Big holes in net's heart revealed

Simple attacks could let malicious hackers take over more than one-third of the net's sites, reveals research.

The finding was uncovered by researchers who analysed how the net's addressing system works.

They also found that if the simple attacks were combined with so-called denial-of-service attacks, 85% of the net becomes vulnerable to take-over.

The researchers recommended big changes to the net's addressing system to tackle the vulnerability at its heart.

Site seizing

When you visit a website, such as news.bbc.co.uk, your computer often asks one of the net's address books, or domain name servers, for information about where that site resides.

But the number of computers that have to be consulted to find the computers where that site is located often makes sites vulnerable to attack by vandals and criminals, found Assistant Professor Emin Gun Sirer and Venugopalan Ramasubramanian from the Department of Computer Science at Cornell University.

Professor Sirer told the BBC News website that, on average, 46 computers holding different information about the components of net addresses are consulted to find out where each dotcom site is actually hosted.

But, he said, this chain of dependencies between the computers that look after the different parts of net addresses creates all kinds of vulnerabilities that clever hackers could easily exploit.

"The growth of the internet has caused these dependencies to emerge," said Professor Sirer. "Instead of having to compromise one you can compromise any one of the three dozen."

All the information gathered and analysed by the researchers has to be publicly available to keep the net's addressing system working. The research analysed information about almost 600,000 computers.

The research also revealed that 17% of the servers that host the net's address books are vulnerable to attack via widely known exploits.