25% of Internet users susceptible to targeted attacks

Countries relying on a few Internet service providers are most vulnerable to targeted attacks, research shows

June 02, 2022 by Sandipan Talukdar
Internet targeted attacks

Around one-fourth of Internet users in the world stay in countries that are more susceptible to online attacks than previously estimated. Moreover, many of these countries, which are vulnerable to targeted attacks on the internet, are located in the Global South.

The findings are part of a large-scale study conducted by researchers at the University of California San Diego (UCSD). The study, titled ‘Quantifying Nations’ Exposure to Traffic Observation and Selective Tampering,” encompasses 75 countries and was conducted by computer scientists of UCSD.

Alexander Gamero-Garrido, who is the first author of the study and a PhD holder from UCSD in computer science, said, “We wanted to study the topology of the Internet to find weak links that, if compromised, would expose an entire nation’s traffic.” The study findings were presented by the researchers at the Passive and Active Measurement Conference 2022.

Internet networks differ in their structures in different countries. In some developed countries, such as the USA, Internet service providers compete for giving services to a large number of users. The networks in these countries are connected directly to one another and exchange content. This process is known as direct peering. All the providers can also plug in directly to the Internet infrastructure of the world. However, there is a large portion of the Internet which does not function with peering, said Gamero Garrido.

On the other hand, in many developing countries, Internet users mostly rely on a handful of service providers. In this process, some of the providers establish monopolies. These service providers again depend on the system known as the Transit Autonomous System only to get access to the global Internet network and traffic from other countries.

The Transit Autonomous System consists of a limited number of companies which can provide the service. According to the researchers, countries relying on such a system of Internet network are the most vulnerable ones to targeted attacks — because the attacker(s) needs to attack only a small number of systems. These countries, according to the researchers, are also vulnerable in case one of the main Internet providers faces a breakdown.

The researchers found that in many of the countries where such a transit autonomous system is used, one transit autonomous system serves all the users in a country. Cuba and Sierra Leone are some examples of this. Bangladesh, on the other hand, has 2-30 system providers.

Alongside, the researchers also got the hint of colonial monopoly in the topology of the Internet in the Global South. One example is Orange, a French company which is strongly present in many African countries.

For carrying out the research, the authors resorted to Border Gateway Protocol Data, which is a system of monitoring exchanges of routing and reachability information among the autonomous system on the Internet. But there is a chance of incompleteness of the data collected by this method. The researchers attempted to mitigate this by validating the retrieved data from real, in-country Internet operators.

The researchers say that in their next step, they plan to search critical facilities like hospitals and how they are connected to the Internet and their vulnerability to internet attacks.