November 18, 1997

A SACRIFICE TO THE WAR AGAINST CYBER-TERRORISM

by Andy Oram
American Reporter Correspondent

CAMBRIDGE, MASS.—Let me give you a bit of advice. Don’t be caught scrawling graffiti during a citywide effort to reduce vandalism. And don’t play with Internet routing when the government is about to launch a publicity campaign against information warfare. The example of Eugene Kashpureff cautions against the latter.

Kashpureff is a flamboyant figure—considered irresponsible and self-serving by many in the Internet community—but until recently not a fugitive from justice. Nor did he plan to get embroiled in a battle over cyber-terrorism. His cause was another one that occupied the Internet community earlier this year: how to allocate domain names.

The most popular names on the Internet (those ending in .com, .org, or .edu) have been controlled on a monopoly basis by Network Solutions, Inc.’s InterNIC, service through a contract granted by the National Science Foundation. Many people wanted to break that monopoly; in fact, one of the leading Internet bodies has been trying to set up an alternative international body that permits competition. Kashpureff went further and managed AlterNIC, one of the handful of rogue companies that offer parallel domain name systems.

Kashpureff saw it as a form of political protest last July when he slipped some misinformation into Internet packets containing domain name information, and persuaded a bunch of computers to think that his Network Solutions’s Web address (www.internic.net) was really one of Kashpureff’s machines. People trying to register domain names at Network Solutions encountered a protest message from Kashpureff.

Everybody agreed that Kashpureff had gone too far. He was messing with the sensitive handshakes and gentlemen’s agreements that permit the Internet to exist. A newer version of domain server software is more selective in whom it trusts; as it becomes widely adopted a future prank like Kashpureff’s will fail. Kashpureff himself apologized publicly and settled out of court in August with Network Solutions; later he left AlterNIC and went into a different line of business. But the FBI would not let the case rest: they won a warrant for Kashpureff’s arrest on charges of computer and wire fraud, and had him jailed on October 31 in Toronto, Canada, where he is awaiting possible extradition.

Network Solutions was hacked—but what major Internet site has escaped attack in recent years? Not my company. Not the White House. Not even the CIA. These sites have all experienced actual intrusions, but Kashpureff didn’t actually touch the InterNIC site. Considering that he just played with packets sent to various servers on the Internet, his offense was pretty mild. The zeal of the FBI in prosecuting an act of protest that was settled out of court—and fumbling through their black bags for a law to pin on Kashpureff—seems exaggerated. Until, that is, one looks at the publicity surrounding a report issued by the President’s Commission on Critical Infrastructure Protection on October 13, and presented by its Chairman, Robert T. Marsh, before a Congressional committee on November 5.

The President’s Commission wants law enforcement officers, government agencies, product vendors, corporations, and individual users alike to know that malicious attacks can cripple our national infrastructure, including not only such life supports as water and fuel but our information and communications facilities. It’s about time this was recognized; computer experts in particular have been trying to get security on the agenda for years.

The Commission’s recommendations are carefully thought-out and for the most part reasonable. I do detect some erosion of civil liberties, as one would expect from any government campaign against terrorism. For instance, the report recommends weakening laws that restrict the information companies can get about their employees, and making it easier for law enforcement to carry on criminal investigations across jurisdictions. The Commission’s position on encryption, of course, is completely antithetical to all the other goals, but one doesn’t look for sanity on this score from any branch of the Clinton administration. So far, the impacts of the infrastructure campaign on our rights are restrained, although my pen is poised to lambast government agencies when the impacts become more pointed.

The Commission’s problem is that they want to arouse the public to regard infrastructure security as a big problem. Yet they admit that, “We found no evidence of an impending cyber attack which could have a debilitating effect on the nation’s critical infrastructures.” The hook to arouse the media is missing.

It thus may not be a coincidence that Kashpureff is suddenly in jail. His crime—if indeed it was a crime, which is yet to be established—was hardly worth extended notice, but it’s the kind of incident on which law enforcement can whet its knife.

That is where the parallel to an anti-graffiti campaign arises. New York City has been working for years to reduce the raucous (and often artistically stunning) paintings that cover its subway stations and trains. That was why Michael Stewart, a 25-year-old African American, was unlucky to be caught on September 15, 1983 putting graffiti in a 14th-street subway station. Witnesses reported that 11 policemen beat him senseless. He was admitted to the hospital in a coma, with evidence of strangulation, and died two weeks later.

I do not approve of graffiti, nor do I like messing with the domain name system. But in both cases the authorities should maintain a sense of proportion. Let’s get Kashpureff out of the clinker and talk about real problems in the nation’s infrastructure.


Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles