North Korea Cyber Scape Goat of the World

North Korean Cyber War

Never before have so many misrepresented so much about so little…

In all my years in the security industry I do not believe I have read more misinformation than the nonsense surrounding the recent DDoS attacks. Apparently North Korea is waging Cyber Warfare, or if not an actual all out cyberwar they are behind a targeted “cyber attack”.

Let’s look at what we know…

  • Multiple US and South Korean websites fell victim to sustained distributed denial of service attacks (happens all the time)
  • The DDoS attack used tens of thousands of compromised hosts (I have seen bigger)
  • The compromised hosts appear to have been infected using well known and easily shielded against malware (What else is new?)
  • The organizations that were impacted and had taken proper measures to defend against a DDoS were not materially impacted (At least someone was thinking ahead)

This is just business as usual on the Internet – nothing to see here folks – these DDoS attacks could have been just as easily launched by an awkward prepubescent child with about 2 years of computer experience as they could have come from a coordinated, state-sponsored, North Korean attempt to test our defenses.

Just so we are clear this is no more Cyber Warfare than me running to the Mexican border and throwing 10,000 apple pies at the Mexican Federales is a coordinated US invasion of Mexico. Continue reading

Fear and Loathing in Davos


Few things can evoke more uncertainty and doubt than fear (here)…

The threat of cybercrime is rising sharply, experts have warned at the World Economic Forum in Davos.

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they said.

On-line theft costs $1 trillion US dollars a year?  We have certainly come a long way since the Dark Avenger first crafted his polymorphic virus in the late 80’s but a $1 trillion a year? Seriously? Where the hell did the figure come from? To give you some perspective of size the total US GDP is about 14 trillion and that includes EVERYTHING.

But it gets worse…

“2008 was the year when cyber warfare began.. it showed that you can bring down a country within minutes,” one panelist said.

Cyber warfare began in 2008 – between which countries? It showed you can bring down a country within minutes? Seriously, bring down a country, really, are you kidding? Is this some kind of sick world economic forum humor or just sheer ignorance?

So people are unable to browse to youtube or update facebook, or download Goth porn, or make their way over to my blog and up my readership – these things are all terrible, no question, but bring down a country? I can hear the threats now “Either your country surrenders or we will DoS you back to 1995”, just doesn’t have the same kick as “bomb you back to the stone age” does it.

There is no question that we have a problem, the increased reliance on technology, the ubiquitous nature of broadband connectivity and more digital commerce all create an environment that will breed crime. I believe that awareness is important, people should understand the dynamics and risks inherent in this new digital environment, but FUD doesn’t work, it drives up hysteria and then it crashes into ambivalence, FUD is the drug of the security industry and apparently many are addicted.

US Military Seeks to Cyber Bomb Digital Combatants

The US Military is looking to cyber bomb digital enemy combatants (here) back to using an abacus, a stone tablet and some empty cans with string for calculations and communication.

The world has abandoned a fortress mentality in the real world, and we need to move beyond it in cyberspace. America needs a network that can project power by building an robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.

The DoD’s mission statement is essentially to enable and support the warfighter – they exist for no other purpose. The mission of the warfighter is to deliver sovereign options for the defense of the United States of America and its global interests. It is quite natural for this enablement and support to extend beyond physical domains in a world with an increasing reliance on digital, satellite, and radio communications.

This recent RFP for a “Dominant Cyber Offensive Engagement and Supporting Technology” from the US AirFforce (here) details the requirements for a highly-sophisticated, stealthy, botnet with rootkit functionality. I have no doubt that the US military will implement and develop such a system. The question is can the US military effectively fight a cyberwar against a highly-distributed, disorganized, and undefined advesary?

One of the major challenges of the US Military in implementing effective offensive computing technologies is the same challenge we face in fighting terrorism today in the physical world. It is extremely difficult to attack a highly distributed enemy with loose or no central command and control structures. An army of independent combatants, connected only through a common ideology, taxes a military that has been optimized to defeat traditionally organized and centrally managed armies.

The challenge extends to cyber warfare as well in a even more exaggerated way. Cyber attacks against our national infrastructure are difficult to prove as state-sponsored, additionally the attackers can use spoofed IP addresses or route through compromised machines located in the US . Chinese backed hackers, for example, can work independent of the military and political establishments and in doing so present a radically different set of problems to the US Military which tends to suffer in effectiveness when the enemy is not clearly defined.

Additionally this method of decentralized warfare allows our enemies a many to one relationship in attacking the US. The US, on the other hand, is challenged by a one to many relationship with our attackers. Put another way, it is quite simple to develop weapons that can kill an elephant moving slowly through a savanna, but much more difficult to eliminate mosquitoes throughout the jungles of Southeast Asia, while limiting collateral damage to the butterfly population. This forces the US into a continual defensive or reactive posture that keeps us struggling to keep up with our current enemies tactics.

You should also read this post from Dancho Danchev (here)

The bottom line – why put efforts into building something that would generate a lot of negative publicity and might never materialize, when you can basically outsource the process and have the capability provided on demand? Just like the bad guys who do not have access to botnets do by using botnets as a service?