Nato warns of strike against cyber attackers
From the NetSec mailing list...
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
June 6, 2010 Nato warns of strike against cyber attackers Michael Smith and Peter Warren
NATO is considering the use of military force against enemies who launch cyber attacks on its member states.
The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China.
A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country ³may well come down a fibre-optic cable².
A report by Albright¹s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.
Article 5 is the cornerstone of the 1949 Nato charter, laying down that ³an armed attack² against one or more Nato countries ³shall be considered an attack against them all².
It was the clause in the charter that was invoked following the September 11 attacks to justify the removal of the Taliban regime in Afghanistan.
Nato is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked.
The organisation¹s lawyers say that because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties.
Eneken Tikk, a lawyer at Nato¹s cyber defence centre in Estonia, said it would be enough to invoke the mutual defence clause ³if, for example, a cyber attack on a country¹s power networks or critical infrastructure resulted in casualties and destruction comparable to a military attack².
Nato heads of government are expected to discuss the potential use of military force in response to cyber attacks at a summit in Lisbon in November that will debate the alliance¹s future. General Keith Alexander, head of the newly created US cyber command, said last week there was a need for ³clear rules of engagement that say what we can stop².
The concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat. Russian hackers have been blamed for an attack against Estonia in April and May of 2007 which crippled government, media and banking communications and internet sites.
They also attacked Georgian computer systems during the August 2008 invasion of the country, bringing down air defence networks and telecommunications systems belonging to the president, the government and banks.
Alexander disclosed last week that a 2008 attack on the Pentagon¹s systems, believed to have been mounted by the Chinese, successfully broke through into classified areas.
Britain¹s Joint Intelligence Committee cautioned last year that Chinese-made parts in the BT phone network could be used to bring down systems running the country¹s power and food supplies.
Some experts have warned that it is often hard to establish government involvement. Many Russian attacks, for example, have been blamed on the Russian mafia. The Kremlin has consistently refused to sign an international treaty banning internet crime.
Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now: hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000 So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations... -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations...
We have a large supply of tin hats on stock ... My .02
Jorge Amodio wrote:
So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations...
We have a large supply of tin hats on stock ...
My .02
All humor aside, I'm curious to know what can anyone truly do at the end of the day if say a botnet was used to instigate a situation. Surely someone would have to say something to the tune of "better now than never" to implement BCP filtering on a large scale. Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more ?) is 7 years old yet I wonder in practice, how many networks have 38/84 filtering. I'm wondering why it hasn't been implemented off the shelf in some of the newer equipment. This is not to say "huge backbones" should have it, but think about it, if smaller networks implemented it from the rip, the overheard wouldn't hurt that many of the bigger guys. On the contrary, my theory is it would save them headaches in the long run... Guess that's a pragmatic approach. Better that than an immediate pessimistic one. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
On 2010-06-08 13:03, J. Oquendo wrote:
Jorge Amodio wrote:
All humor aside, I'm curious to know what can anyone truly do at the end of the day if say a botnet was used to instigate a situation. Surely someone would have to say something to the tune of "better now than never" to implement BCP filtering on a large scale. Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more ?) is 7 years old yet I wonder in practice, how many networks have 38/84 filtering. I'm wondering why it hasn't been implemented off the shelf in some of the newer equipment. This is not to say "huge backbones" should have it, but think about it, if smaller networks implemented it from the rip, the overheard wouldn't hurt that many of the bigger guys. On the contrary, my theory is it would save them headaches in the long run... Guess that's a pragmatic approach. Better that than an immediate pessimistic one.
The bots don't need to spoof source addresses... and therefore the filtering associated with preventing that while a solid belt and suspenders exercise is by no means a panacea.
So let's say a cyber-attack originates from Chinese script kiddie. Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here? There's no mention in the article about any kind of electronic response to the attack. -----Original Message----- From: J. Oquendo [mailto:sil@infiltrated.net] Sent: Tuesday, June 08, 2010 3:08 PM To: nanog@merit.edu Subject: Nato warns of strike against cyber attackers
From the NetSec mailing list...
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
June 6, 2010 Nato warns of strike against cyber attackers Michael Smith and Peter Warren
NATO is considering the use of military force against enemies who launch cyber attacks on its member states.
The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China.
A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country ³may well come down a fibre-optic cable².
A report by Albright¹s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.
Article 5 is the cornerstone of the 1949 Nato charter, laying down that ³an armed attack² against one or more Nato countries ³shall be considered an attack against them all².
It was the clause in the charter that was invoked following the September 11 attacks to justify the removal of the Taliban regime in Afghanistan.
Nato is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked.
The organisation¹s lawyers say that because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties.
Eneken Tikk, a lawyer at Nato¹s cyber defence centre in Estonia, said it would be enough to invoke the mutual defence clause ³if, for example, a cyber attack on a country¹s power networks or critical infrastructure resulted in casualties and destruction comparable to a military attack².
Nato heads of government are expected to discuss the potential use of military force in response to cyber attacks at a summit in Lisbon in November that will debate the alliance¹s future. General Keith Alexander, head of the newly created US cyber command, said last week there was a need for ³clear rules of engagement that say what we can stop².
The concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat. Russian hackers have been blamed for an attack against Estonia in April and May of 2007 which crippled government, media and banking communications and internet sites.
They also attacked Georgian computer systems during the August 2008 invasion of the country, bringing down air defence networks and telecommunications systems belonging to the president, the government and banks.
Alexander disclosed last week that a 2008 attack on the Pentagon¹s systems, believed to have been mounted by the Chinese, successfully broke through into classified areas.
Britain¹s Joint Intelligence Committee cautioned last year that Chinese-made parts in the BT phone network could be used to bring down systems running the country¹s power and food supplies.
Some experts have warned that it is often hard to establish government involvement. Many Russian attacks, for example, have been blamed on the Russian mafia. The Kremlin has consistently refused to sign an international treaty banning internet crime.
Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now: hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000 So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations... -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
On 6/8/10 3:08 PM, Peter Boone wrote:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here?
There's no mention in the article about any kind of electronic response to the attack.
Of course, their reasoning seems to be that theres no possible way an attack could be from Russia, but using a open proxy, relay, etc in China. Its not like an IP is guaranteed to be directly controlled by someone in that country. So, we end up invading China, and while all of our troops are there, Russia comes in and takes over the US or the EU without much effort. Note i'm just using Russia and China in examples here, no specific reason that it could only be them. If I didn't know any better, I'd say they let Bush write their policies. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
On Jun 8, 2010, at 5:15 13PM, Brielle Bruns wrote:
On 6/8/10 3:08 PM, Peter Boone wrote:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here?
There's no mention in the article about any kind of electronic response to the attack.
Of course, their reasoning seems to be that theres no possible way an attack could be from Russia, but using a open proxy, relay, etc in China. Its not like an IP is guaranteed to be directly controlled by someone in that country.
So, we end up invading China, and while all of our troops are there, Russia comes in and takes over the US or the EU without much effort.
Note i'm just using Russia and China in examples here, no specific reason that it could only be them.
If I didn't know any better, I'd say they let Bush write their policies.
Packets of mass destruction? The issue of attribution -- and the extreme difficulty of doing it in the online world -- is *very* well understood in Washington, even at the policy-maker level. I'm currently a member of a National Academies study committee on "cyberdeterrence" (http://sites.nationalacademies.org/CSTB/CurrentProjects/CSTB_054995); we've discussed that point ad nauseum. Consider this text from p. 9 of our letter report: "for many kinds of cyberattack the United States would almost certainly not be able to ascertain the source of such an attack, even if it were a national act, let alone hold a specific nation responsible. For example, the United States is constantly under cyberattack today, and it is widely believed (though without conclusive proof) that most of these cyberattacks are not the result of national decisions by an adversary state, though press reports have claimed that some are. In general, prompt technical attribution of an attack or exploitation—that is, identification of the responsible party (individual? subnational group? nation-state?) based only on technical indicators associated with the event in question—is quite problematic, and any party accused of launching a given cyberintrusion could deny it with considerable plausibility. Forensic investigation might yield the identity of the responsible party, but the time scale for such investigation is often on the order of weeks or months. (Although it is often quite straightforward to trace an intrusion to the proximate node, in general, this will not be the origination point of the intrusion. Tracing an intrusion to its actual origination point past intermediate nodes is what is most difficult.)" But read the next paragraph, which discusses other ways to figure out who did it. We can hope that no one in Washington (or Beijing or Moscow or the capital of Elbonia) is stupid enough to rely on IP addresses of the actual attacking machines as a definitive indicator. Given how widely understood that is, it's not even on my list of things to worry about. The question that report is tackling is this: *if* there is a serious online attack on critical infrastructure -- say, turning off some generators with extreme prejudice (http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html), and *if* you know who did it, is a "kinetic" response on the table? This has nothing to do with the botnet du jour, nor with Sen. Lieberman marching in to your NOC with a subpoena for your "enable" passwords. And while people in Washington (or Beijing or Moscow or the capital of Elbonia) can be quite stupid, they're (usually) not quite as stupid as as all that. And yes, serious mistakes can be made. One more quote from the report (p. 8): "History shows that when human beings with little hard information are placed into unfamiliar situations in a general environment of tension, they often substitute supposition for knowledge. In the words of a former senior administration official responsible for protecting U.S. critical infrastructure, 'I have seen too many situations where government officials claimed a high degree of confidence as to the source, intent, and scope of a [cyber]attack, and it turned out they were wrong on every aspect of it. That is, they were often wrong, but never in doubt.'" --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Jun 8, 2010, at 5:08 PM, Peter Boone wrote:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China?
That leaves out the important aspect of selection. You can bet that, if they do this, they will pick a more suitable target, say one without strategic rocket forces.
Is NATO trying to start a war here?
Militaries tend to think in terms of military responses. What any of this has to do with configuring routers escapes me. Regards Marshall
There's no mention in the article about any kind of electronic response to the attack.
-----Original Message----- From: J. Oquendo [mailto:sil@infiltrated.net] Sent: Tuesday, June 08, 2010 3:08 PM To: nanog@merit.edu Subject: Nato warns of strike against cyber attackers
From the NetSec mailing list...
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
June 6, 2010 Nato warns of strike against cyber attackers Michael Smith and Peter Warren
NATO is considering the use of military force against enemies who launch cyber attacks on its member states.
The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China.
A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country ³may well come down a fibre-optic cable².
A report by Albright¹s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.
Article 5 is the cornerstone of the 1949 Nato charter, laying down that ³an armed attack² against one or more Nato countries ³shall be considered an attack against them all².
It was the clause in the charter that was invoked following the September 11 attacks to justify the removal of the Taliban regime in Afghanistan.
Nato is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked.
The organisation¹s lawyers say that because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties.
Eneken Tikk, a lawyer at Nato¹s cyber defence centre in Estonia, said it would be enough to invoke the mutual defence clause ³if, for example, a cyber attack on a country¹s power networks or critical infrastructure resulted in casualties and destruction comparable to a military attack².
Nato heads of government are expected to discuss the potential use of military force in response to cyber attacks at a summit in Lisbon in November that will debate the alliance¹s future. General Keith Alexander, head of the newly created US cyber command, said last week there was a need for ³clear rules of engagement that say what we can stop².
The concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat. Russian hackers have been blamed for an attack against Estonia in April and May of 2007 which crippled government, media and banking communications and internet sites.
They also attacked Georgian computer systems during the August 2008 invasion of the country, bringing down air defence networks and telecommunications systems belonging to the president, the government and banks.
Alexander disclosed last week that a 2008 attack on the Pentagon¹s systems, believed to have been mounted by the Chinese, successfully broke through into classified areas.
Britain¹s Joint Intelligence Committee cautioned last year that Chinese-made parts in the BT phone network could be used to bring down systems running the country¹s power and food supplies.
Some experts have warned that it is often hard to establish government involvement. Many Russian attacks, for example, have been blamed on the Russian mafia. The Kremlin has consistently refused to sign an international treaty banning internet crime.
Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now:
hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000
So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations...
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
"It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of this has to do with configuring routers escapes me.
I think Jay is worried about steps operators may have to take during such an eventuality of an attack, not to mention the collateral damage to the Internet infrastructure if DDoS is what they have in mind. Gadi. -- Gadi Evron, http://gadievron.com/
Have no fear geolocation is here, you are not in peril. It will be a surgical strike. If Google and others are willing to assist, they will know exactly where to send the JDAM. Chrome now collects data from your wireless card if you let it. When you are asked where you are, Chrome then also records any IP and MACs it hears over your card (or so I am told). The same is being done on cell phone OS. Being on a GRE tunnel will make no difference. http://www.google.com/support/chrome/bin/answer.py?answer=142065&hl=en http://google-code-updates.blogspot.com/2008/10/introducing-gears-geolocatio n-api-for.html http://news.cnet.com/8301-30684_3-20006342-265.html Here is one commercial application of this process. http://www.skyhookwireless.com Cowering under my desk, Jim
-----Original Message----- From: Gadi Evron [mailto:ge@linuxbox.org] Sent: Tuesday, June 08, 2010 3:46 PM To: nanog@nanog.org Subject: Re: Nato warns of strike against cyber attackers
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of this has to do with configuring routers escapes me.
I think Jay is worried about steps operators may have to take during such an eventuality of an attack, not to mention the collateral damage to the Internet infrastructure if DDoS is what they have in mind.
Gadi.
-- Gadi Evron, http://gadievron.com/
Military reply doesn't have to mean bombs and guns. There is nothing keeping it form mean offensive cyber counter attacks. This would mean manage the battlefields :) On Tue, Jun 8, 2010 at 7:46 PM, Gadi Evron <ge@linuxbox.org> wrote:
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of this has to do with configuring routers escapes me.
Changes the meaning of "guns a blazing" Bryan On Jun 8, 2010, at 8:31 PM, "jim deleskie" <deleskie@gmail.com> wrote:
Military reply doesn't have to mean bombs and guns. There is nothing keeping it form mean offensive cyber counter attacks. This would mean manage the battlefields :)
On Tue, Jun 8, 2010 at 7:46 PM, Gadi Evron <ge@linuxbox.org> wrote:
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of this has to do with configuring routers escapes me.
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here?
Bigger tin hats required then ...
On Tue, 08 Jun 2010 19:23:17 CDT, Jorge Amodio said:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here?
Bigger tin hats required then ...
Buy 10,000 shares of every South Korean company you can find, short them, then launch an attack from Seoul. Then sit back and profit. Oh, quit looking at me like that. You know you were all thinking it. ;)
Actually I was thinking of my neighbor's noisy dog and what a predator strike to his house would do. :) -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Tuesday, June 08, 2010 8:32 PM To: Jorge Amodio Cc: nanog@merit.edu Subject: Re: Nato warns of strike against cyber attackers On Tue, 08 Jun 2010 19:23:17 CDT, Jorge Amodio said:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Turkey, the United Kingdom, and the United States will all respond by invading China? Is NATO trying to start a war here?
Bigger tin hats required then ...
Buy 10,000 shares of every South Korean company you can find, short them, then launch an attack from Seoul. Then sit back and profit. Oh, quit looking at me like that. You know you were all thinking it. ;) No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.829 / Virus Database: 271.1.1/2926 - Release Date: 06/08/10 13:35:00
Buy 10,000 shares of every South Korean company you can find, short them, then launch an attack from Seoul. Then sit back and profit.
Oh, quit looking at me like that. You know you were all thinking it. ;)
Yes and then deposit the bounty on a Nigerian bank ... I wonder why there is so much focus on the bus and the bus driver that transported the suicide bomber without knowing about it. Sometimes feels that nobody cares to fix the crappy software that gets shipped with almost every new computer going to the hands of a monkey. Sigh ... Seems that the ROI of fixing stuff is much lower than dealing with the potential consequences of something happening. Anyway don't worry 2012 is getting closer ... Cheers Jorge
On 6/8/10 10:07 PM, J. Oquendo wrote:
So NANOGer's, what will be the game plan when something like this happens, will you be joining NATO and pulling fiber. I wonder when all types of warm-fuzzy filtering will be drafted into networking: "Thou shall re-read RFC4953 lest you want Predator strikes on your NAP locations...
We must distinguish between the m.o. of an actual response, and deterrence. If we speak of deterrence, I wrote about it not long ago. Deterrence online is one of the biggest idiocies of the past couple of years. There are some interesting research possibilities in the subject matter, but not as it is portrayed today -- a cure-all strategy. Strategic experts are very comfortable with Cold War strategy following around 70 years of practicing it, so when asked to deal with the Internet, they ran to deterrence. In order to have deterrence, you require first an ability to respond to an attack. On the Internet, you may never find out who is attacking you, and data may be intentionally misleading when you think you do have some bread crumbs. It is just virtually impossible to tell who is behind an attack from technical data alone. Thus, deterrence against whom? You may say that by setting an occasional example, it doesn't matter who you attack. That is mostly false as well. If we do know who is attacking us, then consider the players can now be (and indeed are) unaffiliated individuals or groups who may not care about the infrastructure of the country they are in nor have any infrastructure to speak of (which can in turn be targeted). Any attack will likely be against a third-party that has been hacked, i.e. compromised. And if you're dealing with large-scale attacks, such as DDoS, responding in kind (with DDoS, botnets, etc.) will also hurt the Internet itself with collateral damage. There are some particular instances where deterrence does work online, and it may also be used as a general addition to real-world deterrence (we have cyberweapons -- beware!), but these are just points that would muddy the water in the wider argument before us. I think supporting such folly is generally folly itself. For further reading, I'd point you to this comprehensive and quite excellent document: "Cyber Deterrence and Cyber War," by Martin C. Libicki: http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf Gadi. -- Gadi Evron, http://gadievron.com/
At 15:07 08/06/2010 -0400, J. Oquendo wrote:
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
A report by Albright¹s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.
Eneken Tikk, a lawyer at Nato¹s cyber defence centre in Estonia, said it would be enough to invoke the mutual defence clause ³if, for example, a cyber attack on a country¹s power networks or critical infrastructure resulted in casualties and destruction comparable to a military attack².
Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now:
hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000
Lets try to seperate the attacks into those that we (NANOG) have dealt with and those that NATO are referring to - and there is *no* overlap between the two. Attacks such as botnets, hpings, compromised machines, DDOS attacks, site defacements, prefix hijacks is what this list deals with, sometimes well and other times not. The attacks NATO is referring to are ones like causing trains to crash into each other, attacks causing oil and gas pipelines to overload and explode, attacks altering blood bank data, attacks poisoning the water supply, etc. - all of which can be done remotely. NATO is in no way (unless they have been out in the sun too long) condoning an attack for a DDOS attack. I think NATO is discussing attacking if 5,000 people die from some cyber attack as listed above (I have many more scenerios). -Hank
Obviously NATO is not concerned with proving the culprit of an attack an albeit close to impossibility. Considering that many attackers compromise so many machines, what's to stop someone from instigating. I can see it coming now:
hping -S 62.128.58.180 -a 62.220.119.62 -p ++21 -w 6000 hping -S 62.220.119.62 -a 62.128.58.180 -p ++21 -w 6000
Lets try to seperate the attacks into those that we (NANOG) have dealt with and those that NATO are referring to - and there is *no* overlap between the two.
Attacks such as botnets, hpings, compromised machines, DDOS attacks, site defacements, prefix hijacks is what this list deals with, sometimes well and other times not.
The attacks NATO is referring to are ones like causing trains to crash into each other, attacks causing oil and gas pipelines to overload and explode, attacks altering blood bank data, attacks poisoning the water supply, etc. - all of which can be done remotely.
NATO is in no way (unless they have been out in the sun too long) condoning an attack for a DDOS attack. I think NATO is discussing attacking if 5,000 people die from some cyber attack as listed above (I have many more scenerios).
That's a great starting place, because most will agree that such attacks would be sufficiently serious to warrant a response. However, 1) What happens when the attack moves on down the scale, towards "a cyber attack that crippled vital military communication networks (but didn't kill anyone)", or "a cyber attack that crippled government websites (but was basically just a nuisance)"? 2) What happens when a decision is made to play tit for tat, and A attacks B, B misidentifies A as C, and B attacks C with cyber warfare? "Cyber warfare" responses will almost certainly need to include DoS capabilities. This is troublesome. Let's consider, for the sake of discussion, an attack by the US on Elbonia. Everyone here knows how the 'net works; Elbonia isn't going to allow the US military to run a bunch of fiber to their border and hook up to their routers. That traffic will have to arrive via existing commercial connectivity. How exactly will that work? How exactly will that impact the carriers who are also running their normal traffic for other locations on the same networks? Some I've talked to seem to think that this is an unlikely or even unthinkable situation, but let's be realistic: if you want to render an enemy's radio communication useless, you flood their radio spectrum, etc., and at some point, it's not unthinkable to the average politician to expect to be able to do the same thing to a network. It's not unthinkable, alas. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
participants (15)
-
Aaron Wendel -
Brielle Bruns -
Gadi Evron -
Hank Nussbacher -
J. Oquendo -
jim deleskie -
Jim Templin -
Joe Greco -
joel jaeggli -
Jorge Amodio -
Marshall Eubanks -
Peter Boone -
Steven Bellovin -
Valdis.Kletnieks@vt.edu -
Welch, Bryan