Tim and the Tin Titan

9.10.03

Scarier Than Fiction
This Wired article is chilling. They basically talk about a group of crackers that developed a way to hide a website's IP address. The first reaction of most people is "That is ridiculous, if you don't have a real IP address, how can customers get to your site to buy the product you are spamming them about?".

Well they have found a way and here is what I understand from the article: They compromise half a million computers using viruses and direct attacks, mostly home computers running windows on high speed lines, and install a Trojan program. When someone requests a hidden site, the request gets bounced around a couple thousand times between some of the hijacked computers before reaching the site and making the trip back the same way. This is the computer equivalent of the phone stunt they pull in the movie Sneakers where they route a phone call a couple times around the earth and over a satellite to confuse a trace.

This also means that the spammer's site can be hosted anywhere while having very little chance of being shut down. The requests that come to the site seem random and since noone can trace the the site's location from the URL in the spam, no one can call the hosting company to have them shut down. This point is demonstrated by the crackers by having their demo site hosted on one of the strictest anti-spammer hosting company. Seems the only defense is to block the DNS servers the crackers use, but that can easily be changed.

This story just seems to be straight from a science fiction story to me. I know it's not that far fetched but for some reason, the fact that stealth sites can exist is a bit of a shake up of the certainties I had about how the internet functioned. It seem brilliant, something that Case in the novel Neuromancer should be using. I have respect for those who conceived of this idea and it's execution but I despise what they are doing with it.