Home / Blogs

More on Networks and Nationalization With Respect to Cyberwar

Suresh Ramasubramanian

As a follow up to Susan Brenner's Networks and Nationalization and my comment there, I will go further in this post and talk about the "cyberwar" and "offense" aspects of her article.

I think I made this point elsewhere as well… but before getting into a war, it'd be a brilliant idea to actually know that you can win.

Cyberwarfare is the sort of game where you don't really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win. Any teenager in his basement can control a botnet. And a botnet targeted at a poorly secured site will take it down, never mind whether the site belongs to the US government, or to the Iranians, or the Chinese, the Russians, Indians, etc. etc.

In other words probably the best way to go in a so-called "cyberwar" is defense. Harden your security. And make efforts to take down the sources of the DDoS or other attack as a way to mitigate it.

Not by breaking into it — that's not a good idea — it will very likely end up affecting an innocent party, and you might not even have taken out the actual source — given that a lot of botnet C&Cs are usually compromised hosts, controlled by a chain of proxies from god knows where else (connecting those dots is quite tough, when a botnet is done right).

Rather, by actually using the public private partnership you have, internationally, to work with upstream providers of the source to mitigate these attacks, work with the providers of your critical infrastructure's connectivity to filter attack sources etc. etc.

A textbook case of "how not to do this" — during the recent North Korea (!) DDOS: A vietnamese antivirus / security vendor, BKIS and their analysis said the command and control servers were in the UK — again, quite possibly compromised hosts were used for the C&C.

That turned into a "The UK, not North Korea, is behind this cyberattack" in the media. Which doesn't sound quite right to me.

Another interesting development in that case — it appears as if the (south) Korean CERT's emails to the APCERT community got released to a vietnamese newspaper by BKIS.

And then the CEO of BKIS says they've not done wrong by breaking into the UK based command and control servers for those bots, quoting a vietnamese law that says "agencies are entitled to take action on a cyberattack first and report it to the concerned agency afterwards". The concerned agency here would be the vietnamese CERT, I expect.

While that law is ambiguously worded, it is typically against the law, in most countries, such as the UK, to gain unauthorized access to a computer over the Internet. And long arm / extraterritorial enforcement of law is something that works according to certain fairly well defined rules and procedures . . . and besides that's something a government agency would do, dealing with its counterpart in the other country to rely on enforcement.

Not to mention that this law is being quoted to justify extra territorial action by what appears to be an antivirus vendor — a private industry — rather than a government agency. Which makes the situation even stranger.

These considerations all have to be kept in mind before any response to a cyberwar, or even a run of the mill DDoS attack, can be mitigated. In fact, given that the Estonia incident was quoted, the mitigation there was entirely private action. There was a RIPE meeting ongoing in Tallinn, and the people attending it were most of the network administrators that'd have to work together to mitigate the incoming attacks.

There's an interesting presentation from Hillar Aarelaid of the Estonian CERT, at a RIPE meeting, and an audiocast as well (at 38 minutes, in the mp3 below):

mp3 talk from Hillar Aarelaid,
http://www.ripe.net/ripe/meetings/ripe-54/podcasts/plenary-10.mp3 (mp3)

That was actually a textbook case of public private coordination, in real time, for mitigation of a cyberattack.

I don't see how or where nationalization of a country's networks is going to help at all. In fact the inevitably slower action that'd occur when there's a government agency in charge of the nation's networks would hinder rather than help efforts.

By Suresh Ramasubramanian, Antispam Operations

Related topics: Cyberattack, DDoS, Internet Governance, Policy & Regulation, Security, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Dyn Weighs In On Whois

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Sponsored Topics

Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services

DNS Security

Sponsored by


Sponsored by


Sponsored by