Here we are at the end of first quarter 2013. How goes the cyber war? Are we winning? Can we announce a withdrawal anytime soon?
The US Civil War was 150 years ago. There was a clear enemy and a clear end, at least to the military and governments involved directly and indirectly. Almost always you could recognize the enemy; they wore uniforms. There were, of course, exceptions like spies under a variety of terminology, but they were a very small percentage of the total fighters involved. Seventy-five years ago in World War II, it was very much the same. Vietnam provided a different model of asynchronous warfare. When you try to take big military organizations against enemies composed of individuals and small groups with a loose affiliation, your biggest problem is separating the enemy from the general population. Even if the majority of the “general population” is in fact trying to destroy you, including women and children, you lose in the public opinion and press theater when you hurt “innocents.”
We have tried to win the “hearts and minds” of countries harboring significant numbers of enemy agents. These people want to destroy our culture, finances and government. We, and others before us, have failed to win those wars. Usually, the losing side simply declares victory and wanders off. The fighting continues, sometimes not really impacting us every day, but the war goes on.
In addition to the guns and bombs crowd, we are increasingly being attacked via cyber warfare. In some cases, the same groups are attacking us with both guns and computers. Conspiracy theorists are probably having a great time explaining how activist groups, identity thieves, religious groups and governments are working together. While I think all of these groups really are individually “out to get us,” they often can’t even get their own activities coordinated let alone work with different groups with different rationalizations.
Two BBC articles in the past week give an indication of “how goes the war.”
The UK government is launching a new initiative to fight cyber threats. It includes experts from GCHQ, MI5, police and business. These experts will create a secure web-portal to allow access to shared information in real time. Visualize a secure Facebook, if you can.
MI5 is the British intelligence agency working to protect against threats such as terrorism and espionage. Like the difference between the US agencies FBI and CIA, MI5 deals with threats inside the UK and MI6 deals with threats outside of the UK. James Bond belongs to MI6.
GCHQ is the Government Communications Headquarters, a British intelligence agency responsible for providing signals intelligence and information assurance to the UK government and military forces. GCHQ has been around for a long time, originally established after World War I. At this point it works to secure the communications and information systems of the UK government and critical parts of UK national infrastructure. GCHQ is also the organization that recently admitted to emailing plain text password to people who register on its careers web pages, violating a number of best practices on password management. As I post this, the official GCHQ web site has been “currently unavailable” while “undergoing routine planned maintenance” for over 24 hours.
Throughout history, human kind has developed forts and cannon. The stick is a cannon. The shield is a fort. When someone builds a better cannon, others will build a better fort. Sometimes for centuries one side or the other is more effective. Against a persistent enemy, the fort has to win every time; the cannon only has to win once.
This UK initiative is part of the fort mentality. “Let’s put our heads together and figure out how to stop these <insert appropriate word here>!” Other governments, including the US, have built similar organizations. Most often as forts, sometimes as cannons.
As often happens with governments, it is amazing how fast they can work to solve important problems. After all, the cyber war has been going on for only a little more than 30 years. See Clifford Stoll’s The Cuckoo’s Egg for an early victory in 1989, primarily because Stoll fought like a cannon, not a fort.
I am guessing that this “secure web-portal” will become a frequent attack point for the UK’s cyber enemies.
The second article is about “the biggest attack in history” against the Internet. This turns out to be a disagreement between two organizations that is having an impact on services like Netflix, and could easily expand to impact banking and email systems. At least five national cyber defense forces are investigating the attacks.
What is the disagreement about? The two protagonists are a spam fighting organization and a popular commercial web site hosting firm, both well known and established organizations.
Spamhaus “tracks the Internet’s spam senders and spam services, provides dependable real-time and anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.” Sounds like one of the good guys. One of their prime weapons is the “blocklist” – a list of “bad” web sites. You can set up your browser to not allow access to any blocklisted web site. Companies can set up their company-wide edge defenses to prevent anyone in the company from accessing any blocklisted web site.
Cyberbunker is a Dutch web hosting company that claims to provide “your bullet proof datacenter … secure, reliable, untouchable, online.” Like hundreds of other companies around the world, they are a Cloud Service Provider (CSP) providing the benefits of Cloud Computing to hundreds if not thousands of companies and other organizations. Cyberbunker brags that it will host anything with the exception of child pornography or terrorism-related material. Also, sounds like one of the good guys.
Spamhaus added some of Cyberbunker’s customer’s sites to their blocklist. Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said that Spamhaus was abusing its position, and should not be allowed to decide what goes and does not go on the Internet. Spamhaus has alleged that Cyberbunker, in cooperation with criminal gangs in Eastern Europe and Russia is behind this distributed denial of service (DDoS) attack.
So, two bullies fighting in an alley; why should we care? We need to care because this attack is impacting other companies and government agencies, and like poison gas, these kinds of attacks are hard to contain. By the very nature of the design of the Internet, they easily leak out and impact nearby “innocents,” and everything is “nearby” on the Internet.
Arbor Networks, a US firm which specializes in protecting against DDoS attacks said it was the biggest attack they had ever seen, three times bigger than the previous largest (in 2010) according to Dan Holden, Arbor Networks director of security research.
This attack should raise two concerns: the attack itself, and the question Cyberbunker asked about who should control content on the Internet. Countries, like China, have fairly successfully restricted Internet access inside their country. Other countries, like the US, routinely monitor the Internet for “restricted words” potentially scaring people into limiting their own Internet activities. The US might claim this is part of “protecting the people of the US against terrorists attacks,” but the line between protecting the people and protecting the government (as China is trying to do) is very hard to define. I would certainly hate to think of anyone like New York Mayor Mike Bloomberg (of large soda drink “fame”) being in charge of what you could do on the Internet.
The last word:
Two things to remember:
- In the end, the cannons always win over forts. No war is won by defense.
- “Rules of war” have no value. No war has ever been won by playing by the rules. Any nation that insists on playing by the rules will lose when opposed by a force that does not care about rules.
In my view, this war is going very badly. What do you think?
Keep your sense of humor.