Terror on the Internet
By Philip Elmer-DeWitt
Thanksgiving weekend was quiet in the Long Island, New York, home of Michelle Slatalla and Josh Quittner. Too quiet. The phone didn't ring all weekend -- which is unusual for a pair of working journalists. Nor did they hear the familiar beep of electronic mail arriving from the Internet, although Quittner tried several times to log on. It wasn't until their tenant complained about a strange message on their answering machine that the couple investigated and discovered all was not well in their electronic cocoon.
"We'd been hacked," says Quittner, who writes about computers -- and hackers -- for the newspaper Newsday, and will start writing for TIME in January. Not only had someone jammed his Internet mailbox with thousands of unwanted pieces of E-mail, finally shutting down his Internet access altogether, but the couple's telephone had been reprogrammed to forward incoming calls to an out-of-state number, where friends and relatives heard a recorded greeting laced with obscenities. "What's really strange," says Quittner, "is that nobody who phoned -- including my editor and my mother -- thought anything of it. They just left their messages and hung up."
It gets stranger. In order to send Quittner that mail bomb -- the electronic equivalent of dumping a truckload of garbage on a neighbor's front lawn -- someone, operating by remote control, had broken into computers at IBM, Sprint and a small Internet service provider called the Pipeline, seized command of the machines at the supervisory -- or "root" -- level, and installed a program that fired off E-mail messages every few seconds. Adding intrigue to insult, the message turned out to be a manifesto that railed against "capitalist pig" corporations and accused those companies of turning the Internet into an "overflowing cesspool of greed." It was signed by something called the Internet Liberation Front, and it ended like this: "Just a friendly warning corporate America; we have already stolen your proprietary source code. We have already pillaged your million dollar research data. And if you would like to avoid financial ruin, get the ((expletive deleted)) out of Dodge. Happy Thanksgiving Day turkeys."
It read like an Internet nightmare come true, a poison arrow designed to strike fear in the heart of all the corporate information managers who had hooked their companies up to the information superhighway only to discover that they may have opened the gate to trespassers. Is the I.L.F. for real? Is there really a terrorist group intent on bringing the world's largest computer network to its knees?
The Net is certainly vulnerable to attack. Last April a pair of publicity- hungry lawyers deluged more than 5,000 Usenet newsgroups with an unsolicited promotional mailing, triggering a flood of angry E-mail massive enough to knock them off the Net. A few years earlier a single "worm" program, designed by a Cornell student to explore the network, multiplied out of control and brought hundreds of computer systems to a halt.
Since then the Internet has become, if anything, an even more tempting target. According to the Pittsburgh-based Computer Emergency Response Team, which fields complaints from systems operators, hardly a day goes by without a computer assault of one sort or another -- from filching passwords to trying to crack military files. In the first nine months of 1994, CERT logged 1,517 incidents -- up more than 75% from 1993 -- some of them involving networks that link tens of thousands of machines. Two weeks ago, someone infiltrated General Electric's Internet link, forcing the company to pull itself off the network while it revamped its security system. "Every morning we find marks from people trying to pry open the firewall," says Michael Wolff, author of the Net Guide book series and founder of a small Internet service called Your Personal Network.
Firewalls, for those not familiar with the jargon of electronic security, are computers that act like the guards in a corporation's front lobby. They are supposed to keep the tens of millions of people with Internet access from also having access to the company's internal computer system, where precious corporate assets may be stored. Firewalls typically use passwords, keys, alarms and other devices to lock out intruders. But though such obstacles are an essential feature of any well-designed security system, experts warn that the technology of firewalls is still in its infancy. "There is no such thing as absolute security," says Steven Bellovin, co-author of Firewalls and Internet Security. "There is only relative risk."
And what about the folks on the receiving end of a mail bomb? "That's a tough one," says Vinton Cerf, an MCI executive who helped design the Internet in the late '60s. "If you knew who was sending you the mail, you could install a filter to throw it away. But trying to discard thousands of messages when you don't know where they're coming from just isn't possible."
The Internet was built to be an open and cooperative system. That's its strength -- and its weakness. "It's a fragile environment," says Pipeline founder James Gleick. "There's no cleverness in breaking a system like Pipeline. We're not MCI. We're exactly the kind of small-scale operation that gives the Internet its vitality and richness."
That's what is so odd about the so-called Internet Liberation Front. While it claims to hate the "big boys" of the telecommunications industry and their dread firewalls, the group's targets include a pair of journalists and a small, regional Internet provider. "It doesn't make any sense to me," says Gene Spafford, a computer-security expert at Purdue University. "I'm more inclined to think it's a grudge against Josh Quittner."
That is probably what it was. Quittner and Slatalla had just finished a book , about the rivalry between a gang of computer hackers called the Masters of Deception and their archenemies, the Legion of Doom -- an excerpt of which appears in the current issue of Wired magazine. And as it turns out, Wired was mail-bombed the same day Quittner was -- with some 3,000 copies of the same nasty message from the I.L.F. Speculation on the Net at week's end was that the attacks may have been the work of the Masters of Deception -- some of whom have actually served prison time for vandalizing the computers and telephone systems of people who offend them. But given the layers of intrigue and deception in the hacker wars, that could just as easily be disinformation broadcast to distract attention from a rival gang -- or even a gang wannabe. It almost doesn't matter. Like many terrorist acts, this one seems to have backfired. The Internet today feels a little less "liberated," a lot less safe, and even more likely to be sectioned off with those firewalls the I.L.F. seemed so intent on destroying.