A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.(Full disclosure: I stayed away from this latest anecdotal DDoS story and so I know absolutely nothing about it. My comments are more generic, but that doesn't make them any less true, or this DDoS attack a cyberwar).
In information warfare, we may know who our rivals and enemies are, but we may not know who is attacking us. Unlike a real battlefield, we do not see the enemy in front of us. The enemy may be hiding behind someone else, attacking from their computers or completely anonymous. Pointing fingers can, in most cases, be based only on intelligence, not technical proof.
On the Internet, our opponent isn't necessarily a country, or even an organization. The cost of breaking into computer systems and launching attacks is minimal at best, which is one of the main reasons we have a cybercrime problem. Potentially, any kid (or person) with any affiliation can play on the international playing field of politics and economics. Anyone, anywhere.
With DDoS, the Internet gets hurt, not just the target. Collateral damage is the key phrase with DDoS: The source of the attack; the service providers along the way; the service provider for the target; other users at the target service provider; other users on the attacked site; and, of course, the user being targeted (who isn't necessarily even the target, but a victim whose site has been hacked).
This is why retaliatory DDoS, even if we know who to strike, is not the way to go. It hurts us, and it hurts the Internet.
The Internet is global. "No duh," you may say. We put our infrastructure where a kid across the world can reach it, and where we must rely on the help of others to protect us.
We have to realize that international cooperation is one of the main approaches to take. Some of us have achieved this for years now. Let's hope when governments get involved, they don't destroy the channels that already exist, but rather help formalize them.
The folly of military botnets: For deterrence, the other side needs to have something to lose. Retaliatory attacks or threats can only impact "the other side" if that side exists, has something to lose, or is afraid of losing it.
While Cold War-type deterrence is mutual, only the other side has power here. None of us can launch a DDoS without harming ourselves. The other side does not own the property it uses and abuses, which we would be attacking.
Do we really want to start a war we can't win, when we can't effectively even fight cybercrime?
What saves us so far is that we haven't annoyed too much the people with the power to destroy the Internet and the will to do so -- the Russian mob and its contemporaries. What saves us when we do annoy them is global incident response, which few people and organizations worldwide can achieve effectively at this point in time.
Such relationships are critical, and the Internet's future should not be based on my personal relationships along with some of my friends'. I'd like to see governments addressing how they can build upon these existing trust-based relations.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio