While lawmakers and regulatory officials insist that the threat of a “digital Pearl Harbor” requires the government be given more power to ward off cyber-attacks, some experts say the threat has been exaggerated.
Instead, the impending threat of “cyber-terror” — as one expert called it — lies in the potential damage inflicted from the manipulation of information by the nation’s enemies, also known as information warfare.
Yael Shahar, director of Israel’s Institute for Counter-Terrorism, warned that information warfare conducted against the U.S. and American citizens, including the manipulation of financial institutions’ data, was a more imminent threat than cyber-attacks against networks.
“The real threat now, the thing that worries me most of all, is not the use of cyber-tactics and cyber-weapons, and not attacks against infrastructure, and not against IT infrastructure,” Shahar told The Daily Caller.
“What worries me more is information warfare — using information technology that’s already out there to manipulate information to make people think that they know something that they don’t know or to make people know something that isn’t true,” she added.
After being planted by hackers, such misinformation can then quickly spread around the Internet.
The digital threat to critical infrastructure like public safety or energy systems, however, is real. The STUXNET worm, one notable example, disrupted uranium enrichment processes in an Iranian nuclear facility at Nataanz.
A recent report by the Washington Post said that the Pentagon is “accelerating efforts to develop a new generation of cyber-weapons capable of disrupting enemy military networks even when those networks are not connected to the Internet.” In 2011 the Pentagon announced that cyber-attacks against the U.S. could be considered as acts of war.
Lawmakers are worried about casualties that would result from such an attack, but examples of casualties caused by cyber-attacks are lacking.
A recent article in Foreign Policy magazine by warfare scholar Thomas Rid noted that “there is no known cyber-attack that has caused the loss of human life.”
“No cyber-offense has ever injured a person or damaged a building,” said Rid. “And if an act is not at least potentially violent, it’s not an act of war.”
The threat of the manipulation of economic and financial information, however, could cause severe damage to a company or government.
“For example, changing numbers in stock markets without attribution, changing foreign currency numbers in national banks, they can do a lot of damage,” said Shahar, “but quite frankly that’s not what terrorists are after.”
Instead, countries like Russia, China, India and Iran have more of “an interest in knowing how to manipulate information,” Shahar told TheDC.
Hacktivist group Anonymous caused panics in the media and government by openly attacking financial institutions in 2011. In 2010 the SEC froze the assets of a Russian hacker at the firm BroCo Investments, Inc. after it was suspected of manipulating the trading prices of at least 38 companies in order to financially gain from the rise and fall of the prices. In 2008, an Indian hacker — Thirugnanam Ramanathan — was convicted of a similar crime after he had hacked into the online trading accounts of at least 60 traders with TD Ameritrade, E*Trade, Fidelity and others, and manipulated the market prices of various financial and biotechnology companies.