I once read a science fiction story that had the premise that one could purchase the local hardware store for $200 the supplies needed to build a laser powerful enough to slice the earth in two. The author (I wish I could remember his name) proposed that in a world with such individual power, people would be highly respectful of the rights of others. My conclusion is that the world would be sliced into numerous pieces shortly after the technology was released. This is not simple cynicism, I say this because we have seen what some Internet users have done, with unrestrained access to most of the Internet. We have already run the experiment on a small scale, and it jibes with the observation that the larger the crowd, the more wackos you will have. The Internet is a very bad neighborhood, and bad packet trains can easily visit the safe neighborhoods. If people can write PC viruses, some will. If they can break distant machinery, some will. Their motives vary, from boredom, curiosity, and desire for fame, to economic or political reward, or even simple nihilism. The Internet is the first technology that gives the lone actor the opportunity to do deeds, good or bad, anonymously, and to a large number of people. A single kid in the Philippines can create and release a PC virus which inconveniences at least tens of millions of people and costs billions of dollars to repair. He was hailed as a national hero, an epitome of technical savvy. As the world gets further wired, vulnerabilities are likely to abound. I think current fears of cyber terrorism are over-blown. "Kinetic" attacks send a clearer, simpler message than cyber attacks. At present, nobody knows how reliant were are upon the Internet. Folks in the infrastructure prevention business think evil thoughts, as they are paid to do, they have contemplated some nasty scenarios, but we haven't seen them unfold in cyberspace yet. Indeed, most of our typical infrastructure problems are caused by bugs and poor engineering, not by technologically-savvy barbarians. But there are ongoing problems caused by individuals or small groups of people, empowered by the connectivity of the Internet. Many network administrators had their August 2003 vacations cut short by malware. I wonder if the worm designer(s) explicitly designed a denial-of-vacation attack. (Actually, there is evidence that many of these outbreaks are explicitly designed to help spammers continue to deliver their drivel anonymously.) And we will become more reliant on the Internet, and on our computers. No one knows exactly what would happen if the entire Internet went down for a week. That statement would make no sense to someone who encountered it thirty years ago. That magnitude of change is going to continue. Empowered individuals have always had fairly local effects. A nut with a rifle can terrorize a campus or even a small community, but it takes time. With more planning, and the cooperation of many other people, nuts can have a larger effect, good or bad. But neither the Romans, the Chinese, nor the Mongols ever ruled the entire world. The Internet is the first technology that allows individual actors to cause rapid, wide-spread, global effects in a short period of time. But it won't be the last. --- There is one obvious technology looming that will dwarf the Internet in personal empowerment: genetic and biological engineering. New genomes are published almost weekly in journals like Science and Nature. These are the raw materials for huge advancements. To the young scientist: I recommend these fields---it is your best chance to cure diseases, slow aging, expand food and energy supplies, and maybe get a Nobel prize in the process. There's a hundred years of Good Stuff in them thar hills. And the potentials for misuse are sobering. We have already heard of some examples. There is a report that a Russian lab created a contagious disease that feels like the flu, but as a side effect it teaches the immune system to attack the myelin sheaths in the nervous system. A few weeks after recovering from this disease, the infected person dies of acute multiple sclerosis. I don't know if this report is true, but the approach is eminently feasible, and could be implemented in numerous ways with a little practice and some additional knowledge. A couple of years ago, Australian scientists constructed a virus using publicly-available sequence data and commercial suppliers of sequenced-DNA. This event was inevitable. And it will be repeated. With an understanding of exactly how some viruses work, it is probably not hard to add the virulence of one to the hardiness of another. Such biological engineering is likely to be available to careful individuals, even at the high school level, in the not-distant future. The Amateur Science column offered a simple implementation of PCR DNA replication in a home lab. This is one of the key technologies, and is used in science and industry all the time. It doesn't require big, expensive machines (though they certainly help), just some simple reagents and a phenomenally careful lab technique. We've been able to grow batches of bacteria in simple fermenters since the dawn of time, and this is routinely done for specific bacteria in high school labs. With sufficient care, someone can avoid detection and personal infection. Bleach is a cheap and effective security tool. It is easy to imagine recipes for diseases, genomic modification, and other exponential weirdnesses. These will be available on web sites. The Asian pandemic and smallpox will return. Alas, I fear that polio, nearly conquered as of this writing, will also be recompiled and released. We can suppress the information about as easily as we suppress any other information on the Internet: not at all. The Internet has detailed instructions on bomb making, and some of the recipes are correct enough that the bomb won't go off until the maker wants it to. I have read on the Internet Manhattan Project documents that are still classified. A couple of chapters found in the KGB's archives of stolen documents were published, and later retracted. Too late. I can find some of my old papers faster on the net than on my own computer. Someone is going to build and release some very nasty diseases, and we may not be able to figure out who they are, even after the fact. Law enforcement is still trying to figure out where the anthrax came from following 9/11. Someone is gonna slice the world in two. Who are you gonna call? This is a pretty gloomy start to this book. I hope I am wrong, and I welcome cheerful rebuttals. We've always muddled through before, haven't we? If we do resist and survive these challenges, it will be due in large part to the efforts of people in law enforcement. These people have dedicated at least part of their lives to protecting society. Cops, special agents, prosecutors, judges, and sometimes lawmakers all deal with tradition threats to society, plus very brand new ones. But they aren't the first to encounter these new evils. The scientists and technologists are usually on the front lines of innovations, good and bad. Reporters trumpet the coming problems and progress. And, when it starts getting evil, so does law enforcement. The Internet has been such a place. New attacks of a strange kind appear. They have whimsical names like CodeRed or the ping-of-death. The law is unclear. If the U.S. Air Force pings Finland, is that an act of war? If I ping Finland, is that an evil act? The law certainly has no direct say in the matter, only the old tried-and-true general descriptions such as "malicious mischief" or "disturbing the peace" might apply. Leviticus tells us what to do if a cow falls in a well, but little about the generation of spoofed packets. The New Testament's "love thy neighbor" might help us think about the recipient's opinions of a network probe, but opinions differ. We are ahead of the law. The first Internet legal cases have been difficult and fairly disappointing. Laws are missing, or new high-tech laws are buggy, without the benefit of much case law. Judges and juries must be instructed, often using analogies that aren't quite right. I once prepped to explain to a jury what computer source code is. If you have never compiled a program, it is not such an easy concept. Which means that it is difficult to explain why the theft of a copy of source code might cause a plaintiff a large loss of money. Or perhaps it wouldn't: they still have the original copy, don't they? The system made it hard for the people pursuing the bad guys. Prosecutors and special agents typically rotate through different crime specialties, perhaps spending three years in each. It probably doesn't take that much time to come up to speed in homicide, or vice. But at three years, a high tech cop is just starting to get really good at it. Only recently and in some areas have high-tech law enforcement officials been allowed to continue learning and working in the area. And if they get good at it, they can double or triple their salaries out in the civilian work force. You can get paid a lot more for configuring a router than kicking down the door of a crack house. --- In the 1990s, some in various areas of law enforcement turned to private industry for help. I am proud to say that some came to me with their technical problems. Without getting too involved in particular cases, I could spend a morning now and then teaching them something, or explaining what some file on a disk was, or even cracking a password or two. One time they gave me an IP address to investigate. Where is this machine located? I spent fifteen minutes poking around a little bit, ignoring the same obvious answer they had obtained, and found some extra information about the host. They looked at my results, said "Oh, we know who that is!" and went away. Two years later I received a brief email following a huge international child-porn bust. That little extra information had started the investigation on the right track. A number of my friends helped out from time to time. Groups were formed to facilitate interaction between industry and law enforcement. Groups include the High Tech Crime Investigation Association, the Electronic Crimes Task Force, Infraguard, and others. These groups help bring cutting-edge clue-fullness to law enforcement, and to those of us who help them. They have interesting problems. Having built these trusted relationships, Steve and I were allowed to help 130 very pissed off Secret Service agents get back on line following the barbarian attacks of September 11. I am not suited to carrying a gun with the snake-eaters in Afghanistan, but I sure can build them a world-class firewall in a hurry. They worked on only one case. And Steve Branigan was there. He has worked more with law enforcement than anyone else I know (who isn't actually working for law enforcement.) He has entered houses of hackers a few moments after the door was knocked down. He has studied evidence, given advice, and offered testimony. He has had long technical discussions with hackers. He, and a lot of people like him, have helped bring the high-tech good guys up to speed. This book is a report from the front lines of Internet security. In fact, this is a report from behind enemy lines. Most system administrators and computer owners see hacking from the pointy end of the stick. They see the network probes, evil packets, and pop-up warnings from firewall and virus detection software. To quote Paul Harvey, this book is about the rest of the story. There are bad guys at the other end of these attacks, and a cadre of law enforcement chasing some of them down. Contrary to early rumors of clue-lessness, there are a lot of competent Internet security people in law enforcement. And most of them are quite up to speed. Steve has worked steadily with law enforcement over the years, and this book has some of his stories. These stories are necessarily a bit old---one cannot discuss pending legal cases. But the lessons are fascinating, and just as important now as they were in the 90s. Bill Cheswick Hannover, Germany