The Threatened Net:
How the Web Became a Perilous Place
The Washington Post
Copyright
Diversion Books
A Division of Diversion Publishing Corp.
443 Park Avenue South, Suite 1008
New York, NY 10016
www.DiversionBooks.com
Copyright 2015 by The Washington Post
All rights reserved, including the right to reproduce this book or portions thereof in any form whatsoever.
This is a work of fiction. Names, characters, places and incidents either are the product of the authors imagination or are used fictitiously. Any resemblance to actual persons, living or dead, events or locales is entirely coincidental.
For more information, email
First Diversion Books edition October 2015
ISBN: 978-1-68230-136-4
Table of Contents
Introduction
When talk began a half-century ago about linking computers into a revolutionary new network, few imagined the possibility of a dark side. Designers foresaw the need to protect the network against potential intruders or military threats, but they didnt expect the Internets own users would someday use the network to attack each other. Nor did they expect how popular and essential the Internet would become.
What began as an online community for a few dozen researchers to move information quickly and reliably now is accessible to an estimated 3 billion people who collectively use it to pursue a full range of human motives: good, bad and everything in between. The network itself, meanwhile, has not aged well. The Internet can appear as elegantly designed as a race car, but its closer to an assemblage of hacks or kludges, short-term fixes that were supposed to be replaced yet never were. They endure because they work, or at least work well enough.
The consequences play out across cyberspace every second of every day, as hackers exploit old, poorly protected systems to scam, steal and spy on a scale never before possible. The Internets original design fast, open and frictionless is what allows their malicious code to wreak havoc so widely. The flaws they exploit often are well-known and ancient in technological terms, surviving only because of an industry-wide penchant for patching over problems rather than replacing the rot.
A rising waves of viruses, worms and hackers prompted a chorus of warnings in the 1990s as the Internet was exploding in popularity with the arrival of the world wide web. But the federal government had neither the skill nor the will to do anything about it.
And now the vulnerabilities may never be fixed. After hundreds of billions of dollars has been spent on computer security, the threats posed by the Internet seem to grow worse each year. Where hackers once attacked only computers, the penchant for destruction has now lept beyond the virtual realm to threaten banks, retailers, government agencies, a Hollywood studio and, experts worry, critical mechanical systems in dams, power plants and aircraft.
As the number of connected devices explodes from roughly 2 billion in 2010 to an estimated 25 billion by 2020 security researchers have repeatedly shown that most online devices can be hacked. Some have begun calling the Internet of Things, known by the abbreviation IOT, the Internet of Targets.
Widespread hacks on cars and other connected devices are destined to come, experts say, as they already have to nearly everything else online. Its just a question of when the right hacking skills end up in the hands of people with sufficient motives.
The future looks no safer as a single operating system, Linux, comes to dominate the online world despite serious security issues that could be fixed but havent been. Yet again, other priorities speed, flexibility, ease of use often win out. Warnings get ignored.
The Posts Craig Timberg spent a year delving deeply into the story of how the Internet became at once so crucial and so insecure, by speaking to dozens of scientists, industry leaders and skeptics to tease out the unforeseen consequences of decisions made over decades. His reporting, collected together for the first time in this e-book, tells an essential tale about the creation of our new digital world thats at once thrilling and unexpectedly dangerous with the most serious perils still waiting to be revealed.
A flaw in the design:
The Internets founders saw its promise but didnt foresee users attacking one another
By Craig Timberg
May 30, 2015
David D. Clark, an MIT scientist whose air of genial wisdom earned him the nickname Albus Dumbledore, can remember exactly when he grasped the Internets dark side. He was presiding over a meeting of network engineers when news broke that a dangerous computer worm the first to spread widely was slithering across the wires.
One of the engineers, working for a leading computer company, piped up with a claim of responsibility for the security flaw that the worm was exploiting. Damn, he said. I thought I had fixed that bug.
But as the attack raged in November 1988, crashing thousands of machines and causing millions of dollars in damage, it became clear that the failure went beyond a single man. The worm was using the Internets essential nature fast, open and frictionless to deliver malicious code along computer lines designed to carry harmless files or e-mails.
Decades later, after hundreds of billions of dollars spent on computer security, the threat posed by the Internet seems to grow worse each year. Where hackers once attacked only computers, the penchant for destruction has now leapt beyond the virtual realm to threaten banks, retailers, government agencies, a Hollywood studio and, experts worry, critical mechanical systems in dams, power plants and aircraft.
These developments, though perhaps inevitable in hindsight, have shocked many of those whose work brought the network to life, they now say. Even as scientists spent years developing the Internet, few imagined how popular and essential it would become. Fewer still imagined that eventually it would be available for almost anybody to use, or to misuse.
Its not that we didnt think about security, Clark recalled. We knew that there were untrustworthy people out there, and we thought we could exclude them.
How wrong they were. What began as an online community for a few dozen researchers now is accessible to an estimated 3 billion people. Thats roughly the population of the entire planet in the early 1960s, when talk began of building a revolutionary new computer network.
Those who helped design this network over subsequent decades focused on the technical challenges of moving information quickly and reliably. When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didnt anticipate that the Internets own users would someday use the network to attack one another.
Computer worm: A standalone piece of software that can make copies of itself and spread to other computers. A destructive worm can make so many copies of itself that it overwhelms host computers, causing them to crash.
We didnt focus on how you could wreck this system intentionally, said Vinton G. Cerf, a dapper, ebullient Google vice president who in the 1970s and 80s designed key building blocks of the Internet. You could argue with hindsight that we should have, but getting this thing to work at all was non-trivial.
Those involved from the early days what might be called the networks founding generation bristle at the notion that they somehow could have prevented todays insecurity, as if road designers are responsible for highway robbery or urban planners for muggings. These pioneers often say that online crime and aggression are the inevitable manifestation of basic human failings, beyond easy technological solutions.