Black Hat: Hackers and crackers needed to counter terrorists

Stuxnet proves the crossover from traditional tactics to cyberattacks, speaker says

LAS VEGAS -- Hackers and crackers heard a patriotic plea during a Black Hat keynote in which they were portrayed as potential heroes as terrorism shifts from acts of physical violence to cyberattacks that can also cause physical destruction.

The chief of the CIA's counterterrorism group during 9/11 told the crowd of thousands that the traditional top three terrorist threats -- chemical, bacteriological, radiological -- have shifted to kinetic (troops and weapons), bacteriological and cyber.

"My world of terrorism has gone," said Cofer Black, now retired from 28 years in the CIA. "Now it's your turn."

MAJOR HACK: McAfee on mammoth cyberattack: Hackers compromised 72 organizations since 2006

Stuxnet has forever changed the face of terrorism and the consequences of cyberattacks, Black said. The sophisticated worm, which took over control mechanisms for centrifuges in Iran's nuclear refinery and wore them out, had the impact of a physical assault.

"Stuxnet is the Rubicon of our future," he said. "What had been college pranks cubed and squared has now changed into physical destruction of a national resource. This is huge."

So huge that the U.S. military has made it part of its policy that cyberattacks with physical consequences beyond network damage -- such as taking down a power grid -- may warrant kinetic responses, like airstrikes against enemy power plants as retaliation.

He said that U.S. counterterrorist activity has reduced the likelihood of another large-scale terrorist event like the attack on the World Trade Center, and that terrorists will make an increasing investment in hacking and cracking skills because they now know these actions can be destructive.

Black said budding cyber-counterterrorists must be ready to contribute but also be ready to have decision-makers unprepared to accept that cyberattacks are the coming wave.

He said that leading up to 9/11, his CIA group knew a large-scale attack was coming, but not exactly when or where. The group had trouble convincing the Bush administration of its urgency, he said, until the World Trade Center fell. "Men's minds have difficulty accepting things with which they have no previous experience," he said.

He said cyberwar plans and responses need to be in place so that when an attack does come, the U.S. is prepared to act when leaders decide they have to. He said that was the case during 9/11 when the CIA had a plan to send teams of agents into Afghanistan to overthrow the Taliban and attack al-Qaeda.

Black seemed to be offering an olive branch to members of the audience who might be part of politically motivated hacker groups LulzSec and Anonymous, whose motto is, "We are Anonymous. We are legion. We do not forgive. We do not forget."

"Now I can see you," Black said, looking out at the keynote crowd of thousands. "This is my first Black Hat. We are legion."

Learn more about this topic

Safeguarding critical infrastructure from the next Stuxnet 

Stuxnet could have caused 'new Chernobyl,' Russian ambassador says 

US international cyberspace policy sounds good; will be hard to implement

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies