Home / Blogs

More on Networks and Nationalization With Respect to Cyberwar

Suresh Ramasubramanian

As a follow up to Susan Brenner's Networks and Nationalization and my comment there, I will go further in this post and talk about the "cyberwar" and "offense" aspects of her article.

I think I made this point elsewhere as well… but before getting into a war, it'd be a brilliant idea to actually know that you can win.

Cyberwarfare is the sort of game where you don't really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win. Any teenager in his basement can control a botnet. And a botnet targeted at a poorly secured site will take it down, never mind whether the site belongs to the US government, or to the Iranians, or the Chinese, the Russians, Indians, etc. etc.

In other words probably the best way to go in a so-called "cyberwar" is defense. Harden your security. And make efforts to take down the sources of the DDoS or other attack as a way to mitigate it.

Not by breaking into it — that's not a good idea — it will very likely end up affecting an innocent party, and you might not even have taken out the actual source — given that a lot of botnet C&Cs are usually compromised hosts, controlled by a chain of proxies from god knows where else (connecting those dots is quite tough, when a botnet is done right).

Rather, by actually using the public private partnership you have, internationally, to work with upstream providers of the source to mitigate these attacks, work with the providers of your critical infrastructure's connectivity to filter attack sources etc. etc.

A textbook case of "how not to do this" — during the recent North Korea (!) DDOS: A vietnamese antivirus / security vendor, BKIS and their analysis said the command and control servers were in the UK — again, quite possibly compromised hosts were used for the C&C.

That turned into a "The UK, not North Korea, is behind this cyberattack" in the media. Which doesn't sound quite right to me.

Another interesting development in that case — it appears as if the (south) Korean CERT's emails to the APCERT community got released to a vietnamese newspaper by BKIS.

And then the CEO of BKIS says they've not done wrong by breaking into the UK based command and control servers for those bots, quoting a vietnamese law that says "agencies are entitled to take action on a cyberattack first and report it to the concerned agency afterwards". The concerned agency here would be the vietnamese CERT, I expect.

While that law is ambiguously worded, it is typically against the law, in most countries, such as the UK, to gain unauthorized access to a computer over the Internet. And long arm / extraterritorial enforcement of law is something that works according to certain fairly well defined rules and procedures . . . and besides that's something a government agency would do, dealing with its counterpart in the other country to rely on enforcement.

Not to mention that this law is being quoted to justify extra territorial action by what appears to be an antivirus vendor — a private industry — rather than a government agency. Which makes the situation even stranger.

These considerations all have to be kept in mind before any response to a cyberwar, or even a run of the mill DDoS attack, can be mitigated. In fact, given that the Estonia incident was quoted, the mitigation there was entirely private action. There was a RIPE meeting ongoing in Tallinn, and the people attending it were most of the network administrators that'd have to work together to mitigate the incoming attacks.

There's an interesting presentation from Hillar Aarelaid of the Estonian CERT, at a RIPE meeting, and an audiocast as well (at 38 minutes, in the mp3 below):

mp3 talk from Hillar Aarelaid,
http://www.ripe.net/ripe/meetings/ripe-54/presentations/friday.html
http://www.ripe.net/ripe/meetings/ripe-54/podcasts/plenary-10.mp3 (mp3)

That was actually a textbook case of public private coordination, in real time, for mitigation of a cyberattack.

I don't see how or where nationalization of a country's networks is going to help at all. In fact the inevitably slower action that'd occur when there's a government agency in charge of the nation's networks would hinder rather than help efforts.

By Suresh Ramasubramanian, Architect, Antispam and Compliance

Related topics: Cyberattack, DDoS, Internet Governance, Policy & Regulation, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics