by MS
On May 5 and 6, mainstream news media in the US led their daily spew with the report that a computer virus was disrupting personal computers far and wide - or at least on the networks of several Fortune 500 companies.
This "Lovebug Virus" is actually a small set of computer instructions, sent as an email attachment, that cause the recipient email program to re-send the message to all of the email addresses stored in the recipient's address list. These instructions are in the form of a macro script written in Visual Basic, the scripting language used by Microsoft to automate common routines in its word processing, spreadsheet, email and other programs.
All of the television networks and major newspapers carried lengthy reports on the "havoc" and "damage" being caused by a macro command that triggered unsuspecting users to send a silly email message to those with whom they regularly correspond.
While this supposed flood of email messages may be annoying to individual users, and represents a measurable increase in traffic to some mail servers, it is probably not as significant a traffic burden as the millions of "make money fast," "lose inches fast" and email ads for pornographic web sites that show up in most Internet users' email boxes daily.
The Lovebug Virus escapade is only the latest in a growing series of "Internet sabotage" stories promulgated by the mainstream media and (another shocker) the US government - and always accompanied by calls for better control, law enforcement, and 'protection' to keep the Internet safe from the forces of chaos and anarchy.
Earlier this year, a Denial of Service (DoS) attack aimed at several well-known e-commerce businesses caused system admins at those businesses to take their systems off-line for many hours, and no doubt cost these businesses some significant revenue. Allegedly, someone programmed a series of computers to send millions of small data transmissions to the target systems, bogging them down with meaningless data (instead of meaningful credit card orders, no doubt.)
In that DoS episode, the US attorney general vowed to track down "those who are responsible, to bringing them to justice, and to seeing that the law is enforced" and ensure that the Internet be "a secure place to do business."
Senator Trent Lott chipped in with comments that "cyberterrorism is something we're going to have to worry about. ... And this (denial of service attack) could lead to that sort of thing." (Reuters wire story - 2/9/00)
Later, the Royal Canadian Mounted Police (RCMP) arrested a high-school student and charged him under the Canadian "data mischief" laws for (allegedly) conducting at least some part of a DoS attack on CNN's Atlanta computing center. If convicted, the student could be sentenced to 10 years in prison. Unexplained by the RCMP (or FBI) is what this alleged attack on CNN has to do with the DoS attacks aimed at Yahoo, amazon.com and the other e-businesses that were reportedly the main targets.
And not surprisingly, as that DoS saga was being played out in the media, the forces of law and order were using it as the justification of expanded police powers covering communications and especially data communications.
In testimony before a U.S. House Judiciary subcommittee, the Justice department spokesman noted that "Our vulnerability to computer crime is astonishingly high and threatens not only our financial well-being and our privacy, but also this nation's critical infrastructure," Deputy Assistant U.S. Attorney General Kevin Di Gregory also testified that if police are "too timid in responding to cyber crime ... we will in effect render cyberspace a safe haven for criminals and terrorists to communicate and carry out crime." (The Standard - 4/6/00)
These calls for more control and monitoring of data communication are not lone voices of reaction. Rather, they are joined in chorus with a range of political forces that want to clamp down on the Internet, and the sooner, the better.
For example, in the past year, it has come to light that the US, the UK and Australia have been operating an extensive spy-ring to intercept global electronic communication. This spy-ring, code-named Echelon, enables these governments to sift through just about all communications - phone or data, over wire or through radio transmission.
In another corner, a committee of the Internet Engineering Task Force (the volunteer organization that develops standards for the Internet) has proposed a new addressing scheme for all Internet computers, called IPv6. This scheme would ostensibly provide billions of additional numeric Internet addresses. But, as InternetWeek reported last October:
"As you might expect, the address field is so huge that the IETF didn't know how to assign it. So, in a move to get buy-in from established industry standards bodies, the right-most 64 bits were designated to contain EUI-64 format information. This is used by the IEEE to assign Ethernet addresses, which are normally not transmitted outside a user's LAN.
"Included in EUI-64 are two interesting pieces of information: the registered manufacturer of your NIC card and your 48-bit Ethernet address. Surprise! Every packet you send out onto the public Internet using IPv6 has your fingerprints on it. And unlike your IP address under IPv4, which you can change, this address is embedded in your hardware. Permanently.
"The spooks and weirdos in Washington, ever eager to empower the surveillance state as they fight a rear-guard action against strong encryption, must be thrilled with such a gift. They appear so thrilled that the Institute for Information Sciences, heavily funded by the Defense Department, is writing a reference stack for IPv6 that it is quietly hoping to slip into Windows 2000." (InternetWeek Newsletter - 10/4/99)
With each new "crisis on the Internet", ground is being prepared to bring this line of communication under the complete control of the government. And it has nothing to do with protecting your hard drive or you.
The author is a close observer of issues pertaining to spying and censorship of the Internet, and part of the Refuse & Resist! web team.
[posted 5/12/00]
Join Refuse
& Resist!
305 Madison Ave., Suite 1166, New York, NY 10165
Phone: 212-713-5657
email: info@refuseandresist.org