Hackers real threat to America

Cyber terrorists could wreak all sorts of computer havoc

By Roy Bragg, San Antonio Express-News

It could be a 20-state power surge that short-circuits millions of security, communication and safety systems. Railroads could be routed onto the wrong tracks, causing collisions and toxic spills. Gas pipeline safety systems could be altered to cause explosions.

A future terrorist attack might not come from the skies or from tainted mail, but rather over copper wire and fiber-optic cable.

Security experts say a well-financed team of hackers, with enough time and backed by a rogue nation's financial resources, could wage war on America armed only with digital tools.

Cyberterrorism is more than defaced Web sites or computer viruses. Computer-wielding vandals could disrupt vital financial systems and wreak havoc with the nation's infrastructure.

The scenarios aren't far-fetched. Hacking occurs daily. There have been repeated hacks into credit card, banking and company financial systems.

"Quite a lot can be done well if you're doing it well," said Marc Enger, former operations director for the Air Intelligence Agency, the global center for Air Force intelligence. "We are susceptible. As our businesses build, they are building in the most successful means possible, not in the most secure means available."

"I wouldn't put it past the terrorists to have individuals who are trained, as part of their attacks against us, to open floodgates or close power grids or break into banks," said Rick Fleming, a security expert. "There's a great threat that our tech could be used against us."

The threat of cyber terror isn't a matter of punching a few keys on a whim, but instead a concerted effort that relies on old-fashioned techniques, too, according to Fleming and Enger, who work at Digital Defense, a San Antonio-based information security company.

Many security breeches, they say, are accomplished through "social engineering," a hacker term used to describe bribery, coercion, blackmail or simply duping a computer system's operators in order to get details such as passwords or the makeup of computer defenses.

"You'd need social engineering plus a heck of a lot of good intelligence work," Enger said. "You've got to know what you're going after and where to get the information. Find data, find targets, and keep going back to check on it as you're planning your attack."

"This isn't something you do overnight or on the spur of the moment," Enger said.

But armed with the right information, dedicated hackers could take on the United States with a small army of laptops.

The nation's power grids are vulnerable, Enger said, because they rely on computerized equipment, typically scattered over a large geographic area, that is controlled from a centralized computer server or office.

Hackers could break into the server "and reset things," Enger said. "If you can do that, you can definitely do some damage."

Oil and gas pipelines could be tinkered with and their safety systems defeated, Enger said, causing pipeline ruptures, fires, or shortages.

Railroad cars could be stolen by tampering with automatic systems that account for rolling stock, he said. Those railroad cars could then be used to deliver any manner of attacks.

Banking systems could be hacked, Fleming said, with money transfers accomplished without the knowledge of the financial institutions. Any such transaction could be canceled at a later date, but during the interim, the cash flow could destabilize important businesses.

"Could a group of hackers, with the right motivation and right info, get into U.S. banks?" Fleming asked. "Yes. They could."

Rather than attack a specific system, hackers go for the equivalent of a virtual home run, shutting down the Internet, crippling thousands of businesses that rely on e-commerce and electronic communication.

The Internet was envisioned as a decentralized communications system that can't be crippled, but Notre Dame researchers say attacks on a handful of electronic gathering points -- called nodes -- could bring the World Wide Web to its knees.

But while trained hackers could devastate the U.S. economy with dedicated computer work, accused terrorist leader Osama bin Laden and Afghanistan's Taliban regime are almost hack proof.

"There's not a lot we can do there,'' Enger said. "There's like, what, one Internet connection to the outside in the country? There's not much to play with there."

While bin Laden may be safe from cyber attacks, the threat to America is real.

Law enforcement officials are aware of the nation's security holes, Enger said, but can't do much about it.

"It's quite clear that if a bomber were flying to us to blow up Manhattan, it's the job of the Air Force to shoot him down," Enger said. "But if someone tries to take down Wall Street with a well-done hack, that's different."

Because of that, the nation remains vulnerable, he said.

-- Anonymous, October 29, 2001