Bevil Wood­ing

Yet an­oth­er strike by hack­ers on the In­ter­net's ad­dress­ing sys­tem has placed the spot­light on the vul­ner­a­bil­i­ty of the net­work's core ar­chi­tec­ture. Se­cu­ri­ty ex­perts and sys­tem ad­min­is­tra­tors should take heed and re-ex­am­ine mea­sures for de­fend­ing against es­ca­lat­ing and in­creas­ing com­plex threats to their net­works.

Cy­ber at­tacks: The new nor­mal

A spat be­tween Spamhaus, a Dutch-based an­ti-spam firm, and Cy­ber­bunk, a com­pa­ny ac­cused of host­ing spam trans­mit­ting Web sites, quick­ly es­ca­lat­ed in­to one of the largest ever com­put­er at­tacks on the In­ter­net. The re­sult af­fect­ed In­ter­net users around the world. Many users ex­pe­ri­enced de­lays in In­ter­net ser­vices or dif­fi­cul­ties ac­cess­ing pop­u­lar Web sites.

For the net­work en­gi­neers tasked with guard­ing and man­ag­ing the ar­ray of sys­tems and in­fra­struc­ture that keep the glob­al In­ter­net func­tion­ing, the con­cern goes be­yond this spe­cif­ic in­ci­dent. Why? At­tacks that ex­ploit known In­ter­net vul­ner­a­bil­i­ties are be­com­ing more fre­quent, in­creas­ing­ly dam­ag­ing.

The In­ter­net's guardians wor­ry that if at­tacks con­tin­ue to es­ca­late in­di­vid­ual users, com­pa­nies and gov­ern­ments may not be able to reach the ba­sic In­ter­net ser­vices, like e-mail and on­line bank­ing, which they have come to de­pend on.

Sev­er­al re­cent high-pro­file cy­ber-at­tacks tar­get­ing com­pa­nies and coun­tries alike have neg­a­tive­ly im­pact­ing In­ter­net users across the world. The dawn­ing re­al­iza­tion is, if at­tacks like the one that hit Spamhaus are aimed at gov­ern­ments, or even some coun­tries they could be tak­en of­fline com­plete­ly.

The type of cy­ber-at­tack used in the Spamhaus case is called a dis­trib­uted de­nial of ser­vice, or DDoS. Patrick Gilmore, chief ar­chi­tect at Aka­mai Net­works, a dig­i­tal con­tent provider, de­scribed the Spamhaus at­tack as "the largest pub­licly an­nounced DDoS at­tack in the his­to­ry of the In­ter­net."

The con­cern is, be­cause of how the In­ter­net was de­signed, such dam­age is rel­a­tive­ly easy to achieve.

The Do­main Name Sys­tem, or DNS, func­tions like a tele­phone switch­board for the In­ter­net. The DNS is a glob­al­ly dis­trib­uted data­base used to trans­late a hu­man-un­der­stood do­main names such as www.google.com, to a ma­chine-un­der­stood In­ter­net Pro­to­col (IP) ad­dress like 75.125.45.113. Da­ta pack­et rout­ing on the In­ter­net is based on these nu­mer­ic ad­dress­es.

Hun­dreds of com­put­er servers around the world, known as DNS Root Servers per­form this di­rec­to­ry func­tion of re­ceiv­ing names and trans­lat­ing them in­to IP num­bers.

Stephen Lee, chief ex­ec­u­tive of­fi­cer of US-based net­work­ing com­pa­ny, ArkiTechs, ex­plained, "The DNS is like the bridge be­tween un­der­ly­ing net­work­ing pro­to­cols and the end-user ap­pli­ca­tions such as browsers and e-mail. This is why DNS is so vi­tal­ly im­por­tant to the prop­er func­tion­ing of the In­ter­net."

Strength­en­ing the In­ter­net

Pro­tect­ing these and oth­er pieces of the In­ter­net's crit­i­cal in­fra­struc­ture is a top pri­or­i­ty for the in­ter­na­tion­al bod­ies re­spon­si­ble for man­ag­ing the In­ter­net. How­ev­er, im­por­tant com­po­nents of key In­ter­net in­fra­struc­ture are con­cen­trat­ed in de­vel­oped coun­tries and not even­ly dis­trib­uted through­out the world. This leaves coun­tries in emerg­ing mar­kets like the Caribbean, Africa and the Pa­cif­ic at a dis­ad­van­tage and more vul­ner­a­ble to the fall­out from cy­ber-at­tacks.

As the In­ter­net con­tin­ues to grow, and as cy­ber-threats in­crease in scale and scope, strength­en­ing na­tion­al In­ter­net in­fra­struc­ture as­sets, par­tic­u­lar­ly in un­der­served re­gions, is be­com­ing a ma­jor pri­or­i­ty with­in the glob­al In­ter­net com­mu­ni­ty. This is why ac­cel­er­at­ed In­ter­net in­fra­struc­ture build-out and tech­ni­cal ca­pac­i­ty build­ing are so crit­i­cal.

Lee, who is al­so a vol­un­teer net­work train­er with the Caribbean Net­work Op­er­a­tor's Group, non-prof­it or­gan­i­sa­tion that sup­ports the tech­ni­cal train­ing and ca­pac­i­ty build­ing in the re­gion, said "Of the hun­dreds of DNS root name serv­er copies around the world, one a rel­a­tive few are lo­cat­ed in de­vel­op­ing re­gions. Ide­al­ly, these should be spread eq­ui­tably in a way that bet­ter serves the glob­al In­ter­net pop­u­la­tion."

Cur­rent­ly, Africa, Asia, Latin Amer­i­ca and the Caribbean, are among the most un­der­served re­gions in terms of dis­tri­b­u­tion of root name serv­er copies, In­ter­net Ex­change Points (IX­Ps). They are al­so lag­ging in terms of the hu­man re­source ca­pac­i­ty and sys­tems to de­tect and re­spond to grow­ing on­line threats. Iron­i­cal­ly they are al­so the re­gions with the fastest grow­ing In­ter­net pop­u­la­tions.

Cy­ber-threats are ris­ing at the same time that economies and so­ci­eties are be­com­ing in­creas­ing­ly de­pen­dent on In­ter­net�based ap­pli­ca­tions and ser­vices. It would be fool­hardy for any coun­try, or or­ga­ni­za­tion to be­lieve they are im­mune to the mount­ing risks.

Strength­en­ing in­ter­na­tion­al, na­tion­al and re­gion­al In­ter­net in­fra­struc­ture and tech­ni­cal ca­pac­i­ty is an im­per­a­tive that can­not be ig­nored or de­ferred....un­less you're prepar­ing for life with­out the In­ter­net.

Bevil Wood­ing is the chief knowl­edge of­fi­cer of Con­gress WBN, a val­ues-based, in­ter­na­tion­al non-prof­it or­gan­i­sa­tion and an In­ter­net strate­gist with US-based Pack­et Clear­ing House. Fol­low on Twit­ter: @bevil­wood­ing or at: face­book.com/bevil­wood­ing or con­tact via e-mail at­tech­nol­o­gy­mat­ters@bright­path­foun­da­tion.org