Concerns Mount over Major Web Strike

UPDATED: Following major DDoS attacks this summer, the cracking of MD5 cryptography and the warning of an impending "electronic jihad," Internet pros are expressing a growing sense of foreboding.

A coordinated online strike against Internet servers by terrorists, dubbed "electronic jihad," may or may not strike this week, security experts said. One security researcher in Moscow warned that Thursday would be the day in question.

But a recent string of attacks on primary Internet services and the unraveling of major encryption routines are raising concerns in the Internet operator community.

According to a Tuesday RIA Novosti report, Russian security researcher Yevgeny Kaspersky, founder of Moscow-based Kaspersky Labs International, said a strike against political and financial sites was expected on Thursday.

"The hackers who have proclaimed electronic jihad have enough experience and resources to paralyze the Internet for several hours at least," Kaspersky said in the report.

"The e-jihad has been discussed for years, but an undisputed attack has yet to surface," said Ken Dunham, director of malicious code at iDefense Inc. of Reston, Va.

For the most part, coordinated "hacktivist" attacks have been "more talk than walk," he added.

/zimages/5/28571.gifClick here to read an interview with iDefenses CEO and see what business opportunities can be found in threat intelligence.

But Dunham said security pros are increasingly worrying about when political activists might join with like-minded security and Internet programmers. "This will be a dangerous situation," he said.

While Kasperskys warning appears to suggest wide-scale DDoS (distributed denial of service) attacks, experts suggested that important Internet services, as well as its root servers, are also at risk.

For example, a DDoS attack in June against Akamai Technologies Inc. slowed traffic across the Internet for several hours. And in July, DoubleClick Inc.s DNS (domain name system) was attacked and unable to serve ads for a similar time frame.

/zimages/5/28571.gifFor insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

"Theres significant worry in the [Internet] community that these attacks have a greater meaning," said one Internet operator, who declined attribution. "They could be related [to an electronic jihad] or not. Nobody knows."

However, another significant security lapse may have implications for Internet servers and ISPs, said Bill Woodcock, research director with the nonprofit Internet routing education group Packet Clearing House, of Berkeley, Calif. The company is a nonprofit organization that promotes Internet stability by working with service providers.

He pointed to the recent cracking of the MD5 (Message Digest 5) and SHA (secure hash algorithm) Level 0 cryptographic function. The vulnerabilities were discussed at last weeks Crypto 2004 conference in Santa Barbara, Calif.

The algorithms are used in many commercial applications, including financial turnkey systems, enterprise content servers and even the routers that run the Internet.

While the cracking method discussed at the conference was mostly academic and impractical, Woodcock said Internet operators worry that crackers will take the information and run with it—to the detriment of Internet services.

"After Cisco [Systems Inc.]s BGP peering-session vulnerability was publicized, their fix was to throw MD5 hashes at it," Woodcock said. "How much longer is that going to work?"

/zimages/5/28571.gifWhat do Internet operators fear from the theft of Ciscos source code? Click here to read more.

He compared the breaking of the MD5 and SHA-0 cryptographic methods to falling dominos. "A vulnerability is found, and a bunch of smart people follow the trail until bad things happen."

Meanwhile, some spots on the world are more vulnerable than others to physical threats to Internet performance. The nation of Sri Lanka has been without telecommunications altogether after a container ship on Sunday snagged the undersea cable that connects Internet services and phone communications to the island country. According to reports, the repairs will take most of the week to complete.

Editors Note: This story was updated to distinguish between encryption and cryptographic functions, and to clarify a Cisco vulnerability.

/zimages/5/28571.gifCheck out eWEEK.coms Security Center at for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page