The computer security breaches that included the much- debated distributed denial of service (DDoS) attacks, some of which were attributed to a
Canadian teen masquerading in cyberspace as “Mafiaboy,” the Philippinegenerated “Love Bug,” and the “Killer Resume” e- mail attacks that wreaked
havoc on world computer networks, were, in addition to being attentiongrabbing headlines, loud wake- up bells. Not only did these incidents expose
law enforcement agencies’ lack of expertise in digital forensics, they also alerted
a complacent society to the weaknesses in the computer network infrastructure, the poor state of the nation’s computer security preparedness, the little
knowledge many of us have about computer security and the lack of efforts to
secure computer system infrastructure at that time.1 They also highlighted
the vulnerability of cyberspace businesses including critical national infrastructures like power grids, water systems, financial institutions, communication systems, energy, public safety, and all other systems run by computers
that foreign governments or cyber terrorists could attack via the Internet.
In fact, the “Love Bug’s” near- lightning strike of global computers, its
capacity to penetrate the world’s powerful government institutions with
impunity, though by its very origin very unsophisticated, and the easy and
rapid spread of the “Killer Resume” virus, although it attacked during off- peak
hours, showed how easy it was and still is to bring the world’s computer infrastructure and all that depend on it to a screeching stop. They also demonstrated
how the world’s computer networks are at the mercy of not only affluent preteens and teens, as in the case of Mafiaboy, but also of the not so affluent, as
in the case of the Philippine “Love Bug” creator. With national critical systems
on the line, sabotage should no longer be expected to come from only known
high- tech and rich countries but from anywhere, the ghettos of Manila and
the jungles of the Amazon included.
As computer know- how and use spreads around the world, so do the dangers of computer attacks. How on earth did we come to this point? We are a
smart people that designed the computer, constructed the computer communication network, and developed the protocols to support computer communication, yet we cannot safeguard any of these jewels from attacks, misuse, and
abuse. One explanation might be rooted in the security flaws that exist in the
computer communication network infrastructures, especially the Internet.
Additional explanations might be: users’ and system administrators’ limited
knowledge of the infrastructure, society’s increasing dependence on a system
whose infrastructure and technology it least understands, lack of long- term
plans and mechanisms in place to educate the public, a highly complacent
society which still accords a “whiz kid” status to cyber vandals, inadequate
security mechanisms and solutions often involving no more than patching
loopholes after an attack has occurred, lack of knowledge concerning the price
of this escalating problem, the absence of mechanisms to enforce reporting of
computer crimes (which is as of now voluntary, sporadic, and haphazard), and
the fact that the nation has yet to understand the seriousness of cyber vandalism. A detailed discussion of these explanations follows.