FROM THE NEW SCIENTIST
The cyberweapon that could take down the internet
A new cyberweapon could take down the entire internet – and there's not much that current defences can do to stop it. So say Max Schuchard at the University of Minnesota in Minneapolis and his colleagues, the masterminds who have created the digital ordnance. But thankfully they have no intention of destroying the net just yet. Instead, they are suggesting improvements to its defences.
Schuchard's new attack pits the structure of the internet against itself. Hundreds of connection points in the net fall offline every minute, but we don't notice because the net routes around them. It can do this because the smaller networks that make up the internet, known as autonomous systems, communicate with each other through routers. When a communication path changes, nearby routers inform their neighbours through a system known as the border gateway protocol (BGP). These routers inform other neighbours in turn, eventually spreading knowledge of the new path throughout the internet.
A previously discovered method of attack, dubbed ZMW – after its three creators Zhang, Mao and Wang, researchers in the US who came up with their version four years ago – disrupts the connection between two routers by interfering with BGP to make it appear that the link is offline. Schuchard and colleagues worked out how to spread this disruption to the entire internet and simulated its effects.
Surgical strike
The attack requires a large botnet – a network of computers infected with software that allows them to be externally controlled: Schuchard reckons 250,000 such machines would be enough to take down the internet. Botnets are often used to perform distributed denial-of-service (DDoS) attacks, which bring web servers down by overloading them with traffic, but this new line of attack is different.
"Normal DDoS is a hammer; this is more of a scalpel," says Schuchard. "If you cut in the wrong places then the attack won't work."
An attacker deploying the Schuchard cyberweapon would send traffic between computers in their botnet to build a map of the paths between them. Then they would identify a link common to many different paths and launch a ZMW attack to bring it down. Neighbouring routers would respond by sending out BGP updates to reroute traffic elsewhere. A short time later, the two sundered routers would reconnect and send out their own BGP updates, upon which attack traffic would start flowing in again, causing them to disconnect once more. This cycle would repeat, with the single breaking and reforming link sending out waves of BGP updates to every router on the internet. Eventually each router in the world would be receiving more updates than it could handle – after 20 minutes of attacking, a queue requiring 100 minutes of processing would have built up.
Clearly, that's a problem. "Routers under extreme computational load tend to do funny things," says Schuchard. With every router in the world preoccupied, natural routing outages wouldn't be fixed, and eventually the internet would be so full of holes that communication would become impossible. Shuchard thinks it would take days to recover.
"Once this attack got launched, it wouldn't be solved by technical means, but by network operators actually talking to each other," he says. Each autonomous system would have to be taken down and rebooted to clear the BGP backlog.
READ MORE
The cyberweapon that could take down the internet
A new cyberweapon could take down the entire internet – and there's not much that current defences can do to stop it. So say Max Schuchard at the University of Minnesota in Minneapolis and his colleagues, the masterminds who have created the digital ordnance. But thankfully they have no intention of destroying the net just yet. Instead, they are suggesting improvements to its defences.
Schuchard's new attack pits the structure of the internet against itself. Hundreds of connection points in the net fall offline every minute, but we don't notice because the net routes around them. It can do this because the smaller networks that make up the internet, known as autonomous systems, communicate with each other through routers. When a communication path changes, nearby routers inform their neighbours through a system known as the border gateway protocol (BGP). These routers inform other neighbours in turn, eventually spreading knowledge of the new path throughout the internet.
A previously discovered method of attack, dubbed ZMW – after its three creators Zhang, Mao and Wang, researchers in the US who came up with their version four years ago – disrupts the connection between two routers by interfering with BGP to make it appear that the link is offline. Schuchard and colleagues worked out how to spread this disruption to the entire internet and simulated its effects.
Surgical strike
The attack requires a large botnet – a network of computers infected with software that allows them to be externally controlled: Schuchard reckons 250,000 such machines would be enough to take down the internet. Botnets are often used to perform distributed denial-of-service (DDoS) attacks, which bring web servers down by overloading them with traffic, but this new line of attack is different.
"Normal DDoS is a hammer; this is more of a scalpel," says Schuchard. "If you cut in the wrong places then the attack won't work."
An attacker deploying the Schuchard cyberweapon would send traffic between computers in their botnet to build a map of the paths between them. Then they would identify a link common to many different paths and launch a ZMW attack to bring it down. Neighbouring routers would respond by sending out BGP updates to reroute traffic elsewhere. A short time later, the two sundered routers would reconnect and send out their own BGP updates, upon which attack traffic would start flowing in again, causing them to disconnect once more. This cycle would repeat, with the single breaking and reforming link sending out waves of BGP updates to every router on the internet. Eventually each router in the world would be receiving more updates than it could handle – after 20 minutes of attacking, a queue requiring 100 minutes of processing would have built up.
Clearly, that's a problem. "Routers under extreme computational load tend to do funny things," says Schuchard. With every router in the world preoccupied, natural routing outages wouldn't be fixed, and eventually the internet would be so full of holes that communication would become impossible. Shuchard thinks it would take days to recover.
"Once this attack got launched, it wouldn't be solved by technical means, but by network operators actually talking to each other," he says. Each autonomous system would have to be taken down and rebooted to clear the BGP backlog.
READ MORE
RSS Feed