Virus Writers Probed for Terror Ties Cyber Cop
By Bernhard Warner,
European Internet Correspondent

LONDON (Reuters) - Britain's task force against high-tech crime is investigating links between virus writers and extremist groups as it prepares defenses for a possible attack, a top law enforcement officer told Reuters.

The National Hi-Tech Crime Unit (NHTCU) has started working with anti-virus firms to identify patterns in the source code of the most damaging Internet worms and virus programs to determine whether they are the work of organized subversive groups or crime syndicates.

The hope is that buried somewhere in the lines of code will be clues to the author's identity, motive and possibly, future acts of sabotage.

Of the dozens of viruses and worms that emerge on the Internet each week, none has been traced back to organized crime or subversives aiming to disrupt a country's infrastructure.

But as increasingly sophisticated programs surface, some capable of knocking vast computer networks offline, law enforcement officials are preparing themselves for this type of cyber warfare.

It's a tactic that could be utilized. We've seen legitimate programs used in a way which allows people to have remote access to compromised systems. And similarly, viruses, Trojans and worms can be used by organized crime to launch attacks, said Detective Chief Superintendent Len Hynds, head of the NHTCU.

The challenge for law enforcement is in catching the suspects. Police have tracked down an increasing number of virus writers lately, but creators of the most damaging outbreaks remain at large and, some security officials say, may never be caught.

SUMMER OUTBREAKS OFFER GLIMPSE

Some increasingly potent viruses and worms, including this summer's Sobig.F virus and Blaster worm, wreaked havoc on corporate and government computer systems around the world.

Sobig.F carried a type of Trojan program, so named because it embeds itself on an infected machine and gives the virus writer the capability of controlling the computer from a remote location.

A mounting concern among security officials everywhere is that such a program could bore into a computer network and compromise, say, a police emergency response phone system or air traffic control system.

A digital attack in isolation would inflict relatively little damage, experts say. But should the incident be timed to coincide with a physical act of sabotage -- in what security experts refer to as a blended threat -- the toll could be high.

With security forces on high alert in the wake of the Sept. 11, 2001 attacks in the United States, response plans to all potential acts of sabotage -- digital or physical -- are being reviewed.

Hynds said the NHTCU has trained officers to work with the UK's National Infrastructure Security Coordination Center, the government body charged with protecting critical infrastructure, in honing a response.

Hynds declined to comment on the likelihood of a computer-generated attack on the country's infrastructure, but added: we train for them.
Reuters