Cyberterror—Phantom Menace?


We're at double-secret alert-level orange (at least until the polling numbers improve) and President Bush has unleashed Pentagon hackers on the world, but actual experts say cyber attacks on the U.S. would be hard to pull off and of dubious value.

Turns out it is just very difficult to overcome the built-in resilience of the Net which, after all, was intended to survive not just malicious code but throw-weights by the megaton. It might be possible—with a lot of work and luck—to, say, bring down part of an electricity grid for a few hours, not unlike a bad thunderstorm might.

However, that is the kind of thing that only has value in service of some larger objective. Like turning off the force field so you can attack the Death Star. In and of itself, however, a power-sapping stunt has limited utility.

Some Ewoks, however, might throw you a great party.

NEXT: Osama ? Saddam?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Actually, as the SQL Slammer Worm shows, it’s not that hard to build something that will take down the entire Net, especially as there seems to be a coincidence of poor Microsoft security practices and poor security practices of Microsoft admins. Basically the root servers that tell other servers where to go for traffic are surprisingly few and vulnerable. Physical damage, ironically, would be less disruptive.

    But will it be militarily effective? I doubt it. It would be a pretty big annoyance, but the really important stuff isn’t directly on the Net.

    Psychologically effective, as Andrew Lynch points out? Yeah, though right now dot-com bashing is such a sport that it would earn more smug tounge-clucking than anything else.

  2. The “natural” environment of the net, with periodic worm and virus infestations is actually hardening it against cyberterror attack – in fact, how can you tell if it’s from Al-Qaeda or it is from some l33t hax0r dud3s? The net effect is the same (pun intended).

    The Slammer worm, in particular, reinforced the basic security lesson that you should never directly expose a database to the net – access should always be via. some sort of middleware that can validate input and concentrate connections, like a CGI script or a web service portal. This is far better not only for security reasons, but also for performance reasons.

    “Bad MS” (spank), “Bad MS Admin” (spank).

  3. I think Eric is right. Hackers take advantage of laziness and lack of thoroughness. If System Admins would do their jobs, like I do, and apply the 500 MS Security Patches a day, then the Slammer would have been a whimper.

  4. This reminds me of the Y2K bug. Remember when civilization was going to be brought to its knees over a couple of digits? It seems the Bush administration is taking advantage of our susceptibility to being terrorized sans credible threat.

  5. Jeff,

    Your force-field funny made me giggle like a little boy wearing his very first plastic Darth Vader helmet.

    Is it not feasible that well-coordinated cyberattacks on, say, ten electricity grids would have the intended PSYCHOLOGICAL effect, if not the practical one? And, as we now see in the Art of Waging War, by Bush, et. al., isn’t that the more important victory?

    Consider how horrible it would have been if only one plane had collided with the WTC and there were no other crashes. Consider how irrationally MUCH MORE HORRIBLE it is that TWO planes did so, plus two more in D.C. and PA.

    The illusion (or reality) of lean, cunning terror organizations inspires much more dread than a homely shoe-bomber kook striking matches in the airline seat behind you. But the latter is more likely to be the instrument of your death.

    Let’s put it this way, if ten U.S. electricity grids were somehow “downed” for a “few hours” at precisely the same time, I would worry BIG TIME, even if that worry stems from the sort of ignorance the Star Tribune is hoping to dismantle.

    The duct-tape-and-plastic-sheet crowd may be overdoing it, but those of us in the candles-and-flashlight-battery camp could use more information.

    I don’t think there’s yet a term “weapons of insidious destruction,” but isn’t now the time to coin it? WID. You could say that cyberterrorists are so WIDy and everyone would think you were terribly clever, until the lights go out and the toilets stop flushing. ;>

  6. Hey, it’s me! Erwin Tang!

Please to post comments

Comments are closed.