Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education

 You are in: Talking Point
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Thursday, 2 August, 2001, 10:32 GMT 11:32 UK
Can the hackers be stopped?
The US Government has warned computer users worldwide to protect themselves against a malicious program known as the Code Red worm.

Representatives of the White House, FBI, the Computer Emergency Response Team (Cert), Microsoft and others have posted warnings to highlight the dangers of the worm.

The worm, which first surfaced in mid-July, has been mainly dormant since then, although it has already infected hundreds of thousands of systems.

Experts believe it is set to spread again on Tuesday night, just as the calendar enters August at 0000 GMT.

Can the hackers be stopped? Is any organisation safe from hackers?

This debate is now closed. Read a selection of your comments below.

Your reaction

You will never be able to control hackers' exploits on the 'net

Martin Leach, UK
You will never be able to control hackers' exploits on the 'net, based on the fact that anything that can be encoded, enciphered or encrypted can also, by definition, be decoded, deciphered or decrypted. This is just something we are all going to have to live with, unfortunately.
Martin Leach, UK

Windows is like a piece of Swiss cheese (it's full of holes). Hackers just show them where the holes are, and then they plug them.
A. Packet, UK

Some of the comments here claim that hackers/virus writers etc. are a serious and pervasive threat. I think the posters of these messages are probably not genuine but in fact represent vested interests (and there are a few of those around). Normal members of the public just don't think like that because they have seen hardly any signs of any such threat apart from empty media bluster. Anthony from Ramsgate says long-term imprisonment is a fit punishment for hackers. I don't think most people would agree that hackers should be treated more harshly than perpetrators of physical violence. There is an awful lot of nonsense spouted about this subject and the plain reason for this is that government and big media organisations are scared to death of a free internet and the empowerment it grants ordinary individuals like you and me.
Ralph Clark, UK

There is such an astonishing level of cluelessness out in the world

Andrew, Belgium
Microsoft are entirely to blame, not so much for their sloppy code but more for making computers easy enough even for the terminally clueless to use. Only last week I received a copy of the Sircam virus so I emailed the sender to tell him that he was infected, how to cleanse his machine and how to avoid sending out viruses in the future. So what did he do? He only went and double-clicked AGAIN on his original infected attachment, presumably to "see what would happen". What happened was that I and everyone else in his address book etc got ANOTHER copy of virus from him. There is such an astonishing level of cluelessness out in the world. Really. Let's go back to command line interfaces and assembler programming only, please. Keep the Internet Idiot Free!
Andrew, Belgium

Some companies do have known security issues on their internet facing computers, is it not these companies that should be punished as opposed to a bored teenager "hacker" who exploits it? Surely they fall foul of the data protection act by not adequately protecting "our" details that always seem to be revealed to the casual passer by!

I can't believe the cynical way in which the US government authorities acted

Steve Foley, USA
I can't believe the cynical way in which the US government authorities acted this time. The reason they made so much fuss is because the virus attacks their network, not 'the internet'. It specifically targets an IP address (that used to be the Whitehouse website, before they moved it) - meaning the packets soak their part of the internet.
Steve Foley, USA

It's interesting the FBI, BBC News, etc were portraying the CodeRed worm as such a problem, and have made users completely paranoid about the whole subject. Anyone within the IT industry knows that end users machines are not especially at risk unless they run a specific web server package and operating system. The media seem to have overlooked this fact in favour of a quick story. These attacks will always happen so long as people keep using the Internet; all organisations can do is to keep their web servers updated with the latest patches, and end-users should make sure they have their anti-virus software kept up to date at least once each week; and maybe the media should know what they are talking about before they make such a mountain out of a molehill.
Al Thompson, UK

Firstly, everyone (including the media) is mixing their terms. A "Hacker" is just a person who writes computer programs. Possibly a virus. but probably not. A "Cracker" is a person who gains access to computer system illegally. Code Red is only a problem for those people who are naive enough to use Microsoft's software. Switch to something secure like Debain - GNU/Linux or FreeBSD and leave your troubles behind you...
Danny Walker, N. Ireland

Sadly, the activities of high-tech vandals makes me think it is time for the internet to become more heavily policed

Nicholas Britton, Wales
One of the great things about the internet is its freedom from regulation. Sadly, the activities of high-tech vandals makes me think it is time for the internet to become more heavily policed. The rise in hacker and virus attacks is rising exponentially. At this rate, the cost to the public will mean that the police will be under increasing pressure to monitor our internet activity much more. This would be regrettable, but I think it will be necessary. It is a sad fact of life that whenever there is freedom, some people will abuse it.
Nicholas Britton, Wales

I think most people are confusing so-called 'hackers' with coders. The term 'hacker' normally represents someone who breaks into computer systems for fun etc. Coders/crackers or whatever are the real people behind this. They're just showing how badly windows application and o/s are programmed.
Inky, UK

Why isn't all anti-virus software free? Wouldn't it be in the interests of everybody if it were?
James Owen, UK

Hyping the hacker attacks is eventually going to lead to complacency. Code Red has received more press coverage than any other virus this year, yet it only affects a tiny number of computers when compared to the number of machines on the net. When Code Red panic has abated and the internet is still standing, people will be less inclined to listen when the next distributed denial of service virus attacks consumer desktop operating systems. That's the real doomsday scenario for the net. The media can cry wolf over Code Red, Melissa and SirCam but none of these viruses will be as devastating as what is to come.
Jeremy Fry, UK

As an active hacker employed legally I can vouch that 99% of internet facing systems are insecure

As an active hacker employed legally I can vouch that 99% of internet facing systems are insecure. It does not take long to get into most 'corporate' systems for the simple reason they are set up to make money and not to be secure, trustable systems. Until companies take security seriously (which costs a lot of money off the bottom-line) then the masses will not take to using the internet for financial transactions in a meaningful way.

People must remember that computers, software and technology are made by humans and are subject to fault. If you are a smart administrator, you would be up-to-date with your patches, have monitoring software, and use necessary precautions to guard your data. There will never be a 'meltdown' of the internet, as the TCP/IP protocol suite was developed for load problems such as the one predicted. Just sit back, relax, and install the patches if need be. You'll be fine.
Michael, USA

The Code Red worm, whether it only attacks servers or not, should be a warning to every computer user. If your computer is connected to the Internet you should have a firewall for security. It's no good sitting in a darkened corner blaming government for your own incompetence. If their are wolves in the vicinity you build a fence to keep them out. That's not the government's job - it is yours.
Roger Ivan Hart, UK

No computer system can ever be 100% safe. Moreover, hacking is the most effective anti-capitalist demonstration method available. As long as large corporations have internet presence, hackers are bound to continue to sabotage their systems. These companies will need to become increasingly vigilant, and possibly radically rethink the systems that they use to host their internet services.
Owen Upton, UK

The war is not made any easier by the horrendous lack of resources

A, United Kingdom
Hackers cannot be stopped per se; they will always be finding new and interesting ways to exploit the sloppy, poor quality programming that gets sold off these days. Whilst I do not feel we should give up our fight against them, and I agree that stiff penalties are the way forward, for the moment we must put vigilance first; this ideally means reading security journals, keeping software (particularly Internet-facing software) up to date, and ensuring your MIS department is doing its job. The number of companies who do not even have a firewall is absolutely staggering.
A, United Kingdom

It's going be kind of funny in a couple of days time when absolutely nothing has happened. Strangely enough all the people who are getting themselves in a sweat about code red are the same people that nearly had coronaries over Y2K. Oh, and Microsoft should have a look at Linux, it's only had 2 viruses, one made system changes, the next one fixed them.
Tim, UK

I wasn't surprised to see a lot of anti-Microsoft rhetoric posted, after all it is the fashionable thing to do. Microsoft brought simple computing to the masses. The reason hackers have exploited Window's "weaknesses" is because of the impact it will cause. If there was such an incentive to crack other OSs (Linux, Unix etc...) then they would be cracked too. Microsoft, as usual, is the victim of its own success.
Grant Valentine, UK

It makes me mad that people are happy to just point the finger at Microsoft. Probably the main reason that Microsoft software is the biggest target for hackers is that it is so widely distributed. So, John Collins, are you saying that if you closed all your doors and windows, you'd never be burgled? Not the case is it - no matter how you try and stop people getting in, someone will always find a way. Chances are - if you promote your house as being the most secure in the world, you'll get more people trying to break in. Microsoft are "the big boys" and so attract the most attackers.
Rob, UK

You've got to have some respect for the people who first discover these vulnerabilities and exploit them, their skills might be better put to use but it's talent none the less. The main problem is these exploits are then widely published on the internet with 10 steps on how to bring a server down which any idiot can follow, even worse off the shelf applications which these talent less script kiddies can use to great effect without the slightest understanding of how it works.
At the moment hacking is not treated seriously as a crime, we have to start looking at this as breaking and entering, just cause I might forget to lock my front door does not give you're the right to enter my house and go through my stuff, same is true with the internet.
Herrach, UK

So, the evil hackers have caused companies that base their infrastructure on Microsoft products to go to the wall. Hey, I think I just felt the world get lighter. This is natural selection in action, ladies and gentlemen.
Richard, UK

The fact is that the US govt is so paranoid about not being able to spy on it's own e-trafic, that it will not sanction the encryption standards necessary to market successful encryption and keep at bay the majority of hackers. The rest of the world will have to wait until a nuclear power plant goes up or something. Thanks again, US.
N Slater, UK

The reason hackers commit their crimes, and will go on to commit their crimes is due to popular underground culture. Just as a graffiti artist creates a piece of illegal art for others to enjoy, a hacker does the same thing but on a different canvas. Hacking is an art form and I respect those who can do it.
Dan, UK

Look at all recent virus outbreaks and you will see a pattern emerge - all involve Microsoft's products. Microsoft have some great products, but their saturation of the marketplace puts them in a position of responsibility that they need to take more seriously. Microsoft need to stop rushing half-baked versions of new products to the market and then relying on patches to fix them up afterwards. Hackers have never had it so good.
Jason, UK

The internet was not designed to be secure. It was not designed to connect millions of computers all over the world. It's about time that the internet itself is rewritten to cater for the new reality. A new infrastructure is needed to address the issues currently bugging the internet. No more emails from domains that don't even exist, or without a valid reply address. No DOS attacks. No IP spoofing. Until then, nobody can stop these problems.
Ramon Casha, Malta

"The sky is falling!" syndrome strikes again. It saddens me to see the BBC getting caught up in the hysteria surrounding the Code Red worm. Talk of the "meltdown" of the 'net is at best misguided and at worst outright wrong. I have no doubt that more traffic is being generated by panicked emails regarding this "threat" than by the worm itself. If this worm causes anything more than small-scale outages I shall eat my (Red) hat.
Ray W, Manchester

In response to Matt Law's comment - there is no proof this virus came from China, more likely it originates from a malicious individual (or government) elsewhere wishing to portray China as a malevolent nation for their own agenda. Reds under the bed again?
J Ford, UK

Most organisations do not take security seriously

Sascha Goldsmith, USA
Most organisations do not take security seriously. Witness how easily one "hacker" was able to gain access to 20% of all SQLServer databases in the US simply by typing in passwords that were pre-installed with the software and never changed. Your greatest safety on the Net is common sense and numbers. Why would someone attack YOUR computer? With a few sensible precautions, everyone should feel the liberating experience of zipping around the world without ever leaving one's chair.
Sascha Goldsmith, USA

When we speak about hackers and viruses, usually we are talking about those computer users who do such acts for malicious pleasure. Like graffiti artists of previous decades, most hackers "attack" web sites and servers for the thrill of breaking through security. And just as with graffiti artists, this problem cannot be completely eradicated, but only controlled with proper security measures - measures which are lacking in nearly every computer system. Yes, strict enforcement of computer crime laws will help, but hacking will continue to be a major threat until security on the internet improves.
Richard, Canada

Hacking is nothing but cowardly vandalism. Cowardly in the sense that it causes destruction to worldwide networks but no-one knows who you are.
Mark, UK

We should educate ordinary computer users about the dangers of viruses

Bilal Patel, London, UK
It is a hallmark of human creativity that it will find all sorts of ways to circumvent rules. So no, hackers cannot be stopped. Instead, we should educate ordinary computer users about the dangers of viruses and how to deal with them in e-mail attachments and so on. Most viruses spread because ordinary users are clueless about how they work.
Bilal Patel, London, UK

Hackers can't be stopped. Hackers invented computers - they were the inquisitive people who wanted to know how computers worked in the early days. They were the ones who built our computer world. They will ALWAYS find a way around the latest 'security' features of any new software. As companies and big corporations rely 100% on computers they need to be aware and invest far, far more money if they want to stand any chance of stopping hacker attacks.
James UK

If people insist on using insecure software (such as IIS) written by Microsoft, then people who create worms like Code Red will continue to easily exploit their portfolio of security holes.
Simon Heywood, England

Easily done, just remove China from the internet! I get the impression that their government isn't doing all it could to stop them, so, give them an incentive! Block their access to US and EU networks.
Matt Law, UK

Most 'Viruses' and 'Worms' that I have seen, including 'Code Red' exploit security holes in Microsoft Products. Those who run reliable software products are rarely - if ever - affected. This is probably due to anti-Microsoft sentiment in the hacker community, but is still due - in part - to Microsoft incompetence.
Zac, USA

The sites being hit at the moment are those who have failed to apply a patch that has been available for days. To put it simply, it is their own fault if they get hit. Organisations which take security seriously simply do not run IIS (the program affected by the worm in question). This piece of software has been the subject of countless security scares since it's inception. It's probably time for the site admins to consider moving to an alternative server platform, or get used to being called out in the middle of the night to mop up...
Zuccy, UK

The Code Red worm only affects web servers running Microsoft's IIS. Most of the world's web servers run Apache, which is not affected. There are two root causes for the current Code Red problem: yet more insecure code from Microsoft, and system administrators who fail to keep their servers up to date with security patches. So be alert, and choose your server software based on its safety record.
Stephen Judd, New Zealand

Until a further paradigm of software development is instigated I believe hacking is inevitable. It is a well-documented fact that no substantial computer system can be perfect. This is not through the fault of the development team, but due to the immense complexity of the task at hand and we have been in this "software crisis" for decades. Therefore if the systems are impossible to protect absolutely then I believe the best way to combat hacking is through tackling the motivations behind the hackers. Many want to demonstrate their abilities to earn kudos over peer competition, or to prove to themselves that they have one over the establishment. Media glamorisation of hacker culture does not help this situation, as it provides an anti-establishment image that many technically minded disillusioned youths find attractive.
J McCarten, UK

It totally depends on who the hackers are. It is probable that the hackers could be Chinese nationalists, or Middle Eastern terrorists, who do not like the West. In such a case, the only response may be retaliatory hacking.
Raj Patel, India

For once the blame does not lie with Microsoft. While the bug that the worm exploits is indeed a problem with Microsoft server software, they released a patch fixing the vulnerability more than a month before Code Red surfaced. The blame lies with the people whose job it is to look after Internet servers but have little understanding of basic network security practices. The machines they run are generally unpatched and therefore easy targets. While these untrained system administrators are clearly at fault, the responsibility lies with the people who pay them to do a job that they aren't doing properly. Unfortunately companies are often willing to employ relatively untrained and inexperienced people to run their networks and servers, partly because of the software vendors' insistence that their products are extremely easy to use. So perhaps the blame does lie with Microsoft after all.
Chris, UK

Computer viruses and other malignant items of code will never be stopped because to make a computer system so secure would render it far from user friendly. So much so in fact that it would slow down the work place in which it had been implemented to increase efficiency and this has been actually attributed to Microsoft's own security expert in a recent interview here.
Bob Baker, Canada

Microsoft software is just like leaving all your doors and windows open and then wondering why you get burgled all the time.
John Collins, UK

In short, no and no. It just has to be accepted that virtual distance (or the lack of it) makes it very easy to create havoc in almost no time at all - if you know what to do. The hackers just plain outnumber the defenders (if as in some cases they aren't actually the same people) and it's just a fact that any system that someone can legitimately access can also be illegitimately accessed. Them's just the facts. Luckily, however, most hackers seem to want to do little more than clown around - sometimes this e-vandalism is even funny.
Lee Churchman, Canada

It's unlikely that hacking and security vulnerabilities will ever go away as it's probably the nature of the business. The recent spate of web server and email viri/worms are firmly routed in Microsoft's incompetence and the placement of revenues before quality. There are other choices out there. It's time to stop letting Microsoft pass the buck and deflect the blame... the only way to get them to fix things is by effecting their bottom line and taking our custom elsewhere. According to Netcraft, Microsoft's IIS web server only accounts for a small part of the market, yet it causes the most problems!
Malc, Canada

Why don't Microsoft send a worm out to each vulnerable site that updates them with the security fix!!
Steve, UK

Nope, they can never be stopped, simply due to the fact, that we are all addicted to internet. More viruses/ worms will be written in the future, and they will get more sophisticated as time goes on. All the Anti-Virus people will only release patches once they are detected. Imagine the scenario, that computer virus start functioning like human ones, and get activated under certain circumstances. How will Mr Norton will deal with that. Basically Microsoft employers are not super humans, hence they will make mistakes, and that will cost us the user. Way out is stop using computer, now that's out of the question, so what you do, you learned to live with it !!!
Sat, UK

Hackers... get a life. Do something, make friends, go down the pub, etc. I'm sure your capable of it
Cathy, Australia

I think its hard to stop the Hackers, but the only way to cut down on them is to give them a punishment to fit the crime, by taking away their freedom and locking them up for a long time as an example.
Anthony, Ramsgate

See also:

30 Jul 01 | Sci/Tech
Internet's 'very real' virus threat
11 Feb 00 | UK
A - Z: Hack attack
27 Oct 00 | Sci/Tech
Hacking: A history
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Talking Point stories