Where the streets have no name

Background :

Over the last few years, there has been a series of breaches in Internet Security. This has exploded over the last one year into a serious problem, at times seeimg to threaten the very existence of the internet. Viruses, hackers, site breakdowns, browser failures and security leaks, collaborative crimes between company insiders and information thieves - all have been blamed - and have contributed to the insecurity on the internet. Is that a complete list, and does it account for all the recent problems ? More importantly, can it account for the breaches, and the occasional collapses ? Or is there a deeper, and more dangerous, issue that we ignore at our peril ?

This sub-committee - consisting of Mr. U. Barlow, Mr. S. Asher, Ms. A. Shakalov, and Mr. B. Uchan - was constituted to examine the various recent breaches of Internet security. After 3 weeks of extensive study, this interim report is being submitted while the conclusions are being debated, and action plans are being formulated. The reason for the early release is the need to ensure that - in the face of the wild rumours circulating all over the world, the facts of the case will be clarified to all.

The subject is already one of great concern to many. Many sites were involved in our research of the problem. This sub-committee would like to thank each site for sharing with us the work done, the decisions taken, and the problems faced. No names will be mentioned as a part of the confidentiality agreement between the sub-committee and the corporations. We understand the need for this confidentiality to avoid paranoia and unwarranted blacklisting of sites. Yet, we feel that hiding the problem has helped to spread it; companies have not been able to benefit from the research done independently at each site. Bringing all of it together, we feel, has been an important first step for this committee.

It is important to first understand the early history of breaches in Internet security. The first known cases were in e-mails, later in web pages. In most cases, technical loopholes were identified; in some cases, the individual hackers were identified, sometimes punished. A few viruses have also been reported in e-mail systems. The technical reasons for their success had been identified, published and corrected.

Though the Internet has always seen a few e-mail errors, it is popularly perceived that over the last one year, this has risen sharply. To test this, we conducted a study with the help of webmasters and system administrators at the 200 largest web-sites. The study shows an increase of 1541% over the last year. (See Appendix 1: Country-wise analysis of erroneous e-mails.) While no study can claim to have analysed even a high proportion of the traffic of the net, our results have been validated using Chi-Squared hypothesis testing. For all results arrived at, probability estimates range between 75.47% and 95.61%.

It is interesting to note that - in the first six months - a substantial majority of these looked like system errors. They do not appear to be in any language, or perhaps in several within one mail. Most have no identifiable words; some have a few words, sometimes in different languages. When users reported these, these were put down to "accidental " technical errors, either by the system or by the individuals concerned. Unfortunately, there was no analysis of this phenomenon across different sites; thus, the similarity of the pattern did not emerge. At a few large sites, the cases were examined in detail to test for viruses on the server. Initial attempts were largely unsuccessful, later attempts found some patterns that are described later.

Meanwhile, most receivers of such "nonsense" mails from strangers had replied to the sender, most using a "reply with history" and explaining that it was not clear. While this attests to the high level of politeness on the web, and perhaps the uniformity of human reaction, we suspect that these responses helped shape the next level of the problem.

Over the last six months, our survey showed a significant drop in such nonsense mail. Customer complaints dropped and in most sites, the technical teams that had been unsuccessfully analysing were assigned more urgent tasks. A pattern that was not identified at that time was a marked increase in incorrect but coherent e-mails. Most of these were replies to the sender; the replies are related to the original mail but a close reading indicates that these were "lifted" from other mails. For example, a mail with a question on a movie got a reply with a link to the correct web-site, a few lines about the movie {copied from a review on the web}. Yet the sender claimed that she had not replied to that mail. If this were an individual case, it would be put down to human forgetfulness but given the scale, it would have to be mass amnesia. These "erroneous" mails that are more organised have been classified as secondary responses.

At this time, one of the technical teams researching the primary errors had found some unusual indicators. It is well known that it is possible to trace e-mails to ISPs, and then to individual phone numbers. This method of tracing is rarely used as this requires Federal approval. A defence site sought and obtained such approval on grounds of national security. The e-mails were traced to an amazing variety of countries. In some cases, the locators could not be found at all.

This was the first indication that the problem could attack the heart of the Internet. By now, the scale of the problem suggested that there could not be a solitary hacker. The team at the defence site suspected an organised crime ring of trying to steal secrets. Days of surveillance, and perhaps phone-tapping of known criminals and placing "insiders" into the crime ring led to the capture and arrest of several people, but no association with the security breach was ever found. Apart from any proof, motive was never established.

A find by the security team at one of the large sites had led in a different direction. It was found that some of the "fraud" e-mails had been sent from newly created e-mail addresses. Attempts to trace the creation of these addresses led to an astonishing result : they were not created from the Web. Either all traces of each creation had been systematically removed, or it had been done internally. Due to the awesome complications of the first possibility, the team suggested the second.

This was the first time an "insider" theory had been propounded. Focus now shifted to the administrators of many sites. The theory "explained" to the management of the site several odd events : the continued breaches in spite of increasing security standards, in spite of plugging each software loophole, and the scale of the problem. They set about trying to find the criminal in their midst. Psychological test for system administrators, enhanced site security, rotation of shifts, a few appointments, a few transfers. Everything was tried; nothing worked.

Meanwhile, the situation worsened. The mystery mails were becoming larger, more widespread, and coherent. The non-existent ids were talking to people all over the world, through e-mails and chat-rooms. They were making friends and enemies, irritating and entertaining people. None of the web-sites wanted to be the first to announce the problem, though many suspected that they were not the only site to face it.

To explain the occasional visible problem, a few press releases of viruses were made. Statistics of time and efforts wasted by viruses were compiled and supplied to several leading publications. None of these announcements linked the virus problem to the Internet; all of them connected the problems to applications on PCs. Thus, in the public imagination, the Internet was safe, the PCs were not; this was an essential part of the success of the e-stocks and for financial reasons, all efforts were made to keep this perception.

News sites were the next to be hit. Mysteriously, with almost no reason, the pages on the web seemed to be getting altered. Again, system administrators went through the stages of thinking as with e-mail sites : a solitary prankster, a serious hacker, an organised group ... maybe from a rival company ? Interestingly, before the problem of the missing page ( named problem 404 by Netizens ) could become a serious visible threat, the problem disappeared. A few new pages appeared "on their own" and with the right links from Web-sites.

One of them was the key event that pushed the problem into the public eye. Known popularly as "F.O." case, it was a about a joint venture between two mega-companies. This fictional news item stayed on a popular news site for a few minutes before the Webmaster spotted and removed it. Thousands of surfers read it and informed their friends, who could not find the information. The original readers claimed they had seen it; their sceptical friends insisted that they were imagining things.

Two days later, the story came true. The impact on the NASDAQ was significant; the claim that the story had been published on the Web early was even more significant. Merger talks had been attended by a few; the discussions were in closed confidential meetings, and in very secure e-mails. The confidence of the commercial world was shaken. As a result, this sub-committee was formed.

During the last three weeks, the situation has worsened. There have been several instances of altered web-sites, and fictional information and mystery chats have increased substantially. The basic security of the net stands compromised. The theories of the solitary hacker, the organised crime ring, the occasional error have all failed. None of these can explain the sheer volume of the problem and its tenacity, growth and increasing maturity in the face of the toughest security the Internet sites have ever organised.

Since the theory of the Internet virus has gained some ground, we decided to test this theory. Some sites were temporarily delinked from the Web, and new servers were brought in to replace the current ones. The current servers were then analysed with Web simulations. The results were surprising: no virus was found at any site. Smaller servers had almost no problems; in a few large ones, symptoms of the problem appeared before dying out. The new server linked to the Web continued to have the old problems.

The results are as meaningful as the dog that did not bark in the Sherlock Holmes story. It suggests that no individual server has a virus. While each server cannot be independently checked in parallel, a chi-squared test estimates this to be true with a probability of 85.72 %. It also suggests that the problem surfaces only when several machines are connected, that the problem has something to do with scale. It seems that the problems emerge with high volumes, and at the level of full Internet traffic, become visible.

A new theory suggested by some evolutionists has been startling and highly controversial. This is partly because of the language and the analogies used to explain the theory to the public. Analogies of biological evolution, genetic information coding, and self-replication have left the public in a state of panic. The scientific nature of the theory has been eclipsed by the paranoia. We would like to clarify the real issues.

The theory suggests that the internet can be thought of as a vast primordial sea of electronic ripples, bits and bytes of information. Just as a self-replicating chemical tends to outnumber the non-replicating chemicals, or a self-replicating meme tends to spread itself, a self-replicating informational structure could also spread without external involvement. In the past, this has been used by computer viruses; in fact, that is why they were so named. Evolutionists have now suggested that there is little need to seek the solitary hacker of the computer virus, just as "there is no need to have a God for evolution to have succeeded". If the result is intelligence, it does not mean that an intelligent being started it, but that there is a process to create and grow intelligence.

These scientists of informational evolution have suggested that the size of Internet traffic has reached a critical mass. Byte-streams flowing on the web have interacted with one another for years; there has always been a history of "occasional" errors. But with growing volumes, the information reaction has now become statistically significant enough to create a self-replicating information structure. This has evolved to the emergence of an information-based virtual species, which interacts with the vast resources of the Internet and with a huge number and variety of human minds. This interaction is much more intense and immense, rapid and rational than any creature has ever been exposed to during the history of biological evolution.

The patterns of maturity are similar. The first set of responses would be primitive, with attempts to mimic the static or dynamic data. This is akin to the way a baby reacts to the information he finds in the world, or even a species in its infancy. This would result in meaningless responses, incoherent collections of noises on the Web. Depending on the feedback received, the "baby" would grow and be able to slowly put together words which will be understandable to the recipient. This process of interactive learning through a feedback mechanism makes a baby or a species mature. Why should this not work for informational evolution ?

As a consequence of this theory, wild rumuors have spread : IT is out to devour the world. We must stress that this is completely unfounded. Even if there were such a creature, its powers would be limited to information handling and it would be unable to "create" or destroy or impact anything outside the Web.

Except, of course, your mind. By spreading information or misinformation, the Internet is a powerful vehicle of mind control of millions. The rush for e-stocks is proof of the belief that the Internet will dominate mind share. If this source of information becomes controllable or corrupted, not by an organisation that we know and understand, but from within, there is danger. The info-creature does not, in our opinion, have an understanding of the world except through its interaction with us. The real world is as alien to it as the internals of the info-creature is to us. Perhaps, it is as incredible too.

We have suggested some interim measures. The best-known security algorithm should be available publicly to all individuals. This 128-bit Public key - Private Key encryption algorithm will make the coded mails humanly impossible to decode ( see The NP-complete Knapsack problem ) ; if we are battling information structures which are super-human, then it will slow them down. We are glad to note that the U.S. government has acted speedily ( the news report on BBC ) and the 128-bit key is now available publicly to almost all organisations. Other interim measures are best kept confidential currently, and the final report due in 2 weeks will have more measures which are being currently discussed.

In the long run, we believe that it is time to come to grips with the realities of the world of information. There is no need to imagine that the info-creature is evil; it is shaped by our responses and thus is a reflection of us, a creation in our own image. Perhaps, it is a statement about mankind that we imagine an evil destructive force rather than an all-knowing, omnipresent Being on the Internet.

We must also bear in mind the limitations of information transfer. With the massive information flow, we are probably close to understanding how scale affects information. Perhaps, there are limits which can be prescribed by an Uncertainty Principle of Information. Soon, we may have to accept that perfect certainty of information is as impossible as defining accurately the position and momentum of an object. Not all pages appearing on the Web should be treated as accurate. Every creature lives on an understanding of self and soul; so it is likely that the informational creature will spread stories about itself to sustain its own image, and to help create and define itself. Therefore, till the final report of the sub-committee is published, we request readers to be cautious in believing reports on the Web, and in cross-verifying reports, especially those about a virtual species.