Somebody is doing some nasty shit out there. From Ars Technica:
New attacks on Network Time Protocol can defeat HTTPS and create chaos
Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.
The vulnerabilities reside in the Network Time Protocol, the widely used specification computers use to ensure their internal clocks are accurate. Surprisingly, connections between computers and NTP servers are rarely encrypted, making it possible for hackers to perform man-in-the-middle attacks that reset clocks to times that are months or even years in the past. In a paper published Wednesday titled Attacking the Network Time Protocol, the researchers described several techniques to bypass measures designed to prevent such drastic time shifts. The paper also described ways to prevent large numbers of computers from successfully connecting to synchronization servers.
The attacks could be used by malicious actors to wreak havoc on the Internet. An attack that prevented sensitive computers and servers from receiving regular time-synchronization updates could cause malfunctions on a mass scale. In many cases, such denial-of-service hacks can be carried out even when attackers are "off-path," meaning the hacker need not have the ability to monitor traffic passing between a computer and NTP server.
The article is looking at computer security and encryption but messing with time can have some major problems with public communications too - Enhanced 9-1-1 (E911) cell service depends on accurate timekeeping to locate your cell phone in the event of an emergency, even if said cell phone cannot acquire a GPS link. There are GPS receivers at each cell site and they use the accurate timing from these to be able to triangulate your location from simple time-of-flight determination.
I am sure that patches are being worked on as I type but this is nasty stuff - the people trying these attacks should be banished to the lowest level of hacker hell - they should be confined to a 10' by 10' cell with a Commodore VIC-20 and dial-up service on a very noisy telephone liPHoyO7yoIbo7NklhnL098Gioiyi8t
NO CARRIER