Old Internet Flaw Causes New Problems
October 27 2015 - 8:07PM
Dow Jones News
By Drew FitzGerald
An old problem at the core of the Internet is getting more
attention, as a growing number of data breaches expose the Web's
weaknesses.
The security gap derives from a flaw in the language that
expensive network routers use to figure out how to shuttle digital
information to its destination. Machines rely on this chatter among
the carrier-grade routers for a map of the Internet, and most
network operators have the ability to recommend changes with little
verification, leaving traffic vulnerable to bogus information.
This summer, torrents of traffic from U.S. carrier Level 3
Communications Inc. took a detour through Telekom Malaysia,
disrupting service to millions of users. And in June, Two Sigma
Investments LLC, a $29 billion New York hedge fund, discovered some
traffic destined for its unused Web addresses was claimed by a
network operator registered in St. Petersburg, Russia, though the
hedge fund said the event was little more than an
inconvenience.
Engineers and security experts say attackers are increasingly
using this method to manipulate Internet traffic. U.S. government
officials worry that hackers with access to the right network
equipment could do more serious damage by altering this map of
routes, which is controlled by a language known as border gateway
protocol, or BGP.
"There's good evidence that people are playing serious malicious
games with the routing table," said Steven Bellovin, a Columbia
University computer science professor who investigated early
Internet security loopholes at Bell Labs. "I think that the risks
are very serious."
Using BGP flaws to trick carriers into rerouting their clients'
data could let someone steal proprietary information, eavesdrop on
confidential traffic or send information into cyber oblivion
rendering it unreachable, according to security experts.
The Internet is rife with all kinds of cyberattacks.
Denial-of-service attacks--when assailants flood networks with junk
traffic--make websites unavailable and are among the most common
techniques. The number of such attacks more than doubled to 2,150
in the second quarter of 2015, according to network security
provider Akamai Technologies Inc.
Lawmakers addressed fears over cyber attacks Tuesday with the
Senate passing a bill Tuesday to encourage companies to share more
information about comprised networks.
Internet analysis firm Dyn Inc. says corporate clients are
taking a deeper interest in BGP problems. Doug Madory, the firm's
director of Internet analysis, says he sees as many as 20 of these
events every day.
Researchers have documented cases where data intended to travel
just a few miles veered off on detours spanning continents. A 2012
Department of Homeland Security report found countries including
China, Russia, Kazakhstan and South Korea had "announced" pathways
to U.S. government networks that actually led back to foreign
addresses.
BGP traces its roots to the 1980s, when digital communication
was still nascent. Academic institutions that made up the early
Internet developed the language to make it easier for machines to
keep track of each other's networks. The system is based on the
assumption that other parties can be trusted and as a result has
few built-in checks.
Engineers have been working on a solution that would add a
verification process to changes to BGP's map of routes. Currently,
anyone with a high-end router and a business-class broadband
connection can suggest a better path for traffic, which often gets
replicated across the world's network routers. The fix would
encrypt each route change so a router could verify that an
alteration came from a trusted source--a potentially pricey upgrade
for Internet providers.
The solution--which is so complex that it has taken almost a
decade to devise--is in its final stages of development but still
might not be ready for years.
"It's something that we need to work on now and not wait until
someone decides to launch something widespread and massive," said
security researcher Sandra Murphy, a specialist at defense
contractor Parsons Corp., who co-chairs the group of engineers
working on a fix.
Misrouted Internet traffic is public and easy to spot, but its
causes vary and many stem from programming mistakes.
Telekom Malaysia said its June network outage began when a bad
configuration cascaded through its network and on to routes that
carried international traffic. Level 3 said the company has adopted
corrective actions.
For Two Sigma, Russian network activity didn't interfere with
any of its trading communication, which doesn't travel over the
public Internet. The hedge fund was alerted to the June diversion
by its cyber security firm. A Two Sigma spokeswoman said the
incident "posed absolutely no threat to Two Sigma or its
investors."
Other attacks look more suspicious. Last year, researchers at
Dell SecureWorks found that an attacker had used this technique to
siphon off at least $83,000 in profits from virtual currencies like
Bitcoin. The attacker had rerouted many of the paths used to claim
the electronic currencies to network addresses in Canada.
Subscribe to WSJ: http://online.wsj.com?mod=djnwires
(END) Dow Jones Newswires
October 27, 2015 19:52 ET (23:52 GMT)
Copyright (c) 2015 Dow Jones & Company, Inc.
Level 3 Communications, Inc. (delisted) (NYSE:LVLT)
Historical Stock Chart
From Mar 2024 to Apr 2024
Level 3 Communications, Inc. (delisted) (NYSE:LVLT)
Historical Stock Chart
From Apr 2023 to Apr 2024