Cybersecurity: How to crash the Internet

October 27, 2011, 2:29 PM GMT+0

Dr. Charles Miller says that he can crash the Internet. Yes, the whole thing.

Miller, now a principal analyst with Independent Security Evaluators, was the first person to break into Apple’s app-embracing smartphone; he discovered a software flaw that would allow him to take control of every iPhone in the world. He has won the prestigious Black Hat cybersecurity competition twice and worked for the National Security Agency (NSA), where he did intrusion analysis against foreign targets for five years. In 2010, while presenting at a NATO Committee of Excellence conference on cyber conflict in Tallinn, Estonia, Miller wondered: How would he go about crashing the Internet if he was forced to?

In the scenario that he imagined, North Korean leader Kim Jong-il had kidnapped and induced him to “hack the planet”—in other words, to control as many Internet hosts as possible and thereby dominate cyberspace. Miller then presented a detailed hypothesis, cataloguing all of the steps that would be required to meet this audacious and dastardly goal.

He would need time—about two years.

He would need people—roughly 600 working throughout the world, and a way to communicate with them.

And Miller’s army would need funding and “weapons, i.e. various types of cyber attacks.

What’s the bottom line? Miller claims that the Internet may be controlled or crashed for about $50 million, which is less than what North Korea spends on cybersecurity annually. Comforting thought. Doomsday predictions aside, much can be done to make it far less likely that you’ll be the victim of a cyber attack. So far, though, according to a recent YouGov@Cambridge survey there is little evidence that people are taking the necessary steps.

The survey was conducted from June 5-6, 2011, and had 2,667 respondents. Respondents were sampled and weighted to be nationally representative of all U.K. adults (aged 18+).

Some results were promising. For example, 85% of respondents reported that their anti-virus and anti-spyware software is up to date, with those over 60 being 19% more likely to have up-to-date software than those aged 18-24. However, dig a little deeper and the situation is not so encouraging. Only 34% of respondents said that they “always” installed updates at the system’s first request, with another 51% saying that they “sometimes” did so. Men, on average, report that they update their software at the first prompting more frequently than women (40% to 29%), though women do more often on the second go around (49% to 54%). Age also played a significant role in the outcome, with only 18% of 18-24 year olds updating software at the first prompting, compared to 44% of those over 60. Similarly, while 32% of 18-24 year old respondents admit to “sometimes” turning off their firewall or disregarding website security warnings, only 7% of those respondents 60+ reported doing so.

The variation in results disappears when questioned about how often do you use the same password for email, online banking, and social networking sites. Only 35% of respondents reported that they “never” do this, with 11% saying that they “always” do so. Encrypting data is also uncommon across the board, with only 6% reporting the use of programs like Identity Finder to protect sensitive data, though men were more than three times more likely to do so than women (10% to 3%).

The use of Do Not Track programs like TorButton also remains rare, with only 3% reporting regular use, though men were six times more likely than women (6% to 1%) and 18-24 year olds four times more likely than 60+ (8% to 2%) to take part. But the tables are turned when it comes to flash drive use. Fully 29% of males admitted to using a flash drive that they did not buy, compared to 16% of women. The age divide was also prevalent, with 36% of 18-24 year olds admitting to using such a flash drive, as opposed to 13% of respondents 60+.

Social networking was another area of divergent practices. Facebook now offers optional HTTS for making browsing more secure, but only 18% of respondents use it. Slightly more Labour supporters do than Conservatives (19% to 15%), but here 18-24 year olds were savvier than their grandparents (19% to 9%).

Nor are many respondents paying much attention to the litany of press reports on cyber attacks, with only 25% stating that they had heard of either the Aurora attacks on Google, or the Night Dragon attacks on Exxon, Shell, and BP.

Respondents 60+ as well as those in Scotland, though, were better informed than their London cousins (34% to 23%). There is cause for hope, though. Fully 42% of respondents stated that cybersecurity was “very important,” and another 38% responding with an 8 or higher on a scale of 1-10 (10 being “very important”).

These results were also remarkably consistent by geographic region, often with a less than 10% difference on most questions between London and Scotland. And they also seem to point to the fact that aside from social networking practices older people, instead of being computer illiterate, are actually more cautious when it comes to cybersecurity than the average twenty-something.

There are a few simple steps can help keep your computer from being compromised.

• Install antivirus and antispyware software, like Microsoft Security Essentials.
• Update software regularly, especially Windows, but also programs like Adobe Reader, Flash, and Java, which are often convenient backdoors that can be closed through frequent updates.
• Use strong passwords of at least 14 characters, and keep them secret.
• Consider starting with a favourite sentence, and then just take the first letter of each word. Add numbers, punctuation, or symbols for complexity.
• Never turn off your firewall; it’s an important software program that helps stop viruses and worms.
• Use flash drives cautiously. They are easily infected –in fact the biggest breach of U.S. military systems to date was due to a flash drive.
• Encrypt sensitive information on your computer with programs like Identity Finder.
• Download a program that can scan your computer for vulnerabilities.
• Be conscious of what you click on, both in emails and on the Web.

And for Mac users, don’t think that you’re completely immune. Miller announced a record-breaking 20 security holes found in OS-X, the Mac operating system. But by taking these simple steps, we can all help make it a lot harder for criminals, terrorists, nations, or even Miller’s hypothetical cyber army to launch cyber attacks, and hopefully in the process make the Web a safer place.