washingtonpost: U.S. Fears Al Qaeda Cyber Attacks
A long, hysterical Washington Post piece suggests al Qaeda may have developed the skills to exploit security flaws in computer-controlled infrastructure. This seems entirely at odds with previously published evidence of al Qaeda’s technological skills, in particular their failure to use adequate encryption. The article mentions complex engineering software and plans found on al Qaeda computers, whereas previous reports have mentioned only easily available manuals, maps and even hoaxes.
Unsettling signs of al Qaeda’s aims and skills in cyberspace have led some government experts to conclude that terrorists are at the threshhold of using the Internet as a direct instrument of bloodshed. The new threat bears little resemblance to familiar financial disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points between computers and the physical structures they control.[...]
One al Qaeda laptop found in Afghanistan, sources said, had made multiple visits to a French site run by the Societe Anonyme, or Anonymous Society. The site offers a two-volume online “Sabotage Handbook” with sections on tools of the trade, planning a hit, switchgear and instrumentation, anti-surveillance methods and advanced techniques. In Islamic chat rooms, other computers linked to al Qaeda had access to “cracking” tools used to search out networked computers, scan for security flaws and exploit them to gain entry – or full command.
Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser’s path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids. In some interrogations, the most recent of which was reported to policymakers last week, al Qaeda prisoners have described intentions, in general terms, to use those tools.
[...]
A computer seized at an al Qaeda office contained models of a dam, made with structural architecture and engineering software, that enabled the planners to simulate its catastrophic failure. Bush administration officials, who discussed the find, declined to say whether they had identified a specific dam as target.
The FBI reported that the computer had been running Microstran, an advanced tool for analyzing steel and concrete structures; Autocad 2000, which manipulates technical drawings in two or three dimensions; and software “used to identify and classify soils,” which would assist in predicting the course of a wall of water surging downstream.