[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

🚨BREAKING: We're All Going To Die If You Don't See What Biden Just Made Putin Do And It's Scary

Poll Finds Ukrainians Want to End War, U.S. Pushes Zelensky to Bomb Russia and Expand Conscription

Warren Buffett Indicator hits 202%, signaling overvaluation; 61% chance of recession by January.

Sunny Hostin FUMES as she's FORCED to read legal note ON AIR minutes after SMEARING Matt Gaetz

Gangs looting Gaza aid operate in areas under Israeli control, aid groups say

Trans activist using the womens bathroom slides his phone under the stall to film a woman.

Trump and the Constitution

Is This The Secret Reason Why Long-Range Missiles Have Been Fired Deep Into Russian Territory?

Rand Paul To Get New Position In Senate After GOP Takeover

Fresh Science Finds that Plants Absorb 31% More CO2 than Previously Believed. CO2 Is Beneficial

Israeli attacks on Gaza leading to increase in birth defects

More than 200 children killed in Lebanon amid Israeli bombardment: UN

FBI Director Loses His Cool When Trump's AG Reads Hunter Biden's Shocking Text Message

The Judgment Fund: Democrats Secret Slush Fund for Ideological Payoffs

SpaceX president says we could easily see 400 Starship launches in next four years

Former agent unintentionally makes pitch for Kash Patel to run FBI: 'Extremely dangerous'

A Once-In-A Decade Bomb Cyclone Will Dump Up To 20 Inches Of Rain On California

Default Rates on Household Loans are SKYROCKETING

More Trump appointments, Nancy Mace OCTUPLES DOWN, and more delish lib tears [Livestream starts at 0800 EST]

The Link Between Blood Types And Risks of COVID-19, Cancer, And Other Diseases

50 Times Thrift Shops Delivered Comedy Gold, As Shared By “Ridiculous Thrifter”

Sunny Hostin FUMES as she's FORCED to read legal note ON AIR minutes after SMEARING Matt Gaetz

Gen. Flynn: Democrats Must Remove President Biden Now

Which TV Networks Will Be Crushed By RFK Jr's Crackdown On Pharma Ad Spending

Gallup: Public Support For Gun-Bans Craters

Lefties Now Hate RFK JR So Much They are Drinking Seed Oils

My Favorite 5 Legumes That Fight Cancer, Repair The Body & Boost Longevity | Dr. William Li

Trudeau tells Parents to Prioritize CLIMATE CHANGE over their STARVING Children

Musk Goes All In On 'Judge Dredd' Matt Gaetz, Notes 'Douchebag' Garland Never Brought Charges

Germany to send 4,000 AI-guided drones to Ukraine.


Science/Tech
See other Science/Tech Articles

Title: A credible plan to take down the Internet
Source: CNET Reviews
URL Source: http://reviews.cnet.com/4520-3513_7-6282711-1.html?tag=nl.e757
Published: Aug 5, 2005
Author: Robert Vamosi
Post Date: 2005-08-08 16:04:37 by Red Jones
Keywords: credible, Internet, plan
Views: 86
Comments: 2

A credible plan to take down the Internet

By Robert Vamosi

Senior editor, CNET Reviews

August 5, 2005

Forget the Fantastic Four. As I write, the forces of Good (the White Hats) and Evil (the Black Hats) are fighting for control of the Internet as we know it. At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis. Once a working exploit for the Cisco IOS Shellcode is available on the Internet, it'll be only a matter of days before someone finds a way to craft it into a network worm. And then it's going to be a rough ride for everyone who uses the Internet. Unless, of course, the forces of Good prevail.

Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist. All indications suggest that the clock is ticking toward some kind of showdown between criminal hackers and the good guys. Unfortunately, the bad guys have a head start.

At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis.

The threat Prior to this year's Black Hat security conference, security researchers and network administrators assumed that Cisco routers were invincible, a reputation that surely helped lead to the widespread adoption of Cisco routers across the Internet. The Cisco operating system is proprietary, and much of the specific internal hardware in the Cisco router is undocumented. Until recently, the idea of penetrating the Cisco Shellcode via remote access was fanciful. That was before security researcher Michael Lynn stepped up the lectern at this year's Black Hat conference, and after first stumbling through a deliberately faux presentation on VoIP security, proceeded to describe some (but not all) of his research to a skeptical audience. During his presentation, Lynn offered a quick demo of how he could access the root of a Cisco router remotely. Like the first runner breaking the four-minute-mile mark, Lynn emboldened other researchers to go out and see for themselves.

Lynn said in his press conference one day later that his Black Hat presentation was perhaps only 5 percent of what someone would need to know to wreak havoc on the Internet, but he confirmed that his exploit, which he is legally barred from sharing, has the potential to harm hardware: "It's a software flaw that damages hardware." What he means is that by remotely attacking the Cisco IOS Shellcode, you could destroy the instruction set on the hardware that tells the router to turn on again. Talk about disrupting the regular flow of traffic on the Internet! Following Black Hat, Cisco issued an advisory detailing how flaws in the way older Cisco IOS system process IP6v packets could allow a remote user control of the router.

But it's not really a secret, is it? But the point here isn't whether Lynn should have presented at Black Hat; it's whether Cisco was going to elaborate on information that many security researchers already suspected was in the hands of the bad guys. Lynn started his research in late January at the behest of his former employer, Internet Security Systems (ISS), and by February, he found a hole. In an interview with Wired News, Lynn said he did his due diligence; he reported his findings to Cisco and learned that Cisco had identified a similar flaw internally two weeks earlier. Together, ISS and Cisco worked to mitigate the flaw, and by April, Cisco rolled out a patch via software upgrade. Problem was, neither Cisco nor ISS really explained why the patch was necessary. Applying a patch on a network router often requires that the router be shut down for a given length of time; on a busy network, this requires scheduling, to say the least. Thus, many Cisco clients may not have applied the patch.

That's bad.

If Cisco found it, and if an independent security researcher found it, then criminal hackers could probably find it, as well. Mind you, the original flaw was found in February of 2005; Lynn's presentation and the subsequent hubbub occurred at the end of July 2005. That's about six months--plenty of time for someone, somewhere, also to have started work exploiting this flaw. Especially if they had a head start--which they did.

Cisco really is under attack Last summer, someone stole the Cisco IOS source code, chunks of which are rumored to be on sale even today via the Internet. Lynn said he worked with reverse-engineered binary code--1s and 0s--which is much harder to piece together, but he did it. If the bad guys already have access to the source code, their task would be that much easier, especially now that Lynn's entire presentation--literally ripped from the conference proceedings manual by temps hired by Cisco before the start of Black Hat (link includes video)--can be found floating around the Internet, mostly on Russian sites.

Researchers I spoke to at the Black Hat conference said they weren't expecting a network worm to surface anytime soon, but all admitted that the possibility exists.

And it gets worse. Cisco has confirmed that its customer password system has been compromised. Details are unclear, but the compromise might detail the hardware that individual customers are running. This is exactly the kind of preliminary research that a criminal hacker would do before crafting an attack, either a one-time attack on a specific company or a government, or a widespread network worm. So now someone may own a copy of the Cisco IOS source code, may be working on an exploit of a known flaw, and may even have a list of Cisco customers and the hardware they own--sounds to me like a credible, nefarious plan to take down the Internet.

What this means to you and me Many security researchers I spoke to at the Black Hat conference said they weren't expecting a network worm to surface anytime soon, but all admitted that the possibility exists. If anything, the flurry of news reports about the flaw has prompted large companies to patch their Cisco routers ASAP. That's good. The more routers that are patched now, the fewer will fall victim later. No wonder the U.S. government officials attending Black Hat all rushed to thank Lynn after his presentation, and one even handed him the challenge coin, a military medallion that honors those fighting

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: All (#0)

I guess if the government was to want to shut down the internet - they'd do it with a black operation where their agents perhaps would steal code from CISCO and use this knowledge to build viruses which could do the job, then secretly introduce these viruses when they want and of course blame it all on 'hackers'.

Red Jones  posted on  2005-08-08   16:06:09 ET  Reply   Trace   Private Reply  


#2. To: Red Jones (#1)

then secretly introduce these viruses when they want and of course blame it all on 'hackers'.

Irainian Hackers.

tom007  posted on  2005-08-09   0:58:33 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]