While Americans tattoo Old Glory on their foreheads and overwhelm the FBI with tips about suspicious-looking Middle Easterners, Internet security experts say many are overlooking the most patriotic task of the time: securing their home computers from cyber-jackers, foreign and domestic. "If people want to be patriotic, don't come to New York and dig through the rubble; go buy an antivirus product today, right now," says Parry Aftab, executive director of CyberAngels, the world's largest nonprofit Internet security group. "Use it, update it and keep the network up. They (cyber terrorists) could shut down our power, communications. If our network came down, we would be in trouble."
Her sentiment echoes from her law office in New York all the way to Florida, where the state's terrorism task force has been working to secure government and commercial computer networks. "People might say, "What does a hacker want with my computer?' But the point is that a hacker can use your computer as a weapon, like a bomb," says Tom Sadaka, special council to the statewide prosecutor's office and a specialist in cyber crimes. "People have a moral obligation right now to not leave the keys in the ignition."
Their warnings might seem alarmist, except that a teenage hacker who created the Melissa virus proved two years ago that vulnerable home computers could be a terrorist's tool. The virus temporarily shut down Web sites of CNN, Yahoo, eBay and Amazon.com and caused $80-million in damages. Then last year, with the help of personal computers, the "Love Bug" virus spread to the Pentagon, NASA and other federal computer systems.
In the interconnected cyber world, home computers can participate in such attacks without the owner's knowledge or intent. "Preying on the lax security of the average home computer user, attackers have found ways to plant malicious programs to give themselves remote control of home computers," Michael Vatis, director of Dartmouth College's Institute for Security Technology Studies, writes in a recent report on the threats of cyber terrorism.
"Distributed Denial of Service" attacks, for instance, employ armies of "zombie" computers taken over by an outside computer to flood the victim with e-mail and shut it down. Although the threats of viruses, worms and hackers existed before the recent terrorist attacks, historically, military conflict escalates cyber terrorism, not just by foreign enemies either, Vatis says. Cyber terrorism by thrill-seeking hackers and sympathizers on both sides of the conflict cause a large portion of the costly destruction.
Vatis cites four cases where cyber terrorism increased following bloody attacks. For instance, last year the Palestinian kidnapping of three Israeli soldiers was followed by pro-Israeli cyber attacks on the Palestine Authority. Pro-Palestinian hackers retaliated by taking down Web sites belonging to the Israeli Parliament, the Israeli Defense Forces, the Foreign Ministry, the Bank of Israel, the Tel Aviv Stock Exchange and more.
Already in the United States since the terrorist hijacking on Sept. 11, Web sites have been defaced with pro- and anti-American messages. Sadaka, who follows cyber crime cases for the state, says the Nimba worm is even suspected of being related to the recent terrorism, although it may have been created by an American youth.
That's not to say that Osama bin Laden's Al Qaeda crew isn't computer savvy, or is incapable of cyber terrorism. The CIA reported earlier this year that Al Qaeda member Ramzi Yousef, who was convicted of the World Trade Center bombing and an eerily familiar plot to blow up American jets in the Western Pacific, kept detailed plans of his diabolical deeds in an encrypted file on his laptop computer.
Aftab says that recent terrorist hijackers also showed cyber sophistication. "We know the Internet has been used by this group of terrorists. They were using it to coordinate the attack. We also have reason to believe they were using special encoding messages."
Federal law enforcement feared cyber attacks before the recent terrorist strike. "One person with a computer and an Internet connection anywhere in the world could potentially break into critical systems, shut down an airport's air traffic control system, disrupt emergency services for an entire community, or launch a destructive "denial-of-service' attack," U.S. Attorney General John Ashcroft told a Congressional committee on combating terrorism in May. "We are uniquely vulnerable. More than any other nation, the United States depends on computers and networks."
Cyber threats prompted the creation of the federal National Infrastructure Protection Center in 1998. However, the feds' success has been limited, according to a General Accounting Office report released in July. The GAO criticized NIPC, which works out of the FBI headquarters, for operating in a vacuum, not communicating well with the private sector and other agencies. All this at a time when the U.S. Department of State's report Patterns of Global Terrorism 2000 released in April predicted cyber terrorism to be a growing threat. Since the recent terrorist attacks, government and private efforts have intensified to protect the Internet, which ironically was created by the military to assure communication in times of threats. The Bush administration created a new advisory position on cyber terrorism and announced a plan to spend $10-million to fight attacks on computer systems. "The United States now depends upon a complex, interdependent network of critical infrastructure information systems that are essential to our national and economic security," the White House said in its announcement of the new position. Meanwhile, NIPC is teaming up with private high-tech groups, sending out warnings of the most common vulnerabilities in computer systems.
CyberAngels is distributing national public service announcements pleading for computer hackers to team up and help stop cyber terrorism. State and local governments are working to update their computer security.
Experts warn that owners of home PCs should fortify their computers as well. Having antivirus programs alone may not be enough protection. That program must constantly be upgraded, which in most cases can be accomplished with free downloads. "If you don't update it, you might as well not bother having it," Aftab says. "Make sure it's updated daily."
She also advises running any e-mail attachments through an antivirus scan, even if it's from someone you know. A lot of viruses will attach to addresses in an e-mail address book.
Computer users with cable and DSL service are even more vulnerable because their Internet connection remains constant. That's why Aftab and Sadaka advise downloading free firewall programs. "We can no longer be sloppy," Aftab says. "If we use good security programs, log off our computers when we leave the room and start thinking about things the way the rest of the world does, we're going to be OK."
There are downloadable firewall and antivirus programs on the Internet. Cnet.com lists hundreds, many free with customer ratings and reviews. CyberAngels.org and the NIPC also offer tips on Internet security on their Web sites.
And consider the other advantages: Firewalls won't let criminals steal your credit card and banking information online, and downloading a security program is a lot less painful and costly than a tattoo.
Lynn Waddell is a freelance writer in the Tampa Bay area. She can be reached at WaddellLyn@aol.com.
This article appears in Oct 18-24, 2001.