[Editor's Note: SecurityInfoWatch.com recently had the ability to interview former hacker turned elite computer scientist Peiter "Mudge" Zatko. Mudge, a division scientist at BBN Technologies in Boston, Mass., shared his thoughts on network connectivity. As our industry starts to move toward IP-based solutions, we thought you might want to know what a former hacker thinks about today's network security.]
Peiter, you've claimed before that elite hackers could take down the Internet in 30 minutes and keep it down for days. Is that scenario still a possibility?
Several of the attack scenarios that I referred to at the Senate hearings where I stated it was possible to take down the Internet in 30 minutes are still viable today. The technology has not changed, nor can it change easily with the dependence we have on the Internet and its current underpinnings. With that said, there has been a subtle change that would increase the amount of time some of the attacks would take to engage in. Back in the latter '90s there were only a handful of major peering points. MAE East/West (Metropolitan Area Ethernet) and the NAPs (National Access Points) were good examples of condensed peering points (a peering point being a location where service providers interconnect to hand off traffic destined to subscribers of other service providers). For attacks on the Internet routing protocols these dense areas were (and are) very advantageous for the attacker.
Since the 1990s there has been a move towards more decentralized peering points and private exchanges. The various attacks still work, but it would more likely take around 1-2 hours and be (only) slightly more difficult to sustain for a duration of several days.
If the Internet could be crashed in a couple hours, how long do you think it would take elite hackers to break into today's surveillance systems that are often distributed inside of companies over the same network lines they use to send emails and connect servers and to the Internet?
There is a difference between the difficulty involved in disrupting service and compromising the confidentiality, integrity, and authenticity. The compromise actions usually requiring slightly more finesse and work. This is not to say that it is impossible or even difficult in many cases. However, the compromise actions can usually be automated once they have been tested and known to work for particular scenarios.
During the Clinton sex scandal hearings, a great deal of effort was made to secure the video feed of then President Clinton's testimony. They were aware that if they used public communication lines for the video feed that people other than the intended viewers would be very interested in viewing these communications. Many video streams, even for surveillance purposes, are not encrypted or protected in any meaningful fashion. Hence it is trivial for interlopers to monitor these transmissions.
In the scenarios where video is being transmitted via TCP/IP streams the act of disrupting these streams is the same as disrupting standard network communications.
In your opinion, how prevalent is hacking into networked video?
There are automated tools to make copies of networked video freely available on the net today.
What are the motives for that kind of activity?
The motives are varied. When dealing with any particular case one must factor in not only the motives (such as curiosity, financial gain, intelligence gathering, etc.) but also the risks and opportunities associated with the action(s) of 'hacking' into a video session. This is referred to as a ROM (Risk, Opportunity, Motivation) model.
If someone is alerted that their video over IP system has been accessed, what can they do as an immediate, 30-second response to control the situation? Will that response mean temporarily having to shut down the surveillance system and disconnect it from the network?