Hacker News new | comments | show | ask | jobs | submit login
A Cyber-Attack on an American City (perens.com)
70 points by Angostura on Apr 22, 2009 | hide | past | web | favorite | 16 comments

When I was a young hacker (I presume readers of Hacker News will understand my meaning of this term), I had a reputation for finding out how to crash any system--a useful skill when building fault-tolerant real-time distributed systems.

The president of the software company I was at suggested that "no doubt you could break into our new secure file system and down, but please don't." I told him that if I really, really needed to bring down his fancy new server, I would go get the fire axe, break down the door, and kick the server over.

Everyone focuses on securing the bits, but no one worries about the wires. It's disturbing hearing about this kind of attack.

>Everyone focuses on securing the bits, but no one worries about the wires. It's disturbing hearing about this kind of attack.

There's a distinct difference between obtaining information and destroying it. While being an anarchist can be useful to some extent, getting 'inside' is far more useful to the thoughtful deviant.

That being said, still agree with your point. It's still frightening how much said anarchists can shake up the world.

Where do anarchists come into this? I hope you're not using that word as a synonym for "saboteur".

Actually, I'd wager that industrial sabotage can be just as useful in many cases, as industrial espionage.

The extent of the infrastructure vulnerabilities that Perens talks about (not to mention the recent US power grid attacks) really highlights how unprepared civil government is in the face of dedicated attackers. Its all fine and dandy when your servers are the latest hardened SELinux, but when someone cuts your cables, you're really on the out. (You could try communicating via RFC 1149). I suspect that "disaster management" today really means wait for the military to come and take over...

+1 for RFC 1149 :)

> The old Bell System used to arrange cables in a ring around a city, so that a cut in any one location could be routed around. It's not clear how much modern telephone companies have continued that practice.

I remember being fascinated in one otherwise boring computer networking class by the self-healing concept of SONET fiber optic networks. I didn't know it was pre-dated by copper wire.

On a piece of scrap paper, draw two concentric rings. Draw bridge points (a line bisecting both of the two rings) at ten or twelve points along the rings. Draw CW-direction arrows on the inner ring and CCW-direction on the outer. Simulate a cable cut by erasing part of the two rings. SONET will automatically heal itself by detecting the cut and bridging its traffic at the closest bridge point and going the opposite direction until it goes all the way around and hits the cable cut from the other direction (and auto-bridges and forms a new closed comm loop)

SONET would not have helped, as it is too expensive to be deployed outside a metro area (redundancy).

"Self-Healing Ring Architectures for SONET Network Applications" http://www.doc.ic.ac.uk/~nd/surprise_96/journal/vol2/dm9/art...

The modern solution to that is RSTP, or somtimes, similar proprietary protocols. It also works on arbitrary networks, not just ring topologies. We use RSTP for failover in tunnel control and emergency systems here in Norway, usually arranged into hierarchial ring-like structures.

STP, like so many things, is best expressed in rhyming verse:

  I think that I shall never see
  a graph more lovely than a tree.
  A tree whose crucial property
  is loop-free connectivity.
  A tree that must be sure to span
  so packet can reach every LAN.
  First, the root must be selected.
  By ID, it is elected.
  Least-cost paths from root are traced.
  In the tree, these paths are placed.
  A mesh is made by folks like me,
  then bridges find a spanning tree.
                   Radia Perlman

I feel entertained

And enlightened by this prose

The beauty of graphs

Would RSTP have survived this situation (eight cables cut)? I think it was a single point of failure though (no other branches for the graph).

I was addressing the poster's point about SONET. Of course no recovery solution will survive if the graph is really split into parts.

In case of the tunnels there normally isn't a single point you can slash and bring down the whole system. The failover requirements, recovery times etc are dictated by national road authority and fire safety regulations.

The poster being you of course :)

"Email from others in your office should continue to operate."

We use hosted Exchange where I currently work. Sounds good until you actually want to do anything useful. Today, I got in a battle with their support because I wanted to forward email from one email address to another -- which they wouldn't let me do because I wasn't an "administrator" of one of the domains from which I wanted to forward email, even though I am the network infrastructure manager for the entire company.

So, having this service out in the cloud turned what would have been a two minute job if I'd had a local Exchange server into a five-hour battle with tech support (which I eventually lost because I gave up). In my limited experience so far, cloud computing is ok until you actually need to do something useful.

This story makes me want to go get my ham radio certification. I've taken the training courses but just not taken the test. I need to get on that.

And the internet was supposed to route around damage...

One way to do this is to make wifi laptops and mobile phones into routers - an ad hoc network http://en.wikipedia.org/wiki/Mobile_ad-hoc_network

So far, research in this is academic/hobbiest.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact