According to an FBI official, terrorists are presently attempting to harness the abilities of the Internet to conduct cyber attacks.
During a statement before the Senate Judiciary Committee, Subcommittee on Terrorism and Homeland Security, the FBI’s Deputy Assistant Director of the Cyber Division Steven Chabinsky claimed the FBI is tracking terrorists who are looking into cyber capabilities.
Chabinsky did say there has not been any evidence of high-end sophistication in cyberspace of individuals associated with al Qaeda. However, the FBI has investigated and tracked a number of individuals with ties to al Qaeda or sympathies to the terrorist group who have looked to gain cyber skills. These individuals have highlighted the vulnerability of the U.S. cyber infrastructure, are seeking capabilities outside of their normal communities and have sought to increase their computer hacking skills.
Additionally, Chabinksy highlighted that terrorists only need a short span of time to cause damage to a network and that the problem needs to be confronted by cooperation across agencies rather than by one specific agency.
The testimony does raise some interesting questions regarding the threat from terrorists attacking through cyberspace. Most experts, including Dr. Jim Lewis of CSIS, agree terrorists presently do not have the capacity to conduct cyber attacks. However, on servers hosted in nations such as Russia, cyber attack tools are relatively available, easy to use and quite cheap. The tools require little training and can be used to conduct distributed denial of service attacks. There is some question if terrorists would bother with a DDoS attack, largely because it does not necessarily cause the damage and visibility terrorists strive for.
If the typical avenues of cyber attack are not considered worthwhile by terrorist groups (since arguably, they do have access to certain attack tools that are available on the Internet), what type of attack would a terrorist want to use? In a recent segment on 60 Minutes, Mike McConnell, former DNI and presently at Booz Allen, said, “what happens when the attacker is not attempting to steal money but to destroy the process that accounts for money.”
Such an attack would harm the foundations and trust in the monetary system, causing significant panic and economic issues. Also, the ability to wipe out data of any sort could severely restrict faith in the system that is targeted. This would allow terrorists to spread panic without having to actually kill anyone.
But would this be enough? Lewis recently spoke at an event on international cybersecurity challenges and pointed out that a significant “bank robbery,” carried out in cyberspace, netted $16 million. However, the event didn’t even make it into most newspapers. If terrorists also strive for visibility for their actions, then perhaps cyber attack is not the avenue that they will employ.