Critical flaw in Internet technology could facilitate hacker attacks
Researchers uncovered a serious flaw in the underlying technology for nearly all Internet traffic, a discovery that led to an urgent and secretive international effort to prevent global disruptions of Web surfing, e-mails and instant messages. The British government announced the vulnerability in core Internet technology on Tuesday. Left unaddressed, experts said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate data flow among distant groups of computers. “Exploitation of this vulnerability could have affected the glue that holds the Internet together,” said Roger Cumming, director for England’s National Infrastructure Security Coordination Centre. The Homeland Security Department issued its own cyberalert hours later that attacks “could affect a large segment of the Internet community.” It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique. The flaw affecting the Internet’s “transmission control protocol,” or TCP, was discovered late last year by a computer researcher in Milwaukee. Paul Watson said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely. Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a standby mode, known as “dampening,” that can persist for hours. Experts previously said such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds. Cisco Systems Inc., which acknowledged its popular routers were among those vulnerable, distributed software repairs and tips to otherwise protect large corporate customers. There were few steps for home users to take; Microsoft Corp. said it did not believe Windows users were too vulnerable and made no immediate plans to update its software. Using Watson’s technique to attack a computer running Windows “would not be something that would be easy to do,” said Steve Lipner, Microsoft’s director for security engineering strategy. In recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have fortified their own vulnerable systems because of early warnings communicated by some security organizations. The public announcement coincides with a presentation Watson expects to make Thursday at an Internet security conference in Vancouver, British Columbia, where Watson said he would disclose full details of his research. Watson predicted that hackers would understand how to begin launching attacks “within five minutes of walking out of that meeting.”
Reproduced from an article published by The State
© The State
The original article can be viewed here:
http://www.thestate.com/mld/thestate/news/nation/8480092.htm
Permalink Bookmark Digg this story
