[ISN] Future Hacking: How Vulnerable Is the Net?

From: InfoSec News (isnat_private)
Date: Tue Nov 05 2002 - 04:04:36 PST

  • Next message: InfoSec News: "Re: [ISN] IG: State Department flunks systems security"

    [What the article doesn't mention is that Aleph was formally known as 
    Aum Shinriko, an organization well known for its sarin gas attack on 
    the Toyko subway that killed 12 and and injured thousands.   - WK]
    By James Maguire
    NewsFactor Network 
    November 4, 2002 
    As a new safety precaution, the organizations that operate the
    Internet's root servers will add more servers to each system. This
    will make each location less vulnerable to DDoS attacks.
    In a recent report on terrorism, the CIA stated, "Cyberwarfare attacks
    against our critical infrastructure systems will become an
    increasingly viable option for terrorists."
    According to the report, various terrorist groups, including al-Qaeda
    and Hizballah, are becoming more adept at using the Internet and
    computer technologies, and the FBI is monitoring an increasing number
    of cyber threats.
    The report singled out a group called Aleph as the terrorist entity
    that places the highest level of importance on developing cyber
    skills. "This group identifies itself as a cyber cult and derives
    millions of dollars a year from computer retailing," it stated.
    This Is Only a Test?
    In the recent large-scale attack on the Internet, called "the worst
    ever" by many experts, several of the Net's root servers were
    temporarily crippled. But while those attacks had network
    administrators scrambling -- and involved law enforcement officials at
    the highest level -- overall Net traffic was barely affected.
    Some network engineers scoff at the suggestion that this was a highly
    coordinated attack designed to bring down the Internet. The attacks
    were most likely the result of "script kiddies (hackers) having a good
    time," Peter Salus, chief knowledge officer of Matrix NetSystems, told
    Yet Bob Alberti, president of network security company Sanction and
    co-author of the Internet Gopher Protocol, said one aspect of the
    attack was particularly troubling: its hour-long duration.
    "The one hour suggests that this attack was more organized than
    otherwise might be," he told NewsFactor. "That's not someone launching
    an attack and seeing what happens, that's someone launching a one-hour
    test and saying, 'We'll refine our methods.'"
    Furthermore, Alberti added, "It's 100 percent likely the Internet will
    be severely affected by a future hacking attack."
    Defensive Measures
    Alberti said he feels strongly that there are too few root-level
    domain servers. The entire global Internet is supported by only 13
    such servers, making it unnecessarily vulnerable.
    "It's called a distributed system, so it ought to be distributed," he
    noted, pointing out that the number of root servers has remained
    unchanged throughout the Internet's exponential growth years.  
    "Clearly, this is not the optimal number."
    In Alberti's view, the Internet's chief governing body, ICANN (The
    Internet Corporation for Assigned Names and Numbers), is not
    adequately addressing security issues, and its lack of effective
    leadership will have serious consequences for Net security.
    He claims ICANN has not prepared the Net for more sophisticated
    attacks because it has not instituted adequate redundancy and
    safeguards. At this point, he said, "a coordinated attack could
    restrict access to all 13 top-level domain servers for a day, bringing
    portions of the global Internet to a grinding halt."
    ICANN's Efforts
    ICANN, in response to the recent attacks, is soliciting
    recommendations from its Security and Stability Advisory Committee.  
    Experts expect the committee will recommend that ISPs work to prevent
    use of packets with forged IP (Internet Protocol) addresses. A deluge
    of such forged packets is used to instigate distributed
    denial-of-service (DDoS) attacks like the one launched against the
    root servers last week.
    Most ISPs are already equipped with technology to prevent forwarding
    of forged IP packets, yet until the recent attack, they had no
    compelling reason to use it.
    As an additional safety precaution, the organizations that operate the
    root servers will add more servers to each system. Each of the 13 root
    servers is already composed of multiple servers, but adding additional
    servers will make each location less vulnerable to DDoS attacks.
    Also, according to analysts, government security officials are
    considering instituting new regulations that would require federal
    agencies to purchase Internet service only from ISPs that have DDoS
    safeguards incorporated into their networks.
    But these steps are only the beginning of what is bound to be a long
    and concerted effort. As Alberti said, "We're going to have another
    one of these events. Something will take place which will force people
    to wake up and smell the coffee."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:49:09 PST