Ramblings of an old Doc
But, it isn't
Published on February 13, 2011 By DrJBHL In Personal Computing

 

 

                                                                

 

"A new cyberweapon could take down the entire internet – and there's not much that current defences can do to stop it."

So say Max Schuchard at the University of Minnesota in Minneapolis and his colleagues, the masterminds who have created the digital ordnance.

So, what is it and how does it work?

The Way The Internet Works:

We have a “smart” system. Not all the connections work all the time. In reality, there are routers on the net which are ‘up’ and ‘down’ all the time.

Any given “message” is broken up into packets which are shuttled around the blocked spots because the net is made to check if the immediate next router is up or down and if down is rerouted. At the final step, the packets are reassembled into the original message. When a communication path changes, nearby routers inform their neighbors through a system known as the border gateway protocol (BGP). These routers inform other neighbors in turn, eventually spreading knowledge of the new path throughout the internet.

The Method of Attack:

A previously discovered method of attack, named ZMW – after its three creators Zhang, Mao and Wang, researchers in the US who came up with their version four years ago – disrupts the connection between two routers by causing the ‘sending’ router to think the ‘receiving’ router is ‘down’.

When enough computers on the net are infected and made part of a huge “botnet”, the internet will be “down”, although in reality, it’s perfectly capable of transmitting information. How large a botnet is required? Schuchard has calculated approximately 250,000. This wouldn’t be the run of the mill DDoS attack which swamps servers with traffic. This would be the opposite.

Here the botnet would map and identify central “choke” points and cut there. Rerouting traffic would only replicate the original process of mapping and cutting in waves because of the BGP protocol which takes time to propagate. The backlog would become so great, the net would collapse. With every router in the world preoccupied, natural routing outages wouldn't be fixed, and eventually the internet would be so full of holes that communication would become impossible. Shuchard thinks it would take days to recover.

So, what’s the defense? Well, an “off switch”. “But no such thing exists”, we all say. Sure it does: Just by adjusting the BGP from short to long.

This is how to launch a cyberattack and protect one’s own country’s net from attack. Egypt did exactly that.

Impractical solution number two: Send BGPs by a separate ‘shadownet’. Impractical because that would require a second Internet to be built. Another solution is to have 10% of operators monitoring the health of the Internet by alternative means, and that probably would prove difficult despite what was seen with the net disruptions caused by the Slammer Worm in 2003.

Source: Gizmodo


Comments (Page 3)
3 Pages1 2 3 
on Feb 14, 2011

Heavenfall
Basically, drJBHL is presenting a possible scenario where an off-switch (a theoretical button turning off major parts of the internet) would be the ideal solution to hackers trying to do damage to crucial infrastructure.

The counter-argument, now as before, is not that the button would be ineffective against countering a supposed threat. The argument is that it will be used for other ends, and that the government cannot be trusted with that power.

Exactly my point as well.

kenata
I am not surprised by the discovery of this attack vector. Every programmer should understand that all things can and will break eventually. This particular vector of attack aims at disrupting the redundancies built into the protocol to handle single router failures. However, as the OP points out, such an attack would require a large amount of well orchestrated disruptions in order to take down the entire internet, and even then, this would only cause a temporary outage while the routers were reset. One should remember that router outages are rare to the individual router, but quite common when considering all routers. Thus, a router which finds itself cut off without being somehow disabled would still invoke its routines for creating a new route map and would send out the appropriate messages. The real problem is these message which would flood the various networks causing large scale congestion. However, this congestion would tend to be localized and would probably be at its worst for only a few hours following the conclusion of the attack. From what I know of BGP, this type of attack would be highly unlikely on this scale as one would have to perform the attack from many locations at once while also not disrupting the internet enough to disrupt the attack itself before it has had time to effect such a large number of BGP routers, which are not exactly simple store bought routers.

A very good understanding of the issue and the shortcomings of the problem.

Nothing designed by man is fool proof (fools are ingenious after all).  And BGP is vulnerable due to its resiliency.  This is useful to a foreign government to disrupt commercial communication in a country, but as noted, not fatal to the Internet itself (nor likely to be used by average hackers as they would basically be killing themselves).  The problem has now been defined.  I suspect the brain trusts are already looking at a mitigation of the issue and how it can be averted.

on Feb 14, 2011

The number of computers to infect (250,000) isn't that hard to do considering how Youtube Videos go viral, and how many are emailed? I wonder if programs like the ones needed to infect individual computers can be put in jpegs/mpegs using steganography?

on Feb 14, 2011

DrJBHL
I wonder if programs like the ones needed to infect individual computers can be put in jpegs/mpegs using steganography?

So far not.  But then they are finding new attack methods all the time, and it will only take a buffer overrun to make them sources of infections.

on Feb 14, 2011

I wonder if programs like the ones needed to infect individual computers can be put in jpegs/mpegs using steganography?

Man I hope not. What would doc do if he couldn't put my head on those wonderful bodies he uses.

on Feb 14, 2011


The counter-argument, now as before, is not that the button would be ineffective against countering a supposed threat. The argument is that it will be used for other ends, and that the government cannot be trusted with that power.

Exactly my point as well.
Although that's certainly an issue, I'm more worried about the threat of a cyberattack getting blown out of proportion and causing some general to push the big red button when there is no real danger- essentially doing the hackers' work for them.

on Feb 14, 2011

essentially doing the hackers' work for them.

Wouldn't be the first time. History is replete with that sort of deception. Fool your enemy into doing your job for you.

on Feb 14, 2011

Wouldn't be the first time. History is replete with that sort of deception. Fool your enemy into doing your job for you.
They need not be that devious. They may just be trying to take out a small part of the infrastructure, or be too incompetent to do any real damage, but still set off enough alarms that the Fiber-Optic Curtain slams down. Or, as you say, they could deliberately lead Uncle Sam into shooting himself in the foot.

on Feb 14, 2011

Yup. Reminds me of an original Star Trek episode where the Romulans send a ship to test Earth's defenses. They wind getting their butts kicked but in so doing a weakness may have been found. Get my drift? See how good they are. If not so good then slam them. If they are good look for something to exploit. Every chain is only as strong as its weakest link.

3 Pages1 2 3