Study: Internet's Structure Vulnerable to Organized Attack

[William Knowles <wk () C4I ORG>]

http://ap.tbo.com/ap/breaking/MGIINQ766BC.html

By Matthew Fordahl
The Associated Press

The Internet's reliance on a few key nodes makes it especially
vulnerable to organized attacks by hackers and terrorists, according
to a new study on the structure of the worldwide network.  Like the
airline hub system that falls apart when weather shuts down airports
in Chicago or Dallas, the Internet could collapse if its major nodes
were targeted in a malicious attack, the researchers said.

"If you take the big nodes out, you can harm the system very easily,"
said Albert-Laszlo Barabasi, a University of Notre Dame physicist and
co-author of the study reported Thursday in the journal Nature.

"If you take the big nodes out, you can harm the system very easily,"
said Albert-Laszlo Barabasi, a University of Notre Dame physicist and
co-author of the study reported Thursday in the journal Nature.

Transmitted data such as an e-mail or Web page hop across the network
from node to node until it reaches its destination. If a random router
is broken, a new path around the problem is forged.

Researchers found that the system can handle random failures because
the vast majority of nodes do not have many connections. But it's a
different story if several of the most highly connected nodes are shut
down, they said.

"If you go for the biggest nodes and take a couple of them out, you
can break the system into clusters that don't communicate with each
other," Barabasi said.

Such a massive cyber-assault has never occurred in the Internet's
history, though it is an increasingly tempting target with the rapid
growth of e-commerce and the increasing importance of the network for
businesses, governments and the public.

The most highly connected nodes are called Network Access Points,
where major Internet service providers exchange data. They are
scattered around the world and generally are in highly secured
facilities.

"What the study really does is put some rigor behind what the folks
running the systems already know," said Jim Jones, director of
technical operations for response services at Global Integrity Corp.
in Reston, Va.

"While the overall system appears robust ... and routers can fail here
and there without any noticeable impact, the reality is if someone
decided they wanted to turn off the Internet and had the money, they
probably could," he said.

Recent high-profile attacks have targeted individual Web sites such as
Yahoo!, CNN.com and Amazon.com. In those cases, thousands of
repetitive requests are sent to a site's server until the machine
seizes up.

The Notre Dame researchers found a mode of attack that, at least in
theory, could be far more crippling.

Barabasi and colleagues studied maps and ran tests on snapshots of the
Internet to dissect exactly how its structure evolved over the years
as local users randomly added routers and links to the system.

"Everybody had been thinking that the Internet is fundamentally a
random network, that any two nodes are perfectly, randomly connected,"
Barabasi said.

But it turns out that the Internet more closely resembles what is
known as a scale-free network, where most nodes have only one or two
links but a few are much more highly connected.

According to the analysis, the average performance of the Internet
would be reduced by a factor of two if only 1 percent of the most
connected nodes are disabled. If 4 percent are shut down, the network
would become fragmented and unusable.

The network maps obtained by the researchers did not name the most
highly connected nodes on the Internet. And they did not test the
theory that the entire Web could be shut down with a focused attack
against specific nodes.

The study also did not take into account the bandwidth of nodes,
various protection schemes and different communications protocols,
said Yuhai Tu of the IBM T.J. Watson Research Center in a commentary
accompanying the research paper in Nature.

---

On the Net: Nature: http://www.nature.com


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".