In January 2005 on a drizzly Sunday afternoon, a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages.
Suddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain. The server didn't know that the Web page didn't existit was listening to Kaminsky now, as if it had been hypnotized.
When DNS was created in 1983, it was designed to be helpful and trustingit's directory assistance, after all. It was a time before hacker conventions and Internet banking. Plus, there were only a few hundred servers to keep track of. Today, the humble protocol stores the location of a billion Web addresses and routes every piece of Internet traffic in the world.
Security specialists have been revamping and strengthening DNS for more than two decades. But buried beneath all this tinkering, Kaminsky had just discovered a vestige of that original helpful and trusting program. He was now face-to-face with the behemoth's almost childlike core, and it was perfectly content to accept any information he wanted to supply about the location of the Fortune 500 company's servers.
Kaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet's infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone's email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?
The vulnerability gave him the power to transfer millions out of bank accounts worldwide. He lived in a barren one-bedroom apartment and owned almost nothing. He rented the bed he was lying on as well as the couch and table in the living room. The walls were bare. His refrigerator generally contained little more than a few forgotten slices of processed cheese and a couple of Rockstar energy drinks. Maybe it was time to upgrade his lifestyle.
Or, for the sheer geeky joy of it, he could reroute all of .com into his laptop, the digital equivalent of channeling the Mississippi into a bathtub. It was a moment hackers around the world dream ofa tool that could give them unimaginable power. But maybe it was best simply to close his laptop and forget it. He could pretend he hadn't just stumbled over a skeleton key to the Net. Life would certainly be less complicated. If he stole money, he'd risk prison. If he told the world, he'd be the messenger of doom, potentially triggering a collapse of Web-based commerce.
But who was he kidding? He was just some guy. The problem had been coded into Internet architecture in 1983. It was 2008. Somebody must have fixed it by now. He typed a quick series of commands and pressed enter. When he tried to access the Fortune 500 company's Web site, he was redirected to an address he himself had specified.
“Oh shit," he mumbled. “I just broke the Internet."
Paul Vixie, one of the creators of the most widely used DNS software, stepped out of a conference in San Jose. A curious email had just popped up on his laptop. A guy named Kaminsky said he'd found a serious flaw in DNS and wanted to talk. He sent along his phone number.
Vixie had been working with DNS since the 1980s and had helped solve some serious problems over the years. He was president of the Internet Systems Consortium, a nonprofit that distributed BIND 9, his DNS software. At 44, he was considered the godfather of DNS. If there was a fundamental error in DNS, he probably would have fixed it long ago.
But to be on the safe side, Vixie decided to call Kaminsky. He picked up immediately and within minutes had outlined the flaw. A series of emotions swept over Vixie. What he was hearing shouldn't be possible, and yet everything the kid said was logical. By the end of the third minute, Vixie realized that Kaminsky had uncovered something that the best minds in computer science had overlooked. This affected not just BIND 9 but almost all DNS software. Vixie felt a deep flush of embarrassment, followed by a sense of pure panic.
“The first thing I want to say to you," Vixie told Kaminsky, trying to contain the flood of feeling, “is never, ever repeat what you just told me over a cell phone."
For more information contact All About Jazz.
