Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Talking Point
Front Page 
UK Politics 
Talking Point 
In Depth 
Wednesday, 16 February, 2000, 12:00 GMT
Can the internet ever be secure?

With the recent cyber-attacks on commercial websites, such as Yahoo and Amazon, can the internet ever be a secure place?

The United States' Attorney-General, Janet Reno, has said that stopping crime on the Internet is one of the US government's top priorities.

She said technology had created new opportunities for criminals, and the US government was committed to making the Internet a secure place to do business.

But how can these attacks be stopped? How can the offenders be caught? In what way should they punished? Tell us what you think.

Your Reaction

The recent internet attacks are not a security problem. Those are the physcholocal porblems of the poeple that are known as "hackers". These people want to show that they have the power to destroy such a big world wide technology. Hackers think that they are powerful, indeed they are the most ill-headed people who need urgent treatment.
Ebru Yildiz, Turkey

The "Internet security" through Encryption will make the Internet even harder to police by the cybercops. Security, Market place, Cyber- free-world:in speaking of the Internet it is impossible to move far from those words.
Tajudeen Isiaka, Nigeria

I'd much rather allow my credit card to be encrypted and passed over the Internet than quote it over the phone to buy tickets etc. or let a waiter disappear into a back room with my credit card.
Kevin Parker, UK
I understand the recent attacks were 'denial of service' attacks (i.e. Yahoo & Amazon were bombarded with more requests (maliciously and automatically generated in order to deny other users access). This type of attack does not pose a 'security' risk as such. Encryption technology over the Internet is secure. I'd much rather allow my credit card to be encrypted and passed over the Internet than quote it over the phone to buy tickets etc. or let a waiter disappear into a back room with my credit card.
Kevin Parker, UK

These 'denial of service' attacks are simply misuse of otherwise useful tools such as 'ping' and can anyone name a tool that cannot be misused to cause problems, a bread knife maybe? As for security when using the web, your credit card details (provided you use a secure connection) should be safer during transmission than if you used phone or fax. How they are dealt with at the other end depends on the company whose site it is, so to be safe why not just be as careful with your card details on-line as you are in the rest of your life.

There is no such thing as 100% secure, if a shop was 100% secure then no one would be able to get in or out. One good thing about this attack is that it has increased awareness of how insecure the system is. If no one committed an attack, people would be thinking that it is perfectly safe and would be vulnerable.
Lau Gainpaulsingh, UK

Like everything else, nothing can be totally foolproof where money is concerned, material benefits or simply the desire to exercise control over others. All we can realistically do is minimise the security threat and be prepared for trouble. Meanwhile what if we recruited hackers to develop software that is, okay, 'virtually' hack-proof? We could, perhaps, award prizes for the most ingenious programmes.
Simon Cameron, UK

Top U.S. law enforcement officers declare internet vandals a top priority? Very Cool! Internet vandals, Colombian drug cartels and Russian Mafia should now all sleep well. The big business sites are occupying space on the internet free of charge and they want more control. They'll be more comfortable if they can turn it all into private property like their super malls so they can ban kids under trespass acts. The only question I have is whether some of the more extreme respondents here are willing to implement capital punishment for the equivalent of soaping their windows on hallowe'en.
Edward Pickersgill, Canada

Only to a healthy degree. A good analogy is biology: As a virus evolves, new defenses rise to meet it. Which in turn spawns ever renewed cycles of conflict. The "wits" of both camps are sharpened,and all victories are but temporary.
Robert Farrell, USA

What we want in a technology is convenience and wide accessibility, but not at the expense of privacy and security. Recent website attacks point to the areas of vulnerability. We're still learning about what we have and how to protect what we have. Hackers are now a fact of life, and will always try to be a step ahead, looking at our security measures as a series of challenges. It is naive to think that a technology so freely and widely accessible to countless millions will ever remain secure from prying incursions. All we can do is to recognize it and prepare accordingly
Dr Riz Rahim, USA

Security on the internet is not just the responsibility of large organisations but of all users. We all have locks on our homes, alarms on our cars and safe storage for valuables. Yet how many of you bother to encrypt files on your PC? What about emails you send? It is everyone's responsibility.
S. Neely, Scotland

What if the hackers turn out to be 10 years old? Are we going to give them life in prison?
Paul White, USA
What if the hackers turn out to be 10 years old? Are we going to give them life in prison? Don't be ridiculous. The fitting and most effective punishment would be to bar them from the internet until they become adults. This would also be the best deterrent. But to be an effective deterrent, people need to know what the punishment is before they think about committing the crime. Does anyone know of a web site that tells you what the laws are regarding use and misuse of the internet? For all we know, the hackers might have thought they were committing a harmless prank.
Paul White, USA

Can there ever be a safe zone with technology advancing at such a rapid rate, as is the case with the net? In this technological age that we are living in, it would be difficult to develop the necessary protective tools for monitoring and protecting internet related information. The net is a living creature and it is growing stronger daily and there is nothing that can be done to curb or hinder this growth. All users of the net surfers and businesses alike must simply do what they can to protect themselves.
Adrian, Barbados

As Germany discovered, you can build massive walls to keep people out. However, you never can. People will jump the wall, dig under it, etc. Internet companies have horribly lax security. They need to fix it, credibility for these companies is absolutely essential.
Jonathan Brensley, Australia

Given that most teenagers can learn how to launch a "denial-of-service" attack in ten minutes, we should be glad that so few of them do. Should Netscape become desperate in its war with Microsoft, might they begin recruiting teenagers to attack Microsoft's sites?
Wayne Wilner, USA

Odd how many people worry about their credit card details going down the line via the net, yet don't blink at the swiping of the card and the copying of the embossed details in any garage or take-out! Life is based on trust, not on security. Hospitals, schools, and shops are all founded on the basis we'll act reasonably. I'm always amazed so many people do... arguably, crime levels are relatively low, considering the potential. Likewise, e-crimes. They'll persist, but not take over. And systems will be more intelligent in future.
Trevor, England

The Internet is still in its infancy and is obviously going through some growing pains. Most people still only use the Net for entertainment, novel value, viewing porn and sending and receiving email. It took brick-and-mortar businesses close to a century to get to where they are now. Why should the Net be any different for businesses? I think it will be at least 5-10 years before the benefits of the Net for secure business transactions start appearing. Hacking is a roadblock and nothing more. Compare it to a stagecoach hold-up in the Wild West. The West was still won was it not?
Srinivas Rangaraj, Canada

All companies which put sites into a public domain, i.e. on the Internet are responsible for making sure that those sites are secure. It is simply not acceptable to pass that responsibility to anyone else, the "someone should do something about it" mentality, in the same way you lock your car when leaving it in the street at night.
All companies running firewall software or hardware to protect from malicious attacks must have realistic expectations of those systems and take reasonable steps themselves to make sure that valuable data is not left on systems accessible in any way from the Internet.
Alan Stanley, United Kingdom

The main problem with Internet security is that the technologies behind it were designed for convenience, not security.
Ed Bayley, USA (English)
It's all very well for the US government to say they are serious about Internet security, and yet they ban the export of encryption technologies - operating systems shipped outside the US do not include this feature!
The main problem with Internet security is that the technologies behind it were designed for convenience, not security. New software bugs are being discovered all the time, and the cleverest hackers are always capable of exploiting them. Many Internet sites are not well versed in computer security issues (it's a HUGE issue that goes way beyond such obvious tactics as choosing good passwords), which only makes things worse.
Secure encryption technologies need to be made freely available, companies need to be EDUCATED and a lot of operating system software needs to be re-written from scratch; then, maybe the Internet will be sufficiently secure.
Ed Bayley, USA (English)

I work for and have seen the problems and misery hackers caused to our customers. NOT ONLY DID THEY AFFECT the trust but loyalty which our firm offers. The government should give life sentences to hackers or hire them to tell us how they get in!!!!!
Ian Griffiths, Wales

As long as there are profits to be made there will be people who will break into the Net. The best you can do is hire hackers to combat the hackers that would do harm.
Dave, USA

With so much at stake, a minor action of hackers can disrupt our daily prceedings - it's unbelievable!
Reetu Rajpoot, USA
I cannot believe this is happening in the 21st century. All these IT people spending millions of dollars on building high network of IT industry. I hear them boasting of the accomplishments in the Silicon Valley and all over the country and yet they are so vulnerable to silly crimes of hackers.
Shouldn't someone step up and do something about hackers and petty criminals? More and more people relying on Internet for day-trading, research, even jobs, government agencies etc. With so much at stake, a minor action of hackers can disrupt our daily prceedings - it's unbelievable!
Reetu Rajpoot, USA

If society and humans were safe then the internet would be. Unfortunately they're not. Safety on the internet, like any other area of life, is going to always have its fair share of problems.
C Powell, Britain

The type of attack used on Yahoo et al is an exploit of a both a design flaw in how the internet communicates, and lazy network administration.
There is a command to see if an internet connected computer is capable of communicating called 'ping'. In normal use one computer would say "to prove you are there, repeat: testing testing" and the response would be "I am here, you said: testing testing".
The exploit is that if the attacker makes it seem that the target sent the 'are you there' request to a huge number of computers (A broadcast) all the computers who heard it blindly reply to the apparent source. This jams the connection between the target and the rest of the internet, as well as slowing it down for everyone else.
There is no way of blocking this at the target, it must be fixed on the computers that received the broadcast.
Ian Clark, UK

I have had my own website hacked. The problem was, the hacker was 15, and lived in Israel, and was to all intents and purposes, untouchable. When the Israelis heard it was a personal site on geocities, they practically put the phone down on me.
My example was a minor incident, but there have been much more serious cases. When this occurs, we need this crime to be dealt with by an international body such as the UN with the power to actually punish those responsible rather than pretend they have the power.
Alex Banks, Wales

The losers who carry out these attacks are the same as the sad losers in life who carry out any other form of crime.
Asking if the internet can be a ever be secure is like asking if the world can ever be secure. The losers who carry out these attacks are the same as the sad losers in life who carry out any other form of crime. They display all the same symptoms of the dysfunctional behaviour seen in vandals, muggers and thieves. There is no glamour associated with these crimes and we should treat the hackers in the same way. The internet is no longer the preserve of a technical clique. It belongs to every human being who is learning, trading and developing through the medium.

Surely not another reason for UK businesses to procrastinate about getting connected? I find it deeply disturbing how many ageing IT sceptic business managers in the UK are putting off getting properly connected because of vague unfounded security concerns. If done properly by trained professionals, getting connected to the net poses far less of a security threat than the front door of the building.
Cris, USA

There's a saying in the security business, that "100% security=0% productivity". The skill is in achieving a balance between security and usability. If you make things secure but complicated to use, people are tempted into coming up with their own work-rounds - things like writing long passwords down to help them remember them - which, paradoxically, make things less secure. We need balance and responsibility, not obsessive security, and definitely not Government-mandated security!
Pete Morgan-Lucas, UK

The hysteria surrounding this "attack" is staggering in itself. In essence, the effect was no worse than the telephone system being clogged up on new year's eve, or a concert venue being busy when the latest pop "sensation" hits town! It was not a security breach - no data was stolen, no-one's privacy was invaded. Contrast that with the UK government's attempts to do both with their latest interception bill.
Chris D'Arcy, UK

Can life ever be safe and secure? Those who expect safety and security are doomed to disappointment.
Richard T. Ketchum, USA

Yes the internet can become safe but only it the large computer companies like Sun, Microsoft, Oracle and Netscape want it to be. They are the people with the know how to control the internet.
John Donnelly, Ireland

I never use the internet to shop because of the concern of someone getting my credit card number. The thing is that I don't need to, if I want something I go out and get it, it means I don't have any extortionate delivery charges to pay plus time online. It doesn't bother me.
Luke, GB

The internet today is like banking 100 years ago. Poor security-hence many hold-ups.
Deepak, Canada
The internet today is like banking 100 years ago. Poor security-hence many hold-ups. Within the next 5 years, firewalls and security-combined with the change in the way internet will be supplied, will make it much safer. Yes the internet is here to stay, e-commerce will boom.
Deepak, Canada

Once again the mainstream media misuse the term "hacker". A true hacker is someone who writes clever or innovative software. Whoever carried out these attacks should be regarded as nothing more than vandals.
Phil H, UK

The Internet can be just as secure as conventional communication systems, now that the US had unveiled plans to relax laws on exporting encrypted information. On-line stores also have the added advantage that they do not suffer from shoplifting.
The recent attacks on Yahoo do not pose as much of a security problem as people would believe. These attacks were simply "denial-of-service" attacks, where no sensitive information was released.
Paul Shipley, England

No, it can't be totally secure, just like the real world. In both you will always get people who enjoy vandalism and mindless destruction.
Andrew Dowle, UK

It find it unbelievable that these companies with their millions of dollars worth of technical staff and infrastructure are at all vulnerable to lone hackers
George W, UK
The only way to beat these attacks is to develop the sophistication of their defences. Unfortunately you simply cannot act otherwise; it is just not possible to restrict individuals doing this within the current technical framework of the internet. It find it unbelievable that these companies with their millions of dollars worth of technical staff and infrastructure are at all vulnerable to lone hackers. And what about the much vaunted firewall products by firms like Cisco, Juniper and Nortel? From what I've seen of the product literature, these attacks should have been almost impossible
George W, UK

I'm a computer professional who's had to deal with small-scale hacking myself recently. Attacks on commercial targets like this are malicious and should be prosecuted to the full force of the law. New agencies need to be in place to deal with such activity, and once caught hackers should be treated in the same way as their real worlds counterparts (i.e. - bank robbers, vandals, muggers), and face heavy fines, prison sentences, and confiscation of equipment/assets. Maybe then this underground ideal that hacking networks is fun, or shows off your skills, might think twice in the future. The bottom line is that the internet will never be secure, so strong encryption should be freely available to all!
Martin Dart, Oxford, UK

E-commerce is as safe if not safer than fax/telephone based commerce.
M Ridcully, UK
E-commerce is as safe if not safer than fax/telephone based commerce. How many people consider who could read a faxed order before it is processed or who can tap into a phone conversation.
M Ridcully, UK

Security is relative. The recent "denial-of-access" attack on Yahoo can hardly be described as a security problem. Is a physical shop secure? You can suffer from all sorts of insecurities in a shop, from falling down the stairs to be being robbed. I don't think the internet will be a 100% 'secure' place (whatever that might mean), like telephone services aren't 100% secure, or electricity services, or banking services. Like any other form of criminal activity, crime on the internet should be punished and when the medium matures, so will laws protecting people from crime on the internet.
Martin ten Napel, The Netherlands

Search BBC News Online

Advanced search options
Launch console

See also:
09 Feb 00 |  Business
FBI targets net saboteurs

Internet links:

The BBC is not responsible for the content of external internet sites

More Talking Point debates
E-commerce: Will it change your life?
Are President Mugabe's days numbered?
Can Islamic government work?
Is your boss a bully?
Is football too violent?
Were Nigeria robbed?
Haider: Is Europe over-reacting?
Your tributes to the creator of Peanuts
Is the UK a 'soft touch'?
Can the peace process be salvaged?
Should Israel pull out of Lebanon?

Links to other Talking Point stories