Originally created 08/13/02

Doubt cast on al Qaeda's cyber skills



Are we in danger of an al Qaeda cyber attack?

Ask government officials that question, and the answer is likely to be yes, sooner rather than later. House terrorism panel chairman Lamar Smith, for instance, recently predicted there is a "50 percent" chance the next al Qaeda attack against America will involve potentially devastating Internet sabotage.

But ask many computer security and intelligence experts, and the answer is decidedly different.

These analysts and consultants contend that scant evidence exists that Osama bin Laden's terrorist network is capable of conducting such an attack or is even much inclined to try. In fact, they say, al Qaeda has so far demonstrated it is a largely low-tech operation that has used the Internet and telecommunications in simple, rudimentary ways.

"Basically, they're just a bunch of Gomers," said John Pike a military and high-tech analyst at Globalsecurity.org, referring to the hayseed Marine in the old "Gomer Pyle" TV show. "I don't think there is any documented evidence of a well-developed interest or capability in this area."

That's not the message emanating from the Bush administration's cyber cops or many on Capitol Hill, who speak darkly of an electronic "Pearl Harbor" awaiting America around the corner.

In that scenario, al Qaeda terrorists would use computer networks to sabotage the nation's financial, transportation, communications or other such infrastructures, either in an electronic assault alone or in concert with a bomb or other act of physical violence.

The digital debacle that would result could shut down Wall Street, banks and the nation's air traffic control system; decimate the electrical power grid; and even cause dams to unleash torrents of water. The damage could amount to billions of dollars and result in general panic, this theory contends.

Al Qaeda computers seized in Afghanistan and cyber sleuthing by U.S. agents showed that users had collected information on dams and "dirty" nuclear bombs, and had explored all sorts of U.S. infrastructure-related sites.

Members of al Qaeda established Web sites they apparently employ to communicate with one another and are believed to have used encryption methods to disguise messages in pornographic sites.

But skeptics of al Qaeda's computer smarts contend that no indication exists that the terrorists were doing anything but run-of-the-mill Internet research, accessing mostly innocuous information openly available online. Their technological knowledge was so limited that it wasn't until last year that they learned cell phone conversations could be intercepted and public Internet terminals in libraries, for instance, could also e-mail.

"It doesn't seem technical skills have been any priority" for al Qaeda, said Jim Melnick, director of threat intelligence for iDefense, a security intelligence services firm.

Of course, al Qaeda could ally with others who do have such capabilities, even using hired guns to do its cyber-dirty work. But, these experts say, the very nature of a cyber attack - which would occur out-of-sight without the horrific visual impact the Sept. 11 airliner crashes brought - wouldn't suit bin Laden's main goal, which is spreading fear.

"The guy wants to kill humans, not hard disks," said Rob Rosenberger of VMyths.com, a Web site dedicated to countering "computer security hysteria." "It is not in al Qaeda's best interest to attack us over the Internet."

Marcus Ranum, a computer security whiz in Baltimore who has watched over networks for the White House, said the nation is right to be concerned about cyber attacks but must keep the threat in perspective.

While in 20 years cyber warfare could pose a substantial danger, for now no one should lose much sleep over it. "There's a potential for headaches. That's about it," Ranum said of the current threat.

Aside from needless worry, an unrealistic assessment of al Qaeda's capability also can result in curtailed civil liberty protections and greater government intrusion, experts say.

"We should not be in a panic. What we have to do is move forward smartly and in an organized way to plug the (security) holes, with government and private industry working together," iDefense's Melnick said.

On the Net:

www.idefense.com

www.vmyths.com