Army expects 'suicide hacker' attacks

Army expects "suicide hacker" attacks

Australia is preparing for cyber-terrorism attacks from "suicide hackers", who will aim to bring down critical infrastructure for a "cause" and not worry about facing 30 years in jail for their actions.

So far there have been no major acts of cyber-terrorism -- where hackers take down parts of the critical infrastructure by breaking into power, water, transport or even air traffic control systems -- but the subject has been discussed a great deal.

On Tuesday, Colonel Paul Straughair, the director of network centric warfare at the Australian Army and part of the Australian Department of Defence, said he saw "no logical reason" why suicide hackers would not strike in the future.

"We see suicide bombers that are prepared to die for their cause. I don't think it is too far before we start to see people who are quite prepared to conduct cyber-terrorism.

"While the risk will be high that they will be caught, they will accept that as a fact of life for 'the cause' and be prepared to go to prison for 30 years because they stopped a banking system working or a power grid taken down or took down the air traffic control system of a country for a period of time," Straughair told ZDNet Australia.

The suicide hacker scenario was possible but unlikely, according to Jo Stewart-Rattray, director of information security at Vectra, who said she found it hard to believe that someone would be willing to spend 30 years in prison for "a cause".

"We know hackers are getting bolder and bolder and it is possible that someone would do that ... but it sounds like an unlikely scenario," she said.

According to Stewart-Rattray, there was now a heightened awareness of cyber-terrorism, which would make it harder to cause chaos than it would have done a few years ago.

"When I was working in critical infrastructure -- even after 9/11 -- I would hear engineers say 'but it is only engineering data, who would care'. I think that attitude has greatly changed," Stewart-Rattray told ZDNet Australia.

However, she admitted that if a hacker was determined and patient enough and really didn't care about getting caught, it would be possible to "create havoc".

"It would have to be a really planned attack and it may well be about infiltrating the system where somebody would actually be in there as a 'trusted' member of staff.

"If they didn't care about getting caught and they didn't care about how long it took them then that would surely be the way to create havoc," added Stewart-Rattray.