[This was originally published on attrition.org.]
Attrition staff have been getting several mails warning of impending “patriotic hacking” in retaliation for the terrorist attacks on September 11. Some are from the usual opportunists, exploiting world-wide attention on the recent terrorist attacks to further their own agenda. Others are from people who just want to do -something- to feel like they are striking back at those responsible, even if it’s the wrong thing. We have all been profoundly affected in our own way by what has occurred, but a reality check is in order. How effective are “cyber-attacks”?
First, let’s put “cyber-war/jihad/whatever” in perspective to the very real, physical attacks of September 11, 2001. Buildings that were as familiar to people as their homes were utterly destroyed. Thousands of people were killed. There are no “backups” to restore what has been lost forever. No one was ever killed from a “cyber attack”.
In a “cyber-war”, where is the enemy? The FBI would just love to know that hackers have managed to positively identify which sites belong to those responsible for the terrorist attacks. Even if they could be identified, attacking them could destroy crucial evidence. Blindly attacking sites perceived to be vaguely Arabic is just plain stupid. Attacking sites of people who aren’t even remotely involved to vent emotions is even more moronic.
What would be the results of a so-called “hacker call to arms”? Typical bottom-feeders will exploit the opportunity presented to generate press and revenue. Law-enforcement is already demanding greater discretionary powers and restrictions on cryptography. The Internet was not the instrument of this any more than freedom was. Hackers who participate in this are providing a nicely wrapped package to justify knee-jerk legislation that will restrict our freedom in the name of “security”. Make no mistake – legislating the Internet will not make us more secure. A group with the resolve to murder thousands of innocent people will not be deterred by Internet restrictions. They will just find another way.
The biggest result of a “hacker call to arms” is that it will generate a lot of noise that will aid the enemy in destroying our freedom – something they will not permit their own people. If what is perceived to be “our side” attacks “their side”, the retaliatory attacks will keep fueling this futile “battle”. Our industries need to focus on rebuilding, not responding to nonsense. Those who participate in this should be considered agents of the enemy.
This is not to say that we shouldn’t take extra precautions to safeguard our networks. People are in a very raw emotional state right now, no doubt making mistakes trying to cope with compromise solutions. Technical people who want to help should do so in whatever way they can, whether it be to volunteer time and skill to the businesses affected, or even just answering technical questions. Those who can’t do that should at least help by staying out of the way for now. Don’t exploit this for self aggrandizement.