Information Security News mailing list archives

Future Hacking: How Vulnerable Is the Net?


From: InfoSec News <isn () c4i org>
Date: Tue, 5 Nov 2002 06:04:36 -0600 (CST)

http://www.newsfactor.com/perl/story/19831.html

[What the article doesn't mention is that Aleph was formally known as 
Aum Shinriko, an organization well known for its sarin gas attack on 
the Toyko subway that killed 12 and and injured thousands.   - WK]


By James Maguire
NewsFactor Network 
November 4, 2002 

As a new safety precaution, the organizations that operate the
Internet's root servers will add more servers to each system. This
will make each location less vulnerable to DDoS attacks.

In a recent report on terrorism, the CIA stated, "Cyberwarfare attacks
against our critical infrastructure systems will become an
increasingly viable option for terrorists."

According to the report, various terrorist groups, including al-Qaeda
and Hizballah, are becoming more adept at using the Internet and
computer technologies, and the FBI is monitoring an increasing number
of cyber threats.

The report singled out a group called Aleph as the terrorist entity
that places the highest level of importance on developing cyber
skills. "This group identifies itself as a cyber cult and derives
millions of dollars a year from computer retailing," it stated.

This Is Only a Test?

In the recent large-scale attack on the Internet, called "the worst
ever" by many experts, several of the Net's root servers were
temporarily crippled. But while those attacks had network
administrators scrambling -- and involved law enforcement officials at
the highest level -- overall Net traffic was barely affected.

Some network engineers scoff at the suggestion that this was a highly
coordinated attack designed to bring down the Internet. The attacks
were most likely the result of "script kiddies (hackers) having a good
time," Peter Salus, chief knowledge officer of Matrix NetSystems, told
NewsFactor.

Yet Bob Alberti, president of network security company Sanction and
co-author of the Internet Gopher Protocol, said one aspect of the
attack was particularly troubling: its hour-long duration.

"The one hour suggests that this attack was more organized than
otherwise might be," he told NewsFactor. "That's not someone launching
an attack and seeing what happens, that's someone launching a one-hour
test and saying, 'We'll refine our methods.'"

Furthermore, Alberti added, "It's 100 percent likely the Internet will
be severely affected by a future hacking attack."

Defensive Measures

Alberti said he feels strongly that there are too few root-level
domain servers. The entire global Internet is supported by only 13
such servers, making it unnecessarily vulnerable.

"It's called a distributed system, so it ought to be distributed," he
noted, pointing out that the number of root servers has remained
unchanged throughout the Internet's exponential growth years.  
"Clearly, this is not the optimal number."

In Alberti's view, the Internet's chief governing body, ICANN (The
Internet Corporation for Assigned Names and Numbers), is not
adequately addressing security issues, and its lack of effective
leadership will have serious consequences for Net security.

He claims ICANN has not prepared the Net for more sophisticated
attacks because it has not instituted adequate redundancy and
safeguards. At this point, he said, "a coordinated attack could
restrict access to all 13 top-level domain servers for a day, bringing
portions of the global Internet to a grinding halt."

ICANN's Efforts

ICANN, in response to the recent attacks, is soliciting
recommendations from its Security and Stability Advisory Committee.  
Experts expect the committee will recommend that ISPs work to prevent
use of packets with forged IP (Internet Protocol) addresses. A deluge
of such forged packets is used to instigate distributed
denial-of-service (DDoS) attacks like the one launched against the
root servers last week.

Most ISPs are already equipped with technology to prevent forwarding
of forged IP packets, yet until the recent attack, they had no
compelling reason to use it.

As an additional safety precaution, the organizations that operate the
root servers will add more servers to each system. Each of the 13 root
servers is already composed of multiple servers, but adding additional
servers will make each location less vulnerable to DDoS attacks.

Also, according to analysts, government security officials are
considering instituting new regulations that would require federal
agencies to purchase Internet service only from ISPs that have DDoS
safeguards incorporated into their networks.

But these steps are only the beginning of what is bound to be a long
and concerted effort. As Alberti said, "We're going to have another
one of these events. Something will take place which will force people
to wake up and smell the coffee."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.


Current thread: