JIM WOLF, Washington | Wednesday
A FLAW in software that helps drive the Internet could let hackers disrupt Web operations worldwide unless corrected quickly, a US Defence Department-funded research centre said this week.
Electronic intruders seizing on the newly discovered vulnerability could gain control of domain name servers (DNS), which translate easy-to-remember names – such as www.reuters.com – into numeric addresses read by computers.
Once in control, attackers could change and reroute the numeric ”Internet Protocol” addresses to disastrous effect, said the CERT Co-ordination Centre at Carnegie Mellon University in Pittsburgh, Pennsylvania.
”The result of a change in mapping could be devastating: Internet traffic such as Web access, electronic mail, and file transfers could be redirected to arbitrary sites chosen by an intruder,” said the CERT Co-ordination Centre, formerly the Computer Emergency Response Team at the university’s Software Engineering Institute.
Attackers ranging from thrill-seekers to organised crime to foreign foes could block access to or from their victims, in effect cutting them off from the rest of the Internet, CERT said.
Virtually every site on the Internet depends on one or more DNS, or name server, to steer traffic. CERT estimated as many as 90% of the name servers on the Internet were running flawed versions of the software known as BIND.
It urged system and network administrators to upgrade immediately to a supposedly invulnerable version of BIND, the most widely used DNS server software.
BIND stands for Berkeley Internet Name Domain. Versions 4 and 8 of the package were found to contain flaws that would let a remote attacker execute ”arbitrary code” that could let them hijack websites by rerouting traffic or swamping them with data to disrupt services or cover other malicious assaults.
Jeffrey Carpenter, manager of the CERT Co-ordination Centre, told a news conference that systems administrators were ”essentially in a race” to beat the expected posting of tools on the Web that would let hackers exploit the newly discovered vulnerabilities.
The vulnerability was discovered by PGP Security, a unit of Santa Clara, California-based Network Associates.
”Exploitation of these vulnerabilities could potentially disrupt all Internet-based communication that relies on a domain name, affecting every company that maintains a website or that utilises e-mail as a communications tool,” PGP Security said. – Reuters