Feds Work To Block Domain-Name Hackers

Welcome Guest. | Log In| Register | Membership Benefits

August 25, 1998 (5:48 PM EDT)

By John Borland,

The U.S. federal government is trying to make the Net's domain-name system hack-proof.

The Department of Defense Advanced Research Projects Agency (DARPA) has awarded a $1.4 million contract to Santa Clara, Calif.-based Network Associates to help tamperproof the Net's domain-name infrastructure. The company's TIS Labs division will develop a cryptographic authentication system for the Net's domain-address system, creating a secure digital ID for Web addresses.

The new system would work much like digital certificates, letting the Net's routing points to verify the origin of any given Web page. No widely used means of verification exists today, allowing hackers to corrupt Web page caches or reroute domain traffic altogether.

The Net's security flaws are overdue to be fixed, domain-name administrators say. The system has been attacked at several levels in the past, sparking widespread Net confusion, lawsuits, and even FBI action.

The most visible domain hack was mounted in July of 1997, when Seattle computer consultant Eugene Kashpureff managed to reroute traffic from Network Solutions' InterNIC page to his own AlterNIC domain-registration page for several days.

After a three-month FBI manhunt, Kashpureff was arrested in Canada late last year. He pled guilty to computer fraud in March.

While the Network Associates software would stop AlterNIC-style attacks on the name system itself, it will not stop hackers from breaking into individual Web servers and changing pages, company officials said.

"That's not part of this particular approach," said Terry Benzel, director of TIS Labs. Companies that want to secure their own Web pages from outside manipulation need to invest in firewall or other security software, she said.

The company is working with the Internet Software Consortium, a group that distributes the Berkeley Internet Domain (BIND) domain-name server software. The ISC will distribute the security system to UNIX vendors in future releases of BIND.

Network Associates officials said they planned to have a final version of the domain-security system in about 18 months, with beta versions expected as soon as six months from now.