Criminal Intent: What, Me Worry? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hardware & Infrastructure
10:20 AM

Criminal Intent: What, Me Worry?

I get tossed the question fairly frequently: How much cybercrime simply goes undetected? That's sort of like asking how many universes exist beyond the outer boundaries of our own. Nevertheless, cosmologists entertain the question in part by asking what our universe would look like if there were other universes out beyond our "event horizon." Similarly, you also might ask whether our infrastructure looks more like one with a great deal of undetected cybercrime or very little undetected crime. You'd probably conclude it looks a lot like what you'd expect of a universe where crime goes mostly undetected and isn't something people think much about.

We, as a group of security practitioners, need to think beyond the latest "compliance checklist" to overall improvements in the security of the network infrastructure.

Consider domain name system servers. It turns out that there are several ways to corrupt these critical address translators. One approach is to obtain root access to the server system and directly change the address translation database that's the heart of each DNS server. But it's also possible to corrupt servers in unexpected ways, such as causing upstream updates from corrupt Windows DNS servers to the past couple of versions of the Unix BIND server.

The markedly quirky DNS protocol is also a fundamentally insecure system, as updates among servers generally aren't authenticated. When DNS servers were attacked in March and April, the changes in DNS databases were large and noticeable. In some cases, the entire .com domain was rerouted to a server that tossed out banner ads, so it didn't take a genius to see that something was amiss. But given that DNS caches refresh themselves periodically, single-destination hijackings could take place under the radar. Traffic to a bank could be rerouted for a while, until the cache naturally refreshed itself, erasing all evidence of the hijacking. If the rerouted destination was a copy of the real bank's site that acted as a proxy and listened in on transactions, something akin to the perfect crime might be committed.

One suspects these perfect crimes aren't rampant right now, or else we'd hear a lot more noise from the financial sector. But it's clear that DNS, at least, exhibits characteristics you'd expect in a universe where crimes can be silently committed. It's not too hard to imagine what DNS would look like if it existed in another kind of universe, one that didn't enable opportunities for such crimes to go by unnoticed. Indeed, it might look something like the DNSsec protocol. But DNSsec has been kicked around for a full 10 years now, and it doesn't look like it's going to come into real-world use anytime soon.

In the short haul, there are some things that the security community can do to make DNS less vulnerable. For starters, administrators can bring their DNS servers up to the latest versions. There are going to be some trade-offs, insofar as BIND 9 offers less throughput than the widely deployed BIND 8, but this can be offset with more hardware. Multiple-server DNS server configurations should be architected with a "split-split" design, so there's a different server for advertising DNS records than the server used to resolve names, plus a further split between external and internal client service.

DNS isn't the only part of the infrastructure that presents opportunities for unseen crime. The Border Gateway Protocol, which handles interdomain routing on the Internet, has been in widespread use for years, and people are only now analyzing it so that security holes can be plugged.

There's more to be addressed. How about operating systems and applications that make encryption an easy default option? How about corporate insistence that these be the predominant enterprise choices, rather than operating systems that leave proprietary data lingering in disk slack space and applications that make it appear that data has been redacted, when in fact it's easily recoverable?

It's time to learn a lesson from the world of cosmology, where at least a few physics professors think the nature of our universe suggests there probably are lots of other universes out there.

Robert Richardson is editorial director of the Computer Security Institute at Share your thoughts with him.

Illustrations by Steven Lyons

Return to the story:
Security Action Plans

Continue to the sidebar:
Lock The Doors

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll