Researchers from all over the world can use DETER, a practice Internet, to discover the best ways to combat hackers and prevent a "Cyber Pearl Harbor." Host David Pogue met with cyber security experts at DETER, who taught him about a common attack called the Distributed Denial of Service, or DDoS, attack.
Cyber War Games
Posted: October 31, 2013
NARRATOR: Any device that is connected to the Internet can be hacked. But just how likely is it that a hacker could take over the computer system of, say, an airport or a power grid? Making Stuff host David Pogue met with cybersecurity expert Terry Benzel to find out about the risks of a major cyber attack.
DAVID POGUE: So, how vulnerable are we right now?
TERRY BENZEL: Well, unfortunately, we’re entirely vulnerable. People in my community call it the cyber Pearl Harbor. And for us it’s not if there’ll be a cyber Pearl Harbor, but when there’ll be a cyber Pearl Harbor.
DAVID POGUE: But I haven’t heard of anything approaching a Pearl Harbor scale. You’re making a big leap there.
TERRY BENZEL: But we hadn’t seen an airplane fly into a World Trade Center yet either, right? Can we wait for that? No, we can’t.
NARRATOR: Benzel runs a project called “DETER.”
TERRY BENZEL: Come on in, let me show you the DETER lab facility.
DAVID POGUE: Whoa.
NARRATOR: It’s a one-of-a-kind practice internet for cyber security researchers all over the world. The system consists of around 500 linked computers that can emulate hundreds of thousands more. Researchers can use DETER to stage cyber war games without harming the real Internet.
One form of cyber attack under investigation is the distributed denial-of-service attack. In this scheme, a cyber criminal gets hundreds of thousands of users to download an innocent looking message that contains malware—basically viral software. Once infected, the computers form a vast robotic network—or a botnet—which the hacker controls. The hacker can then tell each computer to send a useless request to a particular website or network, like one for a power grid. These requests overload the site’s server, causing the site to “deny service” to all its legitimate users.
Ted Faber stages one of these attacks on the DETER system.
TED FABER: Those little booms there, as anyone from war games will tell you, are not good.
DAVID POGUE: Each dot represents a whole bunch of attacks.
TED FABER: Right, exactly so. And the more dots along a given path, the more attacks are going from here to there.
DAVID POGUE: And where are you? Where’s the website?
TED FABER: This is the victim right here.
DAVID POGUE: Right here? It looks like they’re coming thicker and faster now.
TED FABER: Each time you get infected, you also start trying to infect your neighbors.
NARRATOR: Eventually, the box turns red, indicating that the server can’t handle the huge amount of traffic to the site. This type of attack temporarily shut down the web service of scores of U.S. banks in late 2012 and early 2013.
NARRATOR: But using DETER, Faber can test a cyber defense strategy.
TED FABER: What I’m gonna do now is rerun the same game, except these other two guys we see here, constant blue—they’re my backup servers.
NARRATOR: He brings two additional servers online.
TED FABER: And if you look close you can start to see these packets inbound to this guy, these packets inbound to this bottom guy.
DAVID POGUE: So now the botnets are attacking the backups, too?
TED FABER: Yup. But notice that now that the attack destination is spread out over three nodes, they don’t get as hot.
DAVID POGUE: Oh, you’re dividing up the load of handling all these useless requests.
TED FABER: Right. You can see we’re all pretty much the same color again. We seem to have spread the load out and continue to serve people.
NARRATOR: This time around the victim’s website survives. But next time, the hackers may come up with a new kind of attack. In order to win this digital arms race, DETER is educating the next generation of cyber researchers so they can predict the bad guys’ next move. With enough minds on the job, perhaps DETER can prevent a cyber Pearl Harbor.
- Animated and Narrated by
- Anna Rothschild
- Original Footage
- © WGBH Educational Foundation 2013
- (main image: View Out Window)
- © WGBH Educational Foundation 2013