The hacker attacks on some of America's biggest Web sites shows how vulnerable the Internet is to anonymous troublemakers. RFE/RL's Andrew F. Tully looks at how vulnerable the Web is, and what can be done to protect it.
Washington, 11 February 2000 (RFE/RL) -- What makes the World Wide Web so useful also makes it easy prey for malicious attack.
The web, as its name suggests, is nothing more than the network of common telephone lines that blanket the Earth. Computers use these lines to exchange "packets" of digital data, whether they are sending and receiving e-mail or navigating from one website to another.
The routes these "packets" take vary, depending on which telephone lines have available capacity, or "bandwidth," to carry them. If a computer user regularly sends e-mail to a given friend, his message rarely takes the same route twice.
And yet the e-mail invariably reaches its destination, usually within seconds, regardless of whether the route is direct or circuitous.
This surprisingly cooperative network of telephone lines also serves as the Internet's big weakness. Because data "packets" travel unpredictable routes to their destinations, the senders of the packets can hide their origins and often avoid being traced.
This is the task facing the U.S. Federal Bureau of Investigation (FBI) as it looks for the hacker -- or hackers -- responsible for crippling several of the most prominent websites in America. Targeted sites included Yahoo.com, CNN.com, and, on Wednesday, the stock-trading site E*Trade.com.
Ron Dick is the director of the FBI's National Infrastructure Protection Center. At a news conference on Wednesday with U.S. Attorney General Janet Reno, he made it clear that the FBI is aware tracking the people responsible will be difficult.
"It's highly likely that the origin of these attacks on these businesses are not from witting or knowing individuals or businesses. They probably are unwitting people. Their businesses or systems have been intruded into. Tools by which to launch these attacks have been placed there without their knowledge. And someone at a remote location is controlling those tools to launch attacks against the victims that have been highlighted in the media here recently."
Because of this, Dick said, preventing such attacks cannot be the role of a single organization.
"Security in the Internet is a community effort. It is not something that can be done by any one organization, any one federal agency, the government itself. It is a partnership between all of us, and the most important partner is the private sector itself. And your security, or the security of systems within the private sector -- or the lack thereof -- can cause harm to other as exemplified in the things that we've seen gone on the last couple of days."
Solveig Singleton is the director of information studies at the Cato Institute, a Washington think-tank. She agrees with Dick that security cannot come from just the FBI or the U.S. National Security Agency (NSA). She told RFE/RL on Thursday that it must come from every user of the Internet.
"Now in the Internet, it may be that we have to start thinking about security the same way we think about computer viruses. That is, the NSA and the FBI and so on will still have a role, but also, each part of the network will have a big responsibility for protecting itself and developing technologies that protect themselves, just the way we put locks on our doors and so on."
Adam Thierer is a fellow in economic policy at the Heritage Foundation, a Washington think-tank, who has written extensively on electronic commerce and the Internet. Thierer says this week's hacker assaults deny Web-based businesses the most important asset they have: customer interest.
This is known in the industry as "eyeballs" -- if a customer, or a potential customer, allows his eyes to move from a business' website, he may never return to the site in the future. Malicious interference means that a web business stands to lose not only an immediate sale, but possible future sales, which are impossible to estimate.
"It's more than just money as well. I mean, obviously, these sites can lose money by being, you know, off-line for a certain amount of time, but they can also lose interest, and they can lose 'eyeballs.' They can lose people who say, 'I'm tired of waiting around for this. I'm going somewhere else where I can get on-line."
Erran Carmel, an associate professor of business management at American University, for the most part agrees with Simpson that for the most part, the hackers caused only annoyance. And he disputes Thierer's argument that slow connections lose "eyeballs" -- customers who might otherwise return to a business' website. Carmel notes that people are used to slow Internet connections. Indeed, in America, the World Wide Web is sometimes referred to as the "World Wide Wait."
But Carmel stresses that for people like "day traders," who buy and sell stocks without brokers directly over the web, interference by hackers can be financially disastrous.
"People are used to getting lousy response on the Internet, even those who have fast connections, because of all kinds of technical issues. And when they get one or two lousy responses, I think, that's still -- for most people, that's still well -- well within the threshold of acceptability on the web these days. Now, if you're not able to execute a [stock] trade, and you're a day trader, that's very -- that's very serious, that has real dollars and cents."
Carmel says access to the web is much faster than it was three years ago, for example, and he says this access will continue to accelerate as current technologies mature and new technologies emerge. By then, he said, customers for non-critical goods or services will no longer accept delays on websites. And damage from such attacks could therefore be much more costly to businesses.