Quotable:“This is always an arms race. We shore up the defenses of the Internet and the attackers shore up their tools.” – Richard DeMillio, director of Information Security Center at Georgia Institute of Technology.
RESEARCH TRIANGLE PARK — The world’s commerce is governed by a number of so-called choke points. The same is true for e-commerce, as some hackers recently tried to exploit last week.
Look at a world map and one can readily identify where choke points occur — the Suez Canal, the Straits of Malacca, the Straits of Hormuz, Gibraltar, the Panama Canal. Through these narrow shipping lanes past most of the world’s freight- from oil to finished goods and food.
The backbone of e-commerce — the Internet — has a number of key points as well where terabytes of data converge, get sorted or exchanged, and sent on in milliseconds..
Some are called NAPS, or network access points. In suburban Washington, DC, one is called “MAE East” as in metro area exchange. (Yes, there is a MAE West.) A handful of others exist. Atlanta has a major NAP, for example. For years, people at MCNC have talked about developing a NAP in Research Triangle Park.
Much of the concern about the possible demise of WorldCom was triggered because the telecom giant operates three of the major MAE intersect points. (In fact, MAE is now a service mark of WorldCom.)
(MAEs are not for the technology challenged. Here’s a sample question from MCI about its MAE operations. OC12 refers to fiber bandwidth capability — these “op centers” exchange an almost unfathomable amount of data every second, every hour, ever day — including holidays:
(“Q: A customer has an ATM Port at the MAE East facility at OC12 capacity and would like to utilize 155Mbps of that port. Is it possible to connect an OC3 local loop to that port to use a portion of the bandwidth?”
A: “A Cisco 7505 router would be required to handle the OC12 to OC3 conversion. The customer should adjust the service contract to an OC3 port. “)
Here, global telecommunications companies and Internet Service Providers “peer”, or agreed to exchange data to be transported on each other’s networks. These are big, expensive, and a likely attack point for hackers and terrorists.
Going for the ‘root’
Another choke point are the 13 collections of services known as “root servers” which are largely responsible for the governing of names and Internet Protocol (IP) numbers that make the Internet as efficient as it is.
At about 4:45 PM EDT last Monday, those servers were hit by a massive “denial of service” attack that lasted some 45 minutes. In other words, the hackers or terrorists unleashed torrents of data and commands designed to “crash” these post offices. Up to 40 times the normal amount of data flooded the servers, and Matrix NetSystems told CNN that seven servers had “zero-reachability”.
That’s geek speak for crashed, busy, and out-of-service.
The attack was global in scope. Among the principal targets, Matrix NetSystems said, were a US Department of Defense Network Information Center, a US Army Research Lab, a server in Stockholm, another in London and one in Tokyo.
Just how effective was the attack? Depends on what source one talks to.
“Powerful Attack Cripples Internet” is how Fox News described the assault.
On the other side came c/net (“Assault on Net servers fails”) and CNN (“Bid fails to topple Web”).
VeriSign, one of the private companies responsible for two of the key servers, told the Associated Press it was not caught unaware. “We were prepared, we responded quickly,” a spokesman said.
Most Internet users had no idea anything was happening — unlike what occurs if there is a major fiber optic cable cut or a “Spam,” assault brings down a host of mail servers.
A ‘rare’ assault
But one race remains clear: The attack was serious, an apparently well-conceived assault designed to stop the railroads on which global e-commerce travels.
The White House and the FBI’s National Infrastructure Protection Center got involved, trying to track down those involved.
“There have been (previous) attacks against the root domain servers — yes,” Paul Vixie, chairman of the Internet Software Consortium, told c/net. “But it is rare to have attacks against all 13 at the same time.”
Some 6 percent of domain name requests (i.e. Web sites) were denied, c/net reported. Vixie also didn’t agree that this was the largest assault to date on the Net.
Richard DeMillo, director of the Information Security Center at the Georgia Institute of Technology, said those running the Net and those determined to undermine it are akin to the weapons designers of the Cold War: Who can build the most destructive weapon and/or construct the best defense against Armageddon?
“This is always an arms race,” DeMillo told CNN. “We shore up the defenses of the Internet and the attackers shore up their tools.”
The White House Office of Homeland Security and the President’s Critical Infrastructure Protection Board insist that cyber security concerns are being addressed. And the affiliations of organizations around the world responsible for running the Net do not take these attacks or Net security for granted.
But just as the Bush Administration is building up defenses against ballistic missile attacks, so too should the Washington crowd — and others around the globe — direct even more resources to a Star Wars defense that works for the Net.
Had those 13 servers “crashed” under the assault, what would the effect have been on you or your business?
Perish the though.
Rick Smith is managing editor of Local Tech Wire