Science & Technology

Hacked Off

|

When is a "hacker attack" not a hacker attack? When it's done by wannabes too dense to be hackers.

That seems to be the case in the assaults on several high-profile e-commerce Web sites in February. EBay, Amazon, and a few other vendors had to go offline after cyber-vandals monkeyed with their systems and clogged those sites with phony electronic traffic. While damage was done, such antics don't qualify as true hacks: The systems were never actually penetrated or turned "rogue." For the targeted sites, these attacks were more like being on the receiving end of a flurry of crank phone calls. Your line is tied up by the pranksters and people you want to talk to can't get through. Imagine you run a business dependent on phone orders and real money can be lost.

To complete the analogy, our phony callers would have broken into someone else's house and used their phone to harass you. This makes them hard to catch.

Net culture even has a term for those who engage in this sort of vandalous pseudo-hack: script kiddies. Of course, if the mainstream media were to lead their reports with that phrase, the average American might think the Net is under attack from Hollywood child stars. So hackers it is.

As with most break-ins, this sort of attack can usually be deterred with better locks. But better locks mean better security, and that means doing things that bother both the official privacy lobby and national security organs.

Last year, both Intel and Microsoft were branded evil snoops for shipping products with ID codes embedded in them. Truth is, individual users will likely always find ways to defeat ID codes and surf anonymously. But for large organizations with lots of excess computing power and Net connections–the ones our script kiddies love to "zombify"–user authentication should be part of a total security package.

The other part of security means treating information on any large system as valuable by encrypting it. That is the equivalent of hiding sharp objects and fragile knick-knacks from toddlers. Webmasters are just now catching onto how the use of encryption can make the script kiddies' task that much tougher.

Indeed, more than anything, these attacks show that the U.S. government's long war against powerful encryption has kept such tools out of the hands of exactly the wrong people: One of the programs thought to have been used to launch the attacks uses encryption to mask what it is doing.