A major security event seems inevitable because there are too many security vulnerabilities on most systems, and the foundation of the Internet has minimal built-in security. When we combine these factors with how much companies and countries rely on the Internet, a major security event seems even more likely.
For example, what would happen to the US economy if the Internet stopped working? What if you woke up one morning and there was no more web, no more email, no more worldwide connectivity? What would that do to our economy? Think of how many companies would instantly disappear because they rely solely on the Internet for sales and delivery.
As if that were not enough, other groups of companies would suffer severe financial consequences as well if they could no longer rely on the Internet.
If you think stock market crashes have an impact on the economy, that would be nothing if the Internet stopped working for a couple of weeks.
To build on this, let’s look at a possible scenario to illustrate that there could be major security events occurring that we would not even know about. For example, what if a Fortune 100 company developed a new, state of the art technology that could make the company billions of dollars over the next ten years. Suppose this new technology would have had huge impacts for the local economy and the national economy. Then, two years into the development, after the company has hired a large number of people and has invested heavily in new factories and infrastructure to build the technology, suppose a foreign competitor releases a competing product. Because this competitor is first to market, the company that invented the technology would have to stop development because it would have lost the market share. Not only would the company lose the potential billions of dollars it would have made from this imaginary new product, but it has a huge impact on the economy because all those people hired for development would be laid off. Now, the company would likely have written this off to poor market analysis, but what if the true cause were that the competitor broke into the company’s network through the Internet and stole its secret?
Situations such as this are probably occurring all the time—companies loose large amounts of money, but they write it off to other problems.
What if a company steps back and says, “Could this have been caused by a weakness in security?” Then, when the company goes through its logs, it may notice unauthorized access to its key servers. Because many
companies do not appreciate the damage that Internet attacks can cause, there have probably been several major security events against
companies that were caused by weak network security, and the companies did not even realize an intrusion occurred.
Now let’s look at some of the areas that could be impacted.
Areas That Could Be Compromised
In terms of major security events, there are the obvious attacks against a company’s security. In terms of corporate espionage, I think this is an area that will have increasing potential for damage. Corporate espionage is more of a threat to a specific company, but what if these attacks were launched against 5 or 6 companies in the same business area? Then it would have more of an impact on a company’s economy. Not only will corporate espionage between companies increase, but corporate espionage between countries will also increase. Think about this for a minute; if a foreign government can help give its local companies a competitive advantage over foreign competitors, it could have financial gains for the local economy.
Let’s take a step back and look at some of the areas that could be used to either take down the Internet or cause a major security event. There are many possibilities because the Internet and many company networks have minimal security built in. The following list is not even close to complete, but it should give you an idea of some of the key areas an attacker might go after:
• DNS
• TCP
• Operating System backdoors
DNS
DNS or the domain name system is responsible for resolving domain names to IP addresses. A question I like to ask people is this: “Can the Internet function without DNS?” Well, this is really a trick question. From a technical standpoint, the Internet does not care about domain names; it only cares about IP addresses to which it can route information. So, from a purely functional standpoint, the Internet can function without DNS. The key question is, “Would anybody use it?” If most people had to remember IP addresses, they would not use the Internet. So, from a usability
the DNS system, the Internet would come to a stand still, and no one would use it.
DNS works extremely well from a functionality standpoint, but like most systems, it has minimal built-in security. Attackers can access a
company’s DNS server to find out information. Attackers can also send false entries to a DNS server to corrupt the information stored in the DNS server. This type of attack is known as a DNS cache poisoning attack.
Also, like most systems connected to the Internet, DNS is susceptible to a Denial of Service attack. So, as you can see, if attackers can target DNS servers, they can cripple the usability of the Internet. Now, let’s take a look at one of the key protocols of the Internet, TCP.
TCP
TCP is one of the key protocols of the TCP/IP suite. Most traffic routed on the Internet uses TCP. As we have seen already, TCP has many potential vulnerabilities that an attacker can exploit. Like most protocols on the Internet, TCP works very well from a functionality standpoint, but it has minimal built-in security. Therefore, if attackers could figure out a way to stop TCP packets from being routed, or if they could cause packets to go to the wrong destination, they could take down the Internet.
Because most of the Internet relies on computers running operating systems, this provides another potential area for compromise.
Operating System Backdoors
A computer by itself is basically an object that has little value to its end users. What makes computers so valuable is the operating system that runs on the computer. By installing an operating system onto a computer, you turn the computer from a hunk of metal into a very functional device.
Most computers on the Internet use one of two operating systems:
Microsoft or UNIX. This is one of the reasons why new attacks have such a detrimental impact because they can be run against so many different computer systems. This leads to a huge potential problem. Because so much of the Internet relies on so few operating systems, if an attacker could somehow insert a backdoor into the operating system source code, and then it were distributed to everyone who purchased the software, the backdoor could be used at a later time to launch an attack. In such a case, by running a special code, every system with that operating system installed would be controlled by an attacker.
There have been many cases where operating system vendors’ computers have been compromised, and there are rumors that the source code for most operating systems is floating around the Internet. To make matters worse, what about internal employees? Does a company really trust everyone who works at the company? How hard would it be for a
malicious insider to insert some hidden back door into the source code?
Unfortunately, the answer is it would not be that hard to do. When you have millions of lines of code, it is relatively simple for a programmer to program in some hidden features that no one in the company would detect. One example of this are Easter Eggs, and additional information can be found in Chapter 2, “How and Why Hackers Do It”.
Now that it seems almost inevitable that there will continue to be security breaches, including one or two major breaches. But, let’s look at the positive side of the equation—when things start getting better. This is a world were vendors start building more secure products and companies invest the appropriate funds.