Jewish World Review Feb. 25, 2000 / 19 Adar I, 5760
http://www.jewishworldreview.com -- ONE CLICK FROM DISASTER. It was always a question of time, but when someone with a mouse shut down at least nine computer network operations, it was still a stunner. The democratic brilliance of the World Wide Web, which is open to anyone with an Internet connection, is also its vulnerability–as well as ours, since no person is more than six mouse clicks from any other. This time–who knows?–it appears to have been hackers, but the next time it could be criminals, terrorists, or foreign intelligence services.
The technique is simple enough. Download a tiny program, plant it in computers all over the world, and then, with the lift of a finger, send a simple request for access to a site over and over again–indeed scores or hundreds of times per second–creating the network equivalent of gridlock, comparable to dialing a telephone number repeatedly so that other callers just get a busy signal.
If the saboteurs were hackers, we don't know their motives. Maybe it was just to show off their computer skills or to have "fun" in the way graffiti artists do. Or maybe they object to the commercialization of the Internet and wanted to undermine consumer and investor confidence. Whatever their motives, they captured the attention of business, Wall Street, law enforcement authorities, computer security experts, the government, and the media.
The saboteurs were cowards: They took none of the personal physical risks associated with assault. But their antisocial action had its uses. It reminds us that physical distance and national borders are no longer an impediment to crime–and that we have hardly begun to take computer protection seriously. In fact, 60 percent of break-ins are by employees whose computer network offers multiple points of access. Nobody knows how extensive the problem of disloyalty is because only an estimated 15 percent of such break-ins are reported by companies, which are anxious to avoid the publicity. But Web sites in the United States can be attacked just as easily from without as from within, from thousands of miles away by hackers who need never stir from their attics. And the Web is not the only network that is vulnerable. At risk are the public telephone network, environmental-control systems in buildings, financial transactions, record-keeping systems, medical and educational networks, transportation and utility systems, government computer systems. As one expert put it, "Security is a race between lockmakers and lockpickers."
It is also a struggle between openness and restriction, credibility and cheating. Companies have been disrupted by thousands of messages from people accepting free sneakers, free flights, and free holidays, even though the companies themselves never offered these goods and services on the Web.
The president did well to respond at once to the hackers' attack and to meet with executives from leading high-tech companies to see what they could do about the growing risk of sabotage. The equipment that sophisticates can use to infiltrate and damage systems is publicly available. It is also getting easier to use, and personal identification is problematic. A crime without fingerprints is a tough challenge to law enforcement. Even if we identify the suspects, it may be very difficult to prove a previous offense, unless the authorities can demonstrate a pattern of action. Any hackers under suspicion can frustrate detection simply by changing their normal patterns of behavior. Our only hope then is that the hackers can't resist the temptation to brag about their hacker skills. Some hope.
The most promising response is probably defensive, to harden networks and make them more resistant by enhancing firewalls and encrypting communications. But if we do apprehend and convict the wreckers, let us all agree now that they and any accomplices will not be treated indulgently as harmless pranksters. This is no more a game than it was when the Barbary pirates in the Mediterranean preyed on innocent trade. Interference with electronic communications can easily result in death and disaster. Nobody can be sure of the fallout.
We were lucky this time. It was a kind of
Goldilocks attack–not so hot that it did lasting
damage; not so cold that no one could notice; just
the right temperature to provoke a response. We