Home / Blogs

More on Networks and Nationalization With Respect to Cyberwar

As a follow up to Susan Brenner’s Networks and Nationalization and my comment there, I will go further in this post and talk about the “cyberwar” and “offense” aspects of her article.

I think I made this point elsewhere as well… but before getting into a war, it’d be a brilliant idea to actually know that you can win.

Cyberwarfare is the sort of game where you don’t really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win. Any teenager in his basement can control a botnet. And a botnet targeted at a poorly secured site will take it down, never mind whether the site belongs to the US government, or to the Iranians, or the Chinese, the Russians, Indians, etc. etc.

In other words probably the best way to go in a so-called “cyberwar” is defense. Harden your security. And make efforts to take down the sources of the DDoS or other attack as a way to mitigate it.

Not by breaking into it—that’s not a good idea—it will very likely end up affecting an innocent party, and you might not even have taken out the actual source—given that a lot of botnet C&Cs are usually compromised hosts, controlled by a chain of proxies from god knows where else (connecting those dots is quite tough, when a botnet is done right).

Rather, by actually using the public private partnership you have, internationally, to work with upstream providers of the source to mitigate these attacks, work with the providers of your critical infrastructure’s connectivity to filter attack sources etc. etc.

A textbook case of “how not to do this”—during the recent North Korea (!) DDOS: A vietnamese antivirus / security vendor, BKIS and their analysis said the command and control servers were in the UK—again, quite possibly compromised hosts were used for the C&C.

That turned into a “The UK, not North Korea, is behind this cyberattack” in the media. Which doesn’t sound quite right to me.

Another interesting development in that case—it appears as if the (south) Korean CERT’s emails to the APCERT community got released to a vietnamese newspaper by BKIS.

And then the CEO of BKIS says they’ve not done wrong by breaking into the UK based command and control servers for those bots, quoting a vietnamese law that says “agencies are entitled to take action on a cyberattack first and report it to the concerned agency afterwards”. The concerned agency here would be the vietnamese CERT, I expect.

While that law is ambiguously worded, it is typically against the law, in most countries, such as the UK, to gain unauthorized access to a computer over the Internet. And long arm / extraterritorial enforcement of law is something that works according to certain fairly well defined rules and procedures . . . and besides that’s something a government agency would do, dealing with its counterpart in the other country to rely on enforcement.

Not to mention that this law is being quoted to justify extra territorial action by what appears to be an antivirus vendor—a private industry—rather than a government agency. Which makes the situation even stranger.

These considerations all have to be kept in mind before any response to a cyberwar, or even a run of the mill DDoS attack, can be mitigated. In fact, given that the Estonia incident was quoted, the mitigation there was entirely private action. There was a RIPE meeting ongoing in Tallinn, and the people attending it were most of the network administrators that’d have to work together to mitigate the incoming attacks.

There’s an interesting presentation from Hillar Aarelaid of the Estonian CERT, at a RIPE meeting, and an audiocast as well (at 38 minutes, in the mp3 below):

mp3 talk from Hillar Aarelaid,
http://www.ripe.net/ripe/meetings/ripe-54/podcasts/plenary-10.mp3 (mp3)

That was actually a textbook case of public private coordination, in real time, for mitigation of a cyberattack.

I don’t see how or where nationalization of a country’s networks is going to help at all. In fact the inevitably slower action that’d occur when there’s a government agency in charge of the nation’s networks would hinder rather than help efforts.

By Suresh Ramasubramanian, Antispam Operations

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

New TLDs

Sponsored byRadix


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global