I ran across this the other day and thought it was interesting so thought I would post it:
===
In addition to the more well-known threats such as viruses and "phishing" (the practice of sending bogus e-mails purportedly representing a business in an attempt to get access to a person's password and account), Leighton described the following problem.
* Denial of service attacks. In a "denial of service attack," a Web site's IP address is bombarded with traffic in an attempt to overwhelm the infrastructure managing the site. "Bad guys," Leighton explained, can use armies of "bots" - computers controlled, often unbeknownst to their owners, after having been infected with a virus or a worm - to launch denial of service attacks. Such an attack can be targeted at a company or more broadly. For example, InformationWeek reported on February 6, 2007, that on that day a denial of service attack "nearly took down" three of the Internet's 13 so-called root servers, temporarily slowing the three servers. Though the attack did not have a significant effect on Internet endusers, what would happen if a denial of service attack ever actually succeeded in bringing down all 13 of the Internet's root servers? Were that ever to occur, it wouldn't take long before "your browser wouldn't be able to go anywhere; you wouldn't be able to send e-mail. Nothing on the Internet would work," Leighton said.
* "Pharming." "Pharming," Leighton explained, often exploits a weakness in the DNS, an Internet protocol that allows a "bad guy" to tell a device known as a name server, of which there are millions, that it owns the IP address of an organization such as a financial institution. The hacker will then receive the traffic from that name server meant to go to the financial institution, and the hacker can then send that traffic to a bogus Webpage that looks like the financial institution's own sign-in page. In the process, Leighton explained, criminals can gain password and account information. What's more, the user may not realize what has happened. Leighton added that another type of "pharming" can use a different Internet protocol known as BGP protocol, to siphon off some of the traffic intended for a given site to a bogus site, again in an attempt to gain password and account information.
More troubling still are the larger implications of these techniques if applied against a nation rather than for commercial gain. For example, Leighton noted that one worry is if terrorists could gain account and password information to access critical infrastructure, such as the nation's utilities system.
===
Link to article here.