Category Archives: Cyberwar

We need Hague Convention 2.0. And we need it soon

Posted on by

This morning’s Observer column.

If you’re not worried, you have not been paying attention. Almost without realising it, our societies have become hugely dependent on a functioning, reliable internet. Life would go on without it, but most people would be shocked by how difficult much of the routine business of living would become. It would be like being teleported back to the 1970s. Even a minor conflict could slow the global internet to a crawl. So cyberwar is a bit like nuclear war, in that even a minor outbreak threatens everyone’s life and welfare.

In those circumstances, isn’t it time we thought about devising treaties to regulate it? We need something analogous to the 1925 Geneva Protocol to the Hague Convention, which prohibited chemical and biological weapons. And we need to start now.

UPDATE: Interesting to see that this is also the lead story in today’s New York Times .

The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet.

Both nations agree that cyberspace is an emerging battleground. The two sides are expected to address the subject when President Obama visits Russia next week and at the General Assembly of the United Nations in November, according to a senior State Department official.

But there the agreement ends.

Russia favors an international treaty along the lines of those negotiated for chemical weapons and has pushed for that approach at a series of meetings this year and in public statements by a high-ranking official.

The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law enforcement groups. If these groups cooperate to make cyberspace more secure against criminal intrusions, their work will also make cyberspace more secure against military campaigns, American officials say.

“We really believe it’s defense, defense, defense,” said the State Department official, who asked not to be identified because authorization had not been given to speak on the record. “They want to constrain offense. We needed to be able to criminalize these horrible 50,000 attacks we were getting a day.”

Any agreement on cyberspace presents special difficulties because the matter touches on issues like censorship of the Internet, sovereignty and rogue actors who might not be subject to a treaty.

United States officials say the disagreement over approach has hindered international law enforcement cooperation, particularly given that a significant proportion of the attacks against American government targets are coming from China and Russia.

And from the Russian perspective, the absence of a treaty is permitting a kind of arms race with potentially dangerous consequences.

Modern warfare: first DDOS, then tanks

Posted on by

From John Markoff in the New York Times Blog

The Georgian government is accusing Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs.

Because of the disruption, the Georgian government began posting the Foreign Ministry’s press dispatches on a public blog-hosting site owned by Google (georgiamfa.blogspot.com) and on the Web site of Poland’s president, Lech Kaczynski.

Separately, there were reports that Estonia, which was embroiled in an electronic battle with Russia in May of last year, was sending technical assistance to the Georgian government.

The attacks were continuing on Monday against Georgian news sites, according to Jose Nazario, a security researcher at Arbor Networks, based in Lexington, Mass.

“I’m watching attacks against apsny.ge and news.ge right now,” he said. The attacks are structured as massive requests for data from Georgian computers and appear to be controlled from a server based at a telecommunications firm, he said…

Meanwhile Google has been stung into denying that it had erased maps of Georgia. It never had them in the first place, it claimed.

Hmmm…

Later: ArsTechnica has a thoughtful post saying that the evidence that the Russian military were behind the attacks is not convincing.

According to Gadi Evron, former Chief information security officer (CISO) for the Israeli government’s ISP, there’s compelling historical evidence to suggest that the Russian military is not involved. He confirms that Georgian websites are under botnet attack, and that yes, these attacks are affecting that country’s infrastructure, but then notes that every politically tense moment over the past ten years has been followed by a spate of online attacks. It was only after Estonia made its well-publicized (and ultimately inaccurate) accusations against Russia that such attacks began to be referred to as cyberwarfare instead of politically motivated hackers. Evron writes:

“Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine…While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn’t so far seem different than any other online after-math by fans. Political tensions are always followed by online attacks by sympathizers. Could this somehow be indirect Russian action? Yes, but considering Russia is past playing nice and uses real bombs, they could have attacked more strategic targets or eliminated the infrastructure kinetically.”

Arbor Networks’ Jose Nazario offers additional proof of Evron’s statements, writing: “While some are speculating about cyber-warfare and state sponsorship, we have no data to indicate anything of the sort at this time. We are seeing some botnets, some well known and some not so well known, take aim at Georgia websites…These attacks were mostly TCP SYN floods with one TCP RST flood in the mix. No ICMP or UDP floods detected here. These attacks were all globally sourced, suggesting a botnet (or multiple botnets) were behind them.”

Still later: Tech Review is reporting that the USAF is considering mothballing its nascent Cyberspace Command. Another report here. Bad move, IMHO.