The cyberweapon that could take down the internet

A new cyberweapon could take down the entire internet – and there's not much that current defences can do to stop it. So say Max Schuchard at the University of Minnesota in Minneapolis and his colleagues, the masterminds who have created the digital ordnance. But thankfully they have no intention of destroying the net just yet. Instead, they are suggesting improvements to its defences.

Schuchard's new attack pits the structure of the internet against itself. Hundreds of connection points in the net fall offline every minute, but we don't notice because the net routes around them. It can do this because the smaller networks that make up the internet, known as autonomous systems, communicate with each other through routers. When a communication path changes, nearby routers inform their neighbours through a system known as the border gateway protocol (BGP). These routers inform other neighbours in turn, eventually spreading knowledge of the new path throughout the internet.

A previously discovered method of attack, dubbed ZMW – after its three creators Zhang, Mao and Wang, researchers in the US who came up with their version four years ago – disrupts the connection between two routers by interfering with BGP to make it appear that the link is offline. Schuchard and colleagues worked out how to spread this disruption to the entire internet and simulated its effects.

Surgical strike

The attack requires a large botnet – a network of computers infected with software that allows them to be externally controlled: Schuchard reckons 250,000 such machines would be enough to take down the internet. Botnets are often used to perform distributed denial-of-service (DDoS) attacks, which bring web servers down by overloading them with traffic, but this new line of attack is different.

"Normal DDoS is a hammer; this is more of a scalpel," says Schuchard. "If you cut in the wrong places then the attack won't work."

An attacker deploying the Schuchard cyberweapon would send traffic between computers in their botnet to build a map of the paths between them. Then they would identify a link common to many different paths and launch a ZMW attack to bring it down. Neighbouring routers would respond by sending out BGP updates to reroute traffic elsewhere. A short time later, the two sundered routers would reconnect and send out their own BGP updates, upon which attack traffic would start flowing in again, causing them to disconnect once more. This cycle would repeat, with the single breaking and reforming link sending out waves of BGP updates to every router on the internet. Eventually each router in the world would be receiving more updates than it could handle – after 20 minutes of attacking, a queue requiring 100 minutes of processing would have built up.

Clearly, that's a problem. "Routers under extreme computational load tend to do funny things," says Schuchard. With every router in the world preoccupied, natural routing outages wouldn't be fixed, and eventually the internet would be so full of holes that communication would become impossible. Shuchard thinks it would take days to recover.

"Once this attack got launched, it wouldn't be solved by technical means, but by network operators actually talking to each other," he says. Each autonomous system would have to be taken down and rebooted to clear the BGP backlog.

Meltdown not expected

So is internet meltdown now inevitable? Perhaps not. The attack is unlikely to be launched by malicious hackers, because mapping the network to find a target link is a highly technical task, and anyone with a large enough botnet is more likely to be renting it out for a profit.

An alternative scenario would be the nuclear option in a full-blown cyberwar – the last resort in retaliation to other forms of cyberattack. A nation state could pull up the digital drawbridge by adjusting its BGP to disconnect from the internet, just as Egypt did two weeks ago. An agent in another country could then launch the attack, bringing down the internet while preserving the attacking nation's internal network.

Sitting duck

Whoever launched the attack, there's little we could do about it. Schuchard's simulation shows that existing fail-safes built into BGP do little to protect against his attack – they weren't designed to. One solution is to send BGP updates via a separate network from other data, but this is impractical as it would essentially involve building a shadow internet.

Another is to alter the BGP system to assume that links never go down, but this change would have to be made by at least 10 per cent of all autonomous systems on the internet, according to the researchers' model, and would require network operators to monitor the health of connections in other ways. Schuchard says that convincing enough independent operators to make the change could be difficult.

"Nobody knows if it's possible to bring down the global internet routing system," says Mark Handley, an expert in networked systems at University College London. He suggests that the attack could cause "significant disruption" to the internet, with an effect greater than the Slammer worm of 2003, but it is unlikely to bring the whole thing down.

"The simulations in the paper make a lot of simplifying assumptions, which is necessary to simulate on this scale," he explains. "I doubt the internet would behave as described."

http://www.newscientist.com/article/dn20113-the-cyberweapon-that-could-take-down-the-internet.html

Mubarak, Obama the KIll Switch..... and some Humour

A “kill switch” bill that grants President Barack Obama the power to shut down the entire nation’s Internet during a national crisis will soon resurface in the Homeland Security and Governmental Affairs Committee.

The legislation, which has bipartisan support, floated through the Senate committee in December but expired with the new Congress early January.

After Senate leaders announced Jan. 27 that Sen. Susan Collins (R-Maine), who introduced the bill, will continue to serve as the ranking member of the Senate committee, Collins indicated that she will bring the bill to the table again.

The planned introduction also follows the Internet blackout in Egypt on Jan. 27 in response to the nationwide protests to remove Egyptian President Hosni Mubarak, who has been in office since 1981.

Collins said that the bill would not give Obama the same level of power as the Egyptian president and is only designed to prevent damage from “significant” cyberthreats, according to Wired magazine.

“My legislation would provide a mechanism for the government to work with the private sector in the event of a true cyber-emergency,” Collins told Wired. “It would give our nation the best tools available to swiftly respond to a significant threat.”
An aide to the Senate committee explained to the magazine that the bill will not permit the shutting down of the entire Internet but only allow the president to deny access to certain websites when the government detects a possible cyber-attack.

The aide added that there will not be one “kill switch” that can take down the entire network but a central system that is connected to servers in different regions.

Critics and organizations such as the American Civil Liberties Union, American Library Association, Electronic Frontier Foundation, and Center for Democracy and Technology are skeptical of the legislation and said in an open letter that the legislation could be used to censor the Internet.

The groups pointed out that the bill is ambiguous about what can be declared as a cyber-attack, and the bill itself can be flexible enough to be manipulated to censor the Internet or limit free speech, which is a violation of the constitution’s First Amendment, according to The Hill.

"Those in Congress who have proposed an 'Internet Kill Switch' for the United States should realize the danger of their proposal now that Egyptian President Mubarak has flipped such a switch to stifle dissent in Egypt," Berin Szoka, president of TechFreedom told The Hill.

The details of the bill and its reintroduction are currently unavailable, but a Senate aide told The Hill that the committee is considering taking the more popular aspects of the proposed legislation and attaching them to other bills.


http://www.theepochtimes.com/n2/content/view/50379/

Egypt versus the internet - Anonymous hackers launch DDoS attack

Hot on the heels of similarly politically-motivated attacks against websites belonging to the governments of Tunisia and Zimbabwe, hackers are bombarding official websites in Egypt with a DDoS attack.
The hackers' current target is believed to be the Egyptian Ministry of Communications and Information Technology, although at the time of writing it was still accessible.
A press release shared via Facebook by the loosely-knit "Anonymous" group uses stark language to make their demands of the Egyptian government:

"Anonymous wants you to offer free access to uncensored media in your entire country. When you ignore this message, not only will we attack your government websites, Anonymous will also make sure that the international media sees the horrid reality you impose upon your people."

The internet attacks are against a backdrop of anti-government protests in Egypt, with police using tear gas and rubber bullets to break up demonstrations.
"Anonymous" has used the internet to rally volunteers to participate in the attacks - dubbed "Operation Egypt" - seemingly in response to the country's attempts to crack down on public protests and block access to websites such as Twitter.
Yesterday Twitter confirmed that their site was being blocked by the Egyption authorities and commented that they believed that "the open exchange of info & views benefits societies & helps govts better connect with their people".

http://nakedsecurity.sophos.com/2011/01/26/egypt-versus-the-internet-anonymous-hackers-launch-ddos-attack/?amp;utm_campaign=Feed:+nakedsecurity+(Naked+Security+-+Sophos)&utm_campaign=faabo%20network%20security&utm_medium=Twitter&utm_medium=feed&utm_source=SNS.analytics