The New Arms Race Begins: in Cyberspace

Original Post; please include backlink and credit the author should you desire to repost in whole or in part.


Virtual weapons.  "Cyberweapons."


Deployed, they take down pages, links, domains. To the unprepared, they can represent the ruination of a life's work. Even as the Powers that Be are in cahoots to keep the 'chaos' of the interwebs in check, the rest of us are enjoying and sometimes taking for granted the effects of this technology. Marvelous, leveling effects, reaching more people in society than ever before in in human history. Overwhelmingly the effect of cyberweapons comes not by actual destruction, but by erasing or renaming the path between them and the rest of the internet. 


Its as if you disappeared off of the planet not because your house was gone, not because the street was obliterated, not even because the street-sign was defaced or changed.  You disappeared because your address no longer appeared in everyone's maps, or it was listed as different.  The street that used to be listed as yours is still there, but no one looks for you there; they look you up and go to a different address now, and wonder where you are.

This is also true of your home computer - when you throw a file away you merely throw away the links to that file.  This is why, sector by sector, so much of what you thought you 'erased' is still on your computer, and can be recovered.

Well in the case of this 'weapon' it seems the mechanism which keeps the addresses and maps and names up-to-date itself has become victim of its own robustness. The directory of the internet is kept up to date not by one central authority, but by a mesh, many computers working together.

Hundreds of connection points in the net fall offline every minute, but we don't notice because the net routes around them. It can do this because the smaller networks that make up the internet, known as autonomous systems, communicate with each other through routers. When a communication path changes, nearby routers inform their neighbours through a system known as the border gateway protocol (BGP). These routers inform other neighbours in turn, eventually spreading knowledge of the new path throughout the internet.
This robustness has already been put to good exploit -- four years ago, (with the initials Z, M, and W) managed to disrupt the connection between two routers, making it appear as if it was down. Their rudimentary cyberweapon is known as the "ZMW attack." 

Mr. Max Schuchard, "an n-th year PhD student (n currently equals 2) at the University of Minnesota," having teamed up with equally like-minded evil geniuses, has figured out how to leverage this vulnerability, according to a recent article in New Scientist, "The cyberweapon that could take down the internet:"   

The attack requires a large botnet – a network of computers infected with software that allows them to be externally controlled: Schuchard reckons 250,000 such machines would be enough to take down the internet. 

---- [snip] ----

An attacker deploying the Schuchard cyberweapon would send traffic between computers in their botnet to build a map of the paths between them. Then they would identify a link common to many different paths and launch a ZMW attack to bring it down

[-- remember, the routers themselves are still operational, only they can no longer be seen. -ed
] Neighbouring routers would respond by sending out BGP updates to reroute traffic elsewhere. A short time later, the two sundered routers would reconnect [thus necessitating] their own BGP updates... traffic would start flowing in again, [triggering Schuchard's cyberweapon again, and...causing [the network]  to [have to update] once more. This cycle would repeat, with the single breaking and reforming link sending out waves of BGP updates to every router on the internet. Eventually each router in the world would be receiving more updates than it could handle – after 20 minutes[,] ... 100 minutes of processing would have built up.... eventually the internet would be so full of holes that communication would become impossible. Schuchard thinks it would take days to recover. [read more]

Wow.  When I was young, I did not understand why anyone would want to make viruses, trojans, etc.  


Over the years  I have collected a short list of motives from my own research, my experiences and those of others, and theoretical extrapolation based on observation of social, political, and economic reality.  


The misdeeds of the megalomaniacal, sadistic, and bloated corporation that is Microsoft would, to my mind, generate more than enough motive in this regard).

I found it hard to believe, however, that some evil-minded maniac with a botnet would want to bring down the entire internet.

I decided to run all of this by a friend of mine, who happens to be a Not-Evil Genius; what follows is a transcript of our chat:

ff: hello my learned friend
ff: i would love to interview you via this medium for something am working on
ff: and i would also love to be lazy.  so:
ff: peruse this article; if you want to, do rant a bit about it.  i generated the following as topics: how the threat might be addressed; how we could protect ourselves; whether mr. joe nobody could do this to his network at work, or to his neighbor, or even remotely to his sworn nemesis; whether this could be used to bring down our military; whether this would be used by our military on us (see: egypt & the shutting down of internet) come the revolution; whether this somehow could be turned to our advantage come the revolution.......
pdkl95: the article talks about various BGP-based denial-of-service attacks. Really, there's two views on this:
pdkl95: 1) the internet is amazingly held together by duct tape and bailing wire. BGP is a great example of that. It's only by the careful and methodical attention that thousands of computer geeks that the internet even works at all. Even casual typos can take whole networks offline, as we see happen once and a while
pdkl95: 2) there ARE armies of computer geeks out there, with proven track records, that do keep things working
pdkl95: the latter is more likely, and is actually a solution for point #1
pdkl95: "The internet treats censorship as damage and routes around it." to use a famous quote
pdkl95: the original DARPAnet was specifically designed to withstand nuclear attack, by simply routing packets around misbehaving areas
pdkl95: we don't have quite that level of reliability anymore, but it IS still amazingly resilient
pdkl95: evidence:
pdkl95: these kinds of attacks aren't new. they happen all the time, and have happened for decades. I first read about BGP attacks like this in the early 90s, and that was already after they had been fixed for years.
pdkl95: we use BGP [a kind of crappy protocol] because of historical inertia
pdkl95: but most sane network ops learned in the 90s or earlier that you carefully filter where you listen for ASN announcements
pdkl95: and it's not even the only routing protocol we use now
pdkl95: so, in a worst-case scenario type situation, it would be a temporary ("days") disruption at worst, while the army of computer geeks worked around the problem
pdkl95: also:
pdkl95: 4chan
pdkl95: seriously. we used to call it "l337 ha0xrs" or whatever, and B1FF before that
pdkl95: script kiddies
pdkl95: they try and pull attacks like this every day
pdkl95: if your network wasn't secure against a BGP attack, it would already be attacked
pdkl95: Now... as for political issues:
pdkl95: the big risk here isn't from obscure technical issues such as BGP and it's weaknesses
pdkl95: it's centralized control
pdkl95: say, "facebook" or "twitter"
pdkl95: if you rely on those services to communicate, that's a single point of failure a government could take down
pdkl95: [see: egypt]
pdkl95: there's a good reason that PGP and such talk about "web of trust" - no central location is depended upon
pdkl95: In the end, facebook/etc is trying to remove the peer-to-peer nature of the internet, and be the middleman for all communication.
pdkl95: that is an active, live threat. one that the army of geeks cant' address
pdkl95: as for how we could use this for benefit on the other side, remember that technology is neither good nor evil
pdkl95: any technology that allows enhanced surveillance also enables surveillance
pdkl95: the fact that twitter/etc were a big part in organizing the egyptian protests is a great example of this. so is wikileaks.
pdkl95: the fact that egypt was successful at all in shutting down the internet is just an example of this being a "first incident" to use this kind of tech
pdkl95: nobody prepares until the threat is immediate. future revolutions will be more careful to not use easily shut down things like twitter
pdkl95: in summary: there isn't a government on the planet that can keep computer geeks from their pr0n.


Most people do not do, or strive to do, evil.   Not without something in it for themselves.  This motive is hard to imagine on an individual level.  Only corporate entities consistently have the motive, means, and opportunity(e.g.: companies selling antivirus software). That is, besides the government.

Hmmm .... 


Cold war USSR. China. North Korea. 


Hmm... 


Israel. 


Hmm. 


The manufacture of consent. 


Hmm.


Obama's internet kill switch.  



Only necessitated of course by terrorists -- a growing domestic threat. Bullshit. The original Patriot act quietly defined drug smuggling as a terrorist activity; I would wager that the latest version makes mention of copyrighted material. (anyone who already knows where, please comment or email me). 

The all-too-real story goes like this: in order to justify the kind of draconian totalitarian measures that no one in their right mind would allow, it would have to be preceded by some event or cycle which got at the people through non logical pathways, such as their fears or their state of denial.

Never in modern times has the publicly stated causa belli been the real reason for war. 
Rarely have the publically stated
causes of a nation's internal or civil conflicts been either. 

(The Cleverer among you may extrapolate this into a more personal realm for his or her own entertainment, if not edification.)

Most if not all modern wars have had to be triggered by such staged 'events,' called false flags.  


This is the surest way to bring about the forced restriction of society that amounted to the loss of liberty, access to resources, personal wealth, and intellectual potential for the vast majority -- to the benefit of a very small minority who like it that way.

The internet faces such a threat.
 
It empowers us like nothing before. Beware the "event" staged to disempower us, to manufacture our consent for our enslavement.

  














Be seeing you.



 



HTML Hit Counter
HTML Hit Counter