It was a rather dramatic headline from the New York Times today: “Warned of an Attack on the Internet, and Getting Ready.”
SAN FRANCISCO — On a quiet Sunday in mid-February, something curious attracted the attention of the behind-the-scenes engineers who scour the Internet for signs of trouble. There, among the ubiquitous boasts posted by the hacking collective Anonymous, was a call to attack some of the network’s most crucial parts.
A directed denial-of-service attack on the Internet’s root DNS services is supposed to happen today and eventually knock the Internet offline. Much time and money has been spent in securing the Net, if it does materialize. I am not sure this is the best way to address the problem.
I use OpenDNS. There was a lot of concern about cache poisoning attacks back in 2008, and this service makes me feel better, though I don’t know if it’s a problem any more. (It also speeds things up a bit, and it’s free – what’s not to love about it?)
However, the posited attack today by Anonymous sounds much bigger than spoofing, perhaps even too big. After all, Anonymous seems to be centered around the Net – why would they want to take it down?
Nonetheless,the New York Times is probably right to compare this to a bomb threat called in to a high school football game – unlikely, but needing to be taken seriously.
No high school bomb threat requires a “fast track, multimillion-dollar global effort,” though. That’s millions of dollar spent without obvious return, not to mention the delay of possibly very important projects and maintenance for months.
Perhaps the Net will be more secure because of all that money and schedule disruption. Then again, perhaps we spent all that money and time guarding against an attack that really is impossible to pull off. We just can’t know for sure.
And if the Net survives today (my guess is that it will, handily, if an attack actually materializes), there will be another rumored attack and another intense effort to guard against it, and another, and another. We live in a world of limited resources, though, and this cycle can’t continue indefinitely.
Does the Net compensate us in other ways to make our current action-reaction method of Net/computer security cost effective, or is this going to bankrupt us at some point when the outlay becomes large enough to overshadow any possible return?
I really don’t have an answer to that question, but comparable experiences down through human history don’t seem to bode well for a positive outcome here.
Time for some decisions
The Internet is handy. It is empowering, as I can vouch for personally, and it is also becoming more and more necessary as the underpinning of a global high-tech society today. But it, along with technology in general (smart phones, credit cards, etc.), has made us incredibly vulnerable.
As Anthony Kosner writes in Forbes today,
This [the most recent security breach for Visa and Mastercards] gets to the heart of consumers’ fears about data security of all kinds—that their interests have been triaged to the greater cause of efficient data flow. Even if they are not actually liable for any fraudulent charges, their lives can be disrupted significantly at any moment—and nobody gets reimbursed for that.
I’ve lived through a paradigm once thought unimaginable: for fear of nuclear holocaust, mankind has stopped going to war, at least the old-fashioned way, giving modern humanity its longest stretch of overall peace in recorded times.
Will I see another paradigm? Can news of today’s possible attack encourage us to make that decision to supplement and protect artificial intelligence machines and networks by thinking about it a little bit more before we design and implement technology?
Or will the Intertubes ultimately stand revealed as a modern, very expensive and destructive form of the archetypal hoop snake that has caught and bitten us?
I hope we learn – quickly – how better to grow the Internet and use computers safely, instead of continuing to go all out to be this week’s first and fastest, or the biggest this, that and the other technological wonder.
While the all-out approach has brought us many wonderful things, it is inherently insecure and, I fear, will be ultimately unsustainable in the long run. We don’t have to live in fear, if we just can bring ourselves to make a few decisions now about the best ways to design and use our computers and the Internet.
Categories: Random thoughts