Some people call me paranoid, some people call me insightful. Whatever you call me, you can’t really dispute that the next form of terrorism would likely take place over the Internet. In this piece, I will describe how a terrorist attack on the Internet could take place as well as have a much higher impact than blowing up a building or hijacking an airplane.
For the uninitiated, understand that this is simply a theoretical description with the intent of preventing a problem; not encouraging or promoting terrorism or harm on others. Further, understand that the goal of terrorism isn’t necessarily to kill, but rather to incite fear. My basis on this “terrorist attack” is that people in America fear the loss of control, fear instability, fear the loss of communication, and undoubtedly, fear for their future. Again, this is only for informational, and holistic problem solving — not encouraging terrorism.
The Internet is so widely used, that approximately 70% of the US is connected. I don’t know about the remaining 30%, but I’m sure those folks too have once browsed the Web at a Library or similar. The internet powers so many things, such as dating and relationships, to stock trading and financial management, to news and information sharing. Additionally, the Internet is the medium that carries payment information from eCommerce Web sites to merchant accounts, to VISA/MasterCard/Amex, to your bank account — albeit in a secure connection.
It’s entirely possible to completely take down the Internet, despite what many people claim that mesh networking provides. Once tier-one carriers are handicapped, all someone needs to do is target the next tier-one, two and three carriers until all traffic is slowed down. A majority of the Internet’s routers are Cisco-based and it wouldn’t too hard for someone to code a buffer overflow attack that can spread virally. (Remember Code Red, circa 2001?) At a more holistic level, this would sever communications between consumers and their favorite Web sites like Google, MySpace, Facebook and their bank’s Web site. Later, this would cause alarm and panic and surely every ISP’s tech support lines would be flooded, resulting in a busy-out. Financial leaders would then pull their money out of the stock market, and be forced to purchase valuable commodities like Gold and Silver. In a nutshell, this would cause a great deal of panic, and a major pain for the rather fragile economy.
There are millions of compromised computers out there that are connected to what is known as a botnet. A Botnet is network of compromised (“dummy”) computers that are controlled by a botnet operator. An operator likely seized control of these machines because of a worm, virus, trojan or other malicious software that the user downloaded and still is infected with. A lot of malicious software (malware) can cover its tracks by means of rootkits.
With these botnets, all one would need to do is execute a variety of attacks, while mixing in legitimate communications so IDSs can’t identify them. To slow down the Internet Communications, all one has to do is use botnets to send billions of pieces of e-mail to each other, send Instant Messages to each other and the communication backbones would be infiltrated and wouldn’t be able to keep up with the sheer demand. Then by executing a variety of DNS attacks, they can redirect common Web sites to their own to communicate their message to people at a large scale.
Given that the entire Internet would be clogged at this point, I’d give it a week until US Air Force Command issues orders for carriers to power-down to shut down the internet, so they can patch their systems accordingly. During this period, underground hackers would setup private PBXs to chat and disuss the outcome and fixes to mend the broken Web. A week later the Internet would be turned on, patched, and likely a patch CD for consumers would be subsidized by the government to install necessary updates.
In summary, this would cause a minimum two weeks of solid downtime, with credit to a series of terrorists, for millions of users. The US isn’t the only target — Europe would be as well, since they too are always in anti-terrorist mode, too.
This is currently possible due to the inherent security flaws of the current networking protocols (TCP/UDP). Until those are adequately patched to become more secure, unspoofable, and hardcoded with source addresses (like RDNS for e-mail); this scenario will always be possible.
HOW TO PREVENT THIS?
This form of terrorism can be averted by means of proper Internet user education and enforcement of software updates/patches. If everyone would update patches at the same time, then it would make it much more difficult for those machines to be left open, in the wild, waiting to be compromised. Also, if everyone ran updated anti-virus and firewall software; they could effectively respond to such attacks.
The Internet, by itself, isn’t accountable. Anyone can launch a series of attacks by means of botnets. ISPs should be held to documenting incoming and outgoing information, and must act on a series of heuristics to detect botnet operators and forward such information to the FBI. From there, the FBI must be responsive at taking down botnet operators; and thus providing feedback to those infected to obtain updates. Currently, this isn’t done synergistically. The FBI had an operation called “Bot-Roast,” but wasn’t widely adopted by ISP operators.
At the heart of it, responsibility is split three ways: consumers, Internet operators, and law enforcement. All must be working quickly, efficiently and towards one goal: protecting and securing the Internet.