Website directory system is most vulnerable to attack

August 26, 2009 12:37 am by Joseph Menn

The part of US information technology most at risk from a serious attack is the directory service that steers internet users to the websites they want, according to a federal report issued Tuesday after more than a year of study.

The report from the Department of Homeland Security and private information technology leaders rated the chances of something serious going wrong with six key functions as part of the IT sector “baseline risk assessment.” Those assessments are being published for 18 sectors deemed critical to the country’s national security.

After an exhaustive discussion of  potential hazards to functions ranging from computer manufacturing to the providing the ability to connect to the internet, the report concluded that everything nefarious hatched by man was at little risk of occurring, of little consequence if it did occur, or both. The exception was for an assault on the internet’s techniques for telling people that a website they are seeking is at a numeric internet address.

The process behind the Domain Name System is invisible to regular users, who simply type the words in an address or click on a link, letting the computer handle the rest. But at many levels, DNS still relies on trust that other computers specializing in giving out that reference information aren’t deliberately providing false leads.

In the past, some hackers have taken advantage of that class of vulnerabilities and directed users to impostor sites that installed data-stealing programs. A security upgrade to the DNS system is underway but will take years to complete, according to the new report.

For now, the likelihood of a broader DNS attack with a “high” level of consequences is “medium,” the report said. In part because DNS depends on the same sort of unpredictable software, processes and people that occasionally trip up other parts of the industry, malicious actors could take down a top-level domain such as .com or .gov for political reasons or as part of a mass fraud or extortion scheme.

Unspecified “foreign military organisations” it said, have already tried.

Posted in Tech |
Print
Share
Print
Share

Tech analysis and reviews

Netiquette at work

The new tech rules for office communication

From rpm to bits

Converting vinyl and other old formats to digital

FT techfeed

Archive

« Jul Sep »August 2009
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Tags

Acer Alibaba Amazon android anonymous AOL apple BlackBerry ebay Facebook google Google TV groupon hacking hewlett-packard HP htc intel ios iPad iphone IPO kindle fire Lenovo microsoft Motorola Netflix nokia patents PayPal privacy RIM samsung smartphones social media Sony Spotify Steve Jobs story of the week Tablets Toshiba twitter windows 8 Yahoo Zynga

FT Tech Hub

Analysis & reviews

About this blog Blog guide
Richard Waters, Chris Nuttall and April Dembosky in the FT's San Francisco bureau share their views - plus tech insights from Tim Bradshaw and Maija Palmer in London and Robin Kwong in Taipei.

The blog includes a separate section on personal technology.

Read about the authors


To comment, please register for free with FT.com and read our policy on submitting comments.

All posts are published in UK time.

Contact the FT Tech Hub team: richard.waters@ft.com, chris.nuttall@ft.com, april.dembosky@ft.com, maija.palmer@ft.com, robin.kwong@ft.com and tim.bradshaw@ft.com.

See the full list of FT blogs.