Red Alert over Digital Warfare on the Net

Never mind missile-defense shields. What America needs right now is protection against attacks from cyberspace

By Mike France

Call it cyberterrorism. Over the past few days, Chinese hackers have been infiltrating American government Web sites to express their anger about April's spy-plane incident. At a site run by the Labor Dept., for instance, invaders posted a tribute to Wang Wei, the Chinese pilot who apparently died when his plane collided with the U.S. EP3 surveillance aircraft. Similar attacks have targeted sites run by the Health & Human Services Dept.

None of these incidents has attracted much attention. Nor did any do much damage. But they're part of a larger pattern. Chinese hackers have also been targeting Taiwanese Web sites for years. Whenever tensions between India and Pakistan rise, programmers from the two countries trade blows. And in the Middle East, a full-scale cyberwar is under way between Israelis and Palestinians. Already, it has disrupted life for a wide range of companies, government agencies, nonprofit groups, and private citizens.

The hit list includes NetVision, Israel's largest Internet service provider; Amman's, the Arab world's largest ISP; Lucent Technologies, which has close ties to Israel's high-tech sector; and dozens of other Israeli outfits, including high-tech holding company Elbit and international phone-service provider Internet Golden Lines Ltd.


  In each of these cases, there have been accusations that governments are backing the cyberterrorism. While these claims haven't been verified, American computer-security experts fully expect state-sponsored hacking to become a tool of international warfare one day, so they've been watching the confrontations closely for insight into how to guard against digital terrorism. Cyberterrorism is "the type of thing our military people have been worrying about for some time," says one senior Bush Administration official.

Corporate America is also paying close attention to the emerging digital battleground. In January, a coalition of 19 technology companies, including Cisco, Microsoft, Oracle, and IBM, banded together to form the Information Technology Sharing & Analysis Center (IT-ISAC). Members of the group plan to share information about computer security threats and develop joint defenses.

One key goal: to develop sheilds against cyberterrorism. "We're starting to get state-sponsored terrorists involved in cybercrime," says Harris Miller, president of the Information Technology Association of America, which is helping to manage IT-ISAC. "Given the significance of information technology for our finance industry, for our telecommunications industry, for electricity, and other critical infrastructures, [cyberterrorism] is potentially a way to exploit a vulnerability. In the future, if a country wants to attack another country's power grid, rather than dropping physical bombs it may do it through electronic bombs."


  With the Internet, it's possible to launch such attacks from anywhere in the world, even friendly countries. Israel has determined that many of the Web raids originated in Belgium, Britain, Germany, Italy, and the U.S. "There are thousands of Arab students outside the Middle East, and they quickly joined the call to arms," says Nissim Barel, president of Comsec Group, a Tel Aviv network-security consulting firm.

No doubt about it, the Internet is a powerful tool for terrorism. That's a big reason why those small shots from Chinese hackers this week could portend bigger fireworks down the road.

With Neal Sandler in Tel Aviv, and Stan Crock in Washington, D.C.

France is BusinessWeek's Legal Affairs editor

Before it's here, it's on the Bloomberg Terminal.