IT securityGiant online security hole getting fixed, slowly

Published 6 August 2008

Serious DNS security flaw was discovered a month ago, a flaw which allowed criminals silently to redirect traffic to Web sites under their control; more details will be given at today’s Black Hat event

A giant vulnerability in the Internet’s design is allowing criminals silently to redirect traffic to Web sites under their control. The problem is being fixed, but its extent remains unknown and many people are still at risk. The gaping security hole enables a scam that targets ordinary people typing in a legitimate Web address. It happens because hackers are now able to manipulate the machines that help computers find Web sites. If the trick is done properly, computer users are unlikely to detect whether they have landed at a legitimate site or an evil double maintained by someone bent on fraud. Security experts fear an open season for virus attacks and identity-fraud scams. “It’s kind of like saying, ‘There’s a bunch of money on the street. If you can get over there soon enough, you can get it,’” Ken Silva, chief technology officer for VeriSign, which manages the “.com” and “.net” directories of Internet addresses, told AP. “It’s something the industry is taking seriously. You’d be in a bad place if you weren’t doing something about it.”

The bug’s existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers. There are likely worse scams happening that haven’t been discovered or publicly disclosed by Internet service providers. “You can bet that the (Internet providers) are going to stay tightlipped about any attacks on their networks,” said H. D. Moore, a security researcher. The AT&T attack probably would have stayed quiet had it not affected the Internet service of Austin, Texas-based BreakingPoint Systems, which makes machines for testing networking equipment and has Moore as its labs director. He disclosed the incident in hopes it would help uncover more breaches.

The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand. Getting from one place to another on the Internet typically requires a trip through several DNS servers, including some that accept incoming data and store parts of it. That opens them up for potential attack. What this means is that a computer user in say, San