Posted by: Mike P. | March 11, 2010

Cyber War – War? Criminals? Espionage?

Update: 3/15/2010. I think I am quite wrong as to who is doing this. See my last comment.

A Wired article discusses the current state of cyber-war as some like to call it.

No government, at least not the US government, really likes an open internet.  An open internet allows people to organize, communicate freely, and often times communicate in secret.  While it is widely believed that the NSA can crack most cryptography, they must be careful doing so if they do not want to tip their hand that they can.  Once your adversaries know you can read their messages, they will roll up their intelligence operations, pull everyone out, and start over.  This would typically mean that intrusions using human based intelligence would also be considered compromised as well.

So, whether the NSA can or can not read PGP encrypted messages is not really the point.  They need an internet where it is obvious that they can read such messages.  Clipper chip, in essence all over again.  So, they paint pictures of the constant attacks that happen, the incredible losses suffered, the billions lost due to copyright infringement, yada, yada, yada.

I am going to ignore copyright infringement.  I just do not really care about it.  The music industry was not paying attention and so an underground business was built to satisfy a need that they would not.  The movie industry is promoting vile standards and so will also suffer from constant attacks as well.  I really do not care.  Copyright infringement can be easily handled with the current legal tools available.  I am convinced that it is not because the end goal is really to implement copy protection schemes that completely control the use of a product.  When it can be watched, where, by whom, everything.

There is a constant babble of attacks coming in from sources world-wide, and those attacks are annoying.  The two class B networks I monitor suffer ssh/ftp/telnet scanning/password guessing attacks at the rate of about one new IP address every four minutes.  It is moderately annoying, but not difficult to defend against.

We are notified publicly that from 0-5 machines are hacked with Torpig or a similar bot-net based backdoor program every day.

We receive a load of phishing emails every day, which for some inexplicable reason, people fall for.  How do these people even manage to get gas into their cars?  Change the oil?  Pay their bills.

“Send me your password”.


Good grief.  And then there are the trickier trojan site email messages where the user is sent to a site that looks just like ours, and prompted for a user id and password.  Those can be hard to detect.  The user has to read the email message carefully and notice that the link is not correct.  And sometimes, that is not particularly easy to do.

There are many hacked sites on the internet as well.  You do not need to go “bad” places to find hacked sites.  I found a hack on a local newspaper’s site about a week ago.  The site randomly tried to download a backdoor on to the user’s computer.  Most likely the backdoor would have harvested the usernames, passwords and accounts.  Then, the computer would have been used to send spam or perhaps host a Viagra order taking website.  Or perhaps it would have hosted a copy of our email logon page.  Lots of choices!

And finally, the most damaging of all attacks occurs when spammers use the accounts they harvest to send spam and phishing messages from our central email servers.  But, even these attacks are not terribly bad.  We can detect them.  We know where they come from.  We know how they do it.  And we know how to track them.  But, we lack the legal means to physically stop them.

So, instead of running around with our hands flapping in the air, giving away our rights left and right, why not concentrate on some plain and simple law enforcement techniques?  When I get a subpoena, and it is served, and the ISP just ignores it, why isn’t their data center seized?  The subpoenas are not onerous to comply with.  They simply have no motivation to respond.  Let’s motivate.

Let’s build bridges with other countries and get some information moving back and forth.  The look-a-like sites we come across typically have their DNS names registered with a registrar in Australia.  Why can’t we get information from this registrar?  Either they are being paid with a valid credit card and therefore we have some very good intelligence on who made the purchase, or the card is stolen.  If the card is stolen, perhaps the theft can be tracked if the card is used elsewhere.

If we keep pushing these people, they will make a mistake.  They will forget to make enough hops when accessing our systems, or they will jump through machines that we can get information from.  And then we can make a two-pronged attack.  First, criminal charges should be filed.  And then civil charges.  For lots of money.  At $.10  per spam message they’ve attempted to send, we should be able to take most of whatever they have earned or will ever earn.  I have 340,000 messages they attempted to send but failed.  I do not know how many were actually delivered, but we have the logs.  And for each event, we can charge staff time on the both systems end and the victim end.  It should not be that hard to generate a $1m lawsuit.   Most likely they are working other institutions as well, so the end result should be “no money in the bank.”

Let’s just remember that the “terror war” is really just a bunch of criminals, and so are those waging “cyber warfare”.  They are waging “cyber crime”, and it is time to press law enforcement to do their job, catch and convict.

And finally, a quote from the article I linked above:

As anyone slightly versed in the internet knows, the net has flourished because no government has control over it

This is not really true.  The Internet flourished because no self-interested organization had control over it.  A method for making proposals, debating and finally adopting standards was created.  The Internet was based on those standards.  The further we move away from standards based protocols and move to proprietary protocols or patented protocols, the more creativity will suffer and so the growth of the Internet and our ability to communicate and collaborate in a free and open manner.


  1. I ran the names on the sourceforge aper project and resolved the MX records. We are being made chumps of. Almost all names are owned by one of the major email providers. I will likely claim that phishing and account stealing, while not run by the major email players, is actively not blocked in an attempt to move email into the majors because dealing with phishing is not easy.

    This in turn will allow them to implement Wave and (what’s that new google thing? Blip? Bleep? Who cares) locking people into specific corporate email offerings. Assuming I am not fired, I will most likely post my analysis. I am very, angry right now. The amount of time I have spent dealing with these people instead of living my life, and the amount of time our staff have spent dealing with staff and students here is huge.

  2. We have a guy in our office who…frankly just doesn’t belong there. Someone who falls for phishing, and looses 2g in the process doesn’t need to be on the floor of a backbone ISP.

    What we are talking about here is scum, thieves and bandits in the electronic context. As long as we have the freedom to do what we do its going to be a harboring ground for these people. The idea of bringing them in is definitely the right one, but who gets to pay sheriff in a land without boarders? This is the question when one talks about open sharing of information. Concerns about whats in it for them, what do they loose and of course, the biggest question of them all. Who ends up getting paid?

    If you ask me the same holes in the system that allow junk like this to move are the same holes being manipulated by those with the power to stop it. I’m not saying “Dat der governmant is in my warcrafts!” but what we are looking at here is a series of tools people use to circumvent the law, and to think that while these tools are usable organizations won’t use them for there own ends is laughable.

    But i’m telling you stuff you already know, in the end the question should be how do they profit from leaving this open? Answer that and you get your answer on why they don’t mobilize to stop it.

    I know what it is to sit on the defensive trenches of this scuffle, some of the attempts are laughable and would only work against the unprepared and blind. Others are down right devious and show a poor application of some rather impressive intelligence. That said, there is a certain grim sense of satisfaction however with stopping a well prepared DOS with a good hardy slam on the enter button.

    I’m sorry sir, your request has been DENIED!

    What are your thoughts on Hactivism, Mr Mike?

    • I’m so behind the times. I had to look up Hacktivism in Wikipedia 🙂

      Where, I live, in the society I live in, I do not see much use for illegal hacktivism. In the US, we have free speech, and I can pretty much write or say anything without fear of reprisal by the government. Pretty much. There are certain issues and documents that I have seen which could give one pause. But, of course, I am skirting the law by even saying this much.

      “In November 2009, computers of the Climate Research Unit of East Anglia University were hacked, and email purporting to expose a conspiracy by scientists to suppress data that contradicted their conclusions regarding global warming was made available on a Russian FTP server”

      This is a good example of bad work. The messages that were stolen were most likely misinterpreted, and used to support a conspiracy which in all likely-hood does not exist. I am not a fan of major conspiracy theories after the US failed to find WMD in Iraq. If there was ever a time and place to plan and implement a conspiracy to find something, that was it. The sillyness (not-a-word-according-to-my-spell-checker-but-I-like-it) of most 9/11 theories is another example. If you look at some subset of the evidence, conspiracies are self-evident. The problem only comes in when you look at all the information – all the pictures – that what really happened becomes much more apparently and the chance of a conspiracy approaches 0.

      But, anyhow, hactivism is such a small part of the overall problem. Crime is the biggest component.

      You mention “the cost”, and I kind of agree. I think the overall goal – the food that corporate greed senses – is the elimination of the small provider of email and the movement of all communications into large providers.

      You obviously have a fair amount of technical background, perhaps quite a bit. But some others that read us might not. Perhaps a tutorial on how email really works, with a quick SMTP example would be useful. And why SMTP is good.

      • I think thats a fantastic idea actually 😀 need a hand let me know.

        I hope i didn’t imply with my last post that i thought there was a conspiracy going on because if i have i apologize. I have mis-represented myself 🙂 I was merely forwarding the idea that people will make use of useful tools, be them an individual or an organization, for as long as those tools provide them an edge. Information has a intrinsic value and these tools in question provide some very substantial ways of acquiring it. Which might explain why there isn’t a big push between countries and larger organisations to slam down on this type of thing.

        and Yes the climategate emails where a perfect example of Hacktivism. While this particular piece of work was done to discredit what i consider a damned important issue by misrepresenting both facts and the owners of the emails themselves. It also stands out as an example what we are going to see in the future. The more complicated our internetworking gets the greater the confusion and loop holes. The more information online the more other people are going to want it, and the more people are going to get it for them.

        In and of itself it can be misguided and often far more damaging to the cause its trying to support than it is helpful. However its still very very young, and there are some seriously interesting people doing some very interesting things. I’m keeping my eye out to see what type of monster it grows into, or if it chokes and dies along the way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: