Concerns Mount over Major Web Strike

eWeek:

Concerns Mount over Major Web Strike

 

This is very troubling. I am one who believes in the fragility of the infrastructure of the Internet. The so-called "safeguards" just don't amount to much in a well-coordinated attack. I hope this man is wrong, but something like it is inevitable at any rate.

I have posted here before - a year and a half ago maybe? - about the most severe threat to the Internet. I believe that to be the physical security of the 13 DNS root servers. So much focus has been placed on the technological attacks and, I believe, not enough on the physical security of these 13 crucial parts of Internet infrastructure. Of the 13, 11 are located in the United States. They are vulnerable to bombing attack or attacks from the air. Any simultaneous attack on several of these servers and it's down -- for a good long period of time -- enough to do great damage to the economy and even our national security. This cannot be ignored.

 

Thanks for your good post, luv2bsecure.

 

To Much Coast to Coast and George Noory!

 

I'm no expert, but I'm not too worried about physical security of the root servers. Yeah, logically there are 13 root DNS servers, but as I understand it, several of the operators of a given logical server actually host multiple, geographically dispersed, fully redundant physical servers. So, for example, Internet Systems Consortium, Inc. which operates server "F" has multiple nodes in places such as Auckland, New Zealand; Paris, France; Dubai, UAE; Sao Paolo, Brazil; Hong Kong, China; Johannesburg, South Africa; Los Angeles, CA, USA; Lisboa, Portugal; New York, NY; etc... Perhaps there is one central resource that could totally disable the "F" server, but I sort of doubt it. I imagine that significant redundancy has been built into these server sub-networks as well as the overall root-domain network. Moreover, at least a couple of the root servers are operated by military entities ("G" - U.S. DOD Network Information Center, and "H" U.S. Army Research Lab).

I seem to recall that a few years ago, some rumor got started that one of the root servers ("D", at the University of Maryland, I believe) was supposedly just some simple PC server sitting there in some professor's office. The US government naturally was concerned by such reports, so supposedly they then instituted fairly routine root server inspections. The story turned out to be totally false, but apparently it at least served to prod these routine inspections.

Maybe I'm just overly naive or optimistic, but internet terrorism while a significant economic threat and all, really just doesn't keep me up at night. I just think that there are so many more real-world, physical threats to concern oneself with.

 

I had to Google to see what "Coast To Coast" was and who George Noory is. I assume you thought my post was tin foil conspiracy stuff?

I wish.

If planes can be hijacked and hit the Pentagon, WTC towers and another down before it hit the White House (or whatever), planes or bombs can hit the Root Servers and put the net down cold.

I fail to see how one is too much Coast To Coast conspiracy stuff and the other is not? In fact, as we all know, the first attacks are written in our history books.

The threat to the Internet (whether it be via cyber or physical attack) is all too real.

John
Luv2BSecure

 

This is a controversial issue within the infosec community. Physical threat or hackoterrorism, some say it just is "no big deal." Others say it is all very serious and critical. I fall into the latter group.

I understand the views of the "other side" and still feel that the stability of the Internet - via threats to infrastructure - are very real. I respect the views of others, but feel on this issue - it's better safe than sorry.

Remember, the Internet is not just chat rooms, game sites, message boards, and other superficial use. Large energy providers are configuring systems to operate their electrical grids via the net. Some 911 systems are now using the Internet in various ways. Banking and commerce, stock trading via the net is now routine, emergency plans for disaster, on and on and on. Too much of our economic engine relies on the Internet being up and stable. Threats to that are not to be taken lightly (IMO) and if we do - we do it at our own peril.

John
Luv2BSecure

 

Honestly, I mean no disrespect, but I have to say that I heard many of the same arguments regarding Y2K. Ok, sure, more and more infrastructure is being made available and/or controllable via the internet on daily basis. However, I think many of the concerns expressed by many either:

1. fail to account for disaster recovery programs that often were set in place prior to many organizations moving towards greater reliance upon the internet for routine management and infrastructure availability;
2. underestimate the knowledge and experience of those running many of the critical resources in question; and/or
3. overestimate the capabilities, resources, and influence of potential attackers.

Certainly, I'm not saying we should not be concerned, or that we should not make contigency plans. On the contrary, I'm saying that, in general, I think many fine, up-standing, knowledgeable people are doing precisely that on a daily basis. In fact, I think you, in your own way, are just trying to do the same by sounding the alarm somewhat. It's just that I sort of disagree on the level of alarm that should be raised in public discussions because I tend to think that such discussions can easily distort the real priorities and the real threats; and sometimes are counterproductive in that they can induce anxiety about uncontrollable factors at the expense of action on controllable factors.

 

Alec,

I understand your point of view and respect that - it is one shared by many. However, I want to add one more thought to your response. As per the quote above: I would disagree to the extent that I do not believe they are mutually exclusive. I don't believe that placing attention on any one area of vulnerability has to take away from attention to any other threat. The United States has the ability, through the private sector alone, to address possible vulnerabilities on all fronts. I don't think attention on one detracts from another.

You also mentioned all of the individuals working on the problem of a secure Internet. This is an assumption that I am afraid is too optimistic. There is a lot of talk about what to do (or not do) and lots of discussion -- but unfortunately -- very little action. Many recommendations from security experts have still gone unaddressed - especially by the new layers of governmental bureaucracy setup in this country since 09-11-01.

All the best,
John
Luv2BSecure

.

 

Attempt at levity – Your points are well taken and arguments well made. The threats you speak of are very real. It’s just that I am tired of all the impending doom, thats all – I hope no offense was taken on your part.

Optimistic Regards,

RCC

 

They already attacked the core with DDOS or DRDoS attack. However, they blocked most of the garbage pretty easily. In a Gibsonian moment, the l0pht claimed they could take down the net in 30 minutes.

I dunno if the Inet going down is really a national security issue. Certainly it would cause economic damage. But critical mil and intel networks are separate from the internet.

A HERF gun or EMP-T bomb would take out the core better than physical bombs.

 

Could this be the work of the terrorists?

 

Depends on your definition of a terrorist. Here in the US the greatest threat of terror is from the media.

 

'Electronic Jihad' fails to materialise

 

I think if it comes right down to it the structure of the internet is a lot more resilient in nature than it is given credit for. Not indestructable but what is.

 

In Canada, I'm more afraid of my government!!!

 

You should be, I'm watching You

Beware of dog!

 

An important subject

This may show the perspective from "the other side". Without mentioning any names, there is a large, large number of followers of someone, now dead, who, from their early childhood, are taught that there are two parts to this world:

- One part of the world is under "their" (religious/civil) rule. Democratic elections are halted as soon as they achieve power, which is then, absolute tyrrany.

- The rest of the world is what they are "at war" against, until it is under "their" rule.

That is the underlying teaching, upon which, all their teachings rest. All teachings are to wage the war until it is won. Simple observation will conclude that any means justifies the end. This message is "right" to them.

Europe is increasing in "their" numbers, especially France and Germany. They are on the brink and are totally oblivious of it.

I won't get into the aspect of the "unseen" realm's part in this, other than to say that it is the exact same spirit that was over the WWII Axis powers (Germany, Italy, Japan). Hey, I had first-hand observation of the "dark side" for ten years. Not funny.

Just discovered this site. I take my hat off to all the extremely knowledgeable and helpful people. A really nice bunch.

AK

 

So, ther are two groups who think the same thing, you are for them or again them, no shades just my side or there side.

That's what heart listerer should have said.

And both sides believe they are totally right.

Who is good who is eveil maybe neither,

they are both too extreme