The School of Hacking

None of these techniques, security companies point out, will ever stop the onslaught of viruses. The goal of hackers now is to infiltrate a computer unseen and either strip sensitive information—which identity thieves can either use or resell—or hijack the processor, turning the computer (even while the user is unaware) into a drone in a large army of similarly compromised machines used to send junk mail. The code is increasingly complex and automatically tweaks itself each time it infiltrates another computer, thus evading blacklists. Ledin, says Joe Telafici, a vice president at McAfee, forgets that, as with offline cops, "the price of freedom is eternal vigilance."

Still, beneath Ledin's critique lies a powerful polemic. Ledin compares the companies' hold over antivirus technology (by U.S. law, the companies' codes are kept secret) to cryptography decades ago, when the new science of scrambling data was largely controlled by the National Security Agency. Slowly, the government opened the field to universities and companies, and now there are thousands of minds producing encryption that is far more complex than code from just a decade ago. That's why you can safely transmit your credit-card numbers online. "Why should we shy away from learning something that is important to everyone?" Ledin asks. "Yes, you could inflict some damage on society, but you could inflict damage with chemistry and physics, too." He hopes one day to share antivirus techniques. But that would require infrastructure and financial support, which the federal government so far has declined to give. Until then, Ledin will have to live with his reputation as the guy who gave away the secrets to the Internet's bomb.

© 2008