An attack of cyber-terrorism is likely at some point, but won't be nearly as devastating as assaults launched with more conventional weapons, a computer security consultant said Sunday at a conference on cyber-crime.
Richard Hunter, a vice president and research director for Stamford's Gartner Inc., said a well-executed cyber-attack could cause damages counted in the tens or even hundreds of millions of dollars.
But those damages would be primarily financial in nature, and not the kind of human carnage that politically motivated terrorists traditionally favor, said Hunter, one of the speakers at CyberCrime 2003, a three-day conference that began Sunday at Foxwoods Resort Casino.
As the United States moves closer to war with Iraq, cyber-terrorism was high in the minds of the 750 conference attendees who also gathered to hear about such security issues as hacking, identity theft, electronic fraud and online sex crimes.
The annual conference, now in its third year, is organized by Internet Crimes Inc., a Madison-based company that specializes in training law enforcement officers, corporations and government agencies in how to defend and detect cyber-crimes.
"I think it's a real possibility that someone will attempt to use computer networks to do harm, but we have to keep the consequences of that in perspective," Hunter said. Conventional bombs and biological and chemical agents, he said, "are still far more destructive than the cyber-weapons that they have at their disposal."
James Doyle, the company's president and co-founder of the New York Police Department's computer investigations unit, said the Internet and other networks remain vulnerable to penetration and disruption, despite recent efforts to tighten security.
"The basic question is not, `Are you going to get hacked?' It's `When are you going to get hacked?'" Doyle said.
Speaker after speaker during Sunday's work sessions described how local, state and federal law enforcement agencies have struggled to come to grips with the threat of cyber-crime.
Part of the challenge, they said, has been in educating law enforcement officers and private users of computer networks about the various ways in which crimes can be committed online. At the same time, officials have struggled to understand how such crimes can be successfully investigated and the guilty prosecuted.
The number of people attending the conference was almost evenly represented by law enforcement groups, private industry and government agencies, organizers said. Attendance was up by 11 percent compared to a year ago, despite tighter government budgets, they said.
In other sessions, William Kezer of the U.S. Postal Inspection Service discussed how online crimes can be successfully tracked through the mail system and prosecuted.
Chris Salafia, chief executive officer for Internet Crimes Inc., said security is starting to tighten on computer networks compared with several years ago, but that much work remains.
"We're paying a lot more attention now than we were," he said. "But we'll never be done."