For Randy Sandone, last week's Internet attacks
were a sober reminder that cyberspace is more fragile than many
people had thought.
"The Web," he said, "is rotten at its core."
Sandone, of Argus Systems Group Inc., isn't alone in his
pessimism. Many believe that the Internet may be growing too fast
for security to keep up with technology.
Some security experts believe it's time to focus on making the
Net safer, which could mean rebuilding much of the underlying
infrastructure from scratch. After all, consumers and businesses
now use the Internet for tasks unforeseen 30 years ago.
Security was an afterthought when Internet standards were
developed by university thinkers and computer administrators, says
Russ Cooper, who runs the NTBugtraq Web site devoted to security.
"This is now the foundation for billions of dollars worth of
commerce," Cooper said. "It is inherently flawed because we don't
check to see if what it's being used for is what it is intended
Yahoo!, Buy.com, eBay, ETrade and other prominent sites were
paralyzed for hours at a time last week when hackers overloaded
them with fake traffic.
The attacks followed several computer virus outbreaks last year
such as Melissa which spread rapidly by taking advantage of
functions that were designed to make Internet use friendlier.
And last month, a hacker stole credit card numbers from the
Internet music retailer CD Universe, then released thousands of
them on a Web site after the firm refused to pay $100,000 ransom.
"I fully expect the Internet to ultimately be safe and
stable," said Stephen Gorrell, program manager for Norton Internet
Security software. "However, in the period of record growth, it's
not surprising new holes are discovered."
The Internet's developers could not have effectively countered
threats to commerce because e-businesses did not yet exist, Gorrell
As the Internet grows, so do the numbers of hackers and
potential victims. And hackers are becoming more sophisticated,
with some even developing tools to automate their attacks.
Software companies, some critics say, contribute to the problems
by releasing products that still have security holes.
"Each day, technology is changing," said Robert Ing, who
handles electronic security for SBR International Inc. in Toronto.
"There's a rush to get products out to market because it is a
competitive marketplace. Sometimes, security is overlooked."
Steve Hunt, security analyst at Giga Information Group in
Chicago, hopes the latest attacks will encourage companies to take
security more seriously.
"We owe quite a debt of gratitude to hackers to show us where
our pants have been down," he said.
Security and Internet experts differ on how far they need to go
and that itself is a problem. Some believe in completely updating
equipment and software to reduce users' anonymity and improve
Phil Attfield, director of technical marketing at McAfee.com,
said Internet security will eventually catch up with the
wild-and-free developments on the Web.
"The approaches are going to have to become more formal rather
than ad hoc," he said. "We've been getting there incrementally.
That's the way technology is evolving."
But hacking will never completely disappear, said Keith Teare,
the chairman and chief executive of RealNames. Vandals broke into
RealNames' computers Wednesday, and the company had to warn some
20,000 customers that their credit card numbers might have been
"For every secure environment, there will be somebody prepared
to try to break in," Teare said. "If they are clever enough, they
will find holes."