Never before have so many misrepresented so much about so little…
In all my years in the security industry I do not believe I have read more misinformation than the nonsense surrounding the recent DDoS attacks. Apparently North Korea is waging Cyber Warfare, or if not an actual all out cyberwar they are behind a targeted “cyber attack”.
Let’s look at what we know…
- Multiple US and South Korean websites fell victim to sustained distributed denial of service attacks (happens all the time)
- The DDoS attack used tens of thousands of compromised hosts (I have seen bigger)
- The compromised hosts appear to have been infected using well known and easily shielded against malware (What else is new?)
- The organizations that were impacted and had taken proper measures to defend against a DDoS were not materially impacted (At least someone was thinking ahead)
This is just business as usual on the Internet – nothing to see here folks – these DDoS attacks could have been just as easily launched by an awkward prepubescent child with about 2 years of computer experience as they could have come from a coordinated, state-sponsored, North Korean attempt to test our defenses.
Just so we are clear this is no more Cyber Warfare than me running to the Mexican border and throwing 10,000 apple pies at the Mexican Federales is a coordinated US invasion of Mexico.
Of course crazy trumps logic and media attention always gravitates towards crazy as the last week has shown us that the recent North Korean “Cyber attacks” are the yellow cake uranium of 2009
Rep. Peter Hoekstra (here) the lead Republican on the House Intelligence Committee wanted to show that you didn’t have to actually be intelligent to be a member of the House Intelligence Committee, in fact I think it is generally frowned upon.
A key Republican lawmaker on Thursday urged President Obama to launch a cyber attack against North Korea, or increase international sanctions against the communist country, in the wake of an unknown hacker’s denial-of-service attacks on U.S. and South Korean websites.
Hoekstra, speaking on the conservative America’s Morning News radio show, produced by the Washington Times newspaper, said that “some of the best people in America” had been investigating the attacks and concluded that most likely “all the fingers” point to North Korea as the culprit.
He added that North Korea needed to be “sent a strong message.”
Really? Seriously? you want us to attack a sovereign country run by a madman with nukes because you think they may have possibly been involved with causing some disruption to some externally facing websites, the Bush administration must have loved you Pete – what a douche!
Pete wasn’t alone though, Michael Malone felt that he needed to bring a little bit of that Rush Limbaugh style of calm, introspective and open minded analysis to the debate (here)
At what point do we decide that such assaults on our sovereignty, our institutions and our fellow citizens are unacceptable? When do we get out of our defensive crouch and actively go after governments that are attacking us through cyberspace? Will it be after a Web Pearl Harbor catches us by surprise and crashes our financial markets — or kills thousands of people trapped in computer-controlled transportation systems run amok, or in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators?
And long before then, why can’t we respond to such an attack by a foreign government not with bombs or missiles, but by crashing that country’s digital infrastructure? The worm turns, so to speak.
There is absolutely no proof that North Korea has done anything, and even if there were “proof” it’s validity would need to be scrutinized, but damn it “Cyberwar” is just about the sexiest thing to happen to computing since computing went mainstream and come hell or high water this event needs to be milked for all it’s worth. Anything is better than having to listen to yet another explanation about what cloud-computing is and isn’t.
In the mid-80s a made-for TV movie was released called “The Day After”, it was a dramatic, graphic and rather disturbing look at the effects of a nuclear attack on a Midwestern town in the heartland of the US. I propose a remake of this classic film but instead of a nuclear strike the inhabitants of a small Midwestern town must undergo the horrors of a full out Cyber attack.
Imagine a world with no goth porn, no LOLcatz, no fail blog, no email, no twitter, no you tube, no nothing…faced with the demise of all things digital the residents cope with the horror of learning to read the newspaper, shop at a brick and mortar and worst of all talk to each other face to face. It is chilling to think about and hopefully will serve as a stark reminder of the precarious situation we find ourselves in today.