrorist activity via the Internet is more of a fear than it was in the past. A few years ago, terrorist movements like the Tamil Tigers used to spread their message and signal their hacking capability merely by defacing Web sites. Now there is evidence that movements, including al-Qaeda, are spreading underground messages among their cells by hiding data on innocent sites.

"At this moment, the activity is mainly information distribution," Black says. But the threat to disrupt the Internet, or to disrupt essential services through the Internet, is a serious one. There are quite simple utilities, downloadable from hacker sites, which could be used for such disabling strikes on essential services, such as the electricity distribution or telecommunications networks. Disabling the emergency telephone network in conjunction with a physical terrorist attack is a possibility that U.S. security agencies are taking seriously.

Denial of service attacks, against which Esphion deploys its NetDeflect product, will most likely form a key element of such campaigns, Black says.

One defence is to have detection and screening built into the upstream network by carriers, he says. "Until now, carriers have seen it as their responsibility simply to transmit data." They should be giving more attention to transmitting clean data, spotting and eliminating attacks, rather than relying on the user to take measures when it hits your "front door", he says. "Because by then, it's usually too late."

Attacks can in many cases be prevented, but it is much harder to detect the source, Black says. Wireless Internet is making that task even more difficult. "You may have your own IP number (by which you can be identified) but you're handed another IP number when you link to the wireless network and a different one every time you change to another cell."

Other IP spoofing tools exist for stationary networks, "so if (the offender) has more than half a brain, they probably can't be traced."

Few people come forward and claim responsibility for cyber attacks, and those that do only do it a long time after the attack, Black says. In the present environment, those who do own up often claim al-Qaeda affiliations, "and probably no more than about 5 percent of those claims are genuine."

Copyright © 2002 IDG Communications, Inc.

The 10 most powerful cybersecurity companies