How vulnerable is the Internet to a cyber attack?
January 23, 2009 2:28 AM Subscribe
So how vulnerable is the Internet to some sneaky worm attack that targets Windows? It looks like organised crime is running increasingly sophisticated malware attacks to control large numbers of clients, if I were a bad person I could imagine a smart, quiet rootkit or similar that infected many, many machines then went live and could be very disruptive.
Is it a reasonable worry, and how much trouble could it cause? I figure there would be Mac and Linux users still working, and many servers would be unaffected, but could such a nasty 'break' the Internet?
And figuring that the smart guys are probably already worrying about it, what are they doing to minimise the risk?
Is it a reasonable worry, and how much trouble could it cause? I figure there would be Mac and Linux users still working, and many servers would be unaffected, but could such a nasty 'break' the Internet?
And figuring that the smart guys are probably already worrying about it, what are they doing to minimise the risk?
Are you posting from 1998? Because pretty much what you've described has been happening for a decade now. This has been largely thanks to Windows, but to an increasing degree other OSes are now subject to attack. BackOrifice and MyDoom are high-profile examples.
iServices.A is a recent example of Mac malware. And Conficker recently brought the network of the Sheffield Teaching Hospitals Trust in the UK to a standstill, as well as infiltrating large parts of the Ministry of Defence.
posted by le morte de bea arthur at 2:53 AM on January 23, 2009 [1 favorite]
iServices.A is a recent example of Mac malware. And Conficker recently brought the network of the Sheffield Teaching Hospitals Trust in the UK to a standstill, as well as infiltrating large parts of the Ministry of Defence.
posted by le morte de bea arthur at 2:53 AM on January 23, 2009 [1 favorite]
To clarify, BackOrifice and MyDoom were both designed to affect Windows.
posted by le morte de bea arthur at 2:53 AM on January 23, 2009 [1 favorite]
posted by le morte de bea arthur at 2:53 AM on January 23, 2009 [1 favorite]
As le mort says, what you've described has been the case for some time. A newer trend, however, is that cyber crime is increasingly motivated by money, rather than the thrill of causing havoc or ego-tripping.
So the folks who are controlling the large number of compromised Windows systems you mention have no desire to break the whole internet, because it would render the tools of their trade worthless.
Besides this, the internet, taken as a whole entity, is way too heterogenous to completely "break". While statistics show that both private and corporate use leans way over towards Windows, this doesn't mean that every Windows system in the world could be compromised as one. Remember that Windows systems in the corporate world are largely sitting behind many layers of security, unlike the home user. So you could never compromise the home user and the corporate user in the same way, and likewise you could never compromise every Windows server in the same way as those, or even as each other.
What are people doing about it? As for Microsoft, they release security patches every month. Microsoft's customers (nearly everyone)? Well they themselves are customers of a huge computer and network security industry which sells, consults on, manages, monitors a wide range of security related hardware and software, like firewalls, intrusion detection/prevention, antivirus/-malware/-spyware, proxies, logging solutions, and so on.
posted by poppo at 4:19 AM on January 23, 2009
So the folks who are controlling the large number of compromised Windows systems you mention have no desire to break the whole internet, because it would render the tools of their trade worthless.
Besides this, the internet, taken as a whole entity, is way too heterogenous to completely "break". While statistics show that both private and corporate use leans way over towards Windows, this doesn't mean that every Windows system in the world could be compromised as one. Remember that Windows systems in the corporate world are largely sitting behind many layers of security, unlike the home user. So you could never compromise the home user and the corporate user in the same way, and likewise you could never compromise every Windows server in the same way as those, or even as each other.
What are people doing about it? As for Microsoft, they release security patches every month. Microsoft's customers (nearly everyone)? Well they themselves are customers of a huge computer and network security industry which sells, consults on, manages, monitors a wide range of security related hardware and software, like firewalls, intrusion detection/prevention, antivirus/-malware/-spyware, proxies, logging solutions, and so on.
posted by poppo at 4:19 AM on January 23, 2009
Response by poster: Thanks, I am aware of current and historical threats, I guess I am considering the intersection of organised crime and/or terrorism.
If you look at back.orifice or similar it was pretty unsophisticated in that rather than lying low, then activating at once (to maximise infection) most worms are toys of assembly level vandals, or not even. A month later patch from MS is almost useful in countering these.
What would happen if a sophisticated trouble make got to work, say the NSA or the FSB or Al-Quaeda?
posted by bystander at 4:46 AM on January 23, 2009
If you look at back.orifice or similar it was pretty unsophisticated in that rather than lying low, then activating at once (to maximise infection) most worms are toys of assembly level vandals, or not even. A month later patch from MS is almost useful in countering these.
What would happen if a sophisticated trouble make got to work, say the NSA or the FSB or Al-Quaeda?
posted by bystander at 4:46 AM on January 23, 2009
Like electricity and car and train traffic, there are many parts of the internet where human intervention in response to problems alllows the damage to be mitigated. Without that, there would be grave danger indeed.
posted by peter_meta_kbd at 5:18 AM on January 23, 2009 [1 favorite]
posted by peter_meta_kbd at 5:18 AM on January 23, 2009 [1 favorite]
If your premise is still "can the internet be broken through criminal means", even a highly organized and motivated effort still faces the challenge that the internet is very heterogenous as I described above. Could you take over every Windows client and server out there, in enough numbers to break the internet? Probably not, due to their wide range of configurations, applications, and placement.
However, are there other ways to break the internet? In a famous example , hackers attempted to wreak havoc through breaking one important aspect of the internet, DNS infrastructure. Taking down some of these root servers did create a large amount of related but isolated incidents in which hostnames/domain names couldn't be properly resolved to IP addresses. Imagine typing any URL into your web browser and not being able to get to it. In fact, if you knew the IP address of the site you wanted to browse to, no problem, but who knows that by heart.
So there are possibilities for creating big problems on the internet, but probably not in the way you're visualizing, and completely "breaking" isn't possible, although perhaps I'm taking your usage of "break" too literally.
posted by poppo at 5:49 AM on January 23, 2009
However, are there other ways to break the internet? In a famous example , hackers attempted to wreak havoc through breaking one important aspect of the internet, DNS infrastructure. Taking down some of these root servers did create a large amount of related but isolated incidents in which hostnames/domain names couldn't be properly resolved to IP addresses. Imagine typing any URL into your web browser and not being able to get to it. In fact, if you knew the IP address of the site you wanted to browse to, no problem, but who knows that by heart.
So there are possibilities for creating big problems on the internet, but probably not in the way you're visualizing, and completely "breaking" isn't possible, although perhaps I'm taking your usage of "break" too literally.
posted by poppo at 5:49 AM on January 23, 2009
My Favorite Net Things, The Day The Routers Died, I wouldn't worry too much. Anything bad happens it's just a matter of time before the people behind the internet go WTF? and figure out what's going on.
Disruption on the scale you're thinking about happens all the time. Most of the time, pagers go off, monitoring tools blink red...
The internet as you know it is commercial. There are several other separate internets that you probably don't know about. What you should worry about are router vulnerabilities, injecting fake BGP routes and such... otherwise if something *bad* happens, it's just pulling the plug on the infected machines and keeping the NOCs up and connected.
(now is when I wish we had anonymous replies...)
Really, your greatest threat is anchors dragging up undersea cables and cutting off a continent for a while, or a backhoe digging where it shouldn't, or power outages in co-lo locations that don't test their emergency backup power, and fat fingers.
posted by zengargoyle at 6:54 AM on January 23, 2009
Disruption on the scale you're thinking about happens all the time. Most of the time, pagers go off, monitoring tools blink red...
The internet as you know it is commercial. There are several other separate internets that you probably don't know about. What you should worry about are router vulnerabilities, injecting fake BGP routes and such... otherwise if something *bad* happens, it's just pulling the plug on the infected machines and keeping the NOCs up and connected.
(now is when I wish we had anonymous replies...)
Really, your greatest threat is anchors dragging up undersea cables and cutting off a continent for a while, or a backhoe digging where it shouldn't, or power outages in co-lo locations that don't test their emergency backup power, and fat fingers.
posted by zengargoyle at 6:54 AM on January 23, 2009
All this is happening now and has been happening for a decade. Organized crime is doing this right now. Look at all the botnets or the new SMB vulnerability. People still arent patching their machines and people still arent firewalling them off. Microsoft still wont disable autoplay on their new OSs. Vista is the first MS product to default to making the user a non-admin.
It a huge threat and is usually used to deliver spam or fool people into buying fake AV products like "antivirus 2009."
And figuring that the smart guys are probably already worrying about it, what are they doing to minimise the risk?
In the corporate world its typical to limit rights on computers and limit access on the internet. Computers are kept patched and access is protected via VPNs, etc. Home users simply run as admin 24/7, which is dangerous, and might not have any firewall or any AV.
What would happen if a sophisticated trouble make got to work, say the NSA or the FSB or Al-Quaeda?
The NSA is the largest hacking organization on earth. Their budget is unknown because so much of it is secret. Almost every major advance in cryptography has been either discovered there first or speculated there first. I imagine the FSB has a similar program and AlQueda does use hackers, but not for attacks, but to help maintain their propaganda network of webservers.
IT isnt the best target for terrorism. If you spend $100,000 and the time of 10 guys then you can probably take out an embassy with that kind of budget and time, but the same time in IT would be hacking some vulernable web servers and maybe taking down some high-profile target like a government website or service. There are worries about control systems in industrial plants or power plants, but generally those systems are not connected to any exterior network and certainly dont run typical hackable OSs like Linux and Windows. Control systems are run by realtimeOSs and are connected to one control computer or their own dedicated network.
As far as taking down the internet whole, well, there's too much redundancy. You can disable sites with a large enough botnet. You can cause a limited range of problems, but, generally, no, youre not doing some worldwide attack.
posted by damn dirty ape at 7:00 AM on January 23, 2009
It a huge threat and is usually used to deliver spam or fool people into buying fake AV products like "antivirus 2009."
And figuring that the smart guys are probably already worrying about it, what are they doing to minimise the risk?
In the corporate world its typical to limit rights on computers and limit access on the internet. Computers are kept patched and access is protected via VPNs, etc. Home users simply run as admin 24/7, which is dangerous, and might not have any firewall or any AV.
What would happen if a sophisticated trouble make got to work, say the NSA or the FSB or Al-Quaeda?
The NSA is the largest hacking organization on earth. Their budget is unknown because so much of it is secret. Almost every major advance in cryptography has been either discovered there first or speculated there first. I imagine the FSB has a similar program and AlQueda does use hackers, but not for attacks, but to help maintain their propaganda network of webservers.
IT isnt the best target for terrorism. If you spend $100,000 and the time of 10 guys then you can probably take out an embassy with that kind of budget and time, but the same time in IT would be hacking some vulernable web servers and maybe taking down some high-profile target like a government website or service. There are worries about control systems in industrial plants or power plants, but generally those systems are not connected to any exterior network and certainly dont run typical hackable OSs like Linux and Windows. Control systems are run by realtimeOSs and are connected to one control computer or their own dedicated network.
As far as taking down the internet whole, well, there's too much redundancy. You can disable sites with a large enough botnet. You can cause a limited range of problems, but, generally, no, youre not doing some worldwide attack.
posted by damn dirty ape at 7:00 AM on January 23, 2009
A month later patch from MS is almost useful in countering these.
MS doesnt sit on critical patches for a month. The worm thats now taking down computers was patched in October. It was released out of cycle and I dont believe there were any (or many) attacks in the wild until recently.
There are some instances where a MS patch was a few days too late, but generally, they are pretty much on top of things. The real issue is people who take their time patching or who never patch.
I figure there would be Mac and Linux users still working
Oh and as far as mac and linux goes. Well, Linux gets cracked all the time. A lot of these malware servers webservers are linux. Mac? Well, 20,000 mac users just got 0wnd yesterday. Its not as cut and dried as you might think.
posted by damn dirty ape at 7:08 AM on January 23, 2009
MS doesnt sit on critical patches for a month. The worm thats now taking down computers was patched in October. It was released out of cycle and I dont believe there were any (or many) attacks in the wild until recently.
There are some instances where a MS patch was a few days too late, but generally, they are pretty much on top of things. The real issue is people who take their time patching or who never patch.
I figure there would be Mac and Linux users still working
Oh and as far as mac and linux goes. Well, Linux gets cracked all the time. A lot of these malware servers webservers are linux. Mac? Well, 20,000 mac users just got 0wnd yesterday. Its not as cut and dried as you might think.
posted by damn dirty ape at 7:08 AM on January 23, 2009
Best answer: In 1988 a worm did destroy the Internet for a couple of days. So there's your proof of concept. It's a great case study of how people respond to a widespread distributed attack on the Internet. There are several papers written from that time with a lot of insights. The main lesson that stuck with me is that the first thing all the admins did was shut their routers off, severing them from the Internet. Which generally made things worse: their networks were already infected, but now they were cut off from their colleagues who could help them. Telephones don't work nearly as well.
I'd like to believe the Internet infrastructure is more resilient now. It'd be no big thing to hijack several million Windows computers (quietly, so no one notices) and then unleash hell on a single day. But I think most of the obvious attacks on the Internet would be relatively easy to block. Ie: you could DDoS all the DNS servers, but that DDoS traffic will have a pattern and could be filtered. Worst case you could blackhole all residential ISPs to knock out a lot of the zombies while leaving the commercial and technical Internet still operating.
While the Internet itself could probably survive any attack, the follow-on effects could be ugly. It'd be easy enough to break a Windows machine so that it can't be patched online, requiring a re-install from a CD. I think that'd effectively end-of-life a lot of American's home computers. It could also cause a crisis of confidence in the Internet infrastructure with long-ranging consequences for electronic commerce. Worst would be some overreaction on how to fix things, locking down the open net in a futile attempt to protect it.
posted by Nelson at 7:39 AM on January 23, 2009 [2 favorites]
I'd like to believe the Internet infrastructure is more resilient now. It'd be no big thing to hijack several million Windows computers (quietly, so no one notices) and then unleash hell on a single day. But I think most of the obvious attacks on the Internet would be relatively easy to block. Ie: you could DDoS all the DNS servers, but that DDoS traffic will have a pattern and could be filtered. Worst case you could blackhole all residential ISPs to knock out a lot of the zombies while leaving the commercial and technical Internet still operating.
While the Internet itself could probably survive any attack, the follow-on effects could be ugly. It'd be easy enough to break a Windows machine so that it can't be patched online, requiring a re-install from a CD. I think that'd effectively end-of-life a lot of American's home computers. It could also cause a crisis of confidence in the Internet infrastructure with long-ranging consequences for electronic commerce. Worst would be some overreaction on how to fix things, locking down the open net in a futile attempt to protect it.
posted by Nelson at 7:39 AM on January 23, 2009 [2 favorites]
In 1988 a worm did destroy the Internet for a couple of days.I was there. With professional involvement.
Telephones don't work nearly as well.They work just fine (esp. in 1988), if you have the magic hard copy sheet of phone numbers.... (we've learned a lot since then).
It'd be easy enough to break a Windows machine so that it can't be patched online, requiring a re-install from a CD.Windows sucks... from their TCP stack upwards. Standard Windows advice... save your data, re-install, else you're f*ck'd, (yes, I have custom patches from MS for their TCP stack weirdness).
Worst would be some overreaction on how to fix things, locking down the open net in a futile attempt to protect it.This is why things go on for days instead of being snuffed in the nub, it's data gathering and passing on to MS, Cisco, Juniper... to get things fixed you need information... High end IT is like that, let it go, watch, learn, until you get it... then, nail it down, then cut them off.
posted by zengargoyle at 8:06 AM on January 23, 2009
If you're willing to think of it this way, spamming almost destroyed email.
For a while, so many messages were lost to false-positives by the primitive spam filters of the time that email was threatened to become too unreliable for common use.
If people had given up on email and fallen out of habit of using it, it would have been in its death, and the arrival of Bayesian filters would not have been able to revive it.
posted by gmarceau at 8:17 AM on January 23, 2009
For a while, so many messages were lost to false-positives by the primitive spam filters of the time that email was threatened to become too unreliable for common use.
If people had given up on email and fallen out of habit of using it, it would have been in its death, and the arrival of Bayesian filters would not have been able to revive it.
posted by gmarceau at 8:17 AM on January 23, 2009
Actually, Id argue that filtering as a whole has failed and the real salvation is better, faster, and smarter blacklisting. We apply filters after running mail through blacklists and even then its barely a formality.
posted by damn dirty ape at 8:23 AM on January 23, 2009
posted by damn dirty ape at 8:23 AM on January 23, 2009
« Older Is it possible to beatmix with only one ear? | Why aren't people buying cheap houses? Newer »
This thread is closed to new comments.
posted by sharkfu at 2:35 AM on January 23, 2009