Vulnerabilities / Threats

8/10/2017
10:30 AM
Bogdan Botezatu
Bogdan Botezatu
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Taking Down the Internet Has Never Been Easier

Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

On October 29, 1969, two computers linked via telephone exchanged a couple of letters, then crashed. While the experiment did not achieve its goal, it was the first time computers at a significant distance from one another exchanged information via a data link.

Fast-forward 48 years, where everything — including the kitchen sink, in the case of smart kitchens — is hardwired to a massive network of networks (and things), transporting the entirety of human knowledge one bit at a time. The Internet has come a long way from the two machines attempting to digitally shake hands over a phone line. In 2016 alone, more than 1 zettabyte of data was sent and received over networks. Today, the Internet hosts billions of devices. From a network of computers fully trusting one another, the Internet has morphed into a place where the notion of trust is not part of the equation.

There is no single reason for this current state of vulnerability. Instead, there's a confluence of contributing factors.

The Internet's Architecture Hasn't Caught Up with the Times
In October 2016, a massive botnet of Internet of Things (IoT) devices was used in a highly effective distributed denial-of-service (DDoS) attack against the Internet's core infrastructure: DNS services operated by Dyn. The attack blacked out significant portions of the US Internet for almost a day, halting business for dozens of Fortune 500 companies and causing untold millions, if not billions, of dollars in damage.

Devastating DDoS attacks aren't new — we've had them for years, but until this point they were hard to leverage into a problem that affected more than one organization at a time. Either large botnets or complex amplification techniques were required to knock a host offline.

More modern attacks, however, rely on large botnets of misconfigured IoT devices to pack a serious punch. Today, gathering a significant number of IoT devices to participate in such an effort is a simple script away, readily available to wannabe cybercriminals with no hacking experience.

The DNS system is one of the most heavily targeted subcomponents of the Internet, and it is easy to understand why it remains in the attackers' crosshairs. Overloading the DNS infrastructure with queries will render it inaccessible to other users who need to interrogate what IP a domain name points to.

What Else Is Broken on the Web?
Routing is another hot issue related to the welfare and neutrality of the Internet. Routing is the path that data travels from a machine to the destination server, as it traverses a number of networks operated by distinct companies. In passing, it goes through multiple service providers that use the Border Gateway Protocol (BGP) to determine the path our information should take to its destination. By manipulating the BGP, hostile parties can force data onto a different route, which allows them to intercept and modify traffic.

There have been numerous incidents of BGP manipulation such as China's "18-minute mystery," where the country hijacked 15% of the world’s traffic with very few people noticing. Such attacks can be used to snoop on or manipulate unencrypted traffic before it is relayed to the original recipient. False routing info propagation can also be used to deny access to services at a global level (see the YouTube-vs.-Pakistan incident of February 2008).

Digital Trust and PKI Are Flawed
Digital trust plays a key role in keeping things normal. The public key infrastructure — on which the security of the Web itself stands — is another issue that could dramatically affect the proper functioning of the Internet.

Certificate authority abuse is one example. Several certificate authorities have wrongfully issued digital certificates to fraudulent parties. Turktrust and WoSign are two of the many CAs that have been "tricked" into giving away the keys to websites of high-profile companies such as Microsoft, Google, and Github, allowing third parties to impersonate these companies online.

Even when PKI works well, it is still approaching its expiration date. Cryptography works because of the mathematical complexity behind it. As the industry moves toward quantum computing, PKI and current crypto-algorithms will stop working.

Endpoint Security Is a Serious Cause for Concern
Any discussion of security and the Internet should include individual security itself. Just like herd immunity is achieved through mass vaccination that helps people stay free from infectious diseases, endpoint security plays a key role in keeping others safe on the Internet. The same effect happens with unprotected devices. They can end up herded into botnets operated by cybercrime gangs. Botnet traffic puts serious strain on the infrastructure while raising operational costs for Internet service providers. By sending junk traffic, these hosts "clog" the Internet and cause massive delays in the delivery of legitimate information.

As of the writing of this piece, bad bots are responsible for almost 30% of the Web traffic, carrying out DDoS attacks and spreading spam (which, according to Statista, accounts for 61% of all e-mails sent globally).

But the Internet Endures … for Now
Despite these challanges, the Internet has survived all these incidents, and gracefully waltzed through the IPv4 address pool depletion issue. Still, the security of the Internet is serious cause for concern. For a society so completely reliant on the positive benefits and outcomes of connectivity, taking steps to protect us from its dangers has never been more crucial.

Related Content:

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12716
PUBLISHED: 2018-06-25
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its l...
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...