A
METHOD IN THE MADNESS
What
the BBC wasn't telling us, at least not that day, was that
Serbian sites were also attacked in the same time period –
and in precisely the same manner. As Jared Israel pointed
out in an
article posted here, the BBC later revised their story
that opened
up the possibility that others might be involved, and
then ran a back
page item about the attacks on Yugo sites. But media bias
against the Serbs, especially on the part of the BBC, is hardly
a story – at least to those of us who have been covering
this beat since the summer of last year. The BBC is, after
all, a government-controlled corporation under the direct
control of Tony Blair, who made the Kosovo war a personal
crusade much as Maggie Thatcher had made the reconquest of
the Falklands her own. So we don't believe the official explanation,
but then what? Well, let's take a look at what kind of shenanigans
are taking place on the Internet these days – for the
best clues to the identities of the perpetrators are in their
methods.
THE
MONOPOLISTS
All
of the recent hack attacks were cases of cyber-jacking, literally
hijacking a website by utilizing the automated software of
the official domain guardian, Network Solutions. As a government-privileged
monopoly, the recently "privatized" Network Solutions is in
charge of handing out domain names and keeping a register
(or database) that records who owns what name. The whole process
of registering is automated: you can check and see if a domain
name (JustinRaimondo.com) has been homesteaded. If not you
can apply electronically and the payment of a small fee will
give your claim legitimacy. Likewise, if you want to transfer
ownership and operation of a site to another party, you simply
send those friendly folks at Network Solutions an e-mail effecting
the transfer. They e-mail you back, to verify that it is really
you, you reply – and the change is effected. Without
Network Solutions, we would be in a cyber-war of all against
all, in which rival claimants to a given domain name would
be fighting it out, battling to defend (or take back) their
own beleaguered bit of cyber-turf – or so the company's
defenders (mostly in Congress) would have us believe. But
if we take seriously Network Solution's official explanation
for the recent hijackings, then the very basis of the Internet
– the security and legitimacy of domain names –
may well be under attack. The war of all against all may have
begun – and the authors of this electronic Pearl Harbor
are most likely not sitting in Belgrade, but somewhere much
much closer to home.
GOOD
MORNING – YOU'VE BEEN CYBER-JACKED
According
to Network Solutions, the recent "spoofings" of their system
occurred in the following manner: someone sent them an e-mail
transferring the rights to a domain name – say, Serbia-info.com
– from SlobodanMilosevicInc@ethnic-cleanser.org to HashimThaciEnterprises@narcoterrorist.com.
Network Solutions then automatically generates e-mail seeking
verification, in effect asking "Are you sure you want
to do this?" If the recipient replies, then the change is
put into effect. What Network Solutions is asking us to believe
is that, somehow, the automated system by which domain names
are registered and reregistered was "spoofed" – that
a verification e-mail sent by their system was somehow intercepted
by the spoofers, who then "answered" it and took over the
sites – some 2,000 of them, according to the London Metro,
although Network Solutions says it was "considerably less."
Whatever the number, this strange outbreak of cyberwarfare
raises some equally strange questions . . .
WHAT'S
UP WITH THAT?
The
first is, how is it possible that the hackers emulated the
web address of the legitimate owners of those sites –
every computer expert I have talked to denies that this is
plausible. It is possible, of course, that Network Solutions
e-mail verification system does not read the address line
of incoming change requests, and instead only reads
the subject line and the message itself. But this seems
laughable, the equivalent of setting up a security system
with a hole big enough for an army of virtual Visigoths to
pour through, defacing and destroying everything in sight
and undermining the very foundations of the cyber- economy.
So this cannot be the case – can it?
OLD-FASHIONED
FRAUD
The
shifty and contradictory non-explanations given by Network
Solutions are the basis of a
remarkably opaque article in the (British) Register,
which avers that "Network Solutions systems are not hacked,
the e-outfit claims. It' s just a case of old-fashioned fraud
and deception." A representative of the company added that:
"There
was nothing stopping domain name owners to opt for other,
more sophisticated security measures if they want to ensure
greater protection. Both an encrypted password systems and
a pretty good privacy (PGP) system are available from Network
Solutions and both are free of charge."
PERPETUAL
CYBERWAR?
Well,
yes, that's technically true, except that almost no one
who runs a website actually goes through the process of registering
their domain name – their Internet Service Provider (ISP)
does it for them. And what they aren't telling you is that
the e-mail verification system is the default security
system in place for all domain owners – a system
the Register describes as "a bit like locking up your
house and leaving the key under the nearest flower pot." The
Register maintains that " If security was an issue,
they should have done more to protect their property." But
this response seems positively Clintonian in its evasiveness
and eerily irrelevant in the face of such a startling revelation.
For if we take the Network Solutions explanation at face value,
then the default security system for the entire Internet community
is worse than inadequate – it is an open invitation to
cyberwarfare without end.
DON'T
WORRY, BE HAPPY
That,
at least, is one theory, the official story, which might be
called the "Outside Job" thesis: the idea that Network Solutions,
which has been granted a government monopoly on the domain-registration
business, defends the integrity of its system so weakly and
ineffectively that it is possible for sites to be easily hijacked.
This theory places the blame on outside hackers – in
this case, supposedly "rampaging" Serbs. But the "Serbs-on-the-rampage"
story was soon modified by the BBC, which later acknowledged
that Serb sites were also hacked. And this whole "mad cyber-Serbs"
scenario begins to fall apart when we look at the details
of this hack attack: Serbia-info.com was completely taken
over and replaced with lengthy ideological diatribes praising
NATO, accusing the Serbs of genocide, complete with graphics
and all the familiar Kosovo Liberation Army (KLA) rhetoric.
The Western and Albanian sites that fell to the cyber-assault
– an odd mix of dot-coms and dot-orgs: commercial, political,
sports, and Albanian sites – were simply stripped of
content and replaced with a polite little emblem and a laconic
"Kosovo is Serbia." Not only that, but these cyber-pirates
of the Net left a typically juvenile hint of their allegiance
in their emblem, like the hieroglyphic markings that deface
every surface in our inner cities and mark out the territorial
claims of rival gangs. In small italic script at the bottom
of the double-headed eagle was a message: "Be happy if we
hacked your site, because we hack only the best sites on the
Internet." Isn't it strange that "rampaging Serbs" are paying
Bosnia.com, the semi-official homepage of the Bosnian government,
such a high compliment – and telling them to "be happy"?
Be happy, don't worry – it's nothing. That's the "official"
line – but what is the truth? I don't want to
engage in pure speculation, but in view of Network Solution's
inability to come up with a convincing lie, one bereft of
both the technical and the logical contradictions in the official
story, there is no way to proceed any further in solving this
mystery of the hijacked websites without examining alternative
theories.
THE
'INSIDE JOB THEORY'
Counterposed
to the "Outside Job" thesis is the "Inside Job" theory, which
holds that Network Solutions is itself the key to the mystery
– that the company is a front for US intelligence operations.
CIA-trained Albanian cyber-terrorists – unleashed
last year by President Clinton in a top-secret special
directive authorizing full-scale cyberwarfare against targets
in the former Yugoslavia – are indeed on the loose, as
the administrators of Serbia-info, yu.com, and others can
readily attest. But if they were behind the recent
hack attacks, then the question remains: how did they manage
to intercept the e-mail verification from Network Solutions
and gain access to the site? Rather than positing some arcane
method of e-mail interception recently devised by private
hackers, the simplest explanation is that is was an inside
job – inside Network Solutions, that is.
BASTARD
CHILD
What
is this mysterious company, the Arbiter of Cyberspace,
or more accurately: who profits from this government-created
monopoly?: an
excellent piece in the New Haven Advocate exposes
Network Solutions as the bastard child of affirmative action
programs and the military-industrial complex:
"In
1992, Congress asked the National Science Foundation to commercialize
the Internet. The NSF took competitive bids and awarded five-year
contract to a consortium that included what was then one of
the nation's largest African-American owned companies: Network
Solutions Inc."
IT
COMES IN A BOX
Just
read between the lines. Unsurprisingly, it turns out that
the $5.9 million Congress had appropriated was spent long
before the company had even begun its grandiose task of building
an information system called "InterNIC," which would assign
all web addresses and operate the treasured "A" server. This
legendary server, the Holy Grail of the Internet, is described
by the New Haven Advocate as:
"a
putty-colored plastic box on a small aluminum shelf in a squat
brick office park in Herndon, Va., about an hour east of Washington,
D.C. Measuring 18 inches square and just over 7 inches high,
the box looks like the other 100 million personal computers
that routinely surf the Internet. And this computer is pretty
much like the others, except for one thing: Without this box,
the Internet wouldn't work."
MY
BEATING HEART
Now
do you get it? There's a little box on an aluminum shelf –
where else but in Washington, D.C? – that contains the
beating heart of the Internet. In that box is a circuit of
some kind upon which the word antiwar.com is translated
into numbers with dots between them – and that is how
(if not why) you are here, and how you can send e-mail to
our web address. A key question naturally arises: who has
the keys to that box – and how, and under what circumstances,
could they open it, reach in, and take whatever is in there?
A
GENTLEMAN CALLER
Without
the funding to complete their rather large task, Network Solutions
could not go on – but a solution to this problem (which
seemed built into the scheme from the beginning) was soon
found. It just so happened that at the very moment Network
Solutions seemed to be running out of money, "a giant California
military contractor was going on a buying spree." The New
Haven Advocate described the company's corporate suitor:
"Science
Applications International Corporation (SAIC) is headquartered
in an affluent seaside town just north of San Diego. From
the outside, the company's well-manicured corporate campus
looks like any other. But inside, armed guards are posted
in front of doors that bristle with high-tech locks, and lead-lined
rooms hinder would-be electronic eavesdroppers."
SPOOKS
Spooky
– and I mean that literally. Ex-CIA directors
Robert Gates, Bobby Inman, and John Deutch number among SAIC's
directors, not to mention former defense secretaries William
Perry and Melvin Laird. SAIC makes virtually all of its $2
billion yearly income from government contracts, and they
acquired Network Solutions in March 1995. In spite of plans
to set up a free market in domain names, decentralize the
"A" server, and open up competition in the key registration
business, Network Solutions/SAIC has used its considerable
political clout to extend its supposedly time-limited monopoly,
seemingly into the indefinite future.
ONE
RING TO RULE THEM ALL
I
am no computer maven, but you don't have to be Linus
Torvald to understand that whomever holds that putty-colored
box in their hot little hands has literally godlike powers
in cyber-space. Could it be that handing the box over to SAIC
is like some alternative version of J. R. R. Tolkien's The
Lord of the Rings, in which Sauron
and not Frodo
has been entrusted with the Ring
of Power? As Tolkien put it in his famous trilogy:
"One
Ring to rule them all, One Ring to find them,
"One
Ring to bring them all and in the darkness bind them
"In
the Land of Mordor where the Shadows lie."
WOULD
YOU?
Recent
events on the Internet – and not just the sudden "glitch"
in the domain registration process – are more than enough
to raise serious questions about what role Network Solutions
is playing in all this: what is needed is a thorough investigation,
and not by the company itself but by an impartial outside
agency that can determine the truth and restore confidence
in an e-economy already badly shaken by the roiling financial
markets. I would go even further and ask: are US intelligence
agencies and their Albanian trained seals endangering the
security and integrity of the Internet in a bid to discredit
the Serbs and destabilize the Milosovic government? Inquiring
minds want to know. In any case, I wouldn't put it past them
– would you?
|
