Today many businesses use the Internet to order parts and arrange shipments. Failure of the Internet would break down "just-in-time" manufacturing, in which parts reach the production line within a day or two to save money. Shut down the Internet and most of the manufacturing industry in the developed world would grind to a halt. Many retail stores also rely on the Net to keep their shelves stocked. Within days, shelves will be emptying.
By then you may not be able to use your checkbook or ATM card as well. "Banks are saving a hell of a lot of money" by using the Internet nowadays instead of dedicated lines, states Winn Schwartau, author of Information Warfare. In a world where a small change in the Federal Reserve Bank¿s prime interest rate sends shock waves through Wall Street, a week¿s disruption in global manufacturing, distribution and banking could create economic chaos.
What about the telephone system? Many phones will still work if the Internet crashes, experts say, but a few years from now, we may be in for big trouble. Internet telephony started as a way for geek hobbyists to get free long distance phone calls. Today, however, many phone calls that originate from an ordinary phone travel part of the way over the public Internet. If this trend continues, within a few years an Internet crash could take the entire phone system with it.
Meanwhile unclassified communications of the U.S. armed services go through NIPRNET (Non-Secure Internet Protocol Router Network), which uses public Internet communications. Peck says the Department of Defense is now "immensely dependent" on NIPRNET.
At the moment, the Computer Emergency Response Team is begging computer professionals to get the word out to home users to check for zombies. Says Peck: that¿s because our worst Internet nightmare is the grandma who uses her DSL to shop on Ebay. Many home users have lots of bandwidth. That translates into lots of junk that a home zombie can pump into the Internet.
Unfortunately, few home users are rushing to eradicate their zombies. A zombie computer can wait for years without ever doing anything to bother its user. It¿s a time bomb waiting to explode. Worse yet, seemingly innocent programs may hide zombies. "If there¿s no reason to gripe about it, no one¿s going to take a generic file and see if it harbors malicious code," explains Mark Ludwig, author of the Little Black Book of Computer Viruses and the upcoming Little Black Book of Internet Viruses. "By the time it goes off, it¿s too late."
"What I¿ve found particularly disquieting is how little public fuss there¿s been," says Richard E. Smith, a researcher with National Security Agency contractor, Secure Computing, Inc., of San Jose, Calif., and author of the upcoming book Authentication. "The general press has spun the story as being an unsuccessful attack on the White House as opposed to being a successful attack on several hundred thousand servers. ¿Ha, ha. We dodged the bullet!¿ A cynic might say this demonstrates how ¿intrusion tolerant¿ IIS is¿the sites are all penetrated but aren¿t disrupted enough to upset the owners or generate much press comment. The rest of us are waiting for the other shoe to drop."
Says Harlan Carvey: "The question for security enthusiasts and professionals alike is, how do we prepare for what¿s around the corner?"
Editors¿ note: An earlier version of this story included a quoted speculation that eEye Digital Security might have been involved in the creation of the Code Red worm. EEye denies any such involvement. We apologize for including that inadequately supported statement in our report.
Look for a more in-depth analysis of this topic in the October 2001 issue of Scientific American.
Originally published online July 30, 2001.