alQaedacyberterrorism

The Boston Globe June 27, 2002

Experts warn of al Qaeda's cyber terror potential

Utilities, dams likely targets

BY BARTON GELLMAN Washington Post Service

WASHINGTON - Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers.

From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.

Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepare in the Defense Department said the bureau found "multiple casings of sites" nationwide.

SYSTEMS STUDIED

Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.

Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of machinery such as pipelines. More information about those devices - and how to program them - turned up on al Qaeda computers seized this year, according to law enforcement and national security officials.

Unsettling signs of al Qaeda's aims and skills in cyber-space have led some government experts to conclude that the terrorists are at the threshold of using the Internet as a direct instrument of bloodshed.

The new threat bears little resemblance to disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points of computers and the physical structures they control.

VIRTUAL TOOLS

U.S. analysts believe that by disabling or taking command of the floodgates in a dam, for example or of substations handling 300,000 volts of electric power, an intruder could use virtual tool, to destroy real lives and property. They surmise with limited evidence, that al Qaeda aims to employ those techniques in synchrony with "kinetic weapons" such as explosives.

"The event I fear most is a physical attack in conjunction with a successful cyber attack on the responders' 911 system or on the power grid," Ronald Dick, director of the FBI's National Infrastructure Protection Center, told a gathering of corporate security executives June 12 in Niagara Falls.

In an interview, Dick said those additions to a conventional al Qaeda attack might mean that "the first responders couldn't get there and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world."

SECURITY FLAW

Regarded until recently as remote, the risks of cyber terrorism now command urgent White House attention. Discovery of one acute vulnerability - in a data transmission standard - rushed government experts to the Oval Office on Feb. 7 to brief President Bush. The security flaw, according to the FBI, could have been exploited to bring down telephone networks and halt "all control information exchanged between ground and aircraft flight control systems."

Officials said Osama bin Alden's operatives have nothing like the proficiency in the information war of the most sophisticated nation-states. But al Qaeda is now judged to be considerably more capable than analysts believed a year ago.

One al Qaeda laptop found in Afghanistan, sources said, had made multiple visits to a French site. It offers a "Sabotage Handbook" with sections on planning a hit, switch gear and instrumentation, anti-surveillance methods and advanced techniques. In Islamic chat rooms, other computers linked to al Qaeda had access to "cracking" tools used to search out networked computers, scan for security flaws and exploit them to gain entry or full command.

DIGITAL SWITCHES

Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids.

Specialized digital devices are used by the millions as the brains of America's "critical infrastructure" - a term defined to mean industrial sectors that are "essential to the minimum operations of the economy and government."

The simplest of these devices collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.

What is new and dangerous is that most of these devices are now being connected to the Internet.

Because the digital controls were not designed with public access in mind, they typically lack even rudimentary security. Much of the technical information required to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists said the flaws are well known to potential attackers.

The U.S. intelligence community has not reached consensus on the scale or imminence of this threat, according to observers of the discussion.