Friday, July 10, 2009

Cyber-Attack Started July Fourth: Common Sense, Security, and the War on Terror

A distributed denial of service, or DDOS, attack on computers in South Korea and America started July 4, and may be coming to an end.

That's the good news.

The bad news is that, as of yesterday, it looked like people in South Korea and elsewhere whose computers had been used by whoever planned the attack may be losing their data today.

An article in yesterday's PCWorld says that the bots that infected tens of thousands of computers were programmed to "encrypt user data or reformat the hard drive of the PC." (PCWorld)

What's a bit sad about this situation is that apparently the computer users could have kept the malware from getting into their machines, or fixed the problem, by installing and updating anti-virus software.

I've been "lucky" this time - my machine doesn't seem to be one of those affected. I also have anti-virus software installed that updates itself a few times a day, on average: along with a set of anti-malware packages that should pick up what the 'perimeter defenses' miss.

Independence Day 2009 Cyber-Attack: Lone Hacker? North Korea? Good Question

The attacks started July Fourth and affected prominent websites in South Korea and America, including:
  • South Korea
    • The top-ranked news website
    • A leading online auction site
    • Electronic banking portals
    • The Ministry of National Defense
    • The president's website
    • The National Assembly's
    • A site for the U.S. Forces in Korea
      (PCWorld)
  • America
    • Departments of Transportation, State and Treasury
    • The White House (maybe)
    • The New York Stock Exchange
    • Yahoo
    • The Federal Trade Commission
      (ABC News)
The attack wasn't all that sophisticated.
"...In this case, the vehicle appears to have been a well-known software 'worm' that was reprogrammed -- and not particularly well, it seems -- for the task. Still, for all of its crudeness, the attack did work. In the U.S., some sites were down for as much as 24 hours. In South Korea, some remained crashed Thursday...." (ABC News)
The apparent lack of skill used in the attack could mean almost anything: that some kid with a computer decided to vandalize websites; or that a national agency somewhere wanted their attack to look like the work of a non-too-skilled loner.

An obvious culprit, from several points of view, is North Korea: but there's not much evidence to back up that assumption, it seems.

On the other hand, North Korea could be responsible for the recent attacks and the ones last year that came from servers in China.

We just don't know.

Hack Back? Maybe

An op-ed piece on the ABC News website, "Cyber-Terrorism and How We Should Respond," makes a valid point: almost all discussions of the latest cyber-attack that I saw take the same line as PCWorld's: the attack is the fault of the victims, who should have had better defenses.

There's some truth to that. Given the state of the Internet today, a robust anti-virus program, anti-malware programs, frequent updates and scans, and tight user protocols are necessary. If you don't want to have your computer in the shop at frequent intervals, at any rate.

But there's a problem with thinking strictly in terms of defense against attacks. Several, I think. The ABC News op-ed recognizes one:
"...The awful irony to all of this is that, having spent a generation now figuratively patting hackers on the heads for their crimes and telling them not to do it again, we seemed to have put ourselves into the trap of treating all such assaults as a form of victimless crime, a kind of practical joke perpetrated by people with more brains than sense...." (ABC News)
So far, so good. I don't think that a purely defensive posture is a good idea, except maybe on paper.

The author uses the homeowner comparison, pointing out that a determined thief, given time and tools, can get into any house: no mater what sort of security the owner has in place.

And, the op-ed offers a solution:
"...At what point do we decide that such assaults on our sovereignty, our institutions and our fellow citizens are unacceptable? When do we get out of our defensive crouch and actively go after governments that are attacking us through cyberspace? Will it be after a Web Pearl Harbor catches us by surprise and crashes our financial markets -- or kills thousands of people trapped in computer-controlled transportation systems run amok, or in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators?

"And long before then, why can't we respond to such an attack by a foreign government not with bombs or missiles, but by crashing that country's digital infrastructure? The worm turns, so to speak.

"Or will we decide once again that the fault was our own, that the perpetrators can't be identified anyway, and that what we really need are more robust cyber-security systems -- and pray that the next attack doesn't kill us, too? " (ABC News)
Something along those lines might work.

But, emotionally satisfying as the idea as, I think that retaliation - even assuming that, say, North Korea's leaders are responsible for the latest attack - using the same form of attack would run the risk of killing "...thousands of people ... in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators...." Without seriously affecting those responsible.

I rather hope that the author does not propose that the CIA hack into tens of thousands of computers across the globe for the purpose of overloading North Korea's websites.

An alternative to releasing malware and hoping for the best (I know: that's a bit unfair) would, I think, be to block servers from suspect countries from communicating with other servers in the rest of the world. With my limited understanding of the Internet, that wouldn't affect critical systems in the target country - apart from being isolated from services which provide time, weather, and other data - and would limit the effectiveness of future attacks to what they could physically move across the border.

It would be nice to have a world where most countries have stable economies and governments whose leaders have a vested interest in keeping their countries on good terms with others. That will make enforcement of reasonable legal sanctions against hackers possible.

Meanwhile, here in the real world, I think conditions even remotely resembling those are generations away. At best.

Bottom line: the ABC News op-ed has an important point. People whose computers are hacked are only a small part of the problem. Those who originate the attack need to be stopped: and a strictly defensive posture won't stop them.

Related posts: News and views:

No comments:

Unique, innovative candles


Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle Store

Blogroll

Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. 1 1 Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.