The U.S. Federal Bureau of Investigation (FBI) is conducting a criminal investigation of hacking attacks against some of the most prominent American sites on the World Wide Web. So far there are no suspects, and the motive is not known. RFE/RL's Andrew F. Tully explores why a young, knowledgeable computer enthusiast would risk a prison term when he could easily use his talents as a legitimate -- and well-paid -- employee of an electronics company.
Washington, 10 February 2000 (RFE/RL) -- Computer hackers have been busy this week, mounting assaults on the some of the largest Web sites in America. And the FBI is after them.
On Monday, a "denial-of-service" attack slowed down Yahoo.com, an Internet "portal" that provides services ranging from Internet searches to free e-mail. On Tuesday, the same thing happened to the giant bookseller Amazon.com, the huge auction site eBay.com, the CNN Web site, and Buy.com, an on-line retailer that specializes in computer hardware and software.
On Wednesday, hackers targeted ZDNet, an elaborate Web site operated by Ziff-Davis, which publishes widely circulated technology periodicals.
The hackers did not actually enter the sites to tamper with data. Instead, they sent telephonic data, known as "pings" to the sites' computer servers. A server receiving a "ping" always responds to make full contact by reading the caller's telephonic address.
But hackers mounting a "denial-of-service" attack hide their addresses. The Web site then wastes time trying to establish contact. When many such "pings" are received, the Web site wastes enormous computing resources, and activity at the site is slowed to a crawl -- or stops altogether. "Denial-of-service" attacks are a kind of electronic picket line that prevents customers from entering to conduct legitimate business.
Sometimes, "denial-of-service" attacks are coordinated among several hackers. But experts say just one hacker can use others' computers without their knowledge to make the assault.
On Wednesday, the U.S. Justice Department held a news conference where Attorney General Janet Reno sought to reassure U.S. businesses that the Federal Bureau of Investigation has begun a criminal investigation to make sure business on the Web can be conducted without interference. She said the attacks so far this week denied Internet services to millions of people, although the amount of money lost from interrupted commerce has not been established.
Reno said the FBI has begun a criminal investigation of the electronic intrusions, and it is working to learn the identities of the hackers. But investigators still do not know whether the attacks were coordinated or whether the initial sabotage conducted against Yahoo.com inspired others to do the same.
The attorney general also said the motive was unclear.
Indeed, if a computer enthusiast is sufficiently technically proficient to mount and coordinate a "denial-of-service" attack, why does he run the risk of arrest and imprisonment? Why not simply get a job in the computer industry -- especially a job that today pays so well in the United States?
PC Magazine, one of the most respected general-circulation computer magazines in America, writes in its current issue (February 22) that entry-level salaries in computer engineering -- jobs for which most hackers would qualify -- have risen to $50,000 a year, and are still rising.
Christopher Simpson is a professor of communications at American University in Washington who specializes in electronic commerce. He tells RFE/RL that many hackers feel politically and economically powerlessness in the face of huge corporations that control the world's communications infrastructure.
What disturbs Simpson is what he calls the "Draconian" with stiff penalties for most hacking. In fact, he says he is unconcerned about this week's assaults. He described them as a mere inconvenience that apparently threatened no one's livelihood, and noted that the target Web sites were able to blunt the attacks quickly.
"The [U.S.] government has -- led particularly by the military, by the way -- has long recognized the potential seriousness of this, and as spent literally billions of dollars to devise means to frustrate, or to stop, hackers from being successful."
Simpson says some hackers see themselves as doing good for those with even less power, like modern-day Robin Hoods. But he emphasizes that it would be a mistake attribute conventional political motives to them.
"What you'll find if you speak to hackers or if you read their magazines [is] that they're neither left nor right wing. They're a -- they tend to be a political genre unto themselves."
Adam Thierer is an expert on telecommunications and the Internet at the Heritage Foundation, a Washington think tank. He disagrees with every point that Simpson made. First, Thierer says he suspects the hackers responsible for this week's attacks are technically adept young people intent on glory.
"Here's a set of techno-wizard kids who are obviously seeking some form of attention or self-glorification in their own little way, to say, 'Look what I've done to take down a major corporation's site or a major organizational Web page. If this provides their little egoistic, narcissistic psyches with some sort of gratification, I guess that's one explanation."
Thierer also says it is a mistake to dismiss this week's attacks as mere inconveniences for Web surfers.
"These Web sites are the property of some individual or some corporation. They are up to provide a service to the public. The same way we would prosecute a young individual who threw a rock through the window of a corner store and disrupted business, we would probably want to prosecute kids that come on and throw a rock through the Internet site or threw a wrench into the Internet site of a major corporation or organization and shuts down business."
Thierer says he is not concerned about what will happen to these young people if they are caught -- if they are caught. In fact, he argues, most hackers never have to face the consequences for their activity.
But in this case, at least, the FBI hopes to prove Thierer wrong.