Does cyber-terrorism exist?

Global security experts gathered in Malaysia last month to help ramp up the world’s defenses against cyber-terrorism

Dubbed by organisers as ‘the largest ministerial-level gathering ever organised about cyber-terrorism’, the World Cyber Security Summit (WCSS), was recenlty held in Malaysia. Hosted by the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), government representatives from all over the globe including Australia joined private sector and prominent security experts. The summit was chaired by Malaysian Prime Minister Dato’ Seri Abdullah Ahmad Badawi with international speakers such as Professor Howard Schmidt, former White House security advisor and former chief security officer at Microsoft and eBay.

They were joined by a multitude of security experts including Mikko Hypponen, chief research officer at F-Secure; Dr Paul Twomey, president and chief executive officer of ICANN; Dr Vinton G. Cerf, ‘Father of the Internet’ and chief Internet evangelist at Google and Eugene Kaspersky, founder and chief executive officer of Kaspersky Lab.

Australia was well-represented with officials from the Attorney-General’s office and other government bodies attending the three-day summit.

According to IMPACT, the goal was to chart the future course for IMPACT as a global multilateral platform using ministerial roundtables, plenary sessions and information-sharing sessions about the latest cyber-security threats, trends and issues, such as, ‘Global Denial of Service’.

According to Kaspersky, IMPACT is a unique initiative, aimed primarily at consolidating efforts against cyber-terrorism.

“Like all forms of terrorism, cyber-terrorism does not recognise borders or laws, the threat of cyber-terrorism is real,” said Kaspersky.

Cyberwarfare has emerged as a genuine tool of attack against governments, critical infrastructure and corporations. Most recently, Chinese hackers were accused of attacking CNN’s website following its broadcasts of Tibetan protests earlier this year.

The Estonian government accused Russia of launching a cyber-war back in April 2007 after a number of its websites crashed. The Russian government denied any involvement.

The incident forced NATO, the North Atlantic Treaty Organization, to think about the consequences of cyber-terrorism this year, announcing its intentions to build a dedicated cyber-warfare centre in Estonia.

It has also been claimed that governments have recruited hacker armies, for example, North Korea has a legion of hackers, according to Ken Low, security marketing director at security vendor, TippingPoint.

Dmitri Alperovitch, director, intelligence analysis at Secure Computing Corporation, addressed a room of delegates at the RSA Conference in San Francisco in April and confirmed that cybercrime is financing criminal activity including terrorism and people are dying.

“There are clear cases to date of cybercriminal activity resulting in deaths of people,” he said. “This is not just bits and viruses; this is not just someone stealing a Word document; there’s a lot of talk about ties to terrorism and organised crime,”
said Alperovitch.

Nationally, a new TippingPoint report, Cyber Hack Update 2008 found that cyberattacks targeted at Australian Government websites are increasing. Despite the report’s failure to determine the culprits and their motives, it does confirm the existence of a local threat.

The report found that attacks on Western Australian Government websites increased by 121 percent from 2007 to 2008. Attacks on South Australian Government websites increased by 29 percent and the Queensland Government had a 13 percent increase, year on year.

“Australia is a high profile country despite its population,” said TippingPoint’s Ken Low. “Its news attracts the attention of the world and [having] Asia as its nearest neighbour makes it certainly attractive.”

So far, the Rudd Government looks keen on participating in initiatives such as IMPACT. It recently joined forces with its international allies and private industry to test Australia’s response to a cyber-terror attack in the Cyber Storm II initiative.

It involved simulated cyber and physical attacks targeting critical infrastructure, including the water, energy, IT, communications, banking and finance industries.

“Governments that take national security seriously can’t turn a blind eye to the threat of cyber-terrorism,” Attorney-General Robert McClelland said.

The need for a multilateral organisation is here and the sheer interest and highly specialised list of delegates keen to be involved proved that point.

However, more needs to be done according to Kaspersky, who believes in the very near future, the scale of cybercriminal activities will exceed all limits. He suggests an international organisation that will act in a way similar to Interpol is necessary. “I call it the ‘Internet-Interpoll.”

The first IMPACT summit was a very promising step in the fight against cybercrime on a global scale, and was a success, according to Kaspersky.

“The decisions made will play an extremely positive role in the future fight against cybercrime,” he said.