By Munir Kotadia
28 September 2006
Australia is preparing for cyber-terrorism attacks from "suicide
hackers", who will aim to bring down critical infrastructure for a
"cause" and not worry about facing 30 years in jail for their actions.
So far there have been no major acts of cyber-terrorism -- where hackers
take down parts of the critical infrastructure by breaking into power,
water, transport or even air traffic control systems -- but the subject
has been discussed a great deal.
On Tuesday, Colonel Paul Straughair, the director of network centric
warfare at the Australian Army and part of the Australian Department of
Defence, said he saw "no logical reason" why suicide hackers would not
strike in the future.
"We see suicide bombers that are prepared to die for their cause. I
don't think it is too far before we start to see people who are quite
prepared to conduct cyber-terrorism.
"While the risk will be high that they will be caught, they will accept
that as a fact of life for 'the cause' and be prepared to go to prison
for 30 years because they stopped a banking system working or a power
grid taken down or took down the air traffic control system of a country
for a period of time," Straughair told ZDNet Australia.
The suicide hacker scenario was possible but unlikely, according to Jo
Stewart-Rattray, director of information security at Vectra, who said
she found it hard to believe that someone would be willing to spend 30
years in prison for "a cause".
"We know hackers are getting bolder and bolder and it is possible that
someone would do that but it sounds like an unlikely scenario," she
According to Stewart-Rattray, there was now a heightened awareness of
cyber-terrorism, which would make it harder to cause chaos than it would
have done a few years ago.
"When I was working in critical infrastructure -- even after 9/11 -- I
would hear engineers say 'but it is only engineering data, who would
care'. I think that attitude has greatly changed," Stewart-Rattray told
However, she admitted that if a hacker was determined and patient enough
and really didn't care about getting caught, it would be possible to
"It would have to be a really planned attack and it may well be about
infiltrating the system where somebody would actually be in there as a
'trusted' member of staff.
"If they didn't care about getting caught and they didn't care about how
long it took them then that would surely be the way to create havoc,"
Visit the InfoSec News store!