Cyber Attack

Deterring a Cyber Attack? Dream On...

By Noah Shachtman

Michael Tanji spent nearly 20 years in the U.S. intelligence community.  He regularly blogs at Haft of the Spear. 

Can an attack of 1s and 0s be deterred, like a strike with tanks or missiles or bombs? That's what Paul Kurtz - cyber security veteran of both the Clinton and Bush administrations - seems to think. Me, I'm not so sure.

Speaking at the Black Hat DC security conference yesterday, Kurtz reiterated key points that old hands in the computer security field will find familiar, namely: for all of the organizations we've stood up and policies we have put in place, we're still not all that prepared to deal with a sufficiently widespread or destructive cyber attack:

The United States is unprepared to respond to a cyber-Katrina or cyberwarfare attack and must consider three hot-button issues as the new administration formulates its cybersecurity strategy: the role of the intelligence community, cyberweapons deployment, and who should be in charge of the nation's response to a cyberattack…

Kurtz's approach to the problem would involve an increased level of involvement of intelligence agencies, a corresponding increase in intelligence agency oversight (to avoid abuse), fusion between commercial and governmental data on suspicious activity and attacks, and a national-level center to coordinate activities.

Kurtz says cyberweapons require a deterrence policy, and to successfully deter an attack, you first need a capability to trace the origin of the attack. "I would argue that we need an active capability to trace back attacks," which requires the collaboration among industry, law enforcement, and the intelligence community, he said. Then cyberweapons can be developed and potentially used to "suppress the use of kinetic weaponry."

GREAT ARTICLE:

SOURCE:

XXXXXXXXXXXXXXX

We have been warning about a threat to the entire WWW.

Cyber Apocalypse pending

October 22 2002 Nine of the internet's 13 "root DNS" servers are disabled in a massive attack by a bot herder advertising his services, and done by mistake.

A pearl harbor cyber attack.

CYBERWARS's Pearl Harbour

How the web could be shut down and highlighted proof of 

concepts.

 Its comming.

The paradigm they are discussing, Kurtz's approach is

too narrow and under focused.

We have been flagging a threat to the entire WWW.

How the web could be shut down and highlighted proof of 

concepts.

Our threat matrix looks something like:

1) China THE MANCHURIAN MICROCHIP

2) Russia and the Russian Business Net

4) China's bots

4) Organized Criminal Id theft gangs  Terrorists: Credit Card Fraud ...

5) Spam bots. dos attacks

5) Non state actors, Terrorist hackers

Desk threat matrix:

1) The fight goes right down to the Metal on your PC, hardware.

2) Then the programing items, rootkits, trojans software

3) Then the people: wetware. 

Our cyber attack matrix is extensive and we haven't left the Desk yet.

Off the desk threats; 

1) SLQ injections, 

2) exploits, 

3) social engeering,

4) malware, trojans, 

5) rootkits, bots, virus, 

6) other vectors of penetration.

Infected PC's rampant

Vendor Security programs cannot protect a PC connected to the WWW

today against penetration and invisible take over.

And against that threat matrix we ask the question:

"Can an attack of 1s and 0s be deterred, like a strike with tanks or missiles or bombs?"

Yes; but they imply that they want to track down the perp and attack him during the attack.

Their paradigm is twisted, they suggest that the PC's doing an DOS attack that have been turned 

into bots, shouldn't be attacked, but the operators of the bots should be tracked and atacked.

So The swat team can't take out a sniper they have to find the owner of the buliding, and then

track the man that hired the sniper and take him out.

If your PC is turned into a bot, you should expect it to be taken out at least temporraly.

As a self defense, offensive measure. "Take out the Bots."

If someone picks up your gun and starts shooting, nothing is gonna happen?

If someone seizes your PC and attacks the US Government NETWORK, NOTHING DOES HAPPEN.

THATS NOT A DETERENT...

Part of the question is Psychological 

And implys a counter threat strong enough to deter an attack.

Currently USA is the one of the softest targets.

Not much happens if you try and hack the Government networks.

Could a force with cyber weapons have enough threat to be a deterrent?

YES but you have to display that force, take down a herd of 1 million bots,

shutting all those PC's off for 24 hrs.

What cyber weapons are they talking about?

We have officers with cyber side arms and a cyber heavy Weapons squad.

But will taking down a million bots deter them.

Now thats not going to deter the Bot herder? is it? But it willl get

better security installed on those PC's and get many of the Bots removed

by the owners.

And if a bot herder looses a million bots from attacking a US Network,

because the PC owners getting their pcs shut down, they will remove the bots,

that WILL deter the Herders.

Yes that is do able. If the Gov is prepares in advance.

Thinking outside the box and outside the room.

Its a chess game, set traps, triggers, Large heavy duty IT teams with access to 

super computers.

Countering a bot DOS attack with a counter bot DOS attack can be productive,

but at some point bot counter attacks will just contribute to taking down the 

WWW.

The other big concern are the inactive bot farms and right now the Gov.

response is a reactionary response, relpete with heavy investment in HR

to investigate attack.

There is a working paradigm to employ a method that just turns the Bot farms PCs off.

All the bots in that farm involoved in the attack are shut off.

There have been some interesting paradigm developements, First, I think it was the Army with a 

cyber division then the Air Force and they both quit, sounds like a turf war with NSA.

The cyber attack and counter attack paradigms are like something out of a cyber war movie,

cool stuff, do able, but either the will is lacking or NSA already has it covered.

The Military still need their own cyber offensive capabilities, if only as a back up to NSA.

If NSA is on top of it the WWW will not go down on first attempt, but after that its all

paradigms and context. A second response attack will be based on new Intel and known defenses.

A sucessfull second strike will be a tremondus force multiplier. 

This battle will be for the survial of modern Internet dependent countries.

What if the WWW went down?

The paradigm suggests the battle will center around shutting down PC's and activating

huge bot farms, co ordinating Dos bot attacks against the Internet cores.

Perdoic Internet outages, the first around 12 hrs down time then getting progressively

longer streaching into days and weeks maybe even months.

As the WWW is brought back up it automaticly engages the huge bot farms and DOS

attacks on the core, taking it back down again.

This is one NSA has to have right, and adjust paradigms and context as the battle develops.

If the second strike belongs to the USA then they will have won the battle.

Paradigm suggests expected first strike against the WWW 3 to 5 years based upon players and 

curent capabilities.

Gerald

Tactical Internet Systems analyst

.