First, al-Qaeda does not engage in subtle attacks. Stuxnet silently wound its way to its singular, designated target: the Iranian nuclear centrifuge system, raising alarms long after it had struck. Al-Qaeda is not known for the restraint and focus shown by the Stuxnet perpetrators. The terror group's calling card is the spectacular, multiexplosion, mass-casualty strike.
A larger question is whether al-Qaeda could launch a sophisticated cyberattack. Lynn noted that "a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage," but so far al-Qaeda hasn't publicly expressed interest in cyberterror.
To pull off such an attack, al-Qaeda would have to first assemble a team of competent computer designers and give them a well-networked space away from relentless U.S. surveillance. But there are few decently wired places where a group of al-Qaeda hackers could meet and test ideas without some level of detection. It's hard to build a complicated cyberweapon while being hunted by the world's superpower.
Stuxnet was expensive to build and technologically difficult to deploy. According to news reports, the virus was built by creating a replica of the Iranian project within Israel - a complicated, financially taxing venture.
While al-Qaeda retains a robust network of financiers, it might prove difficult to hire people with the requisite computer skills. Competent cybercriminals already make a handsome living. Few would risk their livelihoods, their lives, and America's eternal wrath by helping al-Qaeda. Protecting the bottom line may be one of the reasons that in more than 20 years, global criminal groups have yet to work with al-Qaeda.
