cyber-"terrorism"?

[Pete Chown]

Peter Sommer wrote:

> a concerted attack on the world financial infrastructure would have 
> a high probability of failure ...

I agree, and I'm pleased someone is calming down the irrational hysteria.

At the same time, I wonder if there might be a way to conduct a damaging 
attack.  Instead of focusing on something like the financial sector, you 
aim generally at all the insecure Internet-connected computers that are 
out there.

It's analogous to an electromagnetic pulse weapon.  Because EMP is a 
risk, military systems incorporate shielding.  So, after an EMP attack, 
you have a military, but nothing else...  Similarly, after an Internet 
attack, the most security-sensitive machines are still there, but the 
others have gone.

To tie the two threads together, what would have happened if Nimda had 
erased people's BIOS chips?  I have it on good authority that several 
large companies were out of action for a few days while they got Nimda 
flushed out of their internal networks.  If all the machines had 
required physical repair, the delay would have been much longer, and 
enormously expensive.  This would be especially so because everyone 
would have been trying to get their machines fixed at the same time, 
overwhelming the repair facilities.

(I'm in a bit of a dilemma whether to post this, for fear of creating a 
self-fulfilling prophesy, or giving ideas to the kiddies who write 
things like Nimda.  I've decided that the balance favours posting.  If 
these things are kept secret the dangers cannot be addressed, and it 
isn't such a profound idea that no one else will ever think of it.)

-- 
Pete