When the president’s council at the university wanted to force a student to send out a retraction on a nasty joke he emailed, I advised against it, suggesting it would be better to do nothing. That way it would die away faster. And even though the email made it look like the joke was college-approved, that ended up being a good decision.
For the most part, it faded away quickly. But a couple of weeks after the email was sent, our network servers came under a heavy DDoS (Distributed Denial of Service) attack. Our systems were flooded with so much traffic that the normal functions were brought to a standstill. For all intents and purposes, to our internet users, it looked as if our servers were down.
When I got to work and realized what was happening, I immediately shut down the ports where the traffic was coming in. I determined the IP addresses of the attack and blocked them at the gateways. Gradually, I was able to bring the systems back up. Meanwhile, I received a lot of angry phone calls and emails from users across campus.
“Don’t you know that we’re getting so we rely on these systems?” one caller said. “I had material I needed for class on the internet. You can’t just start taking them down.”
No amount of explanation could convince them it wasn’t my fault. As the systems came back and the angry calls and emails abated, I found our email systems overloaded with junk email. I worked to clear that out, returning the systems’ efficiency. It took me until well into the morning hours to get everything back to normal. By the time I got home, I was tired, hungry, and upset. My children were asleep, and I didn’t get my usual evening time with my family.
The next day I traced out where the traffic had come from. Often in a DDoS attack, the person instigating it will put viruses on unsuspecting user machines, making it so the traffic comes from all over, and the origin of the instigator is almost impossible to detect. But in this case, everything had come from the computers of one organization.
I must admit that in my anger I was tempted to create havoc on their machines. I had the skills to do it. But then I thought about the ethics I taught my students in my networking class. Because I taught them powerful skills they could use for hacking and other malicious endeavors, I spent an entire week talking about ethics. I told them:
1) Never do something illegal.
2) Just because something is legal doesn’t make it right. Never do something that is wrong.
3) Remember that just because you can, doesn’t mean you should.
4) Never do something on the internet in an angry response, but take time to calm down.
5) Don’t do it if it hurts someone.
6) Anything you do on the internet becomes a permanent record of you and will usually come back to haunt you if it is bad.
I took my own advice and spent a couple of days calming down. Then I contacted the administrator of the network where the attack came from. I told him I had traced the attack back to their computers, and I wanted to know what was happening.
I got a terse reply from him. He did the attack because he was angry. His ten-year-old daughter had gotten the nasty joke in her email, making her cry.
I suppose I could have reported the incident to the police, but instead, I chose to apologize. I told him the email did not represent who we were, was not sanctioned by the university, and the student had been expelled. I also told him I understood how he felt. I had daughters of my own, and because of what he did, I had to work most of the night, and I didn’t get to see them that day. He responded with an apology of his own, and we opened a dialogue that resulted in a wonderful friendship between us.
As I look at some of the offensive postings I see on the internet, I wish more people would consider internet ethics. I often wonder if those who post them remember that at the other end is a person with feelings much like themselves.