(Updated) Cyber Terrorism, Real and Serious or Overblown?
Call it coincidence, call it a sign of things to come, but as I was writing this post on cyberattacks, the website of Chase Bank was experiencing a denial-of-service attack and was inaccessible. The initial service interruption to Chase.com lasted about 90 minutes, from about 5 to 6:30 p.m. ET.
Chase confirmed that the outage was due to a denial-of-service attack, in which attackers bombard websites with an overwhelming amount of traffic, overloading their servers and causing sluggish performance or a complete loss of service.
The hacking group taking responsibility, which calls itself al-Qassam Cyber Fighters, announced its intentions to hack a number of banks in this manner several months ago, and has targeted Bank of America, Citibank, Capitol One, and others. The group cites what it sees as U.S. refusal to remove a YouTube video grossly offensive to those who practice Islam.
The video in question is “Innocence of Muslims,” a film trailer depicting the prophet Muhammad as, among other things, a murderer and pedophile. Muslim states such as Egypt and Yemen have called for the video to be removed, but Google-owned YouTube has said the video is well within its guidelines. Although Hillary Clinton, former Secretary of State, described the video as “disgusting and reprehensible,” she supported the decision, as representative of the U.S.’s commitment to its citizens’ right to free expression.
Al-Qassam Cyber Fighters have pledged to discontinue their attacks if the video is removed, or if the conditions of a complicated formula are met regarding the video’s like and dislike counts.
This was followed by the “UPDATE: Following the publication of this article, Chase.com manifested continued outages, appearing more often for some than others. As of this writing, the site is not loading at all, and while the site was up, banking services were not yet restored.”
The United States recognized the threat of “cyberattacks,” many years ago and our military and intelligence agencies took the threat very seriously.
The Pentagon considered the threat so serious and imminent that, three years ago, it established a separate Command to deal with this threat, The United States Cyber Command (USCYBERCOM).
The mission of USCYBERCOM is to defend DOD information networks and, “when directed,” to conduct full-spectrum military cyberspace operations “to ensure U.S. and allied freedom of action in cyberspace, while denying the same to our adversaries.”
We now talk about a “cyber domain” — i.e. a military domain similar to the air, land, sea or space domains where the military already operates in — as a new domain of warfare.
We also talk about cyber warfare, cyber terrorism, a “cyber 9/11” and even “cyber Pearl Harbor.”
A lot has been said and written on “cyber terrorism.”
Peter W. Singer at the Brookings Institute mentions that roughly 31,000 magazine and journal articles have been written thus far on this subject.
But he also tells us, “But so far, what terrorists have accomplished in the cyber realm doesn’t match our fears, their dreams or even what they have managed through traditional means.”
He adds, “Zero. That is the number of people that who been hurt or killed by cyber terrorism at the time this went to press.” (November 2012).
I have no idea if or how many people have been killed or hurt by cyber terrorism to-date.
But just today, the nation’s top intelligence official warned Congress that a cyberattack could cripple America’s infrastructure and economy and suggested that such attacks pose the most dangerous immediate threat to the United States, more pressing than an attack by global terrorist networks.
James R. Clapper Jr. continued in prepared testimony to the Senate Intelligence Committee that American spy agencies saw only a “remote chance” in the next two years of a major cyberattack — “what he defined as an operation that ‘would result in long-term, wide-scale disruption of services, such as a regional power outage,’” according to the New York Times.
It is the first time that the CIA has put cyberattacks at the top of their annual presentation to Congress in the order of threats facing our country, says the Times.
Clapper also said in his prepared presentation that “In some cases, the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.”
He also said that although it was “unlikely that Russia and China would launch ‘devastating’ cyberattacks against the United States in the next two years, foreign spy services had already hacked the computer networks of government agencies, businesses and private companies” and cited two specific examples. One against the Saudi oil company Aramco and last year’s cyberattacks on American banks and stock exchanges, believed by American intelligence officials to have been the work of Iran.
But back to USCYBERCOM.
The USCYBEROM commander, Army Gen. Keith B. Alexander, told the Senate Armed Services Committee today that the cyber threat is growing.
“Cyber effects are growing. We’ve seen attacks on Wall Street — 140 over the last six months — grow significantly. In August, we saw a destructive attack on Saudi Aramco, where data on over 30,000 systems was destroyed,” the general said.
In industry, the antivirus community of companies believes attacks will increase this year, Alexander said, “and there’s a lot we need to do to prepare for this.”
Although, the U.S. government has made significant strides in defining cyber doctrine, organizing cyber capabilities and building cyber capacity, Alexander told the panel, “We must do much more to sustain our momentum in an environment where adversary capabilities continue to evolve as fast as or faster than our own.”
Many other experts are very concerned indeed about the real potential for and dire consequences of cyberattacks on our military assets, on critical infrastructure — including water, electricity and gas — and on our government, financial, industrial and business institutions.
However, Singer at the Brookings Institute believes that:
In many ways, cyber terrorism is like the Discovery Channel’s “Shark Week,” when we obsess about shark attacks despite the fact that you are roughly 15,000 times more likely to be hurt or killed in an accident involving a toilet. But by looking at how terror groups actually use the Internet, rather than fixating on nightmare scenarios, we can properly prioritize and focus our efforts.
Also, that we “often mix up our fears with the actual state of affairs” and that what is needed to pull off a cyber attack that causes meaningful violence, goes well beyond finding top cyber experts:
Taking down hydroelectric generators, or designing malware like Stuxnet that causes nuclear centrifuges to spin out of sequence doesn’t just require the skills and means to get into a computer system. It’s also knowing what to do once you are in. To cause true damage requires an understanding of the devices themselves and how they run, the engineering and physics behind the target.
Singer admits that terrorists are interested in using the technology of cyberspace to carry out acts of violence but that while cyber terrorism, “particularly attacks on critical infrastructure,” is of concern:
We can look at the digital world with only fear or we can recognize that every new technology brings promise and peril…When it comes to cyber terrorism versus the terrorist use of cyberspace, we must balance chasing the chimeras of our fevered imaginations with watching the information flows where the real action is taking place.
Read Singer’s entire fascinating piece here, and decide for yourself if DoD/Intelligence Agencies are crying wolf.
Image: Seal of USCYBERCOM:
The eagle, our national symbol, is revered for the keen eyesight that allows it to pierce the darkness and remain vigilant to protect us. The two swords on the shield represent the dual nature of the command to defend the nation and if necessary engage our enemies in cyber domain. The lightning bolt symbolizes the speed of operations in the cyber domain. The key illustrates the command’s role to secure our nation’s cyber domain while also unlocking the secrets of those who seek to do us harm.