Remedy 2: Boost Data
Protect corporate databases so they can't be stolen from, and the networks around them so they can't be brought down for ransom
Eran Reshef thought he'd figured out a clever way to combat spam. The CEO of Israeli company Blue Security created a method of flooding junk e-mailers and their clients with opt-out requests-essentially, spamming the spammers. Within a few months, Reshef claimed, six of the world's biggest junk e-mailers had agreed to stop spamming his customers.
Then, this past May, a Russian spammer known as PharmaMaster fought back. Using a botnet, he launched what's called a distributed denial of service, or DDOS, attack. If too many computers try to access a Web site at the same time, it overwhelms the servers that host the site and shuts it down. DDOS attacks do this relentlessly, keeping a company's site offline until it agrees to pay a ransom.
And PharmaMaster didn't stop there. He took down Blue Security's blog service, its Internet service provider, and the security firm it hired to repel the original attack. Then he sent Blue Security's customers e-mails infected with a virus. After two weeks of relentless attacks, Blue Security just gave up. At press time, Bluesecurity.com was still offline. (Reshef declined to be interviewed for this article.) Nobody knows how many of these attacks occur every year, because few companies admit to being attacked for fear of revealing their weaknesses. Today DDOS attacks are largely fought by redirecting the enormous amount of traffic to servers that can handle it. Often companies hire firms that specialize in such defense.
Someday, these attacks could be solved by self-healing networks that can continue to function while under attack-the electronic equivalent of a head cold. But such systems are still years away from being built in the lab, let alone deployed on the Internet. CyLab isn't even working on them yet. But if they can't yet protect a network from being attacked, they can at least protect the large databases of information-say, a bank's customer records-behind those networks. A version of these so-called survivable data-storage systems is in place at CyLab today.
One way to think about CyLab's system is to imagine a database as a sheet of paper. If you tear the paper into 1,000 differently shaped pieces and store them in 1,000 different places, you make it harder to steal. But if an attacker finds and destroys just one piece, you can't reconstruct the paper. If you make four copies of the paper, though, cut each copy into 1,000 different pieces, and store all the pieces on 1,000 different computers, you've made the target so big and elusive that an attacker can't possibly take down enough of it to cause you problems. And because there are copies of every bit of data, the system itself can replace any compromised pieces. "An attacker would have to take down 80 percent of your computers to bring the system down," Khosla says. "Even if you're under a massive attack, it won't totally die."single page
Five amazing, clean technologies that will set us free, in this month's energy-focused issue. Also: how to build a better bomb detector, the robotic toys that are raising your children, a human catapult, the world's smallest arcade, and much more.