Thursday, June 28, 2007

Why The Internet is Not a Terrorist Target

I could write an entire post about the ironies involved in casting Justin Long, the guy who plays the Apple Mac guy on TV, as a computer hacker in the new Bruce Willis movie "Live Free or Die Hard." But I'm more interested in the plot line and its focus on cyberterror.

Cyberterror is a scary word.

Just saying the word "cyberterror" evokes images of uncontrolled warfare, destructive new technologies, and images of frightened, disenfranchised humans streaming from darkened cities, torchlights held high, children and teddy bears in tow.

The reality is, apart from the *possible* exception of the recent mass-shutdown of computer networks in Estonia, cyberterror hasn't yet arrived at any of our doorsteps. I think there is one very good reason why: terrorists, like us, *like* the Internet.

Back in 2003, IDC predicted that "a major cyberterrorism event will disrupt the economy and bring the Internet to its knees for a day or two" and went on to predict that the war with Iraq would "galvanize hackers" who would most likely use a combination of "denial-of-service attack, a network intrusion or even a physical attack on key network assets."

Q. Why didn't the terrorists attack?

A. Because the Internet is their infrastructure too.

The Internet not only enables free and anonymous communication, but also enables the global transfer of assets and funds, encrypted instant messaging (and instructions), instant creation of false identities, hard-to-police crimes, and the marketing of fundamentalist recruitment videos and propaganda to Internet users far removed from the source of such messaging.

Shutting down the infrastructure of the Internet, even if such a thing were possible, would harm terrorist agendas far more than it would help them. The two largest prolonged attacks on the Internet's root servers - in October 2002 and February 2007 - were both unsuccessful, and during the second attack, the attackers, who used "hundreds" of zombie computers pushing as much as 1Gbs worth of requests at the servers, were thwarted by an implementation of Anycast load-balancing technology.

Just "hundreds" of zombies? Five years between major attacks? Two servers affected out of thirteen after 12 hours? The Internet would not appear to be under serious threat, at least from the statistical point of view.

Various government organizations, including the DoD, appear to be of similar mind - or if not, at least understaffed relative to any perceived threat. The US Joint Task Force-Global Network Operations (JTF-GNO) has just 255 personnel directly employed and monitoring potential threats to GNO assets (which includes GIG or Global Information Grid assets only, not private or non-GIG public assets).

As for other public assets, private companies, and families and their service providers, the IT staff and police charged with protecting these entities are increasingly focusing their efforts on preventing the growing number of targeted attacks by criminals, rather than the "firesale" attack that formed the backbone of this movie.

That's really the reality of cyberterrorism today - cyberterror isn't about scaring the hell out of whole nations or towns, it's about scaring the money out of rich people.

My guess is once "Live Free or Die Hard" has run its course, a next generation of action films will start to reflect the kind of threats we're *really* seeing: highly-targeted, small-batch pieces of malware designed by well-funded criminals to make life really bad for a very small group of infrastructure users.

Note: Justin Long was very good in the film. The guy is the king of sotto voce. He has a long career ahead of him - and not just as a computer geek.

No comments: