Mysterious Net traffic Spurs Code Hunt

CNET ^ | 20 June 2003 | Robert Lemos

[Jhoffa_]

I swear, I had nothing to do with this.

[adam_az]

SpaceBar,

Protecting against that kind of miscreant is what I do for a living. The WaPo article is interesting (though definately very overblown!) but has nothing to do with the supposed 55808 "third generation trojan" which based on the technical description of the way the packets are built can not be many of the things that people who are non-technical in the areas of how the TCP/IP communication protocol to the byte field level works, how worms propagate, routing protocols, etc have speculated simply can not be true.

I suggest you read from the latest Crypto-Gram newsletter by Bruce Schneier, noted cryptographer and inventor of the Blowfish and Twofish algorithms and foremost minds in the area of information security, the selection "The Risk Of Cyber-Terrorism" from his latest Cryptogram newsletter:

http://www.counterpane.com/crypto-gram-0306.html

It might make you feel a little better. I can tell you from first hand career gained experience, he is 100% correct.

[SpaceBar]

If you are in the biz, then you of all people should realize the threat. I don't make a living analyzing network traffic, but then again one doesn't need to be a chicken to judge an egg either. I don't need to spend two (insert large time unit here)studying graduate level crypto theory, solve elliptic integrals by hand, or understand the computational intractibility of factoring the product of two enormously large primes to appreciate the larger picture. Granted the cited WP article doesn't deal specifically with that virus, but again my original post was meant to illustrate the vulnerability of the distributed nature of the internet, and I think I made my point. Also, terrorists aren't going to try to factor large numbers with supercomputers anyway. They will dig up a fibre-optic cable with a rented backhoe. Again, you'd better get outside that box.

[adam_az]

If they dig up a cable, they will cause inconvenience for a short time.

Did you know that fiber cables get cut by bulldozers accidentally every day all over the country?

The distributed nature of the internet is precisely the reason it is so fault tolerant. The TCP/IP protocol and routing protocols are designed so that data can travel around disruptions. In fact, that was the goal of the original DARPA project that invented the whole thing.

BTW cracking public key crypto isnt a matter of factoring large primes contrary to popular belief.

The very article I gave you a link to describes the greatest threat still being from some guys with a truck full of explosives, not terrorist hacker types. You'd need a lot of back hoes to take down the internet... and even then, we'd be seeing inconvenience only.

Fiber is actually pretty easy to repair. Based on measuring the impedance of a copper wire run inside the protective jacket, they can determine exactly where in a hundred mile fiber the break is. It's an old undersea cable trick.

The way you measure threats takes into account the ease of perpetrating the attack, the likelihood that an attack will occur/can succeed, and the value of the resourcebeing assessed. The idea is, you don't want to spend 5x the amount of a resources value to protect it. Most data center facilities have excellent physical security by the way - gated facilities, mantraps, card key or biometric access, "giant concrete flowerpots" to stop vehicles, and lots of cameras.

Plus, for terrorists, nothing quite has the same impact for "mobilizing the base" as killing lots of people. They aren't going to get the Palestinians to dance in the street because some terrorist ran over a sattelite uplink with a stolen 18 wheeler full of frozen chicken, know what I'm saying?

There are LOTS of redundancy built into the internet. Companies purposefully design their network to be fault tolerant, and most data centers and big companies are "multi-homed" which means they connect to multiple networks to eliminate single points of failure. I'm very familiar with this, and while it's an interesting intellectual exercise to plot the weak points, the impact wouldn't be that great.

That is a very much promotional article. I'm sure they are trying to get funding or somesuch. It's press release driven news, VERY common unfortunately in the information security industry, which largely sells products and services by scaring the bejeezus out of people. Also, what he created is not anything new or unique, and if it were so secret, why was he giving the Compost an interview all about it?