The threatened net how the web became a perilous place

Computer worm: A standalone piece of software that can make copies of itself and spread to other computers.. Those with dark intentionswould soon find the Internet well suited to their g

How the Web Became a Perilous

Place

The Washington Post

This is a work of fiction Names, characters, places and incidentseither are the product of the author’s imagination or are usedfictitiously Any resemblance to actual persons, living or dead, events

or locales is entirely coincidental

For more information, email info@diversionbooks.com

First Diversion Books edition October 2015

ISBN: 978-1-68230-136-4

Introduction

A flaw in the design: The Internet’s founders saw its promise but didn’tforesee users attacking one another

When talk began a half-century ago about linking computers into arevolutionary new network, few imagined the possibility of a dark side.Designers foresaw the need to protect the network against potentialintruders or military threats, but they didn’t expect the Internet’s ownusers would someday use the network to attack each other Nor didthey expect how popular and essential the Internet would become.What began as an online community for a few dozen researchers tomove information quickly and reliably now is accessible to anestimated 3 billion people who collectively use it to pursue a full range

of human motives: good, bad and everything in between The networkitself, meanwhile, has not aged well The Internet can appear aselegantly designed as a race car, but it’s closer to an assemblage of

“hacks” or “kludges,” short-term fixes that were supposed to bereplaced yet never were They endure because they work, or at leastwork well enough

The consequences play out across cyberspace every second ofevery day, as hackers exploit old, poorly protected systems to scam,steal and spy on a scale never before possible The Internet’s originaldesign — fast, open and frictionless — is what allows their maliciouscode to wreak havoc so widely The flaws they exploit often are well-known and ancient in technological terms, surviving only because of anindustry-wide penchant for patching over problems rather thanreplacing the rot

A rising waves of viruses, worms and hackers prompted a chorus ofwarnings in the 1990s as the Internet was exploding in popularity withthe arrival of the world wide web But the federal government hadneither the skill nor the will to do anything about it.

And now the vulnerabilities may never be fixed After hundreds ofbillions of dollars has been spent on computer security, the threatsposed by the Internet seem to grow worse each year Where hackersonce attacked only computers, the penchant for destruction has nowlept beyond the virtual realm to threaten banks, retailers, governmentagencies, a Hollywood studio and, experts worry, critical mechanicalsystems in dams, power plants and aircraft

As the number of connected devices explodes — from roughly 2billion in 2010 to an estimated 25 billion by 2020 — securityresearchers have repeatedly shown that most online devices can behacked Some have begun calling the “Internet of Things,” known bythe abbreviation IOT, the “Internet of Targets.”

Widespread hacks on cars and other connected devices aredestined to come, experts say, as they already have to nearlyeverything else online It’s just a question of when the right hackingskills end up in the hands of people with sufficient motives

The future looks no safer as a single operating system, Linux,comes to dominate the online world despite serious security issues thatcould be fixed but haven’t been Yet again, other priorities — speed,flexibility, ease of use — often win out Warnings get ignored

The Post’s Craig Timberg spent a year delving deeply into the story

of how the Internet became at once so crucial and so insecure, byspeaking to dozens of scientists, industry leaders and skeptics to teaseout the unforeseen consequences of decisions made over decades

His reporting, collected together for the first time in this e-book, tells anessential tale about the creation of our new digital world that’s at oncethrilling and unexpectedly dangerous — with the most serious perilsstill waiting to be revealed.

The Internet’s founders saw its promise but didn’t foresee users

attacking one another

By Craig TimbergMay 30, 2015

David D Clark, an MIT scientist whose air of genial wisdom earnedhim the nickname “Albus Dumbledore,” can remember exactly when hegrasped the Internet’s dark side He was presiding over a meeting ofnetwork engineers when news broke that a dangerous computer worm

— the first to spread widely — was slithering across the wires

One of the engineers, working for a leading computer company,piped up with a claim of responsibility for the security flaw that theworm was exploiting “Damn,” he said “I thought I had fixed that bug.”But as the attack raged in November 1988, crashing thousands ofmachines and causing millions of dollars in damage, it became clearthat the failure went beyond a single man The worm was using theInternet’s essential nature — fast, open and frictionless — to deliver

malicious code along computer lines designed to carry harmless files

or e-mails

Decades later, after hundreds of billions of dollars spent oncomputer security, the threat posed by the Internet seems to growworse each year Where hackers once attacked only computers, thepenchant for destruction has now leapt beyond the virtual realm tothreaten banks, retailers, government agencies, a Hollywood studioand, experts worry, critical mechanical systems in dams, power plantsand aircraft

These developments, though perhaps inevitable in hindsight, haveshocked many of those whose work brought the network to life, theynow say Even as scientists spent years developing the Internet, fewimagined how popular and essential it would become Fewer stillimagined that eventually it would be available for almost anybody touse, or to misuse

“It’s not that we didn’t think about security,” Clark recalled “Weknew that there were untrustworthy people out there, and we thought

we could exclude them.”

How wrong they were What began as an online community for afew dozen researchers now is accessible to an estimated 3 billionpeople That’s roughly the population of the entire planet in the early1960s, when talk began of building a revolutionary new computernetwork

Those who helped design this network over subsequent decadesfocused on the technical challenges of moving information quickly andreliably When they thought about security, they foresaw the need toprotect the network against potential intruders or military threats, but

Computer worm: A standalone piece of software that can make copies of itself and spread to

other computers A destructive worm can make so many copies of itself that it overwhelms host computers, causing them to crash.

“We didn’t focus on how you could wreck this system intentionally,”said Vinton G Cerf, a dapper, ebullient Google vice president who in

Those involved from the early days — what might be called thenetwork’s founding generation — bristle at the notion that theysomehow could have prevented today’s insecurity, as if road designersare responsible for highway robbery or urban planners for muggings.These pioneers often say that online crime and aggression are theinevitable manifestation of basic human failings, beyond easytechnological solutions

“I believe that we don’t know how to solve these problems today, sothe idea that we could have solved them 30, 40 years ago is silly,” saidDavid H Crocker, who started working on computer networking in theearly 1970s and helped develop modern e-mail systems

Yet 1988’s attack by the “Morris Worm” — named for Robert T.Morris, the Cornell University graduate student who created it — was awake-up call for the Internet’s architects, who had done their originalwork in an era before smartphones, before cybercafes, before even thewidespread adoption of the personal computer The attack sparkedboth rage that a member of their community would harm the Internetand alarm that the network was so vulnerable to misdeeds by aninsider

When NBC’s “Today” aired an urgent report on the worm’srampage, it became clear that the Internet and its problems weredestined to outgrow the idealistic world of scientists and engineers —what Cerf fondly recalled as “a bunch of geeks who didn’t have anyintention of destroying the network.”

But the realization came too late The Internet’s founding generationwas no longer in charge Nobody really was Those with dark intentionswould soon find the Internet well suited to their goals, allowing fast,easy, inexpensive ways to reach anyone or anything on the network.Soon enough, that would come to include much of the planet.

Bracing for nuclear war

The Internet was born of a big idea: Messages could be chopped intochunks, sent through a network in a series of transmissions, thenreassembled by destination computers quickly and efficiently.Historians credit seminal insights to Welsh scientist Donald W Daviesand American engineer Paul Baran — a man determined to brace hisnation for the possibility of nuclear war

Baran described his bleak vision in an influential paper in 1960when he was working for the Rand Corp., a think tank “The cloud-of-doom attitude that nuclear war spells the end of the earth is slowlylifting,” Baran wrote, endorsing the view that “the possibility of warexists but there is much that can be done to minimize theconsequences.”

Among those was a rugged communication system with redundantlinks so that it could still function in the aftermath of a Soviet strike,allowing survivors to provide aid to one another, preserve democraticgovernance and potentially launch a counterattack This, Baran wrote,would help “the survivors of the holocaust to shuck their ashes andreconstruct the economy swiftly.”

ARPANET: A pioneering computer network built by the Pentagon’s Advanced Research

Projects Agency (ARPA) Established in 1969, it eventually linked more than 100 universities and military sites, becoming the forerunner to today’s Internet.

Davies had a more placid vision Computers in that era were huge,costly behemoths that could fill a room and needed to serve multipleusers at the same time But logging on to them often required keeping

expensive telephone lines open continuously even though there werelong periods of silence between individual transmissions.

Davies began proposing in the mid-1960s that it would be better toslice data into pieces that could be sent back and forth almostcontinuously, allowing several users to share the same telephone linewhile gaining access to a remote computer Davies also set up a smallnetwork in Britain, demonstrating the viability of the idea

These two visions, the one for war and the one for peace, worked intandem as the Internet moved from concept to prototype to reality

The most important institutional force behind this development wasthe Pentagon’s Advanced Research Projects Agency (ARPA), created

in 1958 during the aftermath of the Soviet Union’s launch of theSputnik satellite, amid mounting fears of an international gap inscientific achievement

A decade later, as ARPA began work on a groundbreakingcomputer network, the agency recruited scientists affiliated with thenation’s top universities This group — including several who during theVietnam War and its polarizing aftermath would have been uneasyworking on a strictly military project — formed the collegial core of theInternet’s founding generation

When the network made its first connections in 1969, among threeuniversities in California and one in Utah, the goals were modest: Itwas a research project with a strongly academic character Those onthe ARPANET, as the most important predecessor to the Internet wasnamed, soon would use it to trade messages, exchange files and gainremote access to computers

It would have taken enormous foresight, said Virginia Techhistorian Janet Abbate, for those planting these early seeds of the

Internet to envision the security consequences years later, when itwould take a central place in the world’s economy, culture andconflicts Not only were there few obvious threats during the ARPANETera of the 1970s and early 1980s, but there also was little on thatnetwork worth stealing or even spying on.

“People don’t break into banks because they’re not secure Theybreak into banks because that’s where the money is,” said Abbate,author of “Inventing the Internet,” on the network and its creators

She added, “They thought they were building a classroom, and itturned into a bank.”

The first ‘killer app’

Fueling that early work was the shared intellectual challenge ofdeveloping a technology many thought doomed to failure SeveralInternet pioneers felt particular frustration with AT&T’s Bell telephonesystem, which they saw as a rigid, expensive, heavily regulatedmonopoly — everything they didn’t want their new computer network tobe

Baran, who died in 2011, once told of a meeting with Bell systemengineers in which he tried to explain his digital networking concept butwas stopped mid-sentence “The old analog engineer looked stunned,”Baran said in an oral history for the Institute of Electrical andElectronics Engineers, a professional group “He looked at hiscolleagues in the room while his eyeballs rolled up, sending a signal ofhis utter disbelief He paused for a while, and then said, ‘Son, here’show a telephone works  . .’ And then he went on with a patronizing

explanation of how a carbon button telephone worked It was aconceptual impasse.”

Yet it was on AT&T’s lines that ARPANET first sparked to life, withdata flowing between two giant Interface Message Processors —forerunners to today’s routers — each the size of a phone booth Thefirst, installed at UCLA, sent a message to the second, at the StanfordResearch Institute more than 300 miles away, on Oct 29, 1969 Thegoal was to log on remotely, but they only got as far as the “LO” of

“LOGIN” when the Stanford computer crashed

Leonard Kleinrock, a UCLA computer scientist who was among theearliest pioneers of networking technology, was at first crestfallen bythe uninspiring nature of that seminal message — especially whencompared with the instantly famous “That’s one small step for man,one giant leap for mankind” line delivered during the first moon landing

a few months earlier

But Kleinrock later reasoned that “LO” could be understood as thebeginning of “Lo and behold,” a worthy christening for an advance thatmany would come to consider equally transformative “We couldn’thave prepared a more succinct, more powerful, more propheticmessage than we did by accident,” he said years later

As the ARPANET developed in its first years, soon connectingcomputers in 15 locations across the country, the key barriers wereneither technological nor AT&T’s lack of interest It simply wasn’t clearwhat the network’s practical purpose was There was only so much filesharing that needed to be done, and accessing computers remotely inthat era was cumbersome

What proved highly appealing, however, was conversing across thefledgling network with friends and colleagues The network’s first “killer

app,” introduced in 1972, was e-mail By the following year, it wasresponsible for 75 percent of ARPANET’s traffic.

The rapid adoption of e-mail foreshadowed how computernetworking would eventually supplant traditional communicationstechnologies such as letters, telegraphs and phone calls E-mail alsowould, decades later, become a leading source of insecurity incyberspace

Such issues were of little concern during the ARPANET era, whenthe dilemmas were related to building the network and demonstratingits value At a three-day computer conference at the Washington Hiltonhotel in October 1972, the ARPA team mounted the first publicdemonstration of its budding network and an initial suite ofapplications, including an artificial-intelligence game in which anetworked computer mimicked a psychotherapist’s patter of questionsand observations

Though the event is remembered by those involved as a hugesuccess, there was one sour note Robert Metcalfe, a HarvardUniversity doctoral student who would later co-invent Ethernettechnology and found networking giant 3Com, was demonstrating theARPANET’s capabilities for a visiting delegation of AT&T executiveswhen the system abruptly crashed

The system was down only briefly, but it was enough to upsetMetcalfe — whose embarrassment turned to rage when he noticed thatthe AT&T executives, dressed in seemingly identical pinstriped suits,were laughing

“They were happy They were chuckling,” he recalled of this earlyencounter between telephone technology and computer networking

‘It’s kind of like safe sex’

The rivalry eventually would harden into a caricature, with thepioneering “Netheads” taking on the stodgy “Bellheads,” recalled BillyBrackenridge, an early computer programmer who later worked atMicrosoft “The Bellheads needed total control of everything,” he said

a “dumb” core — all the network did was carry data — with intelligentedges, meaning the individual computers controlled by users

A “dumb” core offered few opportunities for centralized forms ofsecurity but made it easy for new users to join This model worked solong as the edges were controlled by colleagues who shared motivesand a high degree of trust But that left the edges with a responsibility

to serve as gatekeepers to the network

“We’ve ended up at this place of security through individualvigilance,” said Abbate, the Virginia Tech historian “It’s kind of likesafe sex It’s sort of ‘the Internet is this risky activity, and it’s up to eachperson to protect themselves from what’s out there.’  .  There’s thissense that the [Internet] provider’s not going to protect you The

Few embraced this need for constant vigilance during theARPANET era Anyone with access to a user name and password —whether officially issued to themselves, a colleague or just a friend —typically could sign on to the network; in some cases all it took wasaccess to a terminal and the phone number of the right computer

This created risks that some warned about even in the earliestdays Metcalfe posted a formal message to the ARPANET WorkingGroup in December 1973 warning that it was too easy for outsiders tolog on to the network

“All of this would be quite humorous and cause for raucous eyewinking and elbow nudging, if it weren’t for the fact that in recentweeks at least two major serving hosts were crashed under suspiciouscircumstances by people who knew what they were risking; on yet athird system, the system wheel password was compromised — by twohigh school students in Los Angeles no less,” Metcalfe wrote “Wesuspect that the number of dangerous security violations is larger thanany of us know [and] is growing.”

As the numbers of officially sanctioned users grew, there also wasrising discord over the purpose of the network Though nominally undercontrol of the Pentagon, efforts by military authorities to impose ordersometimes ran into resistance from an emerging online community thatwas more experimental, valuing freedom over strict adherence to rules.Unauthorized uses such as an e-mail group for science fiction fansquietly thrived online

Tensions among users would only expand as the Internet itselfarrived in the 1980s, the World Wide Web in the 1990s and

smartphones in the 2000s This ever-expanding network grew toinclude people increasingly working at cross purposes: Musicians vs.listeners who wanted free music People seeking to communicateprivately vs government eavesdroppers Criminal hackers vs theirvictims.

Clark, the MIT scientist, dubbed these ongoing conflicts “tussles.”They were tensions, largely unanticipated by the Internet’s creators,that had become central to how the network actually worked “Thecommon purpose that launched and nurtured it no longer prevails,”Clark wrote in 2002 “There are, and have been for some time,important and powerful players that make up the Internet milieu withinterests directly at odds with each other.”

A sign of trouble ahead arrived as early as 1978, when a marketerfor Digital Equipment Corp sent a message to hundreds of ARPANETusers announcing events in California to demonstrate new computers.Internet historians regard it as the first bit of “spam,” the catch-all termfor unwanted e-mail blasts

It prompted a terse, all-caps response from the Pentagon officialoverseeing the network, who sent a message calling it “A FLAGRANTVIOLATION” of the rules “APPROPRIATE ACTION IS BEINGTAKEN TO PRECLUDE ITS OCCURRENCE AGAIN.”

Amid this and other grumbling, collected by Brad Templeton, aboard member for the civil liberties group Electronic FrontierFoundation, some users sent messages defending the idea of anInternet open to many purposes — even commercial ones

“Would a dating service for people on the net be ‘frowned upon’?”wrote Richard Stallman of MIT, a leading advocate for online freedom

Concerns from the NSA

Traditional telephone systems work by maintaining open lines betweencallers for the duration of a conversation, while charging them by theminute The Internet, by contrast, shoots its chunks of data fromcomputer to computer in brief digital bursts, as capacity becomesavailable These chunks — which are written in binary code, just onesand zeros arranged according to set rules — are called “packets.” Thesystem of transmitting them is called “packet switching.”

Binary code: A combination of zeroes and ones that together can represent any letter or

number Computer commands typically are transmitted in binary code, making it the underlying alphabet of the digital world.

over a network This allows for greater efficiency but requires that recipient computers have the ability to reassemble the data packets in the correct order to form coherent messages.

The result is something like a vast system of pneumatic tubescapable of carrying anything that fits in a capsule to any destination onthe network The key — and this is how the Internet’s founders spentmuch of their time — was making sure that the network routed the

packets correctly and kept track of which ones arrived safely Thatallowed the packets that got lost along the way to be re-sentrepeatedly, perhaps along different paths, in search of a successfulroute to their destination.

The technology required a high degree of precision, but amazingly

“packet-switched” networks can function without a central authority.Though the Pentagon oversaw the ARPANET during the years when itwas footing the bill for deployment, its power gradually dwindled.Today, no U.S government agency has a degree of control over theInternet that approaches what almost every nation in the worldmaintains over its telephone system

The ARPANET in its first years ran on a protocol — essentially aset of rules allowing different computers to work together — thatallowed basic functions But as that network grew, so did others Somewere largely academic systems, linking university computers togetherover land lines Others used radio signals and even satellites to helpcomputers communicate across expanses of land or water

Connecting these networks required writing new protocols, a jobtaken on by Cerf and fellow computer scientist Robert E Kahn duringthe 1970s, in work undertaken at the behest of ARPA (renamedDARPA in 1972, for Defense Advanced Research Projects Agency).The result of that work, called TCP/IP, allowed virtually any computernetwork in the world to communicate directly with any other, no matterwhat hardware, software or underlying computer language the systemsused

But switching from the relatively confined world of ARPANET to aglobal network created new security concerns that Cerf and Kahn bothappreciated

“We were well aware of the importance of security  .  but from amilitary standpoint, operating in a hostile environment,” recalled Cerf “Iwas not so much thinking about it in terms of the public andcommercial setting as in the military setting.”

One answer was to design TCP/IP in a way that requiredencryption, the practice of coding messages in ways that only theintended recipient, using a mathematical “key,” could decode Thoughprimitive forms of encryption dated back centuries, a new generation ofadvanced computerized versions began appearing in the 1970s, asCerf and Kahn worked on TCP/IP

Successful deployment of encryption would have made the networkresistant to eavesdropping and also made it easier to know who sent aparticular communication If somebody holding a certain encryption key

is a trusted correspondent, other messages created with that key areprobably authentic This is true even if the correspondent’s legal name

is not used — or even necessarily known

Though clearly useful in a military setting, where intercepted orfalsified messages could have disastrous consequences, thewidespread deployment of encryption technology could have offered asignificant degree of privacy and security to civilian users as well But

in the years that Cerf and Kahn were designing TCP/IP, implementingencryption proved daunting

Encrypting and decrypting messages consumed large amounts ofcomputing power, likely requiring expensive new pieces of hardware towork properly It also was not clear how to safely distribute thenecessary keys — an issue that complicates encryption systems eventoday

Yet lurking in the background were political issues as well: TheNational Security Agency, which Cerf said was an enthusiasticsupporter of secure packet-switching technology for military uses, hadserious reservations about making encryption available on public orcommercial networks Encryption algorithms themselves wereconsidered a potential threat to national security, covered bygovernment export restrictions on military technologies.

Steve Crocker, the brother of David Crocker and a lifelong friend ofCerf who also worked on early networking technology for DARPA, said,

“Back in those days, the NSA still had the ability to visit a professorand say, ‘Do not publish that paper on cryptography.’ ”

As the ’70s wound down, Cerf and Kahn abandoned their efforts tobake cryptography into TCP/IP, bowing to what they consideredinsurmountable barriers

It was still possible to encrypt traffic using hardware or softwaredesigned for that purpose, but the Internet developed into acommunication system that operated mostly in the clear — meaninganyone with access to the network could monitor transmissions Withencryption rare, it also was difficult for anyone online to be sure who he

or she was communicating with

Kleinrock, the UCLA scientist, said the result was a network thatcombined unprecedented reach, speed and efficiency with the ability toact anonymously “That’s a perfect formula,” he said, “for the darkside.”

‘Operation Looking Glass’

TCP/IP proved a historic engineering triumph, allowing a remarkablydisparate group of networks to work together to an unprecedenteddegree From the late 1970s through the early 1980s, DARPAsponsored a series of tests to gauge the ability of the protocols toefficiently and reliably transmit data over challenging terrain, fromportable antennas set up at an outdoor bar to vans rolling along coastalhighways to small aircraft flying above.

TCP/IP: A set of protocols that are the fundamental technology of the Internet They provide a

common language for a disparate group of computers and networks, allowing them to work together across the world.

Encryption: A way of encoding information so that only the sender and recipient can

understand it When computers exchange encrypted information, they use complex mathematical algorithms along with a designated digital “key.” This allows for greater privacy and also authentication of the identity of the sender and recipient.

There also was an explicitly military component Cerf had a

“personal goal,” he said years later, of proving the viability of Baran’s

vision of a communication system resilient enough to help the nationrecover from a nuclear attack That idea fueled a series of exercises inwhich digital radios made TCP/IP connections in increasingly complexscenarios.

The most ambitious tests sought to mimic “Operation LookingGlass,” a Cold War campaign to make sure that at least one airbornecommand center was aloft at all times, beyond the reach of possiblenuclear destruction below This involved a nearly continuous cycle oftakeoffs and landings, from Strategic Air Command near Omaha, inprecise shifts over the course of 29 years

One day in the early 1980s, two Air Force tankers flew above theMidwestern plains as a specially outfitted van, carrying its own ground-based mobile command center, drove on highways below, said peopleinvolved in the exercise Digital radios transmitting TCP/IP messageslinked the air- and ground-based computers together into a temporary

“net” that stretched for hundreds of miles and also included StrategicAir Command’s underground bunker

To demonstrate the ability to maintain communications, thecommand centers transmitted among themselves a mock filerepresenting the nation’s surviving military assets — necessary todirect a nuclear counterattack The process typically took hours overthe voice radios that were the standard technology of the time, saidMichael S Frankel, who oversaw the exercises for contractor SRIInternational and later became a top Pentagon official

Over the TCP/IP connections, the same process took less than aminute, demonstrating how the protocols could allow computers toshare information quickly and easily, potentially knitting together even anetwork that had been fractured by war

On Jan 1, 1983, years of work by Cerf, Kahn and countless othersculminated on what they dubbed “Flag Day,” a term that refers to thereboot of a system so total that it’s difficult to go back Every computer

The U.S military would create its own networks using TCP/IP andeventually implement encryption to protect the security of itscommunications But the civilian Internet would take decades to getwidespread deployment of this basic security technology — a processthat remains incomplete even today despite a surge of deployment in

2013, in the aftermath of revelations about the extent of NSA spying onthe Internet

Encryption would not have prevented all of today’s problems, many

of which stem from the fundamentally open nature of the Internet andthe astronomical value of the information and systems now connected

to it But it would have limited eavesdropping and made it easier for therecipient of messages to verify their source — two long-standing issuesthat remain unresolved

Cerf said he still wishes that he and Kahn had been able to buildencryption into TCP/IP from the beginning “We would have had muchmore regular end-to-end encryption in the Internet” today, he said “Ican easily imagine this alternative universe.”

Debate remains, however, about whether widespread use ofencryption was feasible in the early days of the Internet The heavycomputing demands, some experts say, could have made TCP/IP toodifficult to implement, leading to some other protocol — and somenetwork other than the Internet — becoming dominant

“I don’t think the Internet would have succeeded as it did if they hadthe [encryption] requirements from the beginning,” Johns Hopkinscryptologist Matthew Green said “I think they made the right call.”

The Morris Worm dramatically revealed the downside of such asystem, with a “dumb” core and intelligent edges This design pushedsecurity to the edges as well That is where the vast majority of hackshappen today: They are launched from one computer against anothercomputer The Internet is not the setting for most attacks It is thedelivery system

The Morris Worm offers one other lesson: It can be difficult to fixproblems even once they are widely known Robert Morris — who wasconvicted of computer crime and given probation before becoming anentrepreneur and an MIT professor — was not looking to crash theInternet He was experimenting with self-replicating programs and tookadvantage of a flaw called “buffer overflow” that had been identified bycomputer researchers in the 1960s It was still a problem in 1988,when Morris made his worm, and still is used by hackers today, a half-century after its discovery.

The trouble with retrofitting security into networks built for adifferent era has convinced some scientists that it’s time to scrap much

of the current Internet and start over DARPA has spent more than

$100 million over the past five years on a “Clean Slate” initiative to dealwith issues not fully appreciated during the ARPANET days

“The fundamental problem is that security is always difficult, andpeople always say, ‘Oh, we can tackle it later,’ or, ‘We can add it onlater.’ But you can’t add it on later,” said Peter G Neumann, acomputer science pioneer who has chronicled security threats on theonline “RISKS Digest” since 1985 “You can’t add security tosomething that wasn’t designed to be secure.”

Others don’t go as far, but the mixed legacy of the Internet — soamazing, yet so insecure — continues to cause unease among much ofits founding generation

“I wished then and I certainly continue to wish now that we couldhave done a better job,” said Steve Crocker, who wrestles with securityissues often as the chairman of the Internet Corporation for AssignedNames and Numbers, a nonprofit group that oversees the designation

of Web addresses worldwide In designing the network, Crocker said,

to issues as opposed to in anticipation of issues.”

Similar themes appear repeatedly in the work of Clark, the MITscientist He penned a widely read paper in 1988, just a few monthsbefore the Morris Worm hit, recalling the priorities of the Internet’sdesigners In listing seven important design goals, the word “security”did not appear at all

Twenty years later, in 2008, Clark crafted a new list of priorities for

a National Science Foundation project on building a better Internet.The first item was, simply, “Security.”

Internet protocol from 1989 leaves

data vulnerable to hijackers

By Craig TimbergMay 31, 2015

By the time a pair of engineers sat down for lunch together in Austin,the Internet’s growing pains had become dire Once a novelty forcomputer scientists, the network was now exploding in size, lurchingever closer to a hard mathematical wall built into one of the Internet’smost basic protocols

As the prospect of system meltdown loomed, the men beganscribbling ideas for a solution onto the back of a ketchup-stainednapkin Then a second Then a third The “three-napkins protocol,” asits inventors jokingly dubbed it, would soon revolutionize the Internet.And though there were lingering issues, the engineers saw theircreation as a “hack” or “kludge,” slang for a short-term fix to bereplaced as soon as a better alternative arrived

That was 1989

More than a quarter-century later — a span that has seen the fall ofthe Berlin Wall, the rise of the smartphone and an explosion of hacking

“Short-term solutions tend to stay with us for a very long time Andlong-term solutions tend to never happen,” said Yakov Rekhter, one ofthe engineers who invented the “three-napkins protocol.” “That’s what Ilearned from this experience.”

The Internet can appear as elegantly designed as a race car as itimmerses us in consuming worlds of sight and sound But it’s closer to

an assemblage of kludges — more Frankenstein than Ferrari — thatendure because they work, or at least work well enough

The consequences play out across cyberspace every second ofevery day, as hackers exploit old, poorly protected systems to scam,steal and spy on a scale never before possible The flaws they exploitoften are well-known and ancient in technological terms, surviving onlybecause of an industry-wide penchant for patching over problemsrather than replacing the rot

“You’re in Hackerville here on the Internet Period,” said RandyBush, a computer scientist who specializes in routing security “All ofthis stuff lacks formal discipline . .  It’s paint and spackle.”

Such is the story of the “three-napkins protocol,” more formallyknown as Border Gateway Protocol, or BGP

At its most basic level, BGP helps routers decide how to send giantflows of data across the vast mesh of connections that make up theInternet With infinite numbers of possible paths — some slow andmeandering, others quick and direct — BGP gives routers the

of the Internet and no authority charged with directing its traffic

The creation of BGP, which relies on individual networkscontinuously sharing information about available data links, helped theInternet continue its growth into a worldwide network But BGP alsoallows huge swaths of data to be “hijacked” by almost anyone with thenecessary skills and access

The main reason is that BGP, like many key systems on theInternet, is built to automatically trust users — something that maywork on smaller networks but leaves a global one ripe for attack

The honor system

Hijackings have become routine events that even experts struggle toexplain: What made traffic between two computers in Denver take a7,000-mile detour through Iceland? How could a single Pakistanicompany crash YouTube? Why did potentially sensitive Pentagon dataonce flow through Beijing?

To these questions, there are technical answers But they all boildown to this fact: BGP runs on the honor system, allowing data to getpushed and pulled across the planet in curious ways, at the behest ofmysterious masters

Border Gateway Protocol: Rules that help routers decide how to send data across the

Internet Networks rely on the regular transmission of BGP messages to determine the best way to navigate billions of possible paths to a data packet’s intended destination It has significant security weaknesses that an updated version, called BGPSEC, is attempting to fix.

Warnings about the risks inherent in BGP are almost as old as theprotocol itself “I knew that routing security was a problem,” ColumbiaUniversity computer scientist Steven M Bellovin said “Seeing this

Rekhter, an immigrant to the United States who once played in anunderground rock band in the Soviet Union, said security “wasn’t even

on the table” when he sat down with his soft-spoken co-inventor, KirkLougheed, for lunch during an engineering conference in January1989

This was an era when hacks were rare and the toll modest.Lougheed recalled: “In the early days of the Internet, getting stuff towork was the primary goal There was no concept that people woulduse this to do malicious things . .  Security was not a big issue.”

The big issue of the day was the possibility that the Internet mightbreak down A halt in its furious expansion would have hurt thenetwork’s users and the profits of companies supplying gear andservices Rekhter at the time worked for computing giant IBM;Lougheed was a founding employee of Cisco, maker of networkinghardware

“We needed to sell routers And we had a strong economic motive

to make sure this party would continue,” Lougheed said “When Yakovand I showed up with a solution and it seemed to work, people werequite willing to accept it because they didn’t have anything else.”

There were other efforts underway to build routing protocols BGPwon out because it was simple, solved the problem at hand and provedversatile enough to keep data flowing as the Internet doubled in size,again and again and again Networks across the world embraced theprotocol, giving it an edge it has never relinquished

Once technologies are widely deployed, they become almostimpossible to replace because many users — including paying

Madory and his colleagues at Dyn, an online performance researchfirm, attempt to make sense of the madness by sending 450 milliontrace routes each day to track how the Internet is flowing He comparesthe trace routes — tiny bits of data set loose online — to pieces of dustwhose movements reveal larger forces at work

One recent day, Madory was trying to figure out why some ChineseInternet traffic was flowing through Belarus Another day, it was BritishInternet traffic — including some intended for that nation’s AtomicWeapons Establishment, a nuclear weapons laboratory — flowingthrough Ukraine Both cases, Madory figured, probably were theresults of mistakes, but there was no way to be sure

“This happens all day long,” says Madory, a gregarious former AirForce officer with short hair and stylish, squared-off eyeglasses

“Anything can happen, and it usually does.”