The MyDoom Effect: Crossing the Line into Terrorism
What if a known terrorist organization now makes use of the backdoors created by the MyDoom worm to attack government sites? Worse, what if this terrorist organization can now take down the security systems for power grids, aviation firms or law enforcement organizations? Once a known backdoor is open, there are no rules surrounding who uses it.
Last Thursday morning, the topic on the Today Show was the MyDoom worm. Matt Lauer, one of the show's two anchors, was interviewing an Internet expert and asked a question near and dear to my own heart: "Is this new virus cyberterrorism?" The expert said no, it was more like cyber vandalism. Clearly, IT experts are seeing a difference that many reporters and I don't see anymore. Even the Terrorism Research Center is now tracking the MyDoom virus.
I think of vandalism as something someone does to someone else's property that visibly defaces it. In the online world, that, to me, would be parallel with defacing a Web site. But what if someone went into a medical site and changed a critical recommendation, switched one drug for another, and someone who used that information died? Would that still be vandalism or terrorism?
Now vandalism, as defined by the American Heritage Dictionary, is the "willful or malicious destruction of public or private property." This doesn't seem to fit well to me because the MyDoom worm is not just a personal attack against SCO and Microsoft, but it is also an attack on the millions of users of Microsoft products, particularly users who don't have sophisticated security measures in place, like children, small-business owners and the elderly.
So what is the definition of terrorism? According to the same dictionary, it is "the unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intent of intimidating or coercing societies or governments, often for ideological or political reasons."
Just as it did last year in my TechNewsWorld column "Pros, Priests and Zealots: The Three Faces of Linux," this still sounds like a match to me. Whether you agree with that definition or not, you can define cyberterrorism, at least according to AskJeeves, as "an assault on electronics communications networks." When we look back on history, we'll see the MyDoom worm as a classic example of cyberterrorism.
Attack on SCO or Attack on US
What I find particularly despicable is the nature of this worm that turns innocent computer users into soldiers for a cause. This worm turns their PCs into attack platforms focused on SCO, and -- with the MyDoom.B variant -- on Microsoft.
But what I find really amazing are some of the comments coming from the Linux community. As reported in Wired, some Linux advocates are saying they would load this virus "gladly" just so they could harm strangers who did nothing more than work for SCO or run an OS they don't like. The words "civil liability" come to mind, and this is one of the few instances in which I hope the legal community sees blood in the water and does something meaningful with class-action litigation. We are talking about billions of dollars in damages.
I hold dear the right to choose the products I use and to feel safe from attack in my home. The ability to open e-mailed files from friends is an important part of my life. This attack has been as much against my rights as it has been against SCO or Microsoft.
After this worm attack, I will no longer look at Linux in the same way again. I mean, if the product is a good product, then why should I be forced to move to it against my will? Over the last few months, I've learned of several companies that have begun to move down the Linux path -- only to reverse direction because of technology, legal problems or the out-of-control advocates who are giving Linux advocacy a bad name.
You won't hear of these firms by name because they are afraid that if they were to go public, they would be attacked mercilessly by the Linux community. For these companies, freedom of speech is now a distant memory denied to them by these Linux thugs.
Opening Opportunities for Terrorists
This attack might not be enough to galvanize the nation against this sort of thing. Then again, as I was writing this, I received a notification from Symantec that it was tracking activity that suggests those who wrote the virus, or someone else, are now scanning for port 3127 in an attempt to take control of the thousands of machines infected by the worm. The results likely will not be pleasant.
This scenario suggests a "what if." What if a known terrorist organization now makes use of the backdoors created by the MyDoom worm to attack government sites? Worse, what if this terrorist organization can now take down the security systems for power grids, aviation firms or law enforcement organizations? Once a known backdoor is open, there are no rules surrounding who uses it or what they use it for. The end result could be truly catastrophic.
If you think this is unlikely to happen, wander over to The Register and read about a briefing from the FBI. Also, be aware that the U.S. government just rolled out a Cyber Alert system that mirrors its physical terrorist alert system . The government is clearly getting serous about these threats.
The Only Viable Solution?
So, what do we need to do? Personally, I think it is high time we bite the bullet and move to some form of real user authentication. Whether to protect ourselves from a worm like MyDoom -- clearly, there will be more such worms in the works -- or to protect our children from predators, we need to know that the people we are communicating with in cyberspace are really who we think they are.
And people need to be held accountable for the damage they do, regardless of who they victimize. Too often are the elderly preyed upon by scam artists claiming to be what they aren't and taking away the financial security that these folks have worked so hard to achieve. Too often are children approached by predators who prey on their inexperience to violate them verbally. And too often are our identities stolen by communications that appear to come from trusted sources.
An increased focus on trusted computing has never been more important than it is now, and it could be the only way to stop the spread of future worms. In the end, regardless of who does it, this kind of terrorist behavior is unacceptable. And if we don't do something meaningful to stop it now, we will be as much at fault as the perpetrators.
Rob Enderle, a TechNewsWorld columnist, is the Principal Analyst for the Enderle Group, a company founded on the concept of providing a unique perspective on personal technology products and trends.