[ISN] Army expects 'suicide hacker' attacks

From: InfoSec News (alerts@private)
Date: Fri Sep 29 2006 - 00:44:38 PDT


http://www.zdnet.com.au/news/security/soa/Army_expects_suicide_hacker_attacks/0,130061744,339271362,00.htm

By Munir Kotadia
ZDNet Australia
28 September 2006

Australia is preparing for cyber-terrorism attacks from "suicide 
hackers", who will aim to bring down critical infrastructure for a 
"cause" and not worry about facing 30 years in jail for their actions.

So far there have been no major acts of cyber-terrorism -- where hackers 
take down parts of the critical infrastructure by breaking into power, 
water, transport or even air traffic control systems -- but the subject 
has been discussed a great deal.

On Tuesday, Colonel Paul Straughair, the director of network centric 
warfare at the Australian Army and part of the Australian Department of 
Defence, said he saw "no logical reason" why suicide hackers would not 
strike in the future.

"We see suicide bombers that are prepared to die for their cause. I 
don't think it is too far before we start to see people who are quite 
prepared to conduct cyber-terrorism.

"While the risk will be high that they will be caught, they will accept 
that as a fact of life for 'the cause' and be prepared to go to prison 
for 30 years because they stopped a banking system working or a power 
grid taken down or took down the air traffic control system of a country 
for a period of time," Straughair told ZDNet Australia.

The suicide hacker scenario was possible but unlikely, according to Jo 
Stewart-Rattray, director of information security at Vectra, who said 
she found it hard to believe that someone would be willing to spend 30 
years in prison for "a cause".

"We know hackers are getting bolder and bolder and it is possible that 
someone would do that but it sounds like an unlikely scenario," she 
said.

According to Stewart-Rattray, there was now a heightened awareness of 
cyber-terrorism, which would make it harder to cause chaos than it would 
have done a few years ago.

"When I was working in critical infrastructure -- even after 9/11 -- I 
would hear engineers say 'but it is only engineering data, who would 
care'. I think that attitude has greatly changed," Stewart-Rattray told 
ZDNet Australia.

However, she admitted that if a hacker was determined and patient enough 
and really didn't care about getting caught, it would be possible to 
"create havoc".

"It would have to be a really planned attack and it may well be about 
infiltrating the system where somebody would actually be in there as a 
'trusted' member of staff.

"If they didn't care about getting caught and they didn't care about how 
long it took them then that would surely be the way to create havoc," 
added Stewart-Rattray.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Fri Sep 29 2006 - 00:48:53 PDT