E Barbarians At The Gate

The nomenclature is right out of Philip K. Dick's science-fiction classic, Blade Runner: "slave" cybersites, controlled from afar; digital assault weapons by the names of Trinoo, Tribal Flood Network, and Stacheldraht ("barbed wire" in German); and the Computer Emergency Response Team (CERT). The successful attack on the biggest Web sites of the Internet by unknown persons raises the specter of e-vandals penetrating the gate to the New Economy. The in-your-face audacity of the bandits reveals the defenselessness of much of the Net--at a time when its importance to global growth increases with each passing moment. The very openness of the Internet is now shown to be, in some sense, its vulnerability. Something evil now lurks in the Internet, and the halcyon days of Net freedom may be over. Policing the Net has become a necessity. Who does it and how it is done will determine, in large measure, its continued success. With hackers plying their trade from China, Finland, Israel, Russia, and elsewhere, the policing effort will have to be global.

There were hints of bad things to come. Sophisticated new software programs that executed "denial of service" attacks began to appear on the Net late last year. These programs allow hackers to break into hundreds of powerful computers and plant long-term software time bombs that make the computers "slave" machines to the hackers. In true Manchurian Candidate-style, hackers wake those computers up and, on a signal, tell them all simultaneously to bombard the victim computer with data so fast that they become unresponsive, thus denying service to regular customers.

Last August, 227 computers, each furtively taken over by unknown hackers, launched an attack on the University of Minnesota, making its network unavailable to 100,000 students and faculty for three days. There were similar attacks in Australia, France, and Norway. Many corporations and banks have also been hit, but most are keeping mum.

Very troubling is the fact that half of 227 attacking computer systems were part of Internet 2, a higher-speed successor to the current Web. By using Internet 2, the hackers were able to shoot more volleys of clogging data into the Minnesota target. Was it a dry-run for what happened to Yahoo, eBay, Amazon.com, CNN.com, E*Trade, and other sites? Perhaps. The FBI issued warnings in late December and mid-January, when the new malicious programs first appeared. The National Institute of Standards & Technology and Carnegie-Mellon's CERT also issued alerts recently. But the warnings weren't able to save the Net from a pernicious onslaught.

What must be done? There are now more than 2,000 hacker Web sites, where copies of the most advanced preformatted attack tools can be downloaded by anyone. The Internet is too important to the New Economy to allow these digital weapons of destruction to be so available.

The real issue is policing. Net businesses, of course, must make greater efforts to bolster their defenses. In the end, authorities around the world will have to increase their vigilance. It may be the ultimate irony that hackers, the cowboys of the Net, bring government law and order to this frontier through their own irresponsible behavior.