With all the talk about terrorism and the clear and present danger of future attacks, a technologist’s mind naturally turns to information warfare. What if the next attack is not against a building or an airport or a shopping mall, but against the Internet?
That would be great, frankly. I’d rather go for a whole month with the Internet in shreds than see another person hurt.
The question of the Internet’s vulnerability to terrorism came up at a Network World (U.S.) Security Town Meeting that I co-hosted last month. Could the whole Internet be taken down? No. But you could take down such huge chunks that there wouldn’t be much left to worry about.
How could you take down most of the Internet? Border Gateway Protocol (BGP) is one easy way to start. The entire Internet depends on huge BGP tables of more than 100,000 routes. In the early days, these tables were validated against routing registries that ensured bogus information could not be injected into the tables. Nowadays, that doesn’t happen. Keeping those routing registries updated and synchronized is just too expensive and inconvenient.
The lack of a global routing registry means that it’s fairly easy to create routes to nowhere. It doesn’t happen a lot, but it’s happened in the past, more than once. Someone gets mad at someone else, or transposes a couple of digits, or lets information leak from inside their network, and adds a route to the global tables. Suddenly the packets stop flowing in the right direction.
If a determined attacker were to start injecting routes into the BGP tables, the ripple effects could be enormous. Every time a route is added, information propagates over the entire Internet – the core routers at every major (and many minor) ISP have to process the update. Add enough bad routes in enough locations, and the multiplied effect of processing and passing all that information around could cripple routers around the world.
Is it trivial for someone to take down the entire Internet? No, definitely not. It would take brains, coordination and control of zombie systems and routers at dozens or hundreds of ISPs. But as we learned when distributed denial-of-service attacks started showing up, there are a lot of clever people on the Internet who have malicious intentions. All the more reason to keep working on your disaster-recovery plan.
Snyder, a Network World(U.S.) Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.