Victim of its own success

Modern worms and viruses infect millions of PCs

Life without the internet is unimaginable for the millions who use it every day.

But one of the world's leading academics on the impact of the net warns we could be facing its destruction.

It is 20 years since the first incident of hacking. A student at Cornell University launched a worm that within a day had compromised an estimated 5-10% of all internet-connected machines.

That was in 1988, when there were about 60,000 computers connected to the internet.

The 23-year-old student responsible, Robert Tappan Morris, was given a $10,050 fine, three years probation and 400 hours of community service. He is now a professor at MIT and worth millions of dollars after selling a dot com company to Yahoo.

We have absolutely seen the drug trade equivalent Professor Jonathan Zittrain

But he was the first of a generation of hackers, who by and large subscribed to the idea "do no harm".

Hacking has changed and the public have not adjusted their PC's security to the threat of viruses, spam, worms, phishing and fraud. It is estimated that the number of PCs involved in botnets (networks of infected machines open to instruction by the creator of the code which infected them) is 100-150m, or a quarter of all PCs on the internet, as of early 2007.

Bad code used to be like graffiti; it is now like the drug trade, argues Jonathan Zittrain, professor of internet governance at the Oxford Internet Institute. He says the internet is fragile - and on the path to destruction.

Prof Zittrain, who is also the author of The Future Of The Internet And How To Stop It, says that from 1998, hacking exploded. It is now all about making money.

Hi-tech crime: A glossary Cracking hi-tech crime UK hacker's case before Law Lords

"We have absolutely seen the drug trade equivalent: the business model for infecting these machines either to steal their bandwidth and their processor power and sell it to the highest bidder to direct those machines to all try to load a single website at once to bring down that website, or we've started to see both the use of those zombie machines to send spam and to harvest personal details off those machines."

Losses from online credit card fraud alone totalled £212m in 2007, up 15% on 2006.

It is the web's very success - what Prof Zittrain calls its uncontrolled generativity (anyone can write or share programmes designed to do virtually anything they want to) - that he warns is also its Achilles' heel. And we are rapidly approaching meltdown.

The end may come as the weight of malicious code forces us into either a derailed internet or what he calls "sterile" technology like the iPhone.

"When you have a machine called the generic personal computer - your laptop - and it can wonderfully run any code you give it and the maker of the laptop has nothing to say about it that is also a real vulnerability," he explains.

That openness, that glorious interactivity and creativity, has its own vulnerabilities. With billions of people online, many of whom do not protect themselves properly, PCs are open to entertaining new software that immediately hands the keys to your kingdom to someone else.

"And then you get into a realm where I worry that the cure will be as bad as the problem," he says.

Cure for malware?

One version of that "cure", he believes, is the iPhone, created by Apple. Unlike the internet, the i-Phone is a proprietorial network. It may be beautifully designed, but there is no way for an owner to write their own, or add other people's programmes to it without Apple's express permission. And while that protects the integrity of the system from bad code - or malware - it also hands control to a large multinational corporation.

The other option, according to Professor Zittrain, is to decide this 30-year-old experiment called the internet was glorious while it lasted, but now it needs to be locked down. The need for stability is growing, he says.

As Prof Zittrain writes in the magazine Prospect, the internet has grown exponentially over the past 20 years, thanks to the fact that many people can build a platform and share what they do with others. But a lockdown on PCs "will eliminate much of what today we take for granted: a world in which mainstream technology can be influenced, even revolutionised out of left field".

A solution will have to be found that does not destroy the whole system. And it will have to be one that does not destroy the creativity and openness that made the internet such an enormous success in the first place.