Digital security experts have been predicting doomsday for the Internet ever since its commercial utilisation many moons ago. From the infamous Y2K bug to the more recent takes on cyber terrorism, there appears to be something that these experts bring to fore, often gaining the attention of governments and individuals who baulk first and then move on.
However, a recent warning about cyber-attacks, including attempts to hijack domains by rogue servers appears to be serious. Not only because there is enough data to prove that the worldwide web could soon become a web of deceit, also due to the fact that this warning has been sounded by an organisation that can be considered the backbone of the Internet.
Internet Corporation for Assigned Names and Numbers (ICANN), the body that coordinates the top-level of domain name system (DNS) to ensure a stable and secure operation as well as universal resolvability, is suggesting that the cyber-attacks and hijack attempts could be state-sponsored and targeting friendly countries.
Of course, ICANN is not hitting the panic button just yet. They believe that a quick-fix solution is possible for at least some of these attacks. The use of DNSSEC or security systems used on the DNS would help lock down domains with signatures verifying that they point to the right source or destination. Of course, they warn that this system is not yet fool proof.
For this reason, the Corporation is calling for a collaborated effort to produce better tools and policies that can secure the DNS and other mission critical operations of the Internet. Towards this end, they are proposing a series of events for the community to address these threats, starting with an open session at Kobe in Japan starting later this week.
ICANN has made this call specifically in response to the reports of increasing malicious activity targeting the DNS infrastructure, including warnings by the British and American administrations and security firms about a series of attacks that allowed suspected Iranian hackers to steal email passwords and other sensitive data from several governments and private enterprises.
These reports, around the last week of January, came following reports from researchers at Cisco’s Talos and FireEye’s Mandiant intelligence teams about such attacks that affected dozens of domains belonging to governments, telecom and internet infrastructure companies located in the Middle East and North Africa, Europe and North America.
Given that India has been creating massive infrastructures around it’s AADHAR platform as well as through links to tax identities, bank accounts and several other avenues capturing personal information, the latest warning from ICANN should definitely create some concern. The Corporation has already published a list of recommended security precautions for members of the domain name industry, registries, registrars, resellers and related parties.
They have offered a list of security recommendations to be taken in order to reduce the risk of cyber-attacks on some of the domains. It remains to be seen if the government, in its wisdom, has taken these threats seriously or whether there could be another round of customer data leaks that embarrassed advocates of AADHAR some months ago.
Powered by Trivone Content Services Pvt Ltd