Internet Unregulated, Vulnerable To Attack, McLaughlin Says In Lecture
Andrew McLaughlin, a non-residential fellow for CIS, is mentioned in the below Stanford Daily article by Josh Hoyt for a lecture he gave in which he outlined three particular global infrastructure security issues.
Andrew McLaughlin, former Deputy Chief of Technology Officer for the Obama Administration, gave the first lecture in a series hosted by the Center on Democracy, Development and the Rule of Law (CDDRL).
In the talk, he outlined several vulnerabilities of the infrastructure of the Internet and the difficulties in overcoming them.
“There are three particular global infrastructure security issues,” McLaughlin said. “What they all have in common is that they present a model of diffuse, decentralized responsibility and broad coordination and implementation where essentially nobody is in charge.”
“If someone can get between you and one of the name servers and act like one of the name servers, they can send back responses that your computer will trust but that are false,” McLaughlin said. “So they can send you to something that they’ve set up that looks like Gmail, and when you type your password into [it], they have your password.”
“This protocol was built for the Internet when security was just not a big consideration,” McLaughlin continued. “The Internet was just a network of universities linked together, trusting each other, basically.”
“There was an incident in 2009 where China Telecommunications Corporation (China Telecom) suddenly started announcing about 15 percent of the world’s routes which they were not, in fact, responsible for,” McLaughlin said. “China Telecom has now been sort of caught red-handed both hijacking routes on a temporary basis and also occasionally spoofing certificate authorities.”
McLaughlin believes this may have been a test to see if China was capable of quickly turning off portions of the Internet and replacing them with fake sites. China would be able to spy on people around the world with this capability.
“Imagine you’re Kenya and you are being told anything that is not signed off on, on an operational level, by this California organization, is not going to exist as far as the Internet is concerned,” McLaughlin said. “Who are these people? How were they chosen?”
For Stanford students in attendance, McLaughlin’s talk was both sobering and suggested opportunities for students.