Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Web-based attacks could create chaos in the physical world

02.05.2003


Computer security researchers suggest ways to thwart new form of cybercrime



Most experts on computer crime focus on attacks against Web servers, bank account tampering and other mischief confined to the digital world. But by using little more than a Web search engine and some simple software, a computer-savvy criminal or terrorist could easily leap beyond the boundaries of cyberspace to wreak havoc in the physical world, a team of Internet security researchers has concluded.

At a recent Association for Computing Machinery conference on privacy in an electronic society, the researchers -- including a Johns Hopkins faculty member -- described how automated order forms on the Web could be exploited to send tens of thousands of unwanted catalogs to a business or an individual. Such an onslaught would not only pose problems for the victim, but it could also paralyze the local post office charged with making such deliveries, the researchers suggested. After explaining how such attacks could take place, the researchers proposed several technological "fixes" that could help prevent them.


The rapid growth of the World Wide Web has enabled many merchants, government agencies and non-profit organizations to make sales catalogs and information packets available to anyone who can fill out a simple on-line form. But these forms, the researchers say, have also opened a gateway that could allow disruptive activity to spill out of cyberspace. "People have not considered how easily someone could leverage the scale and automation of the Internet to inflict damage on real-world processes," said Avi Rubin, technical director of the Information Security Institute at The Johns Hopkins University and one of the authors of the paper.

Rubin and two other researchers first determined that a popular search engine such as Google could be used to locate online order forms. They also discovered that simple software could be launched to automatically recognize and fill in fields such as "name," "address" and "city," and then submit the catalog request online. "It could be set up to send 30,000 different catalogs to one person or 30,000 copies of one catalog to 30,000 different recipients," said Rubin. "This could create a great expense for the sender, a huge burden for local postal facilities and chaos in the mail room of a business targeted to receive this flood of materials."

The technique could also be used to exploit the increasingly common Web-based forms used to request repair service, deliveries or parcel pickups, said Rubin, who also is an associate professor in the Department of Computer Science at Johns Hopkins. Tracking down the attacker could be difficult, he added. The offender could easily escape detection by loading the program onto a floppy disk or a small USB hard disk and paying cash for a few minutes of time at an Internet café. By the time the damage was discovered, the culprit would have vanished, Rubin said.

Because of the confusion and costs such attacks could inflict, Rubin and his fellow researchers wondered whether they should make public the technological weakness they’d uncovered; by doing so, they might provide a "blueprint" for people to launch such attacks. With this in mind, they did not publish their paper for some time after the initial research was done. However, after a popular search engine introduced its new Application Programming Interfaces, the researchers concluded that the attacks they envisioned were now much more likely to occur. In their paper they stated that "there is also a risk in not disclosing vulnerabilities for which there are known solutions. By not educating people who are in a position to defend against an attack, it can be more damaging to bury knowledge of a vulnerability than to announce it."

The researchers suggested several methods to deter the attacks they described. One is to set up online forms so that they cannot easily be picked up by a search engine. Another is to alter the HTML coding used to create an online form so that it no longer contains easily recognizable field names such as "name" and "address." (Such coding changes would not be visible to the person filling out the form.)

Yet another option is to include in each form a step that must be completed by a human computer user. This process, called a Reverse Turing Test, could display writing that could not easily be recognized by a computer, or it could require some other visual task that would trip up an automated ordering program. Other deterrents suggested by the researchers include client puzzles and monitored systems called "Honeypots," which are set up to attract cyber-attackers for early detections.

Hoping to prevent the type of cyber-attacks they’ve envisioned, the researchers have conferred with a top technology administrator from the U.S. Postal Service and have made their concerns and recommendations public on the Web. "To prevent these damaging activities," Rubin said, "we need to look at the interface between cyberspace and the real world and to make sure there is a real person submitting a legitimate request, not a computer program launching a disruptive attack."

Phil Sneiderman | EurekAlert!
Further information:
http://www.jhu.edu/
http://www.avirubin.com/scripted.attacks.pdf
http://www.avirubin.com

More articles from Information Technology:

nachricht Optical fiber transmits one terabit per second – Novel modulation approach
16.09.2016 | Technische Universität München

nachricht Researchers prototype system for reading closed books
09.09.2016 | Massachusetts Institute of Technology

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: OLED microdisplays in data glasses for improved human-machine interaction

The Fraunhofer Institute for Organic Electronics, Electron Beam and Plasma Technology FEP has been developing various applications for OLED microdisplays based on organic semiconductors. By integrating the capabilities of an image sensor directly into the microdisplay, eye movements can be recorded by the smart glasses and utilized for guidance and control functions, as one example. The new design will be debuted at Augmented World Expo Europe (AWE) in Berlin at Booth B25, October 18th – 19th.

“Augmented-reality” and “wearables” have become terms we encounter almost daily. Both can make daily life a little simpler and provide valuable assistance for...

Im Focus: Artificial Intelligence Helps in the Discovery of New Materials

With the help of artificial intelligence, chemists from the University of Basel in Switzerland have computed the characteristics of about two million crystals made up of four chemical elements. The researchers were able to identify 90 previously unknown thermodynamically stable crystals that can be regarded as new materials. They report on their findings in the scientific journal Physical Review Letters.

Elpasolite is a glassy, transparent, shiny and soft mineral with a cubic crystal structure. First discovered in El Paso County (Colorado, USA), it can also be...

Im Focus: Complex hardmetal tools out of the 3D printer

For the first time, Fraunhofer IKTS shows additively manufactured hardmetal tools at WorldPM 2016 in Hamburg. Mechanical, chemical as well as a high heat resistance and extreme hardness are required from tools that are used in mechanical and automotive engineering or in plastics and building materials industry. Researchers at the Fraunhofer Institute for Ceramic Technologies and Systems IKTS in Dresden managed the production of complex hardmetal tools via 3D printing in a quality that are in no way inferior to conventionally produced high-performance tools.

Fraunhofer IKTS counts decades of proven expertise in the development of hardmetals. To date, reliable cutting, drilling, pressing and stamping tools made of...

Im Focus: Launch of New Industry Working Group for Process Control in Laser Material Processing

At AKL’16, the International Laser Technology Congress held in May this year, interest in the topic of process control was greater than expected. Appropriately, the event was also used to launch the Industry Working Group for Process Control in Laser Material Processing. The group provides a forum for representatives from industry and research to initiate pre-competitive projects and discuss issues such as standards, potential cost savings and feasibility.

In the age of industry 4.0, laser technology is firmly established within manufacturing. A wide variety of laser techniques – from USP ablation and additive...

Im Focus: New laser joining technologies at ‘K 2016’ trade fair

Every three years, the plastics industry gathers at K, the international trade fair for plastics and rubber in Düsseldorf. The Fraunhofer Institute for Laser Technology ILT will also be attending again and presenting many innovative technologies, such as for joining plastics and metals using ultrashort pulse lasers. From October 19 to 26, you can find the Fraunhofer ILT at the joint Fraunhofer booth SC01 in Hall 7.

K is the world’s largest trade fair for the plastics and rubber industry. As in previous years, the organizers are expecting 3,000 exhibitors and more than...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Experts from industry and academia discuss the future mobile telecommunications standard 5G

23.09.2016 | Event News

ICPE in Graz for the seventh time

20.09.2016 | Event News

Using mathematical models to understand our brain

16.09.2016 | Event News

 
Latest News

Stronger turbine blades with molybdenum silicides

26.09.2016 | Materials Sciences

Scientists Find Twisting 3-D Raceway for Electrons in Nanoscale Crystal Slices

26.09.2016 | Materials Sciences

Lowering the Heat Makes New Materials Possible While Saving Energy

26.09.2016 | Materials Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>