LONDON – Britain is hiring former computer hackers to join a new security unit aimed at protecting cyberspace from foreign spies, thieves and terrorists, the country’s terrorism minister said.
Alan West said the technology-savvy staff will join efforts to trace the source of – and prevent – cyber attacks on Britain’s government, businesses and individuals. The country also will develop its capability to wage cyber warfare against the country’s foes, he said.
Prime Minister Gordon Brown announced the creation of the unit Thursday as he published an updated national security strategy, detailing Britain’s response to global terrorism and emerging threats.
“Just as in the 19th century we had to secure the seas for our national safety and prosperity, and in the 20th century we had to secure the air, in the 21st century we also have to secure our position in cyberspace,” Brown said.
West said British government systems had probably come under cyber attack but that he did not know of any specific cases where sensitive data had been lost. British telecom BT Group PLC, one of the world’s largest telecommunications providers, estimates it has about 1,000 attempted cyber attacks per day on its systems, West said.
Jonathan Evans, the head of Britain’s domestic spy agency MI5, has previously warned that both China and Russia are using new technology to spy on Britain. Russia is accused of mounting large-scale attacks on Estonia’s computer systems in 2007.
British officials are concerned that some terrorist groups, including those linked to al-Qaida, are likely to soon develop the capability to use cyber warfare to attempt attacks on Western targets. “So far, the terrorists have not been the biggest threat in that area, but they are learning quickly,” West said.
Britain estimates about 52 billion pounds ($86 billion) is lost to the world economy each year as a result of malicious attacks on computer systems. Britons spend about 50 billion ($82.6 billion) online per year.
West said the British government was looking to young computer geeks – including those previously involved in hacking or low-level cyber crime – to help overhaul the country’s defences.
“You need youngsters who are actually deep into this stuff – and they really get into it. If they’ve been slightly naughty, very often they really enjoying stopping others,” said West, a former head of Britain’s defence intelligence staff.
Hackers often use computer programing skills to test for weaknesses in the security systems of computer networks, steal or delete files, or install malicious programs – sometimes called trojan horses – that can be activated at a later date. Criminal hackers commonly steal banking data such as credit card details.
West said the new cyber security operations unit will be based at Britain’s vast Government Communications Headquarters, a major eavesdropping centre in Cheltenham, western England.
He said some staff would likely have colorful backgrounds, but within limits. “I think we have to be a bit careful, we wouldn’t have ultra, ultra criminals who’ve made millions, I’m not saying that,” he said.
But Eugene Spafford, a professor of computer science at Purdue University, in Indiana, said it won’t be easy for all former hackers to become cyberspace police. “Knowing how to break a window is different from knowing how to fix it or to install it,” he said. “They may find flaws, but that doesn’t know they know how to fix the system.”
West also confirmed that – like the U.S. military – Britain has the ability to carry out its own cyber operations. “It would be silly to say that we don’t have any capability to do offensive work from Cheltenham,” West said.
The U.S. National Security Agency has said the United States is developing plans for a new cyber command at a Maryland army facility.
In a report released last month, the U.S. Government Accountability Office said the number of cyber threats or incidents reported by federal agencies rose from about 5,500 in 2006 to more than 16,800 last year. Military officials in the U.S. say the Pentagon spent more than $100 million in the past six months responding to, and repairing damage from, cyber attacks and other computer network problems.
Associated Press Writer Meera Selva in London contributed to this story.