Cyber terrorism is 'fantasy'

Security experts have labelled cyber terrorism as "fantasy" and called the FBI "ill-advised" for raising unnecessary concerns about viruses.

Following Osama bin Laden's attack on the US, Richard Clarke, cyberspace security adviser to the White House, described the perceived threat to America from viruses and hacking as a "digital Pearl Harbor".

But no evidence has so far been produced to suggest that "rogue nations and terrorists" are waging an information war against the West.

"If there was going to be cyber terrorism, why hasn't it happened?" asked Graham Cluley, senior technology consultant for antivirus (AV) specialist Sophos.

"Viruses don't make good weapons for warfare; they have no guidance system so the sender could easily become his own victim unless protected and even then the most sophisticated viruses have antidotes written for them by AV companies within a matter of hours," he said.

Cluley insisted that cyber terrorism was not the next battlefield for international conflict. Only a few politically motivated viruses have been launched, all of which were harmless and easily dealt with, he said.

He also criticised the FBI over its Magic Lantern, a Trojan virus which the Bureau plans to release on suspected terrorist groups to extract information from systems without their knowledge.

The hacking technology is believed to be more than three years old, according to some US experts.

"It seems like the FBI is just trying to see if they can come up with different options and ways that electronic surveillance can be done," said Vincent Gullotto, director of security specialist Networks Associates' AV emergency response team.

AV specialist McAfee, part of Network Associates, denied reports in the Washington Post last week that it would make sure its software did not prevent Magic Lantern.

Sophos believes the FBI is not best placed to preach about AV measures, having itself been a victim of the SirCam virus earlier this year when classified documents were sent to the FBI's mailing list because it had failed to update AV software.

The FBI has also failed to prosecute David L Smith, the author of the Melissa virus which caused $80m worth of damage to US businesses. Smith pleaded guilty on 10 December 1999 and has still to be sentenced.

"Funny that," said Cluley, given that the FBI itself is now developing its own viruses.

Cluley also criticised the Bureau's handling of the Code Red affair in July, when FBI spokesmen warned of the "meltdown of the internet".

"The FBI was ill-advised. It should have said it only affected business users and here's how to deal with it," he explained.

Code Red does not even feature in Sophos' top 10 most reported viruses for the year.