Skip to content

“Fears aside, al-Qaeda ill-equipped for a major cyberattack”

March 20, 2011

My latest opinion piece in the Philadelphia Inquirer:

"no computers here"

The websites for the CIA and the hosting site WordPress were knocked off-line this month by a “massive distributed denial of service” attack. Was this, as some feared, the work of al-Qaeda?

The concern seemed at least plausible, especially after Undersecretary of Defense William Lynn, in late February, painted a frightening picture of a toxic malware that the terrorist organization might develop. The mind reels to think that America’s No. 1 enemy could create a weapon as dangerous as Stuxnet, the virus deployed against Iran’s nuclear program. However, it’s doubtful that Osama bin Laden could pull it off.

First, al-Qaeda does not engage in subtle attacks. Stuxnet silently wound its way to its singular, designated target: the Iranian nuclear centrifuge system, raising alarms long after it had struck. Al-Qaeda is not known for the restraint and focus shown by the Stuxnet perpetrators. The terror group’s calling card is the spectacular, multiexplosion, mass-casualty strike.

A larger question is whether al-Qaeda could launch a sophisticated cyberattack. Lynn noted that “a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage,” but so far al-Qaeda hasn’t publicly expressed interest in cyberterror.

To pull off such an attack, al-Qaeda would have to first assemble a team of competent computer designers and give them a well-networked space away from relentless U.S. surveillance. But there are few decently wired places where a group of al-Qaeda hackers could meet and test ideas without some level of detection. It’s hard to build a complicated cyberweapon while being hunted by the world’s superpower.

Stuxnet was expensive to build and technologically difficult to deploy. According to news reports, the virus was built by creating a replica of the Iranian project within Israel – a complicated, financially taxing venture.

While al-Qaeda retains a robust network of financiers, it might prove difficult to hire people with the requisite computer skills. Competent cybercriminals already make a handsome living. Few would risk their livelihoods, their lives, and America’s eternal wrath by helping al-Qaeda. Protecting the bottom line may be one of the reasons that in more than 20 years, global criminal groups have yet to work with al-Qaeda.

Finally, given bin Laden’s reluctance to use electronic communications, it seems doubtful he would be willing to invest in a plot with such a high chance of failure. Al-Qaeda leaders have become wary of the Internet beyond exploiting it for propaganda and limited recruiting. An unsophisticated suicide attack against a Western public transit system or crowded area – al-Qaeda’s recent efforts – remains the group’s focus.

Even in this brave new world of cyber-intrigue, there are limits to accomplishable mayhem. The barriers to a successful al-Qaeda cyberattack that would rival 9/11 are rather high. Even Stuxnet reveals certain limits: The virus seems to have only slowed the Iranian uranium-enrichment program, not derailed it. Further, it did not slake Tehran’s political thirst for nuclear arms, nor did it wipe away the mental competencies and education of the Iranian scientists working on the project.

So, relax. Al-Qaeda does not have anything as sophisticated as the state-produced, state-tested Stuxnet. As the ersatz Mark Zuckerberg tells the Winklevoss twins in The Social Network, “If you guys were the inventors of Facebook, you’d have invented Facebook.” If al-Qaeda had the capability to launch a major cyberattack, it would have tried by now.


No comments yet

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: