Perimeter

7/9/2009
11:55 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

DDoS Cyberwarfare Hurts Us All

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.(Full disclosure: I stayed away from this latest anecdotal DDoS story and so I know absolutely nothing about it. My comments are more generic, but that doesn't make them any less true, or this DDoS attack a cyberwar).

In information warfare, we may know who our rivals and enemies are, but we may not know who is attacking us. Unlike a real battlefield, we do not see the enemy in front of us. The enemy may be hiding behind someone else, attacking from their computers or completely anonymous. Pointing fingers can, in most cases, be based only on intelligence, not technical proof.

On the Internet, our opponent isn't necessarily a country, or even an organization. The cost of breaking into computer systems and launching attacks is minimal at best, which is one of the main reasons we have a cybercrime problem. Potentially, any kid (or person) with any affiliation can play on the international playing field of politics and economics. Anyone, anywhere.

With DDoS, the Internet gets hurt, not just the target. Collateral damage is the key phrase with DDoS: The source of the attack; the service providers along the way; the service provider for the target; other users at the target service provider; other users on the attacked site; and, of course, the user being targeted (who isn't necessarily even the target, but a victim whose site has been hacked).

This is why retaliatory DDoS, even if we know who to strike, is not the way to go. It hurts us, and it hurts the Internet.

The Internet is global. "No duh," you may say. We put our infrastructure where a kid across the world can reach it, and where we must rely on the help of others to protect us.

We have to realize that international cooperation is one of the main approaches to take. Some of us have achieved this for years now. Let's hope when governments get involved, they don't destroy the channels that already exist, but rather help formalize them.

The folly of military botnets: For deterrence, the other side needs to have something to lose. Retaliatory attacks or threats can only impact "the other side" if that side exists, has something to lose, or is afraid of losing it.

While Cold War-type deterrence is mutual, only the other side has power here. None of us can launch a DDoS without harming ourselves. The other side does not own the property it uses and abuses, which we would be attacking.

Do we really want to start a war we can't win, when we can't effectively even fight cybercrime?

What saves us so far is that we haven't annoyed too much the people with the power to destroy the Internet and the will to do so -- the Russian mob and its contemporaries. What saves us when we do annoy them is global incident response, which few people and organizations worldwide can achieve effectively at this point in time.

Such relationships are critical, and the Internet's future should not be based on my personal relationships along with some of my friends'. I'd like to see governments addressing how they can build upon these existing trust-based relations.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-8298
PUBLISHED: 2018-09-24
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
CVE-2018-14825
PUBLISHED: 2018-09-24
A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable...
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.