Clarke: Terrorists used Net for info on targets

From...

By Patrick Thibodeau

WASHINGTON (IDG) -- The Bush administration's top cyberdefense official says there's evidence that the terrorist group al Qaeda was using the Internet to gather intelligence about critical facilities in the United States -- and that other terrorist groups and nations may be doing the same.

But so far, says Richard Clarke, head of the White House's Office of Cyberdefenses -- a division of the Homeland Security office -- al Qaeda and other terrorist organizations have limited their use of the Internet for communication and propaganda purposes.

"None of those traditional terrorist groups has yet to attack over the Internet," says Clarke. He appeared this week before the United States Senate Judiciary Subcommittee on Administrative Oversight and the Courts. And he warned that cyberattacks could be forthcoming.

There's now evidence found in caves in Afghanistan, says Clarke, that al Qaeda "was using the Internet to do at least reconnaissance of American utilities and American facilities."

IDG.net INFOCENTER Computerworld main page Computerworld's topic-oriented communities Computerworld's IT career center Free daily newsletters Related IDG.net Stories Web sites seen as terrorist aids Could KM have anticipated the terror attacks? Report warns of al-Qaeda's potential cybercapabilities Features PC World.com Product Finder Mastering e-commerce by degrees Fast-track training puts nontechies in IT jobs Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

Clarke says al Qaeda was gathering useful information off public Web sites. "If you put all the unclassified information together, sometimes it adds up to something that ought to be classified," he says.

Clarke says the U.S. doesn't know whether there have been successful penetrations of critical infrastructure networks. But, "If I were a betting person, I would bet that many of our key networks have already been penetrated," he says.

"Trap doors," a secret means to gain network access, and "logic bombs," devices that can cause systems havoc when triggered, "may already be in many of our key infrastructures because it is easy to do," says Clarke.

The committee's chairman, Charles Schumer, Democrat of New York, warned that a "well-planned and well-executed cyberattack on America wouldn't just mean the temporary loss of e-mail and instant messaging. Terrorists could gain access to the digital controls for the nation's utilities, power grids, air traffic control systems and nuclear power plants."

The threat isn't just from terrorists groups. Criminal organizations, teenage hackers and nations such as Iraq, Iran, China, North Korea and Russia have all developed information warfare units, says Clarke.

But, Clarke added, U.S. software makers such as Microsoft have announced they're taking steps to improve the security of products. That effort is coming partly in response to September 11, but also in response to some virulent viruses that have caused $12 billion in damages last year.

That damage caused a lot of end-users to ask vendors why companies were paying so much for products that aren't secure."I think the word has gotten through to the IT manufacturers," he says.

Clarke says the U.S. doesn't know the capability of potential enemy countries or terrorists groups to conduct cyberwarfare. Unlike physical weapons, he noted, "There's nothing for our satellites to take pictures of."