Bringing Down The Internet

If you wanted to write a science-fiction thriller about the day the Internet crashed, you'd start with a computer geek. Armed with nothing but a laptop and a high-speed Internet connection, he releases a fast-spreading computer virus that in a matter of minutes gives him control of thousands, perhaps millions, of personal computers and servers throughout the world. This drone army launches a silent and sustained attack on computers that are crucial for sending around the billions of packets of data that keep e-mail, the Web and other, more basic necessities of modern life humming. At first the attack seems to be an inconvenience--e-mail traffic grinds to a halt, Web browsing is impossible. But then the problems spread to services only tangentially related to the Internet: automated-teller machines freeze up, calls to emergency numbers fail to get routed to police stations and ambulance services, airport- and train-reservation systems come down. After a few hours, the slowdown starts to affect critical systems: the computers that help run power grids, air-traffic control and telephone networks. Call it the worldwide muddle--a level of confusion that sometimes occurs during storms and power outages, but never before on a global scale.

So far there's no element of this plot outline that hasn't already happened, at least in piecemeal fashion. Here's where we enter the realm of speculation: what if such a cyberattack were accompanied by a physical one--perhaps a coordinated bombing attack on a few dozen buildings around the world that house computers essential for keeping the Internet working? Would it be possible for a small band of savvy terrorists to crash the Internet?

Nobody argues that it would be easy, but an increasing number of experts are beginning to think that an Internet catastrophe of some sort is almost inevitable. Recent virus attacks that exploit unprotected machines and use unsolicited e-mail, or spam, as a weapon have shown that the Internet is more vulnerable to manipulation than people thought. Even though those attacks were assumed to be motivated chiefly by commercial gain--to spam the Internet with promotions of black-market Viagra and other dubious products--their success has led experts to wonder what might be done if chaos and economic harm were the goal. "All you need is one computer and one sick mind who has a good understanding of how the Internet works," says Klaus Kleinfeld, president and CEO of the Siemens Corp., the U.S. subsidiary of Siemens AG, and a member of the Business Roundtable's security task force. Add a few well-placed bombs, say some computer experts, and it might be possible to bring down the Internet for months. Even without bombs, determined hackers could cause enough damage with repeated attacks--bringing down the Internet one week, and doing it all over again the week after.

The consequences of such disruptions would be more than a mere inconvenience. While engineers repaired the damage, corporations, governments and organizations that have made the Internet crucial to their day-to-day operations--that is, just about everybody--would scramble to rediscover old-fashioned pen-and-pencil methods, while the world economy went into free fall. Each year that goes by brings us closer to the point when even basic operations of society rely on the Internet. "I'm terrified if I think too hard about it," says Paul Vixie, president of the Internet Software Consortium, a nonprofit that helps maintain the Internet. "This isn't so much a threat to national security as a threat to civilization."

Over the past few months the sheer volume of Internet traffic, propelled by the proliferation of spam, has emerged as a major threat. Europe's response has been to institute "opt in" laws, being adopted this week, that forbid marketers to send spam unless they've gotten prior consent from consumers. It's unlikely to stop spammers who operate beyond national borders, and it certainly won't stop terrorists. According to Spamhaus, a London-based anti-spam organization, spam accounts for 60 percent of all Internet traffic, and it's expected to rise to 70 percent by the end of the year. E-mail traffic overall has risen from less than a billion messages a day in 1996 to more than 25 billion now, estimates research firm IDC. The Blaster virus this past August, and Slammer in January, demonstrated that viruses can enlist hordes of computers to become surrogate spam spreaders, and that it would be a relatively simple matter to coordinate a massive spam attack on specific weak points.

A major reason the Internet is more vulnerable than it was even a few years ago is the proliferation of broadband connections. Back in 1988, when the Internet was mainly used by academics, Cornell University graduate student Robert Morris wrote a program that spread surreptitiously from computer to computer--the first "worm." It took down 10 percent of the 60,000 computers then connected to the Internet. In 2002, broadband subscribers numbered 63 million worldwide--an increase of 72 percent over the year before, according to the International Telecommunication Union. Although corporations, governments and other institutions have gotten more savvy at protecting their computers with firewalls and security software, millions of PCs in people's homes are sitting ducks for invasive software. That's why the Slammer virus was able to infect 75,000 computers in just 10 minutes. In South Korea, which has the highest proportion of broadband-connected homes--70 percent--in the world, the top three Internet service providers were shut down, bringing virtually all of the country's e-mail and Web browsing to a halt. Slammer also disrupted the Davis-Besse nuclear power plant in Ohio, froze a 911 emergency-call-dispatching system in suburban Seattle and took down Continental Airlines' ticketing and reservation systems. This summer the Blaster worm brought down CSX's train-signaling system in 23 states and Air Canada's computer check-in service--and some experts speculate that it might have been a factor in the power outage that threw much of the Eastern United States into darkness.