14 November 2018

Industry Tests Unhackable Network? Stops Supercomputer Denial of Service Attacks

By Kris Osborn - Warrior Maven

Industry innovators and academia are collaborating on an emerging cybersecurity technology which, after millions of attempted intrusions, has not yet been hacked, developers claim.

Developers at Secure Transport Technology (STT) have tested a self-contained network which, according to its makers, stopped an attempted Denial of Service attack, stopping 2.0 Terabytes of attempted intrusions per second.

The network, called STTarx, relies upon patented technology engineered to identify and thwart a full range of attacks. During a test at Troy University in Alabama, the network was successful in stopping a Denial of Service attack using millions of automated and AI-enabled cyber attacks, developers said. While its makers choose to avoid the term “unhackable,” they do say the system has, thus far, stopped all cyberattack tests, including those launched by high-speed supercomputers. “A hacker will constantly send probes, and it is usually an automated process. What was a laborious process of hacking is now a matter of simply pushing a button, using software. Over time, hackers will gain enough information that they will be able to enter,” Curt Massey, CEO of STarx-maker STT - Secure Transport Technology, told Warrior in an interview.

AI-driven hacking has been on the rise, according to an essay from UpGuard Cyber Security Rating, a private entity specializing in cybersecurity. The essay specifically mentions the growing use of automated “port scanners,” hacking systems which “probe systems for open ports, using the same channels as legitimate traffic.” The probes then return results to a central datastore. Automated port scanners, the essay explains, can hit an entire “subnet” in minutes and record the results in a “searchable, structured format.” Naturally, as opposed to having a single person using a port scanner, automation increases the rate and volume of attacks exponentially.

“Once they have succeeded in entering, hackers often then seek to infiltrate the code and take over a network,” Massey said.

Massey explained that the STTarx network is configured to stop these kinds of attacks, and has done so in test operations. Automation enables a hacker to flood or overwhelm a system with probes, each time gleaning information about the attacked network to learn vulnerabilities. The STTarx technology operates by simply refusing to respond to or acknowledge queries. “By using the seemingly simple tactic of refusing to respond to unauthorized queries, we stop hackers cold. We identify each and every packet. If it is not an authorized communication, it is simply ignored,” Massey explained.

Developers say this kind of self-contained, impenetrable network could potentially secure the nation’s power grid system, something which is often talked about with great concern for having potential vulnerabilities. One industry firm, called Torres Advanced Enterprise Solutions, specializes in related cybersecurity training for US entities such as embassies, and friendly foreign governments.

“STTarx is impenetrable today. The trade-off is to have an impenetrable network, you cannot reach outside of that network to communicate. You could not go to the internet, rather you can only go to authorized nodes within that network,” Torres CEO Jerry Torres told Warrior in an interview.

At the same time, a self-contained network such as this may bring unprecedented advantages, as it can ensure safer connectivity among a wide range of otherwise more vulnerable nodes. International government security networks, which need connectivity and can use other resources to access the internet, might find great value in this ability to privately exchange sensitive information on a secure network.

"This is a one-of-a-kind solution to stop hackers from getting into our government agencies. This is potentially the only solution out there that is a single resource which could protect our power grid, nuclear power plants and other vital cyber-reliant entities," Torres said.

The STTarx network brings particular relevance due to the reality that even the most secure networks are becoming more vulnerable, given that cyberattack technology are rapidly becoming more and more sophisticated. For instance, The UpGuard Cybersecurity Rating essay points to a next-generation automated attack called ZMAP, which increases the speed and efficacy of port scanning even further.

“Traditional port scanning was relegated to individual IP subnets or local domain addresses, but a newer method called ZMAP allows the entire internet to be scanned in under an hour,” the essay states.

Information available from ZMAP-makers define the technology as “a fast, single packet network scanner designed for internet-wide network surveys. On a computer with a gigabit connection, ZMAP can scan the entire public IPv4 address space in under 45 minutes”

The STTarx technology, appears to bring great promise, given the changing threat environment, Torres said. At the same time, Torres said cybersecurity of most kinds can be made vulnerable due to human error.

“Whenever you have human beings involved, human beings can give up the information attackers need to penetrate using automation against our networks, routers, switches and communications networks,” he added.

-- Osborn previously served at the Pentagon as a Highly Qualified Expert with the Office of the Assistant Secretary of the Army - Acquisition, Logistics & Technology. He has also worked as a TV news anchor and military analyst at national cable networks.

No comments: