The internet is a vastly complicated patchwork of protocols, data and codes, which only a limited number of true tech geeks really understand. And yet it pervades our day-to-day lives on a scale no one could have envisaged when the world wide web was created only 30 years ago.
New technologies and applications are arising at a dizzying speed, and it’s not only consumers who are trying to keep pace with the array of new offerings at their disposal. Security professionals are also trying to keep up with the implications of new devices and their uses, and to ensure that they cannot be turned against their users or put to use for malicious purposes.
At the same time as defending against the misuse of new technologies, the fundamental technical architecture of the internet itself appears to be increasingly under threat from those who wish to seek new ways to attack and undermine it.
In January this year, the US Department of Homeland Security issued an ‘emergency’ security alert which urged federal civilian agencies to secure the login credentials for their internet domain records. This went largely unnoticed by mainstream media, but in fact it raises some serious questions about the future security of the underlying architecture of the internet. In follow-up reports, Microsoft estimated that attackers have “already caused hundreds of millions of dollars in damages by stealing secret data and wiping information from the computer networks of 200 companies over the past two years”.
What is DNS and why does it matter?
When we want to visit a webpage, we type in an address such as www.weforum.org (otherwise known as a domain name). Behind the scenes, a system called the Domain Name System converts this name into a series of numbers called an internet protocol (IP) address that allows computers to identify each other and, via domain name servers, to map the name you have typed onto an IP address.
Without this system, it would be pretty complicated to find our way around the internet – the DNS is therefore a fundamental part of the internet’s architecture. The management of the DNS is coordinated and managed by the Internet Corporation for Assigned Names and Numbers (ICANN), which is a global, multi-stakeholder and not-for-profit organization which seeks to ensure the stability and security of the DNS.
This is no easy task, and as the recent security alert demonstrated, is one which is becoming increasingly challenging. This is due to the fact that some malicious actors have started to manipulate the domain name system by hijacking some internet traffic and rerouting it to potentially malicious IP addresses. This is commonly known as a ‘man in the middle’ attack. These attacks are often used for example to redirect consumers to fake banking websites and to fraudulently obtain money or data, such as login details, from unwitting consumers.
Three ways in which the global community can help secure the internet
Whilst it raises some serious questions about the security of this core element of the internet, all is not lost. There are already technologies in place which can prevent this type of attack, but the challenge is in ensuring that they are properly implemented. ICANN are running a series of collaborative events to discuss how to better secure the DNS and other fundamental elements of the internet’s core architecture. Three things which can be done are:
Internet service providers can implement DNS security measures by default to ensure that the internet traffic they carry is correctly routed. This has the potential to protect millions of customers.
Businesses should ensure they have implemented basic security measures, and demand that their communications providers also have DNS security in place, as well as features which enable secure e-mailing.
Hardware providers also have a role to play in building in DNS security, which can help prevent attacks being launched through vulnerabilities in the hardware itself.
The security of the internet is only as strong as its weakest link. It is in the interests of both public and private sectors to work together to ensure that they get the basics right and to shore up the security of the internet for the good of all. Here at the World Economic Forum we are committed to supporting ICANN’s work to support DNS security and to making the internet safer for everyone.