A "worrying" number of European websites could be at risk from hijack due to inherent security glitches in the Ripe internet address databasing system.
Research from independent security firm Matta has revealed that poor authentication procedures used in registries such as Ripe, which governs internet address spacing and IP allocation in Europe, could give hackers the keys to the kingdom of a number of high profile sites.
Company information is held on an automatically updated database which offers five different types of authentication. But the number of companies that use weak or no authentication for network object maintenance is "worrying", according to Matta.
The list even includes large internet service providers (ISPs) and corporates which rely on the internet for their business.
For those using no authentication, an email can be sent from anywhere to inform the Ripe database of changes to be made to the relevant network objects.
For those using 'mail from' field security, the difference is negligible to anyone with the knowledge to spoof emails.
Emails sent to this database can be used to modify or even delete network objects, potentially causing chaos.
One famous case in 2000 saw this very technique used to hijack the Nike.com website and redirect all its traffic to a Scottish hosting company. The hosting company was effectively hit by a denial of service attack off the internet and Nike lost all traffic to its website.
Encrypted alternatives are on offer, including 56bit DES, 128bit MD5 and Pretty Good Privacy (PGP), but Matta argued that weaknesses with DES and MD5 mean that information protected by these systems is also at risk.
As a helping hand to hackers, the Ripe database publishes these encrypted passwords, which can be broken in a matter of days given the right resources.
"A PGP key is by far the strongest encryption available in this instance," said Matta.
Last month, the security firm tested the integrity of 32 European sites and their respective ISPs. In turn, the firm tested the strength of a number of the 56bit RSA encrypted password hashes that are on offer.
Matta found that many of these could be compromised using freely available tools. Some 76 per cent of companies surveyed were found to be vulnerable to a determined hacker.
The company also noted that a number of sites shared the same route maintainer meaning that, if a single 56bit password was compromised, a number of sites such as royal.gov.uk, gchq.gov.uk, number-10.gov.uk and conservative-party.org.uk would all be at risk.
"Considering the sheer amount of time and resources that some companies put into ensuring the security of internet-based systems, it is surprising that, in many cases, a single 56bit DES password is all that protects these networks," said Matta.
For optimum security, Matta suggests using PGP keys to protect data in the Ripe database, while limiting the information freely available, such as hashed passwords.
Ripe will discontinue the 'mail from' security scheme on 11 July, eliminating one of the easiest forms of attack.
It should be noted that, while the European Ripe network and the Asia Pacific APNIC network are vulnerable to the described attacks, the American Registry for Internet Numbers is not vulnerable due to a difference in the authentication system.
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones