August 21, 2001, 12:00 AM — Intelligence data began pouring in on a Thursday afternoon. The press
hadn't picked up on it yet, but there was a problem brewing on the
Internet. A computer worm had been uncovered that, if left unchecked,
could begin to bog down Web sites and e-commerce around the country.
It was July 12. There were no reports yet of widespread failures or
denial-of-service attacks stemming from what would eventually become
known as the Code Red worm, but Ronald Dick knew his agency couldn't
afford to wait. The National Infrastructure Protection Center (NIPC)
had been criticized harshly in the past -- including once in a report
by the General Accounting Office (GAO) shortly after Dick took over as
director in March -- for not providing the type of advance warning and
strategic analysis many in government expected from it.
A warning had been sent out in June outlining the vulnerability that
the Code Red worm would later take advantage of. But now a private-
sector analyst was telling Dick that there were signs that something
was already spreading like a disease on the Internet. Dick sent the
information to Robert Gerber, chief of analysis and warning at the
NIPC. Gerber, a senior national intelligence officer on loan to the
NIPC from the CIA, ordered an immediate intelligence "work-up."
Like medical specialists exchanging information on a patient's health,
Gerber's analysts quickly began exchanging information via secure
telephone and videoconferencing links with officials all over
Washington. By July 19, the teleconferences had reached a frenzied
pace. There were as many as 20 a day, and they involved the Defense
Department, the National Security Agency (NSA), the Commerce
Department, the CIA, the Secret Service and even private-sector groups,
"We [still] don't know who is responsible for Code Red," said Dick on
July 27, three days before holding a national press conference to urge
Internet users to inoculate their systems against the worm (see
story). "But my job is simply to stop it."
For Dick, a 23-year veteran of the FBI who spent five years marketing
mainframe computers for Burroughs Corp. (which later became Unisys
Corp.) before joining the FBI, stopping a worm outbreak would prove
more challenging than he ever imagined. More than a half-dozen warnings
had gone out a month in advance, including one from the NIPC. Yet more
than 250,000 computers were infected in nine hours on July 19 alone.
And it wasn't over yet.
The second warning
On Friday, July 27, it became clear to the NIPC and some private-sector
experts that the Code Red worm wasn't dead. Analysis showed a second
variant of the worm was set to launch another round of infections
beginning at 8 p.m. Eastern time July 31.
Dick sat in his office in FBI headquarters overlooking Pennsylvania