Islamo-cyber-terror hits Defcon level farce

Islamic cyber terrorists have reached such advanced levels of computer literacy that they have learned how to leave graffiti on websites, according to British intelligence and security chiefs.

After many years in which press over-reaction to official speculation of suspected Islamic cyber terror threats has encircled Britain in a shroud of incredulous fear, Parliament's Joint Intelligence and Security Committee (ISC) subtly downgraded the cyber terror threat last week.

The ISC said "Islamist terrorists" had learned how to deface websites and launch denial of service attacks, a routine method hacktivists, hackers and criminals use to prevent people's websites from working for short periods.

The committee's annual report for 2008-2009 said last week that only "limited forms of attack" were available to Islamo-cyber-terrorists, and their "technical capability varies greatly".

Referring to evidence submitted to the committee by GCHQ, the UK's high-tech spook-station, in February 2009, the report stopped shy of admitting just how quaint is the cyber terror threat.

"These attempts are often ***," said the report with keywords modestly removed. "There are, however, indications that awareness and use of electronic attack is on the increase and ***."

Bogeymen

The committee also invoked the frightening spectre that is the state-led cyber threat, or the possibility that Britain's electronic borders are besieged by foreign data hordes. It sensationally referred to incidents of espionage involving network intrusion as "attacks".

It repeated threat assertions made by the Centre for the Protection of the National Infrastructure, a GCHQ computer shop, without question.

"Foreign intelligence services conduct large-scale electronic attacks with the aim of stealing government, defence and technology information from targets in both government and industry," it warned.

Yet military and cyber security chiefs speak openly about the impossibility of identifying those who attempt to probe their computer systems. The problem of attribution, as it is known, is a central thread of international talks hoping to design laws to contain the cyber actions of national armies.

Balls

Foreign espionage is assumed to be behind the network intrusions for the same reason that, say, a dog will lick its balls. Because it can. And everyone is at it. Not just Johnny foreigner.

Espionage is lawful under international law. Defence experts even value it for its ability to avoid costly mistakes like the Iraq war, said such experts under non-disclosure at the Cyber Warfare 2010 conference in London in January.

Yet the threat cannot be quantified because neither governments nor corporations want to admit when they do bleed valuable data, nor that they've no idea who took it.

The committee that repeated these latest assertions is supposed scrutinise the work of the intelligence services, but is said to be so "embarrassingly inadequate" that it rubber stamped dubious claims that spies had not tortured terror suspects.

More on page 2

And still careless talk frequently leads to scandalous reports of foreign intelligence agencies "attacking" computer systems, when they are merely infiltrating them, and even then to an unquantifiable degree. This has led the British government's cyber guardians to speak out against careless talk of attacks.

Chaff

Similarly, it is impossible to say how much cyber espionage is conducted on behalf of blue-chip corporations, and therefore how much the talk of foreign bogeymen misdirects our attention.

It is also worth asking when cyber terrorism is nought but hacktivism. Or when a denial of service attack is merely a retaliation against the organs of colonial propagandists. One man's inspiration is another's propaganda. How much hacktivism is borne of anti-colonial frustration?

And at what point does a threat become a possibility strong enough to justify scaring people out of their beds? Was it strong enough three years ago to justify the warning given by jumpy John Reid, then home secretary and former war minister, that cyber terrorists might disrupt air traffic control systems, some of the most vulnerable and therefore well protected computer systems in a country with among the most well protected computer systems in the world?

Was the threat strong enough five years ago, when computer security was still being brought up to standard across the national infrastructure, and when the cyber threat had us 48-hours from anarchy?

Is it yet strong enough, a year after GCHQ told gullible MPs on the security committee that Islamo-cyber terrorists are still only scary enough to deface your website? But that the threat that they might become more of a threat is still ever-present. At what point did it start sounding absurd?