Site icon IT World Canada

Eavesdropper

The U.S. government agency responsible for IT security suffered a Web site outage caused by a domain name system glitch, but a spokesperson for the Communications Security Establishment could not confirm whether it’s site has similar vulnerabilities.

The National Security Agency’s Web site was unresponsive at 7:00 am Pacific time Thursday and an IT analyst warns corporations could encounter similar problems.

Often depicted in action and spy movies such as Enemy of the State, the NSA is responsible for electronic surveillance and IT security.

Its Web site was unreachable because of a problem with the NSA’s DNS (Domain Name System) servers, said Danny McPherson, chief research officer with Arbor Networks. DNS servers are used to translate things like the Web addresses typed into machine-readable Internet Protocol addresses that computers use to find each other on the Internet.

More DNS coverage in ComputerWorld Canada

SecTor event highlights holes in DNS, databases

“This is a good example of what could happen if your organization fails to address some specifics around DNS,” said Jayanth Angl, a research analyst with the Info-Tech Research Group, a consultancy based in London, Ont. “In a business environment that could be very damaging.”

Canada has an agency with a similar purpose, the Communications Security Establishment. It’s not clear whether a similar problem could affect CSE.

“Without knowing what happened there’s no way I could tell you whether something like that could happen to us,” CSE spokesman Adrian Simpson said. “We’re confident our systems are well protected.”

Read more about network technologies and communications in

IT World Canada’s Communications Infrastructure Knowledge Centre

Over at the NSA, its servers could be knocked offline, though the NSA would still be temporarily reachable by some users because some Internet service providers cache DNS information. If NSA’s site goes down, then e-mail sent to the agency will not be delivered, and in some cases, e-mail being sent by the NSA would not get through.

“We are aware of the situation and our techs are working on it,” a NSA spokeswoman said at 9:45 a.m. PT. She declined to identify herself.

There are three possible reasons the DNS server was knocked off-line, McPherson said. “It’s either an internal routing problem of some sort on their side or they’ve messed up some firewall or ACL policy,” he said. “Or they’ve taken their servers off-line because something happened.”

That “something else” could be a technical glitch or a hacking incident, McPherson said.

Can businesses learn anything from this? Angl said although DNS issues are technical in nature, the solution may involve basic management techniques. Managers need to know who is accountable for managing DNS, how it is configured and what, if any, vulnerabilities may exist.

“Do you have resources accountable for that?” Angl said. “Do you have the configuration-related information documented already? If not that’s something that needs to be addressed sooner rather than later.”

The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks, so the outage is an embarrassment for the agency.

“I am certain that someone’s going to send an e-mail at some point that’s not going to get through,” McPherson said. “If it’s related to national security and it’s not getting through, then as a U.S. citizen, that concerns me.”

A Canadian expert questions the security precautions taken by the NSA. Richard Hyatt, Chief Technology Officer at BlueCat Networks Inc. of Toronto, said he went on to the NSA site and discovered they were running an old version of Berkeley Internet Name Domain (BIND).

“The fact that I can tell you that tells you how much work they did to protect that information,” he said, adding the failure of the NSA site doesn’t necessarily affect their core business. “I’m sure they’re listening to everything,” he said. “They could be listening to this phone call right now.”

But he added the site, unlike a service like Amazon.com, is not used to generate business on the Internet

“Most outages from DNS are just simple configuration mistakes,” Hyatt said. “The biggest mistake people make if they use system like BIND is they don’t keep them up to date.

With files from Anders Lotsson of Computer Sweden.

Exit mobile version