You know those annoying pop-up messages from Microsoft that constantly nag at you to download and install security “patches” that take forever to receive over a dial-up phone line?

Do it.

If you don't plug every security hole in your leaky Windows software, and if your firewall is not up to date, you could unknowingly become a participant in a terrorist attack aimed at bringing your country to its knees.

Imagine a Super-Duper Computer virtually assembled by linking a million different PCs connected to the 'Net into a single, globe-spanning octopus with tentacles reaching deep into vital networks. Then imagine this awesome potential cyber spy and weapon in the hands of people bent not on mischief but mayhem.

Welcome to Cyber War.

In the cyber war currently being waged by al-Qaeda and other groups with grudges against the West, taking over thousands of home computers from a remote location and then linking these “zombies” into a single massive virtual processor can allow an anonymous aggressor to mount simultaneous untraceable attacks against critical infrastructure-including nationwide power and communication grids, dams and water supplies, gas and oil pipelines, air and rail transport, banking, finance and defense.

Hitting just three nodes, a US government Hacker told PBS during a landmark televised investigation, “you would be able to destroy American communications for a significant length of time.”

He's talking about your telephone and Internet service, as well as military and financial telecommunications.

“There is no system that goes on the Internet that is not probed,” Saydari told PBS. “The estimation is, within one minute of connecting to the Internet, your system is already being probed, and has probably been probed several times.”

Amit Yoran terms the Internet “an extremely hostile environment.” The vice president of Symantec - one of the world's top anti-virus software providers - and former director of the Vulnerability Assessment and Assistance Program for the Dept. of Defense Computer Emergency Response Team, declares that users and the nation “should apply the appropriate level of protections for our computer systems - the same way we do on our streets, and around our buildings, or we do at home.”

Ironically, Americans using home computers to access email and the Internet for the latest updates on terrorist activity may unwittingly facilitate an attack that devastates their country - without shots being fired, germs being released or a bomb going off.

Says a top Hacker, working for the US government, when you buy a computer and plug it into the network, “somebody like me can then break into that computer and turn it against anybody anywhere else in the world.”

“The most effective attacks we've seen are where you have a large number of computers spread around the country where the computers have been infiltrated and taken over. Then these computers are instructed to mount the attacks,” the Hacker explains.

“So then we would see attacks coming in from everywhere. We wouldn't really know where it's originating from.”

Even if an attack was traced to the former Soviet Union, as recently happened, there is no way of knowing whether the attack originated within or outside an innocent Russian republic.

We still don't know who did Code Red, Nimda, or most of the most costly assaults launched across the Internet. Within 15 minutes last January a “worm” named “Slammer” took down 300,000 Internet servers were taken out. 911 emergency phone service and ATM machines went down across the US, and a major airliner's automated reservation system was hit. In Canada, an online referendum was cancelled.

In a similar though apparently unrelated hacker attacked one week after September 11, the Nimda virus (“admin” spelled backwards) caused billions of dollars in damage. Several other viruses in recent years have caused havoc worth hundreds of billions of dollars.

If these had been terrorist attacks instead of a few hackers having fun, the damage could have been much, much worse.

Of special concern, says the Hacker, are home and business computers connected by cable that are always on. It's incumbent to put firewalls in front of them,” he adds.

But it's not just home users who are at risk. Tens of thousands of attacks occur every week against Department of Defense systems alone. At least, these are the attacks we know about. Most cyber attacks go unnoticed and unreported.

Amazingly, the power grid in the United States and many allied countries is being networked and run with so-called SCADA links by Windows 2000 - 'a program riddled with security defects” - right out of the box.

SCADAs also control water works, chemical plants, nuclear reactors and dams.

“If you are running a Microsoft operating system, you have a target painted on your forehead,” declares the Hacker. “Penetrating a SCADA system that's running a Microsoft operating system takes less than two minutes.”

Michael Skroch, who heads “Red Team” practice attacks against US government and military computers out of Sandia National Laboratories, concurs. “When we go after an electrical power provider for the critical infrastructures,” Skroch says, “we always penetrate that system.”

So far, successful intrusions into the US power grid have been done by kids having fun, not terrorists bent on mayhem. But even these hacks are dangerous. “The fact that it was a controlled system for something very complicated and dangerous to play with was not understood by the person who broke into it,” the Hacker explains.

Even more astonishing, the Hacker reveals, “Most of our substations and power plants have no firewalls for intrusion detection. We wouldn't know if anybody's probing.”

A control system engineer and consultant Joe Weiss believes “A very worst case could be loss of power for six months or more.”

The Slammer patch was known for months. But many people didn't bother to install it.” Similarly, with Nimda and Code Red, the patch had been issued, but was too much trouble to install.

Another major cost of making any computer system more secure is the resulting performance penalty. Joe Weiss, a leading expert in control system security, observes that effective security technology can make key systems inefficient, even inoperable.

Of course, downtime costs money, too.

Experts contend that with its focus on fighting terrorism with border checks and radioactive bombs, Washington is not up to speed on a threat that attacks with bytes, not bombs.

A ZD Net investigation found,” Logic bombs, Trojan horses, worms, viruses, denial of service, and other information warfare tools are now the arsenal in a new geopolitical calculus whereby foes can take on a superpower that can no longer be challenged with conventional weapons.

And this is the problem. Hooked on conveniences, mesmerized by the promises of a connected “wireless” future, we have become far too vulnerable to malicious attacks that could disrupt or even end our lives. As Saydjari points out, “The lifestyle that we enjoy as Americans depends completely on computers. If we were to lose the ability to network and to compute, we wouldn't be able to have the America that we have today.”

The Hacker has been tracking bin Laden and followers since the late 1980s. “They are very, very good at everything from money laundering, to secure communications,” he says. “To underestimate them at any point in time is suicidal.”

Examining two terabytes of al-Qaeda data seized in Afghanistan, American analysts have found sophisticated modeling software for catastrophic dam failure. One al-Qaeda computer was pulling specific information about digital switches on power and water company system infrastructures. Another was checking railroad crossings, key bridges, natural gas depositories and fiber-optic junctions carrying the Internet.

James Lewis, senior fellow and director of technology policy at the Center for Strategic and International Studies, calls cyber warfare a “weapon of mass annoyance.”

Yoran says that while about 1% of daily Internet attacks are “extremely sophisticated”, global cyberwar is a few years off.

With more than a trillion dollars in digital transactions zipping around the globe every 24 hours, corporate coffers can also be raided by cyber terrorists to fund their operations and disrupt mega-conglomerates with more assets than many nation states.

According to Britain's ZD Net. “Almost all of the Fortune 500 corporations have been penetrated electronically. The FBI estimates that electronic crimes are running at about $10 billion a year. But only 17 percent of the companies victimized report these intrusions to law enforcement agencies. Their main concern is protecting consumer confidence and shareholder value.”

So do your bit. Your country needs you to be vigilant every time you log online. As this story neared completion, hackers have brought Canada's largest bank to a virtual standstill¸ halting computer-aided transactions for four days. The phone company providing my own Internet dial-up service has also been hacked by someone who has made it impossible to enter the required password into my dial-up connection command.

The Royal Bank is back online. And my Internet connection sort of works.

Imagine if the attackers had been terrorists.