Mark Gibbs: Many could . . . but they lack the motivation
The recent Computerworld article on Cisco's fracas with one Michael Lynn and its implications for shutting down the 'Net generated interesting feedback. Thanks to all who wrote in.
Reader Dane Dawson disapproved: "Cisco was able to work with the other people and stay the issue, but that didn't stop a media-driven periodical such as yours . . . from publishing whatever you want."
I should point out that I am not an employee of Computerworld and my editor doesn't control what I write (except to correct the grammar and take out the dirty words).
So, why do I think the Cisco fracas matters so much? My concern was that Cisco chose security through obscurity to paper over the cracks in the Internet infrastructure, which is effectively a Cisco monoculture.
Dawson continued, "So instead of working quietly to hush this, you publish it so that every anti-Cisco, anti-western, terrorist [in the name of journalism], hacker and anyone else who was close to destroying a company, has access and the tools to exploit routers. Congratulations, you have become a terrorist yourself."
Even though I didn't write about any details of the exploit or even point out where you could find out how it worked, I am apparently a terrorist for having the temerity to discuss a public issue! What this complaint demonstrates is a profound misunderstanding of how the Internet is vulnerable and who is the threat.
As you will see from Paul McNamara's comments on this page, he and I disagree on how vulnerable the 'Net really is. He contends that if it was that vulnerable, someone would have had a whack at it by now. As we can see no signs of such an attempt, we should conclude it isn't vulnerable.
This is essentially the anti-UFO "alien wrench" argument: If aliens are visiting us all the time then why haven't we found an alien wrench lying around? I don't believe in UFOs but let's see: if you're several million miles from the garage wouldn't you plan to keep track of your wrench?
Wouldn't completely cleaning up after you've scared the bejesus out of some hick farmer and disemboweled one of his cattle be logical?
Anyway, I contend that the Internet is vulnerable and it hasn't been taken down because the bad guys with the wherewithal don't have the motivation to do so. Consider the terrorists. There are lots of them all over the world and many of them have the wherewithal, but they need the 'Net.
For example, it is well-known that Al Qaeda uses the Internet extensively for communication and publishing propaganda. Take out the 'Net and they'd have to go back to traditional communications. It would also screw up their banking arrangements.
Is your average hacker a risk to the Internet? It would only be by accident. A really knowledgeable hacker probably wouldn't attack the 'Net because if you are that savvy you can foresee the consequences and they would be serious to say the least.
The wild card is someone as crazy as the Unabomber. Luckily he didn't have the wherewithal when it came to the 'Net but he's not the only looney out there.
The most likely source of doom as far as the 'Net is concerned will be a skilled teenage hacker with a total lack of perspective and empathy. There's your alien wrench. Just because you haven't seen it yet doesn't mean the aliens don't exist. Lack of evidence doesn't disprove the theory or remove the possibility.
Paul McNamara: Very tough, which is why no one's done it
You'll hear the proposition phrased any number of ways: Lots of people - some bad actors - possess the know-how and wherewithal to crash the Internet, and it is only through their collective goodwill, overriding self-interests, and/or dislike of prison food that the 'Net has yet to meet that unthinkable fate.
Me? I'm going to defend logic and common sense, which to my mind are on the side of a different proposition, namely that the ability to crash the Internet - as in kaput for an extended period - remains theoretical, largely because it is exceedingly more difficult than the Chicken Littles would have us fear. Moreover, the fact that it hasn't happened speaks not to a dearth of qualified bad guys with the requisite motivation - but simply a dearth of qualified bad guys.
The best news for me is that the facts - to the extent that there are any in this angels-on-the-head-of-a-pin debate - align on my side. (The unsettling news for me is that there will be some days between when I stop writing and you start reading, leaving far too much time for me to be proven wrong in a most embarrassing way.)
Let's start with an unassailable fact: not a single bad guy has managed to slip a bullet behind the Internet's ear in the decade or so that the commercialized 'Net has presented a tempting target for every hacker and terrorist on the planet. And it's not that the idea hasn't crossed anyone's mind. Witness this story from Wired Magazine that carries the headline: "50 Ways to Crash the 'Net."
Note the publication date: August 19, 1997.
Either the bad guys didn't read Wired back then or the 50 ways left a bit to be desired in terms of accomplishing what the headline promises. Let's frame the matter more positively, though: I say that those toiling to stop the bad guys from killing the Internet have done a butt-kicking good job. Give them a round of applause instead of chalking it up to blind luck and the whims of criminals.
But my biggest beef with the wolf criers is not over the idea that someone might make the 'Net take a dirt nap. There's no way to argue that it's literally impossible, after all, and lots of smart people say that they or other smart people can do it. However, just as cloning a human baby or landing a man on Mars is possible, they are only possibilities until someone actually succeeds. And I'm betting we'll see a cloned baby before a croaked Internet.
No, my biggest beef is with the notion that a universal lack of motivation has somehow draped a force field over what would otherwise be a hopelessly doomed Internet. This thinking holds that the bad guys who might bring down the 'Net are just like the rest of us: hopelessly hooked on e-mail and e-commerce - in particular, electronic banking - and as such they simply could not abide the thought of depriving themselves of those channels.
All of them? This theory ascribes a level of reason and responsibility to a crowd that otherwise displays precious little of either.
Which brings us back to the numbers. If you tell me that only a handful of people could kill the Internet, I might buy that all five have simply decided not to do it.
But I heard an IT executive from a major company say that five guys in his shop alone could accomplish the feat before lunchtime. If he's right, that means thousands - or tens of thousands - can do it worldwide.
And if thousands can do it, those of you reading this online right now . . . wouldn't be.
Still there? . . . I thought so.