Perimeter

7/9/2009
11:55 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

DDoS Cyberwarfare Hurts Us All

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.(Full disclosure: I stayed away from this latest anecdotal DDoS story and so I know absolutely nothing about it. My comments are more generic, but that doesn't make them any less true, or this DDoS attack a cyberwar).

In information warfare, we may know who our rivals and enemies are, but we may not know who is attacking us. Unlike a real battlefield, we do not see the enemy in front of us. The enemy may be hiding behind someone else, attacking from their computers or completely anonymous. Pointing fingers can, in most cases, be based only on intelligence, not technical proof.

On the Internet, our opponent isn't necessarily a country, or even an organization. The cost of breaking into computer systems and launching attacks is minimal at best, which is one of the main reasons we have a cybercrime problem. Potentially, any kid (or person) with any affiliation can play on the international playing field of politics and economics. Anyone, anywhere.

With DDoS, the Internet gets hurt, not just the target. Collateral damage is the key phrase with DDoS: The source of the attack; the service providers along the way; the service provider for the target; other users at the target service provider; other users on the attacked site; and, of course, the user being targeted (who isn't necessarily even the target, but a victim whose site has been hacked).

This is why retaliatory DDoS, even if we know who to strike, is not the way to go. It hurts us, and it hurts the Internet.

The Internet is global. "No duh," you may say. We put our infrastructure where a kid across the world can reach it, and where we must rely on the help of others to protect us.

We have to realize that international cooperation is one of the main approaches to take. Some of us have achieved this for years now. Let's hope when governments get involved, they don't destroy the channels that already exist, but rather help formalize them.

The folly of military botnets: For deterrence, the other side needs to have something to lose. Retaliatory attacks or threats can only impact "the other side" if that side exists, has something to lose, or is afraid of losing it.

While Cold War-type deterrence is mutual, only the other side has power here. None of us can launch a DDoS without harming ourselves. The other side does not own the property it uses and abuses, which we would be attacking.

Do we really want to start a war we can't win, when we can't effectively even fight cybercrime?

What saves us so far is that we haven't annoyed too much the people with the power to destroy the Internet and the will to do so -- the Russian mob and its contemporaries. What saves us when we do annoy them is global incident response, which few people and organizations worldwide can achieve effectively at this point in time.

Such relationships are critical, and the Internet's future should not be based on my personal relationships along with some of my friends'. I'd like to see governments addressing how they can build upon these existing trust-based relations.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15137
PUBLISHED: 2018-07-16
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2017-17541
PUBLISHED: 2018-07-16
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVE-2018-1046
PUBLISHED: 2018-07-16
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow ...
CVE-2018-10840
PUBLISHED: 2018-07-16
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10857
PUBLISHED: 2018-07-16
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.