For all the viruses, malware, and exploits that crawl around the web, fundamental flaws in the system are supposed to be few and far between, but the last two months have proven to be an exception to the rule. In July, Dan Kaminsky revealed his discovery of a DNS flaw that could be exploited to direct unwitting users to malicious web addresses, Now, practically on the heels of that announcement, a hacker team that presented at DEFCON has demonstrated how a fundamental design error in the Internet’s border gateway protocol (BGP) can be used to invisibly eavesdrop on all traffic originating from a particular set of IP blocks.
Neither of these attack vectors are hacks in the typical sense of the word, as Wired’s own report explains. Instead of injecting malicious code into a system or systems, the DNS and BGP assaults take advantage of inherent structural weaknesses in the Internet itself. When the ARPANET was under development in the late 60s and early 70s, its designers chose to implement trust-based protocols. At the time, this made sense; ARPANET was a communications network between a relative handful of university and government institutions. The Internet of today has grown beyond the projected size of ARPANET by multiple orders of magnitude. The fact that it has scaled as well as it has is a testament to the engineers who built its foundation as well as those that came later, but the trust-based protocols that made sense in the 1970s don’t make sense today.