|low graphics version | feedback | help|
|You are in: Talking Point|
Wednesday, 16 February, 2000, 12:00 GMT
Can the internet ever be secure?
With the recent cyber-attacks on commercial websites, such as Yahoo and Amazon, can the internet ever be a secure place?
The United States' Attorney-General, Janet Reno, has said that stopping crime on the Internet is one of the US government's top priorities.
She said technology had created new opportunities for criminals, and the US government was committed to making the Internet a secure place to do business.
But how can these attacks be stopped? How can the offenders be caught? In what way should they punished? Tell us what you think.
The recent internet attacks are not a security problem. Those are the physcholocal porblems of the poeple that are known as "hackers". These people want to show that they have the power to destroy such a big world wide technology. Hackers think that they are powerful, indeed they are the most ill-headed people who need urgent treatment.
Ebru Yildiz, Turkey
The "Internet security" through Encryption will make the Internet even harder to police by the cybercops. Security, Market place, Cyber- free-world:in speaking of the Internet it is impossible to move far from those words.
Tajudeen Isiaka, Nigeria
I understand the recent attacks were 'denial of service' attacks (i.e. Yahoo & Amazon were bombarded with more requests (maliciously and automatically generated in order to deny other users access). This type of attack does not pose a 'security' risk as such. Encryption technology over the Internet is secure. I'd much rather allow my credit card to be encrypted and passed over the Internet than quote it over the phone to buy tickets etc. or let a waiter disappear into a back room with my credit card.
Kevin Parker, UK
These 'denial of service' attacks are simply misuse of otherwise useful tools such as 'ping' and can anyone name a tool that cannot be misused to cause problems, a bread knife maybe? As for security when using the web, your credit card details (provided you use a secure connection) should be safer during transmission than if you used phone or fax. How they are dealt with at the other end depends on the company whose site it is, so to be safe why not just be as careful with your card details on-line as you are in the rest of your life.
There is no such thing as 100% secure, if a shop was 100% secure then no one would be able to get in or out. One good thing about this attack is that it has increased awareness of how insecure the system is. If no one committed an attack, people would be thinking that it is perfectly safe and would be vulnerable.
Lau Gainpaulsingh, UK
Like everything else, nothing can be totally foolproof where money is concerned, material benefits or simply the desire to exercise control over others. All we can realistically do is minimise the security threat and be prepared for trouble. Meanwhile what if we recruited hackers to develop software that is, okay, 'virtually' hack-proof? We could, perhaps, award prizes for the most ingenious programmes.
Simon Cameron, UK
Top U.S. law enforcement officers declare internet vandals a top priority? Very Cool! Internet vandals, Colombian drug cartels and Russian Mafia should now all sleep well. The big business sites are occupying space on the internet free of charge and they want more control. They'll be more comfortable if they can turn it all into private property like their super malls so they can ban kids under trespass acts. The only question I have is whether some of the more extreme respondents here are willing to implement capital punishment for the equivalent of soaping their windows on hallowe'en.
Edward Pickersgill, Canada
Only to a healthy degree. A good analogy is biology: As a virus evolves, new defenses rise to meet it. Which in turn spawns ever renewed cycles of conflict. The "wits" of both camps are sharpened,and all victories are but temporary.
Robert Farrell, USA
What we want in a technology is convenience and wide accessibility, but not at the expense of privacy and security. Recent website attacks point to the areas of vulnerability. We're still learning about what we have and how to protect what we have. Hackers are now a fact of life, and will always try to be a step ahead, looking at our security measures as a series of challenges. It is naive to think that a technology so freely and widely accessible to countless millions will ever remain secure from prying incursions. All we can do is to recognize it and prepare accordingly
Dr Riz Rahim, USA
Security on the internet is not just the responsibility of large organisations but of all users. We all have locks on our homes, alarms on our cars and safe storage for valuables. Yet how many of you bother to encrypt files on your PC? What about emails you send? It is everyone's responsibility.
S. Neely, Scotland
What if the hackers turn out to be 10 years old? Are we going to give them life in prison? Don't be ridiculous. The fitting and most effective punishment would be to bar them from the internet until they become adults. This would also be the best deterrent. But to be an effective deterrent, people need to know what the punishment is before they think about committing the crime. Does anyone know of a web site that tells you what the laws are regarding use and misuse of the internet? For all we know, the hackers might have thought they were committing a harmless prank.
Paul White, USA
Can there ever be a safe zone with technology advancing at such a rapid rate, as is the case with the net? In this technological age that we are living in, it would be difficult to develop the necessary protective tools for monitoring and protecting internet related information. The net is a living creature and it is growing stronger daily and there is nothing that can be done to curb or hinder this growth. All users of the net surfers and businesses alike must simply do what they can to protect themselves.
As Germany discovered, you can build massive walls to keep people out. However, you never can. People will jump the wall, dig under it, etc. Internet companies have horribly lax security. They need to fix it, credibility for these companies is absolutely essential.
Jonathan Brensley, Australia
Given that most teenagers can learn how to launch a "denial-of-service" attack in ten minutes, we should be glad that so few of them do. Should Netscape become desperate in its war with Microsoft, might they begin recruiting teenagers to attack Microsoft's sites?
Wayne Wilner, USA
Odd how many people worry about their credit card details going down the line via the net, yet don't blink at the swiping of the card and the copying of the embossed details in any garage or take-out! Life is based on trust, not on security. Hospitals, schools, and shops are all founded on the basis we'll act reasonably. I'm always amazed so many people do... arguably, crime levels are relatively low, considering the potential. Likewise, e-crimes. They'll persist, but not take over. And systems will be more intelligent in future.
The Internet is still in its infancy and is obviously going through some growing pains. Most people still only use the Net for entertainment, novel value, viewing porn and sending and receiving email. It took brick-and-mortar businesses close to a century to get to where they are now. Why should the Net be any different for businesses? I think it will be at least 5-10 years before the benefits of the Net for secure business transactions start appearing. Hacking is a roadblock and nothing more. Compare it to a stagecoach hold-up in the Wild West. The West was still won was it not?
Srinivas Rangaraj, Canada
All companies which put sites into a public domain, i.e. on the Internet are responsible for making sure that those sites are secure. It is simply not acceptable to pass that responsibility to anyone else, the "someone should do something about it" mentality, in the same way you lock your car when leaving it in the street at night.
All companies running firewall software or hardware to protect from malicious attacks must have realistic expectations of those systems and take reasonable steps themselves to make sure that valuable data is not left on systems accessible in any way from the Internet.
Alan Stanley, United Kingdom
It's all very well for the US government to say they are serious about Internet security, and yet they ban the export of encryption technologies - operating systems shipped outside the US do not include this feature!
The main problem with Internet security is that the technologies behind it were designed for convenience, not security. New software bugs are being discovered all the time, and the cleverest hackers are always capable of exploiting them. Many Internet sites are not well versed in computer security issues (it's a HUGE issue that goes way beyond such obvious tactics as choosing good passwords), which only makes things worse.
Secure encryption technologies need to be made freely available, companies need to be EDUCATED and a lot of operating system software needs to be re-written from scratch; then, maybe the Internet will be sufficiently secure.
Ed Bayley, USA (English)
I work for virgin.net and have seen the problems and misery hackers caused to our customers. NOT ONLY DID THEY AFFECT the trust but loyalty which our firm offers. The government should give life sentences to hackers or hire them to tell us how they get in!!!!!
Ian Griffiths, Wales
As long as there are profits to be made there will be people who will break into the Net. The best you can do is hire hackers to combat the hackers that would do harm.
I cannot believe this is happening in the 21st century. All these IT people spending millions of dollars on building high network of IT industry. I hear them boasting of the accomplishments in the Silicon Valley and all over the country and yet they are so vulnerable to silly crimes of hackers.
Shouldn't someone step up and do something about hackers and petty criminals? More and more people relying on Internet for day-trading, research, even jobs, government agencies etc. With so much at stake, a minor action of hackers can disrupt our daily prceedings - it's unbelievable!
Reetu Rajpoot, USA
If society and humans were safe then the internet would be. Unfortunately they're not. Safety on the internet, like any other area of life, is going to always have its fair share of problems.
C Powell, Britain
The type of attack used on Yahoo et al is an exploit of a both a design flaw in how the internet communicates, and lazy network administration.
There is a command to see if an internet connected computer is capable of communicating called 'ping'. In normal use one computer would say "to prove you are there, repeat: testing testing" and the response would be "I am here, you said: testing testing".
The exploit is that if the attacker makes it seem that the target sent the 'are you there' request to a huge number of computers (A broadcast) all the computers who heard it blindly reply to the apparent source. This jams the connection between the target and the rest of the internet, as well as slowing it down for everyone else.
There is no way of blocking this at the target, it must be fixed on the computers that received the broadcast.
Ian Clark, UK
I have had my own website hacked. The problem was, the hacker was 15, and lived in Israel, and was to all intents and purposes, untouchable. When the Israelis heard it was a personal site on geocities, they practically put the phone down on me.
My example was a minor incident, but there have been much more serious cases. When this occurs, we need this crime to be dealt with by an international body such as the UN with the power to actually punish those responsible rather than pretend they have the power.
Alex Banks, Wales
Asking if the internet can be a ever be secure is like asking if the world can ever be secure. The losers who carry out these attacks are the same as the sad losers in life who carry out any other form of crime. They display all the same symptoms of the dysfunctional behaviour seen in vandals, muggers and thieves. There is no glamour associated with these crimes and we should treat the hackers in the same way. The internet is no longer the preserve of a technical clique. It belongs to every human being who is learning, trading and developing through the medium.
Surely not another reason for UK businesses to procrastinate about getting connected? I find it deeply disturbing how many ageing IT sceptic business managers in the UK are putting off getting properly connected because of vague unfounded security concerns. If done properly by trained professionals, getting connected to the net poses far less of a security threat than the front door of the building.
There's a saying in the security business, that "100% security=0% productivity". The skill is in achieving a balance between security and usability. If you make things secure but complicated to use, people are tempted into coming up with their own work-rounds - things like writing long passwords down to help them remember them - which, paradoxically, make things less secure. We need balance and responsibility, not obsessive security, and definitely not Government-mandated security!
Pete Morgan-Lucas, UK
The hysteria surrounding this "attack" is staggering in itself. In essence, the effect was no worse than the telephone system being clogged up on new year's eve, or a concert venue being busy when the latest pop "sensation" hits town! It was not a security breach - no data was stolen, no-one's privacy was invaded. Contrast that with the UK government's attempts to do both with their latest interception bill.
Chris D'Arcy, UK
Can life ever be safe and secure? Those who expect safety and security are doomed to disappointment.
Richard T. Ketchum, USA
Yes the internet can become safe but only it the large computer companies like Sun, Microsoft, Oracle and Netscape want it to be. They are the people with the know how to control the internet.
John Donnelly, Ireland
I never use the internet to shop because of the concern of someone getting my credit card number. The thing is that I don't need to, if I want something I go out and get it, it means I don't have any extortionate delivery charges to pay plus time online. It doesn't bother me.
The internet today is like banking 100 years ago. Poor security-hence many hold-ups. Within the next 5 years, firewalls and security-combined with the change in the way internet will be supplied, will make it much safer. Yes the internet is here to stay, e-commerce will boom.
Once again the mainstream media misuse the term "hacker". A true hacker is someone who writes clever or innovative software. Whoever carried out these attacks should be regarded as nothing more than vandals.
Phil H, UK
The Internet can be just as secure as conventional communication systems, now that the US had unveiled plans to relax laws on exporting encrypted information. On-line stores also have the added advantage that they do not suffer from shoplifting.
The recent attacks on Yahoo do not pose as much of a security problem as people would believe. These attacks were simply "denial-of-service" attacks, where no sensitive information was released.
Paul Shipley, England
No, it can't be totally secure, just like the real world. In both you will always get people who enjoy vandalism and mindless destruction.
Andrew Dowle, UK
The only way to beat these attacks is to develop the sophistication of their defences. Unfortunately you simply cannot act otherwise; it is just not possible to restrict individuals doing this within the current technical framework of the internet. It find it unbelievable that these companies with their millions of dollars worth of technical staff and infrastructure are at all vulnerable to lone hackers. And what about the much vaunted firewall products by firms like Cisco, Juniper and Nortel? From what I've seen of the product literature, these attacks should have been almost impossible
George W, UK
I'm a computer professional who's had to deal with small-scale hacking myself recently. Attacks on commercial targets like this are malicious and should be prosecuted to the full force of the law. New agencies need to be in place to deal with such activity, and once caught hackers should be treated in the same way as their real worlds counterparts (i.e. - bank robbers, vandals, muggers), and face heavy fines, prison sentences, and confiscation of equipment/assets. Maybe then this underground ideal that hacking networks is fun, or shows off your skills, might think twice in the future. The bottom line is that the internet will never be secure, so strong encryption should be freely available to all!
Martin Dart, Oxford, UK
E-commerce is as safe if not safer than fax/telephone based commerce. How many people consider who could read a faxed order before it is processed or who can tap into a phone conversation.
M Ridcully, UK
Security is relative. The recent "denial-of-access" attack on Yahoo can hardly be described as a security problem. Is a physical shop secure? You can suffer from all sorts of insecurities in a shop, from falling down the stairs to be being robbed. I don't think the internet will be a 100% 'secure' place (whatever that might mean), like telephone services aren't 100% secure, or electricity services, or banking services. Like any other form of criminal activity, crime on the internet should be punished and when the medium matures, so will laws protecting people from crime on the internet.
Martin ten Napel, The Netherlands
Links to other Talking Point stories
|^^ Back to top
News Front Page | World | UK | UK Politics | Business | Sci/Tech | Health | Education | Entertainment | Talking Point | In Depth | AudioVideo
To BBC Sport>> | To BBC Weather>>
© MMIII | News Sources | Privacy