To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://comment.silicon.com/0,39024711,11036540,00.htm

Devil's Advocate: Bedroom terrorism
"The questions ask things like whether you are entering the US for the purpose of spying. Does anyone ever answer yes? If they do, what happens then?"

By editorial@silicon.com

Published: Tuesday 26 November 2002

Will the internet breed a generation of terrorists who can cause havoc far from their targets? Martin Brampton has been wondering...

Last week I doubted whether any amount of communications technology could stop people travelling. But what happens when people do stop at home and take advantage of the global network? One activity that captures the imagination seems to be hacking into computer systems. Financial websites look the better target if hacking is for gain, whereas military sites seem popular among those simply looking for a challenge.

I'm puzzled about the military hacks. Only last week Gary McKinnon was accused of causing nearly a million dollars worth of damage to US systems, including attacks on the US Navy, the US Air Force and the Pentagon. Now if an unemployed systems administrator can do that much damage, what could be done by a determined bunch of terrorists? Is it that the terrorists have refrained from such activities, or are things happening that we are not told about?

When a whole team of people enrolled at flying schools, showing particular interest in learning to control jumbo jets but apparently uninterested in take off or landing, only slight suspicions were raised. It must be far easier to enrol on a few systems administrator courses to learn about computers and networks. The training companies are always advertising for new candidates and with the relatively depressed state of the computer market, they will be reluctant to turn away business.

You could ask the candidates on the enrolment form whether they intend to use their training for illicit purposes but could you rely on terrorists answering the question honestly? Commenting on the McKinnon case, someone suggested corporations hiring contractors should check very carefully on their backgrounds. After all, they could ask every contractor recruit whether they spent their spare time hacking into US military computer systems. Would the answers be reliable?

It is rather like the visa waiver form you are asked to complete if you travel to the US. I have always wondered about the purpose of the questions, which ask things like whether you are entering the US for the purpose of spying. Does anyone ever answer yes? If they do, what happens then?

Is the damage done by hackers grossly exaggerated? Some cynics suggest the anti-virus software companies write most of the viruses, although no such claim has ever been substantiated. It is well known that insurance companies like a good storm. Although they have to pay out on claims, the publicity generates a great deal of new premium income as people worry about their cover.

Another puzzling aspect is that it appears to be quite easy to penetrate a variety of military installations. There is no indication that Gary McKinnon needed particularly unusual skills to allegedly cause substantial damage to a variety of defence systems. Nor is there any sign that he was part of any larger conspiracy. One has to assume that the US wants to extradite him in order to demonstrate that it is taking a hard line against hackers.

Yet surely global terrorists would adopt some elementary precautions against being caught. This does seem to be an area where the argument that better communications cut down travel might succeed. Global terrorists might be expected to seek out locations that have good internet connections and poor extradition treaties with their enemies. The UK would not be the obvious choice. And once they had found a good location, they might well take advantage of the opportunity to mostly stay at home.

Maybe we should conclude there is a fierce battle going on between terrorist hackers and the military. Perhaps it is all being kept secret from us, with only the cases of isolated individuals ever coming to public attention, as the authorities try to demonstrate that they are in control. Or am I getting paranoid?

** Martin Brampton is a director and founder of Black Sheep Research (www.black-sheep-research.co.uk ), an independent consultancy providing research, writing and speaking services on a wide range of business and technology subjects. Martin was previously a director at Bloor Research, and has worked with IT as a user and analyst for over 20 years. He has been a frequent contributor to silicon.com's Behind the Headlines TV programme and can be contacted at silicon@black-sheep-research.co.uk .