This week's unprecedented attacks against high-profile Web sites
have revealed with startling clarity what security experts have been
warning for years: Cyberterrorism is real and here to stay.
The threat will sorely challenge the world's traditional security
apparatus because it poses entirely new threats.
Hijackers of the future may take over Internet sites rather than
airplanes or buildings. Guerrillas of the 21st century could begin
targeting e-commerce instead of government installations.
Despite the careful planning evident behind this week's actions,
there's no public evidence so far that it was the work of an
organized group. But the alternative is equally chilling: A lone
hacker (or, more correctly, a "cracker") may have brought to a
temporary halt a few of the world's largest e-businesses.
Either way, the attacks signal a new era in which anyone with an
ax to grind may find the Web too tempting a target to pass up.
Recent conflicts, such as Kosovo and China- Taiwan tensions, have
featured cyberattacks. Even this week's action - the electronic
equivalent of a shot across the bow - was enough to rattle Wall
Street and galvanize the White House into action.
"This is war," says James Adams, founder of Infrastructure
Defense Inc., an intelligence organization for cyberspace based in
Alexandria, Va. "Conflict has migrated to cyberspace, and it's going
to be a long and bloody conflict.... What you see," he says, "is
this whole series of challenges government is not well-equipped to
address. The private sector is the front line. We are all of us the
Major Web sites crash
Although governments and security firms are working on solutions,
this week's attacks represent the most public demonstration yet of
how vulnerable today's Internet is. On Monday, Yahoo!, the Web's
most trafficked site, was so overwhelmed with incoming bogus data
that customers couldn't use the service for three hours. On Tuesday,
other online firms including bookseller Amazon.com, retailer
Buy.com, and auctioneer e-Bay, fell victim to a similar "denial-of-
service" attack. On Wednesday, sites including e*Trade and
ZDNet.com, a provider of technology news, came under fire.
These electronic bombardments did little damage besides depriving
the sites of an hour or two of sales. The companies say no customer
information was compromised and no money stolen. At this point, no
one knows whether the point was to demonstrate an Internet weakness
or to prepare for something larger.
Shortly after NATO's bombing of the Chinese Embassy in Belgrade,
security experts detected a significant rise in electronic attacks
against US government Web sites. The attacks appeared to be coming
from Internet service providers in China, they add, although many of
these may have originated in the US.
This week's attacks may prove far less sinister. "This was done
for publicity," says Avi Fogel of Network-1 Security Solutions in
Waltham, Mass. "I'm concerned about the attacks that we don't hear
"This is more a flexing of muscles," adds Patrick Taylor, vice
president of risk assessment at Internet Security Systems in
Atlanta. "You don't see them relentlessly pounding ... one company."
Attrition, a Web site that tracks Internet hacking events,
received an anonymous e-mail Tuesday from someone claiming to have
perpetrated this week's action to "put a 'Scare' into Internet stock