“Web sites that promote terrorism are here to stay, although governments and Internet companies will occasionally shut one down if it violates the law or a terms-of-service agreement.” Thus reads a grim observation in one of the essays included in ‘Issues in Terrorism and Homeland Security,’ second edition (www.sagepublications.com).
Reminding that such a decision to shut down can only be reached after prolonged monitoring, the author Barbara Mantel underlines that monitoring the thousands of Web sites, discussion forums, chat rooms, blogs and other open sources of the Web requires trained personnel with expertise in the languages, cultures, belief systems, political grievances and organisational structures of the terrorist groups online.
She makes a case, therefore, for the pooling of scarce expertise required for such monitoring, and mentions as example Europol, the EU police agency, which began a programme in 2007 called Check the Web, encouraging member nations to share in monitoring and evaluating open sources on the Web that promote or support terrorism.
“The online portal allows member nations to post contact information for monitoring experts; links to Web sites they are monitoring; announcements by the terrorist organisations they are tracking; evaluations of the sites being monitored and additional information like the possibility of legal action against a Web site.”
Among the difficulties encountered by such an initiative are the divergent practices. The author notes, for instance, that some member states’ police are unsure whether or not they need a court order to monitor and participate in a Web forum without identifying themselves; and that there is no agreement on the definition of a terrorist and what kinds of sites should be watched.
To those of us looking for reassurance that a truly destructive and frightening cyber attack is not too likely, the essay quotes the view of Irving Lachow, a senior research professor at the National Defense University in Washington, D.C. – that a cyberterrorism attack would need a multidisciplinary team of people whereas the capabilities of terrorists are very limited.
Critical facilities are very complicated and they have hundreds of systems, reasons Lachow. To blow up a power plant, for instance, a terrorist group would need an insider who knows which key computer systems are vulnerable, a team of experienced hackers to break into these systems, engineers who understand how the plant works so real damage can be done, a computer simulation lab to practise and lots of time, money and secrecy, reads the explanation. “At the end of day, it’s a lot easier just to blow something up.”
Experts such as Steven Bucci, IBM’s lead researcher for cyber security, have a different view, however. The most insidious threat, according to him, comes from criminal syndicates that control huge botnets: worldwide networks of unwitting personal computers used for denial-of-service attacks, email scams, and distributing malicious software. “The syndicates often rent their botnets to other criminals. Some analysts fear it’s only a matter of time before a cash-rich terrorist group hires a botnet for its own use,” cautions Mantel.