A worm and a terror alert

Be afraid. Be very afraid. That’s the message from the U.S. State Department, which
issued its travel alert over the weekend for Americans traveling to Europe. But
without any specific instructions on what to do about the “potential for terrorist
attacks” there.

“U.S. citizens should take every precaution to be aware of their surroundings and
to adopt appropriate safety measures to protect themselves when traveling,” the
alert says.

So the administration has managed to instill a vague sense of panic into U.S. citizens,
who are left to decide themselves whether to go ahead with their travel plans. Most
have greeted the alert with a shrug and have carried on with business as usual.
I’m still planning to fly to London and take the Eurostar to Paris. What’s the alternative
unless the U.S. administration grounds all flights, as we saw with a Heathrow terror
alert in August 2006?

There is another threat out there, however, on which the administration has remained
silent. There is a cyber worm slithering around, contaminating the computers in
the industrial complexes of several countries, including Iran. The Iranian connection
led to feverish speculation — none of which seems to be backed up by facts
— that Israel or the U.S. were behind the cyberattack, described as the most
malicious computer worm recorded to date. Its origins remain unknown.

The Stuxnet worm has now affected hundreds of thousands of computers in countries
including China, Indonesia, Germany and Kazakhstan. Only 2 percent of the affected
machines are in this country.

But that’s not necessarily a cause for rejoicing, because it now seems that the
Stuxnet worm — which was originally set in motion by a USB flash drive
— is affecting civilian computers, home and office PCs that are not connected
to the industrial infrastructure.

“This is no hype bubble; if anything, the seriousness of the threat has been underestimated,”
says industry specialist Michael Markulec in the authoritative Jane’s Defense
Weekly.

Microsoft CEO Steve Ballmer warned in London today that malware such as Stuxnet
could affect countries’ economic development.

Governments, individually and at the U.N., are at last getting their heads around
the cyber-warfare threat. The U.N. charter provides for self defense in the case
of “armed attack.” But in the case of the Stuxnet worm, it’s not armed attack and
nobody has died. Estonia, a NATO member, was targeted by a cyberattack in 2007.
But although the Russians were the prime suspect, the attack could not be conclusively
linked to the Russian government. That raises the issue of how to justify retaliation
when a cyberattacker remains anonymous.

Is my laptop at risk from Stuxnet? I have no way of knowing. There has been no specific
warning about the risks to public computers from innocuous-looking memory sticks.
But stealth is the main tool of the terrorist and of the computer worm. Never forget
that the 9/11 attacks came out of a clear blue sky.