Cybersecurity Expert: Terrorists May Attempt Cyberattacks

A Russian computer security expert predicts that terrorists could seek to target the country’s critical infrastructure through electronic warfare, a strategy that could raise the stakes in how Russia handles computer crime.

While terrorists aren’t believed to currently have the know-how to disrupt critical infrastructure, it would be “very dangerous” if they start learning, said Valery Vasenin, head of the computer security department at the Institute for Information Security Problems (IISP) at Moscow State University.

“I think the phenomenon of terrorism will go in this direction,” Vasenin said in an interview at his office. “This is probably the most important problem for the coming years.”

Russian’s energy grid is a possible target, which could cause widespread blackouts. The air transportation or fuel distribution systems are other possible targets, Vasenin said.

Russia has experienced chilling episodes of terrorism. In September 2004, 331 people, more than half of whom were children, were killed when Chechen separatists stormed a school in Beslan. In October 2002, Chechen rebels took 850 people hostage in a Moscow theater, and 117 died after Russian forces used a poisonous gas before entering the premises.

No major cyberterrorism incident in Russia has been recorded. However, the country’s infrastructure is becoming more networked and less isolated than before, which could make it more vulnerable to cyberattacks, Vasenin said.

“Russia, at the moment, is average in terms of computer security, like the rest of the world,” Vasenin said.

In the 1990s, the Internet in Russia was still viewed as something of a domain for academics, Vasenin said. But the rapid change of technology and emergence of threats has led to greater attention to security issues, he said.

Moscow State University’s IISP was established in 2004 to study network security, the psychology of human behavior and the Internet, along with computer forensics and judicial issues.

Russia lacks laws that clearly define computer crime, he said, making it difficult for Internal Affairs Ministry agents to investigate and bring cases. IISP is studying other countries’ computer crime laws and formulating recommendations.

“They [the Internal Affairs Ministry] are somewhat unarmed,” Vasenin said. “We understand we [Russia] have these problems related to legislation, just as there are worldwide problems.”

Through June, Russia recorded 8,400 computer-related crimes, according to figures released by the Internal Affairs Ministry in October. Forty-three percent of the cases were related to online auction fraud, with the remainder comprising information theft, unauthorized access, child pornography violations and others, the ministry said.

Boris Miroshnikov, who heads the cybercrime department in Russia’s Internal Affairs Ministry, has called for more trained experts to handle criminal cases that often cross international borders. Miroshnikov’s comments at a cybersecurity conference were published earlier this year by Moscow State University.

“Do we have today a school of experts in the field of cybercrimes?” Miroshnikov said to conference participants. “Unfortunately, I do not think so.”

-Jeremy Kirk, IDG News Service (London Bureau)

(Pavel Kupriyanov of Computerworld Russia contributed to this report.)

Related Links:

• US-CERT Warns of Al-Qaida Threat to Stock Market, Banks

• IT Versus Terror

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.