On Monday May 6, I stumbled across an Internet news story in the Washington Times about a threatened cyberterror attack that was scheduled to occur on Tuesday, May 7.
According to this story by Shaun Waterman, the Department of Homeland Security had sent a bulletin to “the private sector” (probably banks and major corporations) about the threatened attack against high-profile targets such as government agencies and financial institutions.
The source for the Washington Times story was Brian Krebs, former Washington Post reporter, who now blogs at KrebsOnSecurity.com where he writes about Internet security.
On May 2, Krebs had written about a May 1 confidential alert by Homeland Security predicting that the May 7 attack would “mostly consist of nuisance-level attacks against publicly accessible webpages and possible data exploitation. Krebs posted the original anonymous threat, which was posted on April 21, as well as a PDF of the Homeland Security document warning about “efforts by mostly Middle East- and North Africa-based criminal hackers and cyber actors to plan and launch cyber attacks aimed at US Government agencies, financial institutions, and commercial organizations in a campaign known as ‘OpUSA.’”
Fortunately or unfortunately, I am not a bank, a major corporation or a government agency, so although I found the story interesting, I promptly put it out of my mind — at least until I woke up the following morning, May 7, and discovered that my Internet service was down at my home.
I called CenturyLink’s hotline and discovered that they knew about the problem and expected it to be resolved within 24 to 48 hours. Then I went to work and discovered that the Internet service was down there, too. Within an hour or two, I had learned (using my cell phone) that CenturyLink Internet service was down pretty much nationwide, affecting at least 1 million residential and business Internet consumers.
At that point, I expected to find out that OpUSA had successfully launched a cyberterror attack against the very attractive target of CenturyLink, but found instead that not one word would be uttered about OpUSA by the media, Homeland Security, CenturyLink or anyone else. In fact, Century Link said the problem had something to do with its “core routers” (whatever they are) and that it was investigating the cause.
I suppose someone somewhere knows the cause by now, but it is apparently not going to be linked to OpUSA — at least not publicly — but at the very least, the entire incident has opened my eyes to the huge potential for chaos that online terrorism can cause.
Whether or not OpUSA is just the invention of a bunch of teen-agers as some anonymous posters on the Internet have alleged, or a full-fledged attack by “a group of mostly Middle East- and North Africa-based criminal hackers” — as Homeland Security originally suggested in its May 1 memo — doesn’t really matter.
What does matter is that online terrorism is real, and most people don’t take it seriously. Maybe OpUSA was nothing more than a diversionary attack intended to lull Americans into a false sense of security while the real attack is being planned.
But whether it is jihadis, criminal hackers, anarchists, North Koreans, or Chinese government agents, we do know that there are literally thousands of people working on disrupting all or part of the Internet every day, and we ignore that threat at our own risk.
Virtually our entire world economy is now dependent in some way on the Internet, and if it is subverted by malignant forces, then heaven help us.