IT managers 'should be liable for harbouring cyberterrorists'

Negligent IT managers in the UK should be liable for harbouring information terrorists, a cyberwarfare expert at the Butler Group said on Thursday.

Paul Strassman, lecturer on information terrorism at Washington's National Defence University and the Pentagon's former director of defence information, said that chief information officers in the UK who are operating vulnerable servers and workstations should be accused of acting as an accomplice to information terrorism. The US government is currently drafting legislation that will address corporate responsibility for denial-of-service attacks (DoS), and Strassman believes that similar legislation is needed here.

"Computer and network executives would be well advised to anticipate major changes in their responsibilities with regard to information security which could be enforced by new legislative measures," said Strassman.

The Internet infrastructure is increasingly becoming a target for cyberwarfare according to Strassman, as it is an economical way of crippling a country or an economy from a distance. "The technique could be used by rogue countries or organisations who are targets of George W Bush, " said Jacques Halé, director of research at the Butler Group. "This kind of activity probably exists already, but at an experimental stage. If these guys are clever and have the deliberate objective of military attack, they will be able to launch a physical attack and a simultaneous Internet attack in order to paralyse the industry," he added.

The upcoming US laws will make IT managers legally accountable for leaving vulnerable systems open to attack, and suppliers of IT equipment and Internet software would become liable for not updating known security flaws in their products that have previously been vulnerable to cyberattacks. Similar laws are expected to follow shortly in the UK and Europe.

The Butler Group claims that 50 percent of servers on the Internet are running Microsoft's Internet Information Server (IIS) software, which is known to have at least 16 well-documented flaws that have been built in for commercial convenience. According to Halé, terrorists will be looking to exploit these vulnerabilities in a combined DoS and Zombie attack. "If you want to launch an attack on the White House, you simply send a message to all of your Zombies (a trojan horse that hides on a system), which then send messages to the target," explained Halé. "If you have 300,000 targets sending a message to a particular target, the traffic will be enough to paralyse the whole of the Internet."

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.