Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/9/2009
11:55 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

DDoS Cyberwarfare Hurts Us All

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.

A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.(Full disclosure: I stayed away from this latest anecdotal DDoS story and so I know absolutely nothing about it. My comments are more generic, but that doesn't make them any less true, or this DDoS attack a cyberwar).

In information warfare, we may know who our rivals and enemies are, but we may not know who is attacking us. Unlike a real battlefield, we do not see the enemy in front of us. The enemy may be hiding behind someone else, attacking from their computers or completely anonymous. Pointing fingers can, in most cases, be based only on intelligence, not technical proof.

On the Internet, our opponent isn't necessarily a country, or even an organization. The cost of breaking into computer systems and launching attacks is minimal at best, which is one of the main reasons we have a cybercrime problem. Potentially, any kid (or person) with any affiliation can play on the international playing field of politics and economics. Anyone, anywhere.

With DDoS, the Internet gets hurt, not just the target. Collateral damage is the key phrase with DDoS: The source of the attack; the service providers along the way; the service provider for the target; other users at the target service provider; other users on the attacked site; and, of course, the user being targeted (who isn't necessarily even the target, but a victim whose site has been hacked).

This is why retaliatory DDoS, even if we know who to strike, is not the way to go. It hurts us, and it hurts the Internet.

The Internet is global. "No duh," you may say. We put our infrastructure where a kid across the world can reach it, and where we must rely on the help of others to protect us.

We have to realize that international cooperation is one of the main approaches to take. Some of us have achieved this for years now. Let's hope when governments get involved, they don't destroy the channels that already exist, but rather help formalize them.

The folly of military botnets: For deterrence, the other side needs to have something to lose. Retaliatory attacks or threats can only impact "the other side" if that side exists, has something to lose, or is afraid of losing it.

While Cold War-type deterrence is mutual, only the other side has power here. None of us can launch a DDoS without harming ourselves. The other side does not own the property it uses and abuses, which we would be attacking.

Do we really want to start a war we can't win, when we can't effectively even fight cybercrime?

What saves us so far is that we haven't annoyed too much the people with the power to destroy the Internet and the will to do so -- the Russian mob and its contemporaries. What saves us when we do annoy them is global incident response, which few people and organizations worldwide can achieve effectively at this point in time.

Such relationships are critical, and the Internet's future should not be based on my personal relationships along with some of my friends'. I'd like to see governments addressing how they can build upon these existing trust-based relations.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.