A credible plan to take down the Internet Forget the Fantastic Four. As I write, the forces of Good (the White Hats) and Evil (the Black Hats) are fighting for control of the Internet as we know it. At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis. Once a working exploit for the Cisco IOS Shellcode is available on the Internet, it'll be only a matter of days before someone finds a way to craft it into a network worm. And then it's going to be a rough ride for everyone who uses the Internet. Unless, of course, the forces of Good prevail. Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist. All indications suggest that the clock is ticking toward some kind of showdown between criminal hackers and the good guys. Unfortunately, the bad guys have a head start.
The threat Lynn said in his press conference one day later that his Black Hat presentation was perhaps only 5 percent of what someone would need to know to wreak havoc on the Internet, but he confirmed that his exploit, which he is legally barred from sharing, has the potential to harm hardware: "It's a software flaw that damages hardware." What he means is that by remotely attacking the Cisco IOS Shellcode, you could destroy the instruction set on the hardware that tells the router to turn on again. Talk about disrupting the regular flow of traffic on the Internet! Following Black Hat, Cisco issued an advisory detailing how flaws in the way older Cisco IOS system process IP6v packets could allow a remote user control of the router. But it's not really a secret, is
it? |
Researchers I spoke to at the Black Hat conference said they weren't expecting a network worm to surface anytime soon, but all admitted that the possibility exists. | ||||
And it gets worse. Cisco has confirmed that its customer password system has been compromised. Details are unclear, but the compromise might detail the hardware that individual customers are running. This is exactly the kind of preliminary research that a criminal hacker would do before crafting an attack, either a one-time attack on a specific company or a government, or a widespread network worm. So now someone may own a copy of the Cisco IOS source code, may be working on an exploit of a known flaw, and may even have a list of Cisco customers and the hardware they own--sounds to me like a credible, nefarious plan to take down the Internet.
What this means to you and me
Many
security researchers I spoke to at the Black Hat conference said they weren't
expecting a network worm to surface anytime soon, but all admitted that the
possibility exists. If anything, the flurry of news reports about the flaw has
prompted large companies to patch their Cisco routers ASAP. That's good. The
more routers that are patched now, the fewer will fall victim later. No wonder
the U.S. government officials attending Black Hat all rushed to thank Lynn after
his presentation, and one even handed him the http://reviews.cnet.com/4520-3513_7-6282711-1.html?tag=nl.e757