Schneier: Worry about cybercriminals, not terrorists

Security expert Bruce Schneier has warned that talk of cyberterrorism could have a damaging effect on levels of IT security.

Schneier told ZDNet UK on Tuesday that officials claiming that terrorists pose a serious danger to computer networks are guilty of distracting attention away from the threat we face from criminals.

"I think that the terrorist threat is over-hyped, and the criminal threat is under-hyped," Schneier said.

"I hear people talk about the risks to critical infrastructure (CNI) from cyberterrorism, but the risks come primarily from criminals. It's just criminals at the moment aren't as 'sexy' as terrorists," he added.

Schneier was speaking after the SANS Institute released its latest security report at an event in London. During this event, NISCC director Roger Cummings claimed that foreign governments are the primary threat to the UK's CNI.

"Foreign states are probing the CNI for information," claimed Cummings. The UK's CNI is made up of financial institutions; key transport, telecoms and energy networks; and government organisations.

Schneier, though, is concerned that governments are focusing too much on cyberterrorism, which is diverting much-needed resources from fighting cybercrime.

"We should not ignore criminals and I think we're under-spending on crime. If you look at ID theft and extortion — it still goes on. Criminals are after money," Schneier said.

Cummings also claimed that hackers are already being employed by both organised criminals and government bodies, in what he termed the 'malicious marketplace'.

Schneier agrees that this is an issue.

"There is definitely a marketplace for vulnerabilities, exploits and old computers. It's a bad development but there are definitely conduits between hackers and criminals," Schneier said.

Click here to read the full interview with Schneier.