Home / Blogs

More on Networks and Nationalization With Respect to Cyberwar

Suresh Ramasubramanian

As a follow up to Susan Brenner's Networks and Nationalization and my comment there, I will go further in this post and talk about the "cyberwar" and "offense" aspects of her article.

I think I made this point elsewhere as well… but before getting into a war, it'd be a brilliant idea to actually know that you can win.

Cyberwarfare is the sort of game where you don't really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win. Any teenager in his basement can control a botnet. And a botnet targeted at a poorly secured site will take it down, never mind whether the site belongs to the US government, or to the Iranians, or the Chinese, the Russians, Indians, etc. etc.

In other words probably the best way to go in a so-called "cyberwar" is defense. Harden your security. And make efforts to take down the sources of the DDoS or other attack as a way to mitigate it.

Not by breaking into it — that's not a good idea — it will very likely end up affecting an innocent party, and you might not even have taken out the actual source — given that a lot of botnet C&Cs are usually compromised hosts, controlled by a chain of proxies from god knows where else (connecting those dots is quite tough, when a botnet is done right).

Rather, by actually using the public private partnership you have, internationally, to work with upstream providers of the source to mitigate these attacks, work with the providers of your critical infrastructure's connectivity to filter attack sources etc. etc.

A textbook case of "how not to do this" — during the recent North Korea (!) DDOS: A vietnamese antivirus / security vendor, BKIS and their analysis said the command and control servers were in the UK — again, quite possibly compromised hosts were used for the C&C.

That turned into a "The UK, not North Korea, is behind this cyberattack" in the media. Which doesn't sound quite right to me.

Another interesting development in that case — it appears as if the (south) Korean CERT's emails to the APCERT community got released to a vietnamese newspaper by BKIS.

And then the CEO of BKIS says they've not done wrong by breaking into the UK based command and control servers for those bots, quoting a vietnamese law that says "agencies are entitled to take action on a cyberattack first and report it to the concerned agency afterwards". The concerned agency here would be the vietnamese CERT, I expect.

While that law is ambiguously worded, it is typically against the law, in most countries, such as the UK, to gain unauthorized access to a computer over the Internet. And long arm / extraterritorial enforcement of law is something that works according to certain fairly well defined rules and procedures . . . and besides that's something a government agency would do, dealing with its counterpart in the other country to rely on enforcement.

Not to mention that this law is being quoted to justify extra territorial action by what appears to be an antivirus vendor — a private industry — rather than a government agency. Which makes the situation even stranger.

These considerations all have to be kept in mind before any response to a cyberwar, or even a run of the mill DDoS attack, can be mitigated. In fact, given that the Estonia incident was quoted, the mitigation there was entirely private action. There was a RIPE meeting ongoing in Tallinn, and the people attending it were most of the network administrators that'd have to work together to mitigate the incoming attacks.

There's an interesting presentation from Hillar Aarelaid of the Estonian CERT, at a RIPE meeting, and an audiocast as well (at 38 minutes, in the mp3 below):

mp3 talk from Hillar Aarelaid,
http://www.ripe.net/ripe/meetings/ripe-54/podcasts/plenary-10.mp3 (mp3)

That was actually a textbook case of public private coordination, in real time, for mitigation of a cyberattack.

I don't see how or where nationalization of a country's networks is going to help at all. In fact the inevitably slower action that'd occur when there's a government agency in charge of the nation's networks would hinder rather than help efforts.

By Suresh Ramasubramanian, Antispam Operations

Related topics: Cyberattack, Cybersecurity, DDoS, Internet Governance, Networks, Policy & Regulation, Telecom


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks