Recent al-Qaida "recruitment" videos and foiled terrorist plots in the United Kingdom remind us that the effectiveness of terrorism is very much an issue of winning the hearts and minds of those with the proper skills to do serious harm.
It would logically follow that it is reckless to allow terrorists to combine the critical elements of ideology, skills and the technical means of destruction.
Yet, today there is a less discussed conflict -- a "cyberwar" -- where these dangerous elements are indeed coming together in our own back yard.
Regardless of one's position on the war in Iraq or the definition of the "global war on terror," the threat is real.
This cyberwar is embodied by scores of extremist Islamist and pro-terrorist Web sites that spew hatred for America, Israel and others. Some sites train Islamists in Internet hacking skills, while others are more slanted toward military weapons training for jihadists.
Nearly all are involved in recruitment, information exchange and extremist propaganda of one kind or another.
What is alarming is the fact that these Web sites demonstrate a steady progression of skill levels among many of the cyberjihadist groups, making their brand of cyberwarfare a greater threat than in recent years.
From Russia, With Code?
Earlier this year, cyberattacks against Estonia demonstrated what a cyberwar could resemble when expertise is motivated en masse.
Pro-Russian hackers attacked numerous Estonian sites in the wake of major protests over the bitterly disputed removal of a World War II-era statue and graveyard.
The cyberattacks brought down numerous government Web sites and one major banking site.
NATO even rushed a cyberwarfare team to the country to assist the Estonian government, and the nation's justice minister requested that the European Union classify these attacks as acts of terror.
One positive result of the attacks against Estonia has been greater global attention on the cyberwarfare threat.
Dr. Linton Wells II, the highly respected former principal deputy to the assistant secretary of defense for networks and information integration, has suggested that the Estonia incident "may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society."
As one who used to work for Dr. Wells when I served in the military, I find his warning a chilling harbinger of an age when like-minded hackers possess potent cyberwarfare skill sets and tools.
The 'Botnets' Are Coming
While the skill levels of most jihadists are still not up to the levels of many Eastern European cybercriminals or noteworthy Chinese hacker groups, they are nonetheless improving.
Furthermore, the Internet enables a confluence through which many politically indifferent cybercriminals could, for a price, be marshaled to attack America and its allies.
Malefactors could launch attacks through huge freelance armies of "botnets" -- legions of software robots installed on computers around the world for nefarious purposes.
Millions of computers in the U.S. and around the world have already been infected with this malicious software.
Cybercriminals and other hackers currently go after sensitive financial and identity information on personal computers.
But, like parasites taking over a host organism, these software "bots" can also commandeer PCs to send out everything from e-mail spam to coordinated attacks against other individual computers or larger systems.
These botnet assaults could include "denial of service" attacks, which force targeted computers to crash or consume their resources in such a way that they can no longer provide communications or other services.
The results are realized when hundreds of thousands of computer users notice their PCs are running unusually slow while, perhaps on the other side of the world, an e-mail service shuts down or a bank becomes unable to provide online banking services.
Though many U.S. Web sites are well-protected, a massive denial of service attack could leave many commercial and other sites reeling along the lines of what occurred in Estonia, but on a larger scale.
Given that more of our daily life today depends on the Internet, financial losses could be huge and would be accompanied by a corresponding loss of consumer confidence.
The threat looms larger when one considers the vulnerabilities of our critical infrastructures -- particularly as more of them connect to the Internet to achieve cost and management efficiencies.
This year, in fact, is the 10th year that the federal government's information systems and critical infrastructures have remained a "high risk" category as assessed by the Government Accountability Office.
Web-Hosting Terrorists
Most Americans will be surprised to learn that many Islamist hacker sites are hosted right here in the U.S.
Consider it an unmistakable and very much intended irony that these cyberjihadists are using our own domestic Internet resources against us.
Under Executive Order 13224, companies are forbidden to provide services to organizations known to support terrorism.
Technology industry leaders have also been doing their part to raise threat awareness, but greater cooperation between government and industry would go far in closing these sites down.
In some cases, sites have been shut down in the U.S. only to reappear in highly Internet-savvy countries such as Malaysia.
As one of the 9/11 terrorist planning locations, Malaysia has hosted a number of jihadist sites after authorities acted to terminate them in the U.S.
To its credit, that nation has not been deaf, dumb and blind to the problem -- quite the contrary.
In May 2006, Malaysian Prime Minister Abdullah Badawi announced the creation of a program called the International Multilateral Partnership Against Cyber-Terrorism, or IMPACT, to help countries work globally to fight cyberterrorists.
In one notable case, an especially worrisome jihadist hacker site first registered in Florida was shut down, but the organization behind it reconstituted operations in Badawi's country.
The Malaysian authorities took action to shut the site down. Unfortunately, it has appeared again where it originated: Tampa, Fla.
The site has grown from a membership list of only about 300 to more than 122,000 over the past few years. Skill levels are improving and technical information-sharing is taking place.
Some in the intelligence field -- and many on its fringes -- have argued that the U.S. needs to keep these jihadist sites up in order to monitor and understand their activities. True, some of this surveillance is necessary, but this is a wholly misguided attitude.
The Gang Paradigm
Compare the response to proliferating Islamist hacker sites with law enforcement efforts to fight urban gangs.
In combating gangs, law enforcement might seek to infiltrate a few particular gangs, allow them to be active for a time, and collect intelligence on their plans, capabilities and connections.
This activity makes perfect sense and it has its counterpart in cyberwarfare.
But neither law enforcement nor the general public would accept the unchecked exponential growth of infiltrated gangs based on the argument that the public needs to know what they are up to.
In the cyberrealm, we have passed the point where the benefits of surveillance justifies letting these sites multiply and grow with impunity.
From Estonia to Tampa, recent events teach us that cyberwarfare is indeed a war. It must be fought harder and smarter and within the context of the broader struggle against Islamist extremism.
On the upside, the experience in Malaysia demonstrates that governments and private organizations -- new allies as well as old -- can effectively work together to confront the convergence of talent, knowledge and the malicious intent to harm us.
Congress has been paying greater attention to cyberwarfare threats and vulnerabilities through Homeland Security Committee hearings, but more needs to be done in terms of concrete action.
Such an effort warrants serious resources, global coordination and the collaborative work of people with the best insights possible.
Our failure to better recognize and act upon the reality of this threat could open us up to a whirlwind of trouble in the future.
Melnick is the senior threat analyst for the iDefense Team at VeriSign Inc. (NASDAQ:VRSN) He formerly worked as an analyst for the Defense Intelligence Agency and is a retired colonel in the Military Intelligence branch of the U.S. Army Reserve.
http://money.cnn.com/news/newsfeeds/articles/newstex/IBD-0001-18868973.htm
