Two decades ago a 23-year-old Cornell University graduate student brought the Internet to its knees with a simple program that blitzed from computer to computer, clogging the then-tiny network in a few hours.
The program was intended to be a digital "Kilroy Was Here." Just a bit of cybernetic fungus that would unobtrusively wander the net. However, a programming error turned it into a harbinger heralding the arrival of a darker cyberspace, a mirror for all of the chaos and conflict of the physical world.
Since then things have gotten much, much worse.
There is a growing belief among engineers and experts that Internet security and privacy have become so maddeningly elusive that the only solution is to start over.
What a new Internet might look like is widely debated, but one alternative would create a "gated community" where users would give up anonymity and certain freedoms in return for safety. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder.
"Unless we're willing to rethink today's Internet," says Nick McKeown, a Stanford engineer, "we're just waiting for a series of public catastrophes."
That was driven home late last year, when a malicious software program thought to have been unleashed by a criminal gang in Eastern Europe suddenly appeared after easily sidestepping the world's best cyberdefenses. Known as Conficker, it quickly infected more than 12 million computers, ravaging everything from the computer system at a surgical ward in England to the computer networks of the French military.
Conficker remains a ticking time bomb. It now has the power to lash together those infected computers into a vast supercomputer called a botnet that can be controlled clandestinely. What comes next is a puzzle. Conficker could be used as the world's most powerful spam engine. Or it might be used to shut off entire sections of the Internet. Whatever happens, Conficker has demonstrated that the Internet remains highly vulnerable.
The Internet's designers never foresaw that the academic and military research network they created would one day carry all the world's communications and commerce. Little attention was given to security. Since then, there have been immense efforts to bolt on security, to little effect.
"We are probably worse off than we were 20 years ago," said Eugene Spafford, a pioneering Internet security researcher now at Purdue.
Despite a thriving global computer security industry that is projected to reach $79 billion in revenues next year, and the fact that in 2002 Microsoft began an intense effort to improve the security of its software, Internet security has continued to deteriorate globally.
Last November, the United States military command in charge of the Iraq and Afghanistan wars discovered that its computer networks had been purposely infected with software that may have permitted a devastating espionage attack.
That is why the scientists armed with federal research dollars are trying to figure out the best way to start over. At Stanford, where the software protocols for original Internet were designed, researchers are creating a system to slide a more advanced network quietly underneath today's Internet. By the end of the summer it will be running on eight campus networks around the country.
The idea is to build a new Internet with improved security and the capabilities to support a new generation of not-yet-invented applications, as well as to do some things the current Internet does poorly — such as support mobile users.
The Stanford Clean Slate project won't solve the security issues of the Internet, but it will equip software and hardware designers with a toolkit to make security features more integral, and ultimately give law enforcement more effective ways of tracking criminals through cyberspace. That alone may provide a deterrent.
For all those efforts, though, the real limits to computer security may lie in human nature.
The Internet's current design virtually guarantees anonymity to its users. But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card.
A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers' licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.
Proving identity is likely to remain difficult in a world where it is trivial to take over someone's computer from half a world away and operate it as your own. As long as that remains true, building a trustable system will remain virtually impossible.