President Obama is searching for yet another White House czar to tackle a pressing public concern and this time it's personal. On May 29 Obama announced a high-level initiative to address the growing problem of computer attacks against the government, corporations and individuals by coordinating the various efforts to fight hackers and other computer criminals under the direction of a coordinator already dubbed the "cyber czar." (Read "Those Crazy Internet Security Questions.")
"I know how it feels to have privacy violated because it has happened to me and the people around me," Obama said in his announcement. Online intruders, he revealed, had penetrated his campaign's website in late 2008 and rummaged through e-mails, travel plans and other files a "powerful reminder" of the Internet's glaring vulnerabilities, he said. According to a survey the President cited, computer crime has cost Americans $8 billion over the past two years. (Read "Sarah Palin's E-Mail Hacked.")
For practically as long as there's been an Internet, vandals, troublemakers and criminals have sought to exploit it. Even before the advent of the personal computer, "phone phreaks" manipulated computerized phone systems to make free long-distance calls. (Reportedly among them, by many accounts: future computer pioneers Steve Wozniak and Steve Jobs, who would go on to found Apple Computer.) One infamous phreak, John Draper, became known as Captain Crunch after discovering in 1972 that he could fool AT&T's network with the tone from a plastic whistle distributed with the breakfast cereal. Computer hacker Kevin Mitnick became a top target for the FBI for breaking into academic and corporate computer systems and causing millions of dollars in damage; after years eluding capture, he spent half a decade behind bars in the 1990s and was ordered to stay away from computers for three additional years. The "Melissa" and "I Love You" viruses of the late 1990s and early 2000s drew widespread attention to expanding cyberthreats and jump-started the sale of virus- and worm-protection software, now a multibillion-dollar industry.
Cyberattacks have grown more frequent and destructive in recent years. One form of hacking the denial-of-service (DoS) attack has apparently even become a tool of war. The attacks are designed to paralyze websites, financial networks and other computer systems by flooding them with data from outside computers. A 15-year-old Canadian with the handle "mafiaboy" launched the first documented DoS attack in 2000, against numerous e-commerce sites, including eBay and Amazon.com, shutting some down and wreaking havoc that cost an estimated $1.7 billion. In 2007, entities believed to have been associated with the Russian government or its allies launched a DoS attack against Estonia during a dispute sparked by the removal of a World War IIera Soviet soldier from a public park; the attacks crippled the country's digital infrastructure, paralyzing government and media sites and hammering the former Soviet republic's largest bank. A massive cyberattack against Georgia is believed to have taken place before Russia's invasion of the country last year, crippling the banking system and disrupting cell-phone service.
Government and private Web networks in the U.S. have emerged as frequent targets for online scofflaws. The Pentagon reported some 360 million attempts to break into its networks last year, up from just 6 million in 2006. That includes a reportedly successful attempt to hack into the $300 billion Joint Strike Fighter project and copy data about the aircraft's design and electronics systems. The espionage is believed to have originated in China. Experts say computer criminals in China and Russia have also infiltrated America's electrical grid, covertly installing software to potentially damage it at any time (the governments of both countries have denied such actions). Attacks have mushroomed so quickly that the Defense Department reportedly plans to establish a new military command focused solely on computer warfare. Secretary Robert Gates told CBS News that the Pentagon also plans to quadruple the ranks of its cybersecurity experts, explaining that the country is "under cyberattack virtually all the time, every day."
Cyberspies are also targeting regular citizens. News headlines regularly tell of hackers ransacking computer networks for Social Security numbers, banking information and other data that could be used for potential identity theft. One recent example: officials at the University of California, Berkeley, said in May that hackers stole the Social Security numbers of 97,000 students, alumni and others during a six-month breach of the school's computer system. Other computer vandals have caused physical harm. A forum run by the Epilepsy Foundation had to be shut down last year after online intruders, in perhaps the nastiest prank yet, led visitors to sites featuring bright, flashing images known to potentially trigger seizures.
President Obama's initiative will doubtlessly boost the fight against computer crime, but his announcement is just a start. The cyber czar has not been named, and it remains to be seen how much budget authority or access to the Oval Office the role will include. The government's past efforts to protect computer systems have been bogged down in bureaucratic turf battles, but analysts hope the President's attention will mark a new era in digital security before it's too late. As former Air Force computer-crime fighter John Wheeler told the Los Angeles Times, "We want to avoid a cyberPearl Harbor."