Dorothy E. Denning
Courtesy of the Naval Postgraduate School, Monterey, Calif.

In the early days of the Internet, optimists projected that it would usher in an era of unprecedented peace and prosperity. Maybe this will happen yet, but currently the net is proving to be a powerful tool in the hands of criminals and terrorists. On top of the rising number of globally based online thieves bent on stealing our identities and money, a growing cadre of state and nonstate actors are adding Internet weapons to their traditional arsenals that can be unleashed in cyber attacks.

The appropriation of cyber weapons emerged in the 1980's when hackers began using computer viruses and worms as platforms of protest. One of the most damaging attacks was the infection of NASA's computer network with the WANK (Worms Against Nuclear Killers)  worm in 1989. At the time of the attack, antinuclear activists were protesting the launch of a space shuttle that carried the Galileo spacecraft—the Jupiter-bound space probe was powered by a radioisotope thermoelectric generator fueled with radioactive plutonium. The protestors failed to stop the launch, but it took a month to eradicate the worm from NASA's computers, costing the space agency an estimated half million dollars in wasted time and resources.

The introduction of the Web in the 1990s brought with it new forms of digital protest, including defacements of Web sites with political and social messages and denial-of-service (D-o-S) attacks that disrupt access to target sites by flooding them with useless traffic. Often, the activists claim credit for their attacks. Although many are the work of lone individuals or small teams, groups such as the New York City–based Electronic Disturbance Theater (EDT) sponsor massive online "Web sit-ins," during which participants flood target sites with traffic at a specified time. EDT's early actions in the late '90s were designed to support the Zapatista rebels at war with the Mexican government, but their later attacks were motivated by other causes, such as the March 2008 Web sit-in against nanotech and biotech firms, because "their science is driven by the war [in Iraq] and drives the war."

Many cyber attacks are the work of patriotic citizens who hack to defend their countries, although they are not under the command and control of their governments. Chinese hackers have been among the most active, frequently defacing Taiwanese, Japanese and U.S. Web sites—the latter, for example, in response to the accidental bombing of their embassy in Belgrade during the Kosovo conflict in 1999 and the spy plane incident in 2001. U.S. hackers retaliated against Chinese sites. Pakistani hackers have hit Israeli and Indian Web sites over the conflicts in the Middle East and Kashmir, respectively. Russian hackers have been slower to engage in political protests, but their D-o-S attacks against Estonian Web sites in 2007 over the moving of a Soviet-era war memorial showed their ability to mobilize and shut down targeted Web sites, including those of banks. Soon, every interstate conflict, however minor, may be accompanied by some form of hacker war that is beyond the control of ruling governments.

Hackers have also aligned themselves with terrorist groups, including al Qaeda and the global jihad associated with it. After U.S. forces invaded Afghanistan in late 2001, a group of Pakistani hackers calling themselves the al Qaeda Alliance Online started defacing U.S. government Web sites with messages praising Osama bin Laden and condemning the U.S. invasion. That group disappeared, but others have taken its place, launching cyber attacks against U.S. and other Western sites in response to such incidents as the war in Iraq, publication of the Danish cartoons satirizing the prophet Muhammad, and the U.S. treatment of prisoners at Guantanamo Bay, Cuba. This "electronic jihad" is promoted on jihadist Web forums that coordinate the attacks and distribute information and software tools for hacking. The attacks have not been serious enough to warrant the label "cyber terrorism," but the potential is there for causing considerable damage against critical infrastructures such as power grids and oil and gas systems.