Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/9/2009
11:55 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

DDoS Cyberwarfare Hurts Us All

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.(Full disclosure: I stayed away from this latest anecdotal DDoS story and so I know absolutely nothing about it. My comments are more generic, but that doesn't make them any less true, or this DDoS attack a cyberwar).

In information warfare, we may know who our rivals and enemies are, but we may not know who is attacking us. Unlike a real battlefield, we do not see the enemy in front of us. The enemy may be hiding behind someone else, attacking from their computers or completely anonymous. Pointing fingers can, in most cases, be based only on intelligence, not technical proof.

On the Internet, our opponent isn't necessarily a country, or even an organization. The cost of breaking into computer systems and launching attacks is minimal at best, which is one of the main reasons we have a cybercrime problem. Potentially, any kid (or person) with any affiliation can play on the international playing field of politics and economics. Anyone, anywhere.

With DDoS, the Internet gets hurt, not just the target. Collateral damage is the key phrase with DDoS: The source of the attack; the service providers along the way; the service provider for the target; other users at the target service provider; other users on the attacked site; and, of course, the user being targeted (who isn't necessarily even the target, but a victim whose site has been hacked).

This is why retaliatory DDoS, even if we know who to strike, is not the way to go. It hurts us, and it hurts the Internet.

The Internet is global. "No duh," you may say. We put our infrastructure where a kid across the world can reach it, and where we must rely on the help of others to protect us.

We have to realize that international cooperation is one of the main approaches to take. Some of us have achieved this for years now. Let's hope when governments get involved, they don't destroy the channels that already exist, but rather help formalize them.

The folly of military botnets: For deterrence, the other side needs to have something to lose. Retaliatory attacks or threats can only impact "the other side" if that side exists, has something to lose, or is afraid of losing it.

While Cold War-type deterrence is mutual, only the other side has power here. None of us can launch a DDoS without harming ourselves. The other side does not own the property it uses and abuses, which we would be attacking.

Do we really want to start a war we can't win, when we can't effectively even fight cybercrime?

What saves us so far is that we haven't annoyed too much the people with the power to destroy the Internet and the will to do so -- the Russian mob and its contemporaries. What saves us when we do annoy them is global incident response, which few people and organizations worldwide can achieve effectively at this point in time.

Such relationships are critical, and the Internet's future should not be based on my personal relationships along with some of my friends'. I'd like to see governments addressing how they can build upon these existing trust-based relations.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.
CVE-2019-6659
PUBLISHED: 2019-11-15
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.