Few ideas excite the contemporary popular imagination more than the prospect of a cyber-attack against the most powerful nation on Earth, caught off-guard while celebrating a national holiday. The fact that something like this actually happened over the July 4th weekend has fueled the current obsession. And the reaction has only been intensified by the suspicion that the cyber-attackswhich also crippled government Web sites in South Koreamay have been launched by North Koreas squadron of elite hackers only moments after the pariah regime of Kim Jong-Il successfully tested yet another missile.
But before we overwhelm ourselves with worry, some perspective is in order: no sensitive or classified data has been compromised, and no servers have melted. During the few days that parts of the U.S. government were under cyber-siege, the only damage was slowness. It was a minor nuisance compared to the gridlock that struck the entire Internet as news of Michael Jacksons death propagated through blogs and social networks. (In fact, the sudden spike in Jackson-related searches led Google to suspect that it was itself under massive cyber-attack).
Contrary to most media reportsThe Guardian called the attacks a paralysing barrage and implied that they were directed against vital state infrastructure, an AP report described them as lengthy and sophisticated,and The Korea Times described the attackers impressive skillsthe attacks were neither devastating nor advanced. The MyDoom worm that made the attacks possible in the first place was identified in 2004, and is, by current industry standards, pretty primitive. The fact that it has taken so long to restore the affected government Web sites may say more about the easy-going attitudes of their administrators than about the magnitude of the assault.
Despite the lack of hard evidence, plenty of punditsboth in the United States and South Koreajumped at the opportunity to blame the attacks on the North. But few commentators bothered to examine the political situation in South Korea, where at least some local politicians greatly benefited from the event.
The truth is that South Korea, despite being one of the great high-tech hubs of the world, has not been a great place to be an Internet user. For example, any Web site that has more than one hundred thousand users is required to collect the national IDs of everyone leaving a comment on them. And there have been numerous calls on South Korean MPs to approve the draconian Anti-Terrorism Bill, stuck in the South Korean parliament since 2001. The billwhich Amnesty International called clearly open to abuse by law enforcement officialswould likely increase monitoring of South Korean Internet users.
Perhaps hoping to further extend their reach into users e-lives, South Korean defense and military agencies have been beating the North Korean cyber-warfare drum for monthswith little luck. Few self-respecting international news outlets pay much attention to their hucksterism. The idea that a well-armed, resource-poor technological laggard would be toying with cyber-weapons seemed bizarre even to leading alarmists. North Korea may be capable of the kind of the crude attack that occurred over the Independence Day holiday; however, to invest in cyber-warfare infrastructure of real consequence would sap the countrys already meager assets, right down to the coveted missiles in their silos and the food on their plates. But now that the attacks have also hit important American targets, the dreams of South Korean hawks might finally be coming true: the whole world is talking about a North Korean cyber-offensive.
Unfortunately, no one has explored the possibility that conservative South Korean politicians could conspire and organize their own cyber-attacks in order to promote their agenda. This neglect is puzzling. Only a few weeks ago, American TV channels and radio stations were covering the efforts by hundreds of Americans to launch cyber-attacks on Iranian government Web sites. No one who reports or follows the news can pretend that ideologically motivated cyber-attacks are not an option for well-organized political constituencies in technologically advanced nations.
Regardless of its origin, the attack was sort of a dud. And if it is any indication of what a Digital Pearl Harbor might look like, we can probably relax a little.
Evgeny Morozov is a fellow at the Open Society Institute and a board member of its Information Program. He has written for The Economist, Newsweek, and other publications, and is working on a book on how the Internet transforms global politics.
Evgeny Morozov, Cyber-Scare
Evgeny Morozov, Texting Towards Utopia
Jonathan Zittrain, Protecting the Internet Without Wrecking It