April 5, 2007The most serious threat to the Internet infrastructure in the 21st century is a massive virtual blackout known as a "distributed denial of service attack," an outspoken board member for the group that administers Internet addresses said Thursday at a Hudson Institute briefing.
This type of high-tech ambush, which occurs when multiple compromised systems flood the bandwidth or resources of a targeted server to make Web pages unavailable, could be devastating for global online communication, said Susan Crawford of the Internet Corporation for Names and Numbers.
The most significant attack in recent years came on Feb. 6, when six of 13 root-zone servers were slammed by an army of "zombie computers," which were compromised by hackers, the Cardozo Law School professor said at the think tank event.
While the average Internet user's experience was not affected by the attack, the incident underscored the fact that there is no real oversight of those servers, whose components are backed up by other machines around the world, Crawford said.
Prevention of DDOS attacks will eventually mean "having fewer zombies out there," she said. "People are turning millions of PCs into weapons... and we don't have a lot of data about what is happening. Researchers are often operating in the dark," Crawford said.
The U.S. Computer Emergency Readiness Team and its facilitator, the Homeland Security Department, are largely reactive in their approach. "From the outside, it looks as if [DHS] doesn't really know what it's doing," she said. "They're trying, but many of their efforts lack timeframes for completion."
DHS also suffers from a high turnover rate among senior officials, but the agency now has Greg Garcia as its cyber-security czar, who is attempting to address the problem, Crawford said. He was previously vice president at the Information Technology Association of America.
Garcia has talked about the need for legislation but Crawford said she is "not convinced" that a new U.S. law can offer a cure for denial of service attacks because congressional action "is too local for the networked age."
Crawford advocated turning more attention and money to focus on prospective global educational efforts. A new multi-stakeholder entity "with a new, friendly acronym" might be the best solution, she said.
"None of the existing institutions will work," Crawford said. ICANN cannot do the job because its power is contractually based and too narrow, and the recently launched Internet Governance Forum is "highly political" and "not necessarily the best forum for a technical discussion of best practices," she contended.
Crawford added that improvements in routing security, which is "how packets go from one place to another," are also needed. A hacker could inject phony paths into a routing algorithm in order to intercept packets or trigger a DDOS attack. The susceptibility for such an assault grows as the size of so-called "routing tables" increases to accommodate the next-generation Internet known as IPv6, she said.
April 5, 2007