GROW UP

This moral confusion is typical of the younger hacking crowd. But most of the older hackers (30 years old and up) have grown up.

In the mid-1990s, there was more disillusionment as more bleeding-edge hackers ended up going to jail for cracking. That bummed out their whole theme. But now they’ve learned some limits, and they can still operate within them.

That means the older hackers do develop some scruples. For example, the EFF Web site (http://www.eff.org) was a popular target of punk hackers back in the mid-1990s, with hacks and defacements occurring weekly. Now, it’s rarely being hacked. When the site did get hacked, a message was posted about it on 2600’s bulletin board, and the hackers who responded called that hacker a lamer.

The process that turned the hippie of 1968 into the employed investor of 1985 is similarly going on here today. Hopefully, that the hippie-to-yuppie disillusionment that took place historically doesn’t happen to hackers, too.

So, who are the real cyberterrorists? Are they for real?

Will The Real Cyberterrorists Stand-up

The debate over whether the United States faces imminent danger from cyberterrorist attacks took a new turn recently when the National Security Council declared that the term “terrorism” may be too strong a word when describing potential cyberthreats.

Although it would be a tough call to tell the difference between an attack by hackers and one launched by terrorists intent on disrupting national security, the administration’s cyberdefense programs are battling a perception problem that stems from the misuse of the word “terrorism.”

Maybe you shouldn’t be saying “cyberterrorism.” Maybe you should be saying “information warfare.” In the end, you’re going to know it when you see it—the difference between joy-riding hackers and state-sponsored cyberattacks.

Experts agree that, to date, most of the major cybersecurity incidents are best described as nuisance attacks, although many fear that a devastating surprise attack, sometimes referred to as an “electronic Pearl Harbor,” is inevitable. Although the government tries to be proactive, the United States is going to get nailed seriously—sooner rather than later.

By not preparing for the worst-case scenario, the United States may be endangering the public’s civil liberties. A lot of people are going to be willing to throw civil liberties out the window in an effort to recover from an attack that cripples large portions of the nation’s critical infrastructure.

Preparation is crucial, and, in the current legal system, defensive measures are more “workable” than offensive ones. Overall, however, cyberdefense is not well understood and is not talked about sufficiently.

Pretending the threats are not there is not a solution. There are numerous efforts by rogue groups to acquire encryption algorithms and sophisticated tools. One presidential administration after another has lulled the American people into a false sense of security. Anyway, the Internet has become a new form of the “dead drop” (a Cold War-era term for where spies left information) for terrorists. And, bin Laden, the dissident and wanted Saudi businessman who has been indicted for the 1998 bombing of two U.S. embassies in East Africa; the 9-11 attacks in 2001; and, has been named as a possible suspect behind the bombing of the USS Cole destroyer in Yemen, has taken advantage of that Internet “dead drop” zone.

Four alleged bin Laden associates went on trial recently in federal court in New York for the embassy bombings. Officials say bin Laden began using encryption in 1996, but recently increased its use after U.S. officials revealed they were tapping his satellite^[i] phone calls in Afghanistan and tracking his activities.

Thus, bin Laden meets the requirements for the new terrorist profile: He will use whatever tools he can (e-mails, the Internet, etc.) to facilitate jihad against the Israeli occupiers and their supporters, according to Ahmed Yassin, the founder of the militant Muslim group Hamas. Bin Laden (dead or alive) has the best minds working for him.

^[i]John R. Vacca, Satellite Encryption, Academic Press, 1999.