Website directory system is most vulnerable to attack

August 26, 2009 12:37 am by Joseph Menn

The part of US information technology most at risk from a serious attack is the directory service that steers internet users to the websites they want, according to a federal report issued Tuesday after more than a year of study.

The report from the Department of Homeland Security and private information technology leaders rated the chances of something serious going wrong with six key functions as part of the IT sector “baseline risk assessment.” Those assessments are being published for 18 sectors deemed critical to the country’s national security.

After an exhaustive discussion of  potential hazards to functions ranging from computer manufacturing to the providing the ability to connect to the internet, the report concluded that everything nefarious hatched by man was at little risk of occurring, of little consequence if it did occur, or both. The exception was for an assault on the internet’s techniques for telling people that a website they are seeking is at a numeric internet address.

The process behind the Domain Name System is invisible to regular users, who simply type the words in an address or click on a link, letting the computer handle the rest. But at many levels, DNS still relies on trust that other computers specializing in giving out that reference information aren’t deliberately providing false leads.

In the past, some hackers have taken advantage of that class of vulnerabilities and directed users to impostor sites that installed data-stealing programs. A security upgrade to the DNS system is underway but will take years to complete, according to the new report.

For now, the likelihood of a broader DNS attack with a “high” level of consequences is “medium,” the report said. In part because DNS depends on the same sort of unpredictable software, processes and people that occasionally trip up other parts of the industry, malicious actors could take down a top-level domain such as .com or .gov for political reasons or as part of a mass fraud or extortion scheme.

Unspecified “foreign military organisations” it said, have already tried.

Posted in Tech |
Share
Share this on
Print
Share
Share this on
Print

FT techfeed

Tech Blog

Analysis & reviews

About this blog Blog guide
Richard Waters, Chris Nuttall and April Dembosky in the FT's San Francisco bureau share their views - plus tech insights from Tim Bradshaw and Maija Palmer in London and Robin Kwong in Taipei.



Read about the authors


To comment, please register for free with FT.com and read our policy on submitting comments.

All posts are published in UK time.

Contact the FT Tech Hub team: richard.waters@ft.com, chris.nuttall@ft.com, april.dembosky@ft.com, maija.palmer@ft.com, robin.kwong@ft.com and tim.bradshaw@ft.com.

See the full list of FT blogs.

Archive

« Jul Sep »August 2009
M T W T F S S
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Tech analysis and reviews

Coding for dummies

Execs learn geek techniques

Time for smartwatches?

Sony synchronises watches with smartphones

Tags

advertising android apple AT&T Electronic Arts Europe Facebook funding google hacking hewlett-packard HP htc instagram intel iPad iphone IPO Jawbone Lenovo London megaupload microsoft Mobile Netflix Nintendo nokia nokia lumia patents privacy samsung smartphones social media social networking Sony SOPA Spotify story of the week Tablets Toshiba twitter venture capital Wikipedia Yahoo Zynga