CRIME An article from CBS.MarketWatch.com

LAKE BUENA VISTA, Fla. (CBS.MW) -- All it would take for terrorists to cause billions in damage to world financial markets is some technical knowledge and a few million dollars to open a rural U.S. bank, tech analysts said this week.

Internet, phone and power service in the United States is all but indestructible, according to researchers who helped stage a simulated computer systems attack last month. A mock team with five years to plan and $200 million couldn't create widespread systems failures -- only localized damage.

Total chaos in the financial world with the help of computers, however, is far cheaper and technically simpler, said Richard Hunter, a vice president with Gartner Research, who helped the U.S. Naval War College plan a staged cyberattack on the Federal Reserve.

"Any damage sum you could come up with could be feasible," Hunter said. "It's possible to do at least some damage to millions of individuals and businesses. In our conversations with financial services companies, the scenario is entirely plausible."

A spokesman for the Federal Reserve had no immediate comment Wednesday, following comments Hunter made the previous day at an annual Gartner symposium in Lake Buena Vista, Fla.

The revelation might have the Bush Administration and its newly appointed security czar, Richard Clark, rethinking plans to plug what appears to be significant gaps in the nation's computer security defenses with a tech industry coalition and help from consumers.

"If we are really facing threats of that level, and we may be, then pinning the security responsibility on the individual is asking for trouble," Hunter said.

About 40 researchers were able to cause massive damage to consumer confidence, U.S. bonds, and most importantly, to the U.S. dollar, in the mock war. The team focused its attack on the Fed by sending millions of fake bond and retail transactions through the U.S. banking industry's electronic clearing system.

Damage ranged from ruined retailers and suicidal bond traders to personal checking balances being distorted by a few hundred dollars.

To avoid detection, the team sent all of the false transactions on one of the heaviest traffic periods for the U.S. financial system -- the day after Thanksgiving, 2002. Not only is it the biggest shopping day of the year, but it's also the last day of November -- a payday for millions of American workers, and the day that Social Security checks are mailed.

The faux attackers said they could easily send falsified electronic transactions between banks and consumers, banks and other banks, as well as banks and the Fed. In the mock battle, the fake transactions were not discovered until millions of them cleared, since they were able to make them in the names of real traders.

"The ultimate objective was to make the bond market and the U.S. dollar unstable," said Anne Marie Earley, a Gartner researcher who also helped plan the phony attack.

Earley said the mock attack proved the team would be able to wipe out backup storage systems at major banks, making phony transactions indistinguishable from real ones.

She added that such an attack would make it all but impossible for companies to know their cash positions. Banks hooked to the Fed wouldn't know the value of their bond holdings. Consumers would receive inaccurate credit card statements.

The attacks would more than likely send the world economy into a tailspin. Nearly every financial pillar could be jarred -- Treasuries, bonds, currencies, commodities, and stocks. A run on U.S. banks would also be a possibility.

"If we were able to do what we wanted to do, destroy the backup systems, the financial harm could linger for quite a while, Hunter said. "By that time, the attackers shut down the bank, and the damage would be done."

To be sure, the attack scenario didn't make assumptions that a coordinated security effort would be available to fight against an attack on the world's largest financial market.

But that may have been the right call. Gartner analysts say that despite the Bush Administration's appointment of a national cybersecurity czar, no reasonable defenses against such an attack currently exist.