Secret Geek A-Team Hacks Back, Defends Worldwide Web

Direct Link

Almost every person in western society today uses the internet in some way. For e-mailing, social networking, online banking, or procrastinating. In any way you use it, everyone realizes how important the internet has become to our society. Dan Kaminsky is one person who tried to make sure that our security was in tact online.

A few years ago, Kaminsky had shattered his elbow in a jogging accident, and spent his recovery time in a daze. He had remembered breaking into the Starbucks Wi-Fi one time, and it bothered him. He had felt extremely accomplished when he had done this, even though the connection was super slow.It was the DNS, or domain name system, that had enabled him to hack into getting free Wi-Fi, and he felt that something wasn't right with it. As he did his job, checking Windows Vista for security problems and punching holes in it to be fixed, he knew that it was vulnerable for an attack. Then one day, when he decided to mess around with the system at his home, he broke the Internet.

"He liked to see how (firing random queries at the system) would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages. Suddenly it worked." The Internet now believed that the web-page actually existed, and Kaminsky could put whatever he liked about the location of the companies servers. "This would allow him to reassign any Web address, reroute anyone's email, take over banking sites, or simply scramble the entire global system."

After finding the ultimate hack, a scary one, he contacted the people who helped create and fix the DNS, warning them of what he found, and how what he could do with this. Paul Vixie, the first person Kaminsky contacted, made sure he would never talk about what he found over cell phones, e-mail, or anything that could be traced. A meeting was assembled to present the problem, and Kaminsky let them know that he wanted to present the same hack at a Hackers Convention, and that they needed to fix it by then.  On July 8th, many major companies released the new patches. But some did not. With all the mystery, Kaminsky was beginning to be hated in the computer community. So he decided to confide in three compuer security people. They all agreed to keep the description secret, but one man, Thomas Ptacek, accidently released the description of the hack on the companies website, and couldn't take it down soon enough. 

Just one week later, an AT&T server was attacked in Texas, the hacker took over Google, making it so when people in the Austin area went to google.com, they were redirected to a "look-alike that covertly clicked ads." The increase in ad-revenue was how the attacker profited. More companies were urged to install the patch, and by the time Kaminsky delivered his speech at the Hackers Convention, internet users were protected. But at the end of the talk, Kaminsky left with an eerie message to the crowd "There is no saving the internet. There is postponing the inevitable for a little longer."