Article: The Cyberweapon that could take down the Internet By Jacob Aron February 11, 2011 Presentation by Jacob Russell CSCE390 April 18 th, 2011

Summary Max Schuchard at the University of Minnesota and his colleagues have created a digital weapon that exploit weaknesses in the internets defenses. This attack exploits the fact that the Internet structures itself to route around disabled connection points, using the border gateway protocol. It uses a directed ZMW attack between computers in a botnet to surgically disable key points. This will cause routers to send out BGP updates to neighbors in order to reroute traffic. Then the key point comes back online and reunites, which causes those two routers to send out BGP updates. This causes attack traffic to begin again, and they shut down. This cycle repeats, sending out waves of BGP information to every router on the internet. Eventually, every router in the world would be receiving more updates than it can receive. After about 20 minutes of attacking, a queue requiring 100 minutes to sift through would have built up. With every router occupied, natural routing outages won’t be fixed, and the internet would become so sundered that communication would be difficult, if not impossible. Only current recovery method is shutting down each autonomous system and rebooting it to clear the BGP backlog. Purpose of creating this weapon is to force hardening of internet infrastructure.

Summary Cont’d Don’t panic: Any malicious hacker with a botnet large enough to execute this attack is most likely renting it out for profit. Used as a last-ditch retaliation in a full-blown cyberwar. A country could adjust its BGP to disconnect from the internet (as in Egypt). Then an agent outside the country would execute this attack, bringing down the internet while the offensive nations internal network remains undamaged. Once the attack has been launched, there is little to do to stop it with current systems. Solutions include creating a “shadow internet” allowing BGP systems to issue updates to one another, clearing up bogged-down queues, or to modify the BGP system to assume links never go down. If this solution is implemented, it would need to be made to approximately 10% of all autonomous systems, and operators would have to monitor network health using other means.

8-Step Ethical Process 1) Identify question being discussed. – Cyberweapon is capable of disabling Internet by exploiting flaws in the current network systems. These flaws are correctable. 2) List stakeholders. – The stakeholders include everyone using the internet, and the independent operators of autonomous systems. Global internet users would likely benefit from having these flaws fixed in the event of an attack. Independent Operators would lose time and money switching their systems to newer protocols, but would benefit in the long term by not having downtime in the event of an attack. 3) Propose solutions – A) Ignore the problem. – B) Force every independent operator to alter their BGP system – C) Convince a percentage of independent operators to alter their BGP systems. <- Optimum solution 4) Are you willing for everyone to use solution from 3? – Yes. It benefits everyone with the least amount of associated cost. 5) Is the solution in accord with what is natural and is a balanced approach? – It is a balanced approach. See question 4. 6) Would there be majority agreement that this solution is most efficient? Will it produce the greatest good for the greatest number of people? – I would argue that this inconveniences the least amount of independent operators, while hardening our internet infrastructure against potential attack, which benefits everybody. 7) Is this solution the one you feel most committed to in conscience, regardless of personal benefit? Was this conclusion reached independently, as the arbiter of the good, free from other influence? – Yes and yes. 8) Which philosophy influenced the solution and why? – Pragmatism. The use of this system is currently hypothetical, but the loss of the internet would cause hundreds of billions of dollars in lost revenue. Convincing a percentage of operators to fix their infrastructure diminishes the possibility of this most efficiently, and is therefore, a good solution.

ACM Code The Code would direct us to act to remedy this problem under: – 1.1 Contribute to Society and human well-being Having the internet has benefitted our society, and has become integrated into almost every aspect of our economy. As such, it should be free and protected from malicious attacks. – 1.2 Avoid Harm to Others Fixing this problem would avoid potential consequences involving loss of communication and economic damage to a large spectrum of the global population. – 2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks. It’s a network operators responsibility to ensure that their product is as invulnerable to attack as possible. By ignoring these risks, they let down their consumers.