A worm and a terror alert

Be afraid. Be very afraid. That’s the message from the U.S. State Department, which issued its travel alert over the weekend for Americans traveling to Europe. But without any specific instructions on what to do about the “potential for terrorist attacks” there.

“U.S. citizens should take every precaution to be aware of their surroundings and to adopt appropriate safety measures to protect themselves when traveling,” the alert says.

So the administration has managed to instill a vague sense of panic into U.S. citizens, who are left to decide themselves whether to go ahead with their travel plans. Most have greeted the alert with a shrug and have carried on with business as usual. I’m still planning to fly to London and take the Eurostar to Paris. What’s the alternative unless the U.S. administration grounds all flights, as we saw with a Heathrow terror alert in August 2006?

There is another threat out there, however, on which the administration has remained silent. There is a cyber worm slithering around, contaminating the computers in the industrial complexes of several countries, including Iran. The Iranian connection led to feverish speculation — none of which seems to be backed up by facts — that Israel or the U.S. were behind the cyberattack, described as the most malicious computer worm recorded to date. Its origins remain unknown.

The Stuxnet worm has now affected hundreds of thousands of computers in countries including China, Indonesia, Germany and Kazakhstan. Only 2 percent of the affected machines are in this country.

But that’s not necessarily a cause for rejoicing, because it now seems that the Stuxnet worm — which was originally set in motion by a USB flash drive — is affecting civilian computers, home and office PCs that are not connected to the industrial infrastructure.

“This is no hype bubble; if anything, the seriousness of the threat has been underestimated,” says industry specialist Michael Markulec in the authoritative Jane’s Defense Weekly.

Microsoft CEO Steve Ballmer warned in London today that malware such as Stuxnet could affect countries’ economic development.

Governments, individually and at the U.N., are at last getting their heads around the cyber-warfare threat. The U.N. charter provides for self defense in the case of “armed attack.” But in the case of the Stuxnet worm, it’s not armed attack and nobody has died. Estonia, a NATO member, was targeted by a cyberattack in 2007. But although the Russians were the prime suspect, the attack could not be conclusively linked to the Russian government. That raises the issue of how to justify retaliation when a cyberattacker remains anonymous.

Is my laptop at risk from Stuxnet? I have no way of knowing. There has been no specific warning about the risks to public computers from innocuous-looking memory sticks. But stealth is the main tool of the terrorist and of the computer worm. Never forget that the 9/11 attacks came out of a clear blue sky.