cyber-"terrorism"?

Owen Lewis Owen Lewis" <oml at sysrx.uk.com
Wed, 18 Sep 2002 15:13:37 +0100 

----- Original Message -----
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: 18 September 2002 13:45
Subject: Re: cyber-"terrorism"?


>
> > what i'm wondering is - is it *really* possible to make a concerted
> > cyber-terrorist attack via the internet? or is this just rhetoric -
>
> There is a lot of rhetoric. For example, at last week's conference on
> economic crime, NCIS director John Abbott told an audience made up
> largely of cops and prosecutors that organised crime made up 8% of the
> UK economy. The following day, at a session discussing IT, a more
> junior NCIS chap said 13%. They were equating the whole of the black
> economy with organised crime.

Does that compute? Organised crime and the black economy have substantial
differences, principally in that organises crime often conducts itself
within the trappings of legitimate business. The black economy, principally
engages those who are not VAT registered, normally because their activities
are small enough as not to quarrel noticably with the threshold for VAT
registration. Else in addition to not declaring any income for tax. Still,
all depends on one's definitions, I suppose. As said before, jargon is
almost always sloppy in its application.

> Other talks claimed that organised crime
> and terrorism are inextricably linked.

There is a clear linkage, though it is sometimes indirect. Drug trafficking
has clear and indisputable links to terrorism. In Burma, in Colombia, in
Afghanistan, in Turkey, in the Balkans, in Ireland, in Morocco  and
elsewhere besides. Drug trafficking is also almost certainly the largest
organised criminal activity. For those parts of organised crime than do not
trade in drugs (money laundering fronts etc) they are most often associated
with drug trafficking to a greater of lesser extent.

> So next time you pay the
> plumber 50 quid in cash you're either a Mafiosi or a terr. If you
> avoid VAT by buying from an Isle of Man website you're a cyberterr.

I thought Peter Sommer put it rather well. Large scale electronic theft or
selective DoS attacks may well serve the cause of terrorist organisations.
In my view, it can do so  in any or all of following ways:

        -    Propagandist publicity.

        -    Income.

        -    To trigger an economic disaster of modest scale.

        -    To trigger loss of life or the destruction of property.

> Some governments have a more realistic view internally. When Bush
> moved Dick Clark from being the terrorism czar to being the
> cyber-terrorism czar, he went from being someone who could order
> submarines and satellites around to someone with nine staff.

One wonders what he may have done to earn such a promotion :-)

> And the
> view among Whitehall cynics is that cyberterrorism, like information
> warfare before it, is `just a remarketing by the agencies of the stuff
> they've been doing for sixty years anyway'

I wouldn't argue that point with you but, surely, the vulnerability of
civilian life - as well as military life - to electronic disruption
continues to increase? This is a relatively new phenomenon (30 years?),
ushered in by a ubiquitous employment of semi-conductors  and ever
increasing reliance on electronic communication.  I doubt if you could find
many in 'Whitehall', who can tell an Ohm from and Amp (not all can, by the
way), and who would disagree with this. If you do and care to let me have
contact details, I'll do what I can to arrange for their further education
:-)

None of this of course disagrees with your underlying point that most
chatter about information security is no more than self-serving and/or
column-filling alarmism. Anyone remember Y2K and the army of pundit Jonahs,
acres of publicity, endless circulars and idiot questionnaires *that*
produced?

Owen