Home / Blogs

In Response to Offensive Destruction of Attack Assets

By Russ White Infrastructure Architect at Juniper Networks

It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to “do something.” The something that seems to be emerging is, however, not necessarily the best possible “something.” Specifically, governments are now talking about attempting to “wipe out” the equipment used in attacks —

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks. “We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” Maassen said. — Reuters / 4 May 2017

“Wiping out” (destroying?) a server because the owner cannot ensure the server will be used in a way the government agrees with—sounds like a good idea, right? And how do we make certain such laws are not extended to destroy the servers of those who host “hate speech” and “fake news” at some point in the future? Will we have server burnings to match the printing press burnings of yesteryear (like this, or this, or this).

What if the owner of that server is actually the proud owner of a newly minted “connected” television set or toaster, and who does not know enough about technology to secure the device properly? Is it okay to “wipe out” the server then?

The obvious answer to such objections is that the capability to “wipe out a server” will only be used when authorized through the proper channels. Scope creep, however, is always real, and people who work for the government are still people who have desires and fears, and who make mistakes.

Maybe being able to “wipe out” a server remotely, and break into third party networks to erase data you don’t think they should have, is all justified. But there seems to be some dangerous precedent being set here, and this story will not end in a happy place for anyone on the Internet.

By Russ White, Infrastructure Architect at Juniper Networks

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

View All Topics