Jonathan Zittrain: Governments can protect themselves just fine, as can big corporations. You can bunker-ize your operations to an arbitrary degree, so that you're using best practices. If there's a denial of service attack against you, you can deploy the resources to absorb it or to deflect it. If you think about it, Google suffers continuous distributed denial of service attacks, because they're so damned popular. How many Google searches are happening this second? I don’t care how many zombies you're going to send to attack Google. It's like, there's so many people already zombified, going to Google, because they're desperate for a search, that it's just a drop in the ocean. The real problem is if smaller to medium sized businesses find themselves clogged, or personal connections are clogged, and then you can't get to the government sites that are so well defended. But you can't reach them, because of the traffic that you're competing against on your end of things. For that, I do think we need to start taking zombie and malware problems pretty seriously. I sometimes ask very good hackers, who don't agree that there's a big problem. I say, "Look, if you were in a 24-like situation, where the bad guy has a gun to your head and you're not as brave as Kiefer Sutherland, and he says, 'You have a week to bring down a quarter of the machines on the net,' could you do it?" Generally, their answer is yes. Felton's answer was, "Can I have two weeks?" He's a computer scientist at Princeton. I think their thought, though, is that if they had to, they could wreak great havoc. And why hasn't it happened yet? In part, because the people capable of doing it have business models that depend not on havoc getting wreaked, but on leeching: taking a little of your bandwidth, a little of your processing cycles, and sending some spam with your machine, but not having you notice. Being more of a chronic illness than something that's going to kill you outright. Somebody wanted to do cyber warfare and kill it outright? They wouldn't have those limits.
Recorded on: 3/8/08