iTnews
  • Home
  • Features
  • Technology
  • Security

Words will never hurt me?

By Nick Barron, on Oct 22, 2008 4:31PM

Misuse of language is turning 'ordinary, decent computer criminals' into 'cyberterrorists' who menace world peace.

Misuse of language is turning 'ordinary, decent computer criminals' into 'cyberterrorists' who menace world peace.

While the tanks were rolling into Georgia during the recent military conflict with Russia, there was, apparently, a simultaneous “cyber war”, with Russian forces accused of conducting widescale denial-of-service attacks against Georgia's internet infrastructure.

And this isn't the first time Russia has done it, some believe. In May 2007, following violent protests after the removal of a war memorial in Tallinn, a number of Estonia's official websites were defaced or subjected to denial-of-service attacks.

At the time, commentators suggested that the hidden hands of the former Soviet security forces were on the keyboards.

The reality was less exciting, with the attacks being traced to disgruntled individuals doing their bit to protest. This sort of “hacktivism” is not particularly new, being pioneered back in the 1990s with tools such as Floodnet.

It's too early to say whether the attacks on Georgia were state-sponsored or not. What is clear to any reasonable observer is that they were militarily ineffective.

Taking out a country's internet would definitely have an economic impact in the longer term. It is however unlikely to be of tactical significance in smaller conflicts.

There is a trend to promote “cyberwarfare” as the new threat to panic about. This is tied in with the catch-all field of “critical national infrastructure” protection.

Ironically, this trend took hold in the UK a few years after we had finished dismantling the old civil defence infrastructure that covered similar ground. We are reinventing the wheel.

It's not all bad. The UK's Centre for the Protection of National Infrastructure (CPNI) is doing a lot of good work and its website (www.cpni.gov.uk) is worth checking out, as it has a wide range of useful publications (I'm pleased to see that in typical British fashion CPNI adopts the less trendy term “electronic attack”, eschewing the use of any terminology found in Dr Who scripts).

The more worrying trend involves using inflammatory language about “cyber attacks” to inflate relatively harmless computer criminals into James Bond-style terrorist masterminds seeking the overthrow of the free world.

Take the case of Gary McKinnon, who “hacked” a number of US military systems and is now facing extradition to the US as a “cyberterrorist”.

McKinnon's “hacks” mainly involved systems that had no passwords set, so perhaps the US military's focus should be on its sysadmin staff. The systems he attacked were also relatively low-grade; unfortunately, the popular press and much of the public seem unable to distinguish between “systems run by the military” and “systems critical to military operations”.

McKinnon's actions were almost definitely illegal (under the UK Computer Misuse Act) and certainly foolish (he broke in several times shortly after the September 11 attacks), but to suggest they represented a serious threat to the operational capabilities of the US military is laughable.

Or rather it would be, if it weren't likely to end up in harsh and unjustified punishment for him (see the five-year sentence for Kevin Mitnick, whose prosecutor famously claimed could launch a nuclear attack by whistling into a payphone).

We are going through a time of “terminology inflation”, where a simple change of the naming convention turns relatively harmless computer criminals into dangerous “cyberterrorists” whose extradition is justified. It's doubtful we even need the term cyberterrorist; if a terrorist uses a car, we don't call them “autoterrorists”.

More important is the differentiation between criminal and military action and how we respond.

It would be foolish to assume that hostile military organisations have no intention to attack the electronic infrastructure of their enemies; it would be equally foolish to assume that any attack aimed at a military computer system is an act of war. Treating “ordinary decent criminals” as military attackers sets a worrying precedent.

See original article on scmagazineuk.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
hurtmeneversecuritywillwords

Partner Content

Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Nick Barron,
Oct 22 2008
4:31PM
0 Comments

Related Articles

  • Palo Alto Networks alerted to DoS vulnerability in routers
  • US puts million-dollar bounty on Russian ransomware raiders
  • Wesfarmers to stand up offensive cyber security capabilities
  • ACCC greenlights Google's buy of Mandiant
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Defence, DEWR drop $160m on Microsoft software, Azure

Defence, DEWR drop $160m on Microsoft software, Azure

Digital Nation

Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.