Researchers
uncovered a serious flaw in the underlying
technology for nearly all Internet traffic, a
discovery that led to an urgent and secretive
international effort to prevent global disruptions
of Web surfing, e-mails and instant messages.
The British government announced the
vulnerability in core Internet technology on
Tuesday. Left unaddressed, experts said, it could
allow hackers to knock computers offline and
broadly disrupt vital traffic-directing devices,
called routers, that coordinate the flow of data
among distant groups of computers.
"Exploitation of this vulnerability could have
affected the glue that holds the Internet," said
Roger Cumming, director for England's National
Infrastructure Security Coordination center.
The U.S. Homeland Security Department issued
its own cyberalert hours later that attacks "could
affect a large segment of the Internet community."
It said normal Internet operations probably would
resume after such attacks stopped. Experts said
there were no reports of attacks using this
technique.
The risk was similar to Internet users "running
naked through the jungle, which didn't matter
until somebody released some tigers," said Paul
Vixie of the Internet Systems Consortium Inc.
"It's a significant risk," Vixie said. "The
larger Internet providers are jumping on this big
time. It's really important this just gets fixed
before the bad guys start exploiting it for fun
and recognition."
The flaw affecting the Internet's "transmission
control protocol," or TCP, was discovered late
last year by a computer researcher in Milwaukee.
Paul Watson said he identified a method to
reliably trick personal computers and routers into
shutting down electronic conversations by
resetting the machines remotely.
Experts previously said such attacks could take
between four years and 142 years to succeed
because they require guessing a rotating number
from roughly 4 billion possible combinations.
Watson said he can guess the proper number with as
few as four attempts, which can be accomplished
within seconds.
Routers continually exchange updates about the
most efficient traffic routes between large
networks. Continued successful attacks against
routers can cause them to go into a standby mode,
known as "dampening," that can persist for hours.
Cisco Systems Inc., which acknowledged its
popular routers were among those vulnerable,
distributed software repairs and tips to otherwise
protect large corporate customers. There were few
steps for home users to take; Microsoft Corp. said
it did not believe Windows users were too
vulnerable and made no immediate plans to update
its software.
Using Watson's technique to attack a computer
running Windows "would not be something that would
be easy to do," said Steve Lipner, Microsoft's
director for security engineering strategy.
Already in recent weeks, some U.S. government
agencies and companies operating the most
important digital pipelines have fortified their
own vulnerable systems because of early warnings
communicated by some security organizations. The
White House has expressed concerns especially
about risks to crucial Internet routers because
attacks against them could profoundly disrupt
online traffic.
"Any flaw to a fundamental protocol would raise
significant concern and require significant
attention by the folks who run the major
infrastructures of the Internet," said Amit Yoran,
the government's cybersecurity chief. The flaw has
dominated discussions since last week among
experts in security circles.
The public announcement coincides with a
presentation Watson expects to make Thursday at an
Internet security conference in Vancouver, British
Columbia, where Watson said he would disclose full
details of his research.
Watson predicted that hackers would understand
how to begin launching attacks "within five
minutes of walking out of that meeting."
