President Clinton pledged yesterday to work with high-tech companies to fight hackers and improve computer security, while avoiding actions that could destroy the openness of the Internet.
"We know that we have to keep cyberspace open and free," Clinton told a group of high-tech executives and computer security experts in the Cabinet room. "We have to make, at the same time, computer networks more secure and resilient, and we have to do more to protect privacy and civil liberties," he said.
The high-tech summit occurred as the FBI served a search warrant yesterday in Portland, Ore., and seized a computer that had been used in the attacks, people familiar with the probe said.
The dragnet to find the computer vandals also spilled across the border into Canada: The Royal Canadian Mounted Police are working with the FBI, which believes that one or more powerful server computers in Canada were used to launch the attacks. At least one potential suspect may be based there, said the RCMP's Technological Crimes Section, which is still in the "preliminary stages" of its investigation.
The FBI is contacting individuals with such Internet names as "coolio," "mafiaboy" and "nachoman," who have either claimed credit for the attacks in online chats or who are known for their hacking prowess.
Much of the White House meeting focused on publicizing initiatives that are already underway. Last month the president announced a $2 billion budget request for computer security, including the creation of a program to give college computer security students tuition breaks in return for government service. Clinton announced that he would "jump start" that program with a $9 million supplemental item to the fiscal year 2000 budget.
The president also discussed funds for security research and the creation of a $50 million Institute for Information Infrastructure Protection, a think tank to support research and technology development aimed at protecting computers and networks.
Clinton also said that the federal government would lead by example and do more to shore up its online defenses.
The administration also called for $10 million for its controversial "Federal Intrusion Detection Network," a proposed system to monitor Internet traffic across federal computer networks for evidence of wrongdoing.
His audience was composed largely of high-tech executives, and included security experts from academia, online civil liberties activists and "Mudge," a self-proclaimed "white-hat hacker" with a computer security firm known as At Stake.
The group discussed methods of heading off hackers and of upgrading security, but spoke little of more policing for the online network that could violate privacy. "Solutions that we talked about did not involve growing governmental regulation or growing governmental power," said White House Chief of Staff John D. Podesta. "We do not need to reduce privacy as we enhance security on the network ñ security and privacy go hand in hand."
"These are all very positive things that we can all get behind and support," said Howard Schmidt, a security official at Microsoft Corp.
For their part, the business officials announced that they would create a network for sharing security information ñ an effort that, in many ways, would parallel the all-out effort to eliminate the Y2K glitch. The group noted that there might be "certain barriers" to sharing information among companies ñ presumably having to do with concerns about antitrust and divulging trade secrets ñ but the group pledged to work "to identify these barriers and create solutions."
One possible model for that kind of program might be found in a group formed among companies in the financial services industry last year to share information about computer security and hacking. The network was formed as part of presidential efforts to protect the nation's critical infrastructure against attack, said Mark Rasch, a security consultant at Reston-based Global Integrity, which maintains the network.
Rasch said the group has been able to help members prepare for hacker assaults because the information is exchanged quietly, without government intrusion. Government and industry, he said, see the fight against hacking in very different ways: "For the FBI, a successful case is one in which they catch a perpetrator committing a crime, [and] there is a public trial with a severe penalty." For business, by contrast, "A successful case is one where the attacker is thwarted at the door, goes away and never comes back ñ and no one ever hears about it."
The financial services group began warning its members and the general public of the new wave of computer attacks back in September 1999. Representatives of the network, however, say that recent news reports that the group had information about the Yahoo attack in the days before it occurred and did not pass it along were incorrect.
Other industry-led initiatives are already underway; next week a newly formed Partnership for Critical Infrastructure Security, a government and industry venture, will meet to explore security issues.
One conference participant said that no one could be fully prepared for every attack. "If you enabled every single countermeasure, you couldn't support business," said Peter Solvik, chief information officer of Cisco Systems. Rather than building in super-security that would slow the Internet to a crawl, Solvik said companies could benefit by relaying the kind of information that would allow them to adapt quickly to attacks.
Maynard Webb, the president of eBay, one of the targets of the recent attacks, said that these industry-led efforts could help reduce the damage done by hacking. "There is no silver bullet for what we're going after, but if we work together, we can solve it," he said.
Clinton ñ whose online interview with CNN on Monday was broken into by a hacking prankster ñ said the recent attacks constituted a warning that the nation could learn from.
"This is a challenge that was entirely predictable," Clinton said. "It's part of the price of the success of the Internet."
Staff writer David A. Vise contributed to this report.