Cyber Scare Could Be Warning Shot
This week's crude and fairly ineffective attacks on U.S. and South Korean Web sites were a minor event, network experts said, but could represent a warning shot portending much more serious threats to worldwide communications and commerce on the Internet. James Lewis, a cybersecurity scholar at the Center for Strategic and International Studies, noted the paradox in the attacks - that they were well-coordinated and broad in scope, but very limited in their aims. If they were the work of the North Korean government or affiliated forces, as South Korean officials suspect, said Lewis, it seems that the real purpose might have been to get the attention of foreign governments. Much like North Korea's missile and nuclear testing, this week's cyberattacks could be part of a diplomatic game aimed at extracting concessions from the United States and Western powers, he speculated.
On the other hand, any number of foreign governments, including North Korea, are capable of much more serious action that could do greater and long-term damage to Internet communications, Lewis said. Robert Beverly shrugged off the reported attacks this week as insignificant, but said that what keeps him up at night worrying is an attack on the domain name system - the computers that translate familiar words like Google into numerical Internet protocol addresses. Beverly, a network computing expert affiliated with the Massachusetts Institute of Technology, said that a network of privately-owned computers around the world, known as root name servers, coordinate this activity.
Lewis said that there had been attacks on these root name servers, the most recent about 18 months ago, and that these attacks seemed designed to be tests of security and vulnerability. "The attacks didn't last long, and the people who did it were very effective at covering their tracks." Internet experts traced the attacks to the Pacific Rim region, and there was speculation at the time that either China or North Korea were behind the attacks. Lewis said that an effective attack on the DNS architecture could significantly affect world commerce and communication - if widespread, it could bring these to a standstill. U.S. intelligence officials don't know the extent of North Korean capabilities in cyberwarfare, but the evidence is that this isolated and backward country has been laboring since the 1990s to train computer scientists.
Until a couple years ago, the DNS depended on 13 large computers or computer centers, most of them based in the United States. Since the 2007 attack, the work of connecting common words to IP addresses has been farmed out to a wider number of servers, but critics says that the architecture is still too dependent on U.S.-based computers. The root name servers are maintained by a mixture of private companies, government agencies and educations institutions - NASA, Cogent Communications, and University of Maryland, among them. The effort is overseen by the Internet Corporation for Assigned Names and Numbers, or ICANN. In the last year or so, Lewis said that ICANN had been working to decentralize root name servers with the aim of the making the system less vulnerable.
Col. Gary McAlum, a former Pentagon cybersecurity expert, said that the threat of a root name server attack also "keeps me up at night," and that it is much more of a concern than the attacks this week. However, McAlum said it is hard to know whether the new attacks might have revealed valuable information about how the U.S. or South Korean government respond to attacks, information useful to enemies in the future. -- John Maggs
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus