I am not an unduly pessimistic person, but I am getting worried of late by all the hacker attacks on Internet sites. To date these have been largely irritants, but there seems to a growing malice behind many attacks.
The commonest form of attack appears to be inserting viruses which corrupt computer systems, sometimes with rather nasty impact on commercial companies. There appears to be little direct attack aimed at domestic users, which adds to my worry because it indicates that commercial businesses are the target, and that I fear means that there is little fun intended and thus the attacks will get more malicious.
The Internet has presented a huge opportunity to the hackers, particularly but not exclusively targeting the soft option of the Windows operating system as a server. But computer fraud is not new, it has been going on for years. One big difference now though is the publicity that surrounds an Internet attack, whereas most older fraud cases were hushed up. A point to note is that fraud was normally perpetrated by employees of the company, and not by unknown individuals from the world at large. This is not going to change and corporations must be on the look out for both internal and external computer vandalism.
While fraudulent transactions are obviously a direct form of theft, the simpler disruptive viruses are also a major indirect cost to companies. The time spent downloading and implementing patches in software, together with the disruption of normal work, including the impact on customer satisfaction, amounts to a considerable cost. Most companies spend a lot of money on trying to make their systems more secure, but it is proving an ongoing task.
Today the obvious targets for vandalism are commercial systems, but they are not the only computer systems accessible via the Web. Because of maintenance and remote control requirements there are a large number of process and other industrial systems connected to the Internet. Attacking these would be of no interest to a hacker, but they are a very attractive target for vandalism. Some of this may be direct maliciousness, but far more worrying is the threat of terrorism. Industrial systems tend to be built on more robust software then the average office system in the same way that mainframe computers are used for business critical applications. But these may be attached to the same networks as the office systems and so they can be reached. Obviously it takes a lot more skill to break into these more robust systems, but the high funding needed will be well within the means of terrorists.
It is not just the Internet, because given enough incentive (and funds), private networks can be hacked, it is simply a matter of scale and skill, and in this case inside knowledge is invaluable. There have been quite a few breaches of networks already reported, the White House systems being a case in point, but the US Department of Defence admitted to 250,000 intrusion attempts a year. These are the ones they detect, I wonder how many go undetected? Not many I suspect, but it doesn’t take many to cause chaos.
The potential for Cyber-terrorism is frightening. It might be possible to take control of a nuclear reactor or an electrical power grid. Nations could be held to ransom, a far greater scale of problem than the financial emphasis of fraud today. In the future terrorists could give up bombs and turn to much bigger scale disasters, initiated through control of critical computer systems.
The most worrying aspect of this is the global nature of the opportunity. Because of the emphasis on education and the low wages, there has been an explosion of technical talent in third world countries; a lot of computer programming is nowadays contracted offshore. The most obvious example of this is the Code Red virus, which has caused havoc with servers using Windows IIS. It is assumed that this virus emanated in China, and is clearly aimed at disrupting American businesses. But this is a global world and in the end anyone using the targeted software is in the firing line.
The USA has so far avoided most of the terrorist attacks which are getting more common in the world today (this column was written before the WTC and Pentagon attacks – red), but they are equally, if not more vulnerable to computer terrorism in the future. It is quite a grim scenario which we will ignore at our peril.
