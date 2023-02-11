What keeps me up at night as a former senior cyber security analyst? The United States internet has numerous network vulnerabilities, which would have significant impact on the user’s activities. However, the adversary detecting and compromising the domain name servers (DNS) root servers could potentially cripple the internet and disrupt the political, social, and economic fabric of our society and the world.
The root server attack has the potential of compromising the 13 DNS servers throughout the world. These 13 DNS servers are the critical backbone in providing network connectivity to all critical sectors of the world, which includes political, social, and economic institutions. Without this internet service, the political institutions wouldn’t be able to perform simple critical perfunctionary functions such as collecting taxes from citizens for revenue and banks dispersing funds of customers might cease to exist.
Given that we live in a digital world of interconnectivity network servers throughout the world, any interruption of internet service would have grave consequences for customers.
The term rootkit has been around for almost 20 years. A rootkit is a “kit” consisting of small and useful programs that allow an attacker to maintain access to “root,” the most powerful user on a computer. In other words, a rootkit is a set of programs and code that allows a permanent or consistent, undetectable presence on the computer.
Typically, the major rootkit attack methodology of the DNS servers is to deploy malware undetectable exploits in certain directory files, which are embedded in the OS software architecture of the network. Command executable scripts are utilized to exploit certain type of software directories and exploit the OS kernel of the network. For example, HKEY_ LOCAL _ MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\CSD contains the string of the service pack.
These root kit attacks often bypass the network firewalls and the intrusion detection system (IDS)/intrusion protection system (IPS).
The best mitigation countermeasure for a rootkit attack on the network to continually employ scanning tools such as NMAP and Wireshark, which identify common vulnerabilities estimates (CVE). Once the CVEs are detected, you can begin to patch the vulnerabilities.
It should also be noted that many of the DNS root servers are connected to underwater sea cables and adversaries such as China, Russia and North Korea have tried to cut the cable to interrupt the international internet traffic, which would have catastrophic impact upon the communication interoperability and the financial institutions around the world.
Considering that these underwater cables carry 95% of the world’s internet traffic across a global network by Google, Microsoft and other private companies, the interruption of cables would have catastrophic consequences impact on the DNS servers.
Ostensibly, continuous surveillance using aircraft, submarines and drones to monitor the underwater cables could prevent these devasting cyberattacks from occurring.
Glenn Fiedelholtz was a senior cyber threat analyst for the federal government for 25 years. In addition, he worked for Raytheon and Northern Grumman Corporation as a cyber security analyst. He published the Cyber Security Network Guide textbook and many scholarly articles concerning different cyber security topics.
