|
Sim City: Terrortown
AS SOMEONE WHO FANCIES HIMSELF a smarty-pants Washington writer, I had been convinced by the smarty-pants Washington elite that the threat of cyberterrorism – terror attacks carried out online instead of, you know, with bombs – is a hoax. I even commissioned and edited an article that said as much for Slate, the online magazine for the smarty-pants set. The theory goes something like this: Technology companies, desperate for profit after the dotcom bust, concocted the idea of cyberterrorism in the wake of September 11 to gobble money from the federal homeland security trough. But we all know that nobody's life is in peril if Osama bin Laden orchestrates a multifront attack on Orbitz, CheapTickets, and Expedia.com.
To confirm my bias, I participated in a cyberterrorism exercise held at a homeland security convention this spring in Washington, DC. Set up by the Dartmouth Institute for Security Technology Studies, the simulation was a relatively low tech affair in which hackers and other evildoers attempted to do their worst to a hypothetical New England city called Harbortown. About a dozen of us got laptops and roles. I was the police operations manager. (Citizens: Be afraid.)
<snip>
During the debriefing, the sim's devious creators filled us in on what we'd been up against. At the hospital, an operative walked in with a thumb drive and compromised the drug dosage database, which led to the deaths. The city Web site was counterfeited using a simple DNS hack. In the course of routine cop car maintenance, a contractor sabotaged a dashboard terminal; other terrorists aimed jammers at a city communications tower, a tactic more often associated with the US military.
The exercise didn't prove to me that cyberterrorism is any worse than real terrorism – the old-fashioned truck bombs were by far the most destructive act. But in eight hours, I went from smarty-pants to scaredy-cat. Computers don't kill people; people with computers kill people.
– Chris Suellentrop
|