AT A TIME WHEN THE INTERNET IS BECOMING EVER MORE IMPORTANT, A NEW GENERATION OF HACKERS IS THREATENING TO BRING IT CRASHING DOWN
David Brumley sees a lot of loose talk on the Internet. Part of his job, as a computer-security officer at Stanford University, is to eavesdrop in chat rooms, just in case someone tips off a nasty bit of hacking. On February 8, Brumley stumbled onto a link to the newest boomlet in Internet monkey business. A number of people were exchanging messages in a chat room when one of them asked the others to name a Web site "they really hated." The answer came back: eBay.
About 30 minutes later, eBay crashed. No one knows for sure if this conversation led directly to the crash, or even if the discussion involved someone behind it, but Brumley says, "We have four or five pieces of independent evidence that are leading toward [that] one person."
Very likely, these were the first, small rumblings of an earthquake that over the next week would level some of the Web's most popular sites: Yahoo, eBay, Amazon, CNN. An anonymous hacking force had commandeered computers belonging to others and programmed these machines to bombard major sites with huge amounts of data and countless requests for service. As a result, the rush-hour volume of traffic on these branches of the information superhighway was brought temporarily to a bumper-to-bumper halt. And the world suddenly became very aware of the term used to describe this disruption: "denial of service."
For years, the term "hacker" has summoned up images of young men, sitting for long hours at their computers, rooting about in obscure corners of computer networks. And "hacking" has been thought of as mostly benign, with a few invasions of forbidden territory and no real damage. But now there are increasing indications that some of these people have nasty or greedy motives--leading to a distinction between "white hat" (or good guy) hackers and "black hat" (or bad guy) hackers. At a time when the Internet has become an important source of commerce, the blocking of a place like Amazon.com can represent a considerable financial loss. Worries over the unreliability of the Internet for sales purposes actually caused some high-tech stocks to lose value in late February.
VANDALS OR `HACKTIVISTS'?
No one claimed responsibility for the denial-of-service attacks, and the investigators assembled to track down the offenders had to slowly assemble possible names and motives. There was no ransom note, no electronic manifesto. No indication of whether the attacks were the work of "hacktivists"--the name given to the growing movement of cyber political activists who try to advance their causes by demonstrating on the Internet--or possibly teenagers engaged in what one security expert calls "the cyber-yuppie equivalent of keying a car." Several computer experts even suggested that the attacks were the work of a new breed of electronic criminal who steal information or make their money by manipulating electronic markets. "The problem is that if you're smart about this, there is no trail for law enforcement to follow," says Scott Charney, until recently the Justice Department's top computer-crime official and now a vice president at Price Waterhouse Coopers.
The world of the computer underground has always, for obvious reasons, been mysterious. No one knows with any precision who these people are, but computer-security experts have come up with a rough profile of the average hacker: a male between the ages of 16 and 25, living in the United States. He is a computer user, but not a programmer, who hacks with software written by others. His primary motivation is to gain access to Web sites and computer networks, not to profit financially.
Everyone assumes that hackers are young male computer geeks, and that description fits the most notorious hackers, going all the way back to the beginnings of...