CBSN

Spreading The Word On 'Net Flaw

Microsoft Windows user Sam Salerno downloads a patch from Microsoft's web site to protect his computer from the LoveSan MBlaster Worm, August 14, 2003 in New York City. If there's a bright side to the Internet worm that rampaged through hundreds of thousands of computers this week, it's that the attack might lead many companies to look much more closely at security. (Microsoft)
AP/HO
The researcher who found a serious security flaw in a core Internet technology says the global computer network is prepared for possible exploits.

Paul Watson, who will detail his discovery Thursday at a computer security conference in Vancouver, says tens of thousands of internet security experts have been working secretly for months to correct the flaw.

"The threat is mitigated," Watson told CBS News Correspondent Melissa McDermott.

The flaw, disclosed Tuesday by the British government, affects the underlying technology for nearly all Internet traffic. Left unaddressed, they said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.

"Exploitation of this vulnerability could have affected the glue that holds the Internet together," said Roger Cumming, director for England's National Infrastructure Security Coordination Centre.

Watson, 36, said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.

Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a stand-by mode, known as "dampening," that can persist for hours.

Experts previously maintained such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.

"The biggest concern is (the effect on routers) because of the risk of bringing down the Internet or severely disrupting traffic on the Internet," Watson said.

Already in recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have quietly fortified their own vulnerable systems because of early warnings communicated by some security organizations. The White House has expressed concerns especially about risks to crucial Internet routers, since attacks against them could profoundly disrupt online traffic.

"Any flaw to a fundamental protocol would raise significant concern and require significant attention by the folks who run the major infrastructures of the Internet," said Amit Yoran, the U.S. government's cybersecurity chief. The new flaw has dominated discussions since last week among experts in close-knit security circles.

Watson, who runs the www.terrorist.net Web site, predicted that hackers will understand how to begin launching attacks "within five minutes of walking out of that meeting."

"It's fairly easy to implement," Watson said. "Someone walking out of the conference would immediately understand. No matter how vague I am, people will figure it out.

"Whether I reveal it or someone else reveals it, eventually people are going to find out. I've had the research for about a year now, and I've been working with a lot of agencies around the world.. to get the information out to the people who needed to know it, who could actually implement the fixes."