INFORMATION TECHNOLOGY 9/11

by BERNARD A HODSON

On September 11th 2001 the world watched in horror as terrorists destroyed the WTC and other venues, with thousands of lives lost. An equivalent in IT will destroy businesses and infrastructures, affecting the economic wellbeing of millions of people, causing chaos in many industries. Some predict it will happen within 10 years. They are overly optimistic and I see it happening much sooner, the tools already being in place to cause an IT catastrophe.

Identity theft is acute and criminals have been gathering thousands of potential business and individual victims, through email and wireless interceptions. They are already in a position to cause personal and business tragedy to thousands, with major interruptions to banks, many of whom have already been targeted. Identity theft is also a national security problem with bogus individuals carrying the credentials of security cleared people.

The potential for catastrophe is national and international, with adverse consequences to a country far worse than anything that might happen to individuals or business.

Optical fibres that carry financial and security data streams around the world can be tapped without detection. It is a difficult operation but can be done by determined groups. It has probably been done already and detected but no one knows how extensive the undiscovered problem is, nor what data has been intercepted. Consultants to the banking industry in Switzerland have indicated that bankers expect a multi billion dollar catastrophe with electronic money transfers. Several lesser intrusions have already happened in the banking and electric utility industries, in several countries.

Satellite data transmission can be affected by sun spots but it is possible to jam the signal, disturbing or cutting off the transmission. In some satellites, software has been introduced where, if jamming is sensed the satellite changes the frequency of its transmission. Nevertheless a determined group could severely disrupt satellite transmission at a critical time, causing chaos. Satellite and wireless transmissions, which can even be picked up casually, are both potentially insecure, as evidenced by some notable chance interceptions of Soviet satellite signals.

Personal computers can be compromised without the knowledge of the owner by thousands of viruses and worms being added to a legitimate transmission. This and hacking are now automated so that millions of computers can be brought to a standstill in a few hours. Some can even be delivered that destroy data bases. A 9/11 bent virus, worm or hacker could wipe out the data on vulnerable computers across the world, triggering an economic bomb burst or creating chaos at a critical time in world history.

Gangster protection rackets threaten to hack in to companies computers and destroy their data (potentially putting them out of business) unless they pay protection money. If a few gangsters can do pinpointed damage think what a group of terrorists could do.

Another vulnerability is the introduction of Trojan Horses, designed to trigger chaos at a specified date, which can be introduced to millions of computers world wide.

Encryption can also give a false sense of security, as the Germans found so disastrously during WW II. Their ENIGMA encoding system was theoretically unbreakable but the value of their encryption was lost by the predictable bureaucratic use of the system, which meant that certain procedures, always followed, betrayed that particular code stream. Encryption algorithms have improved but can still be broken, compromising sensitive and confidential data, the breaking in many cases caused by personal mishandling of the encryption processes.

Ironically the person who was a key player in the ENIGMA code breaking, Alan Turing, also left behind a solution to our current problems. The von Neumann legacy of software fragmentation has led to our current vulnerability. It can be remedied by developing the Universal Turing Machine which he advocated. While now feasible it is a longer term solution that could take from three to five years to implement. For the short term we are going to have to rely on proliferating patches which are soon bypassed, a variety of firewalls, and some reliance on encryption. There is the possibility for the formation of a voluntary worldwide monitoring system to make life as miserable as possible for the virus and worm generators, the hackers, the wireless interceptors, the spammers and the identity thieves.

An Information Technology 9/11 is not only deliberately possible it could even happen by chance.