Chaos Program

After I wrote the last post about problems with the upcoming CyberSecurity bill (see The Law of Unintended Cyber Consequences) – actually after I went to bed – I realized what bugged me about the whole idea of the president having a Real-Time CyberSecurity Dashboard. It’s an alarm system just begging for someone to mess with it. There are three possible scenarios that I can think of without trying very hard.

In the first scenario someone with a great many resources (maybe well-educated Russian youth groups (as described in my post Cyberwars Redux), launches a series of  “events” to gauge the workings of the dashboard. Maybe they do a virus one month, a severe denial of service attack on a high profile target another month and a serious attempt at penetration of a military target some other month. They monitor responses from the White House, particularly the CyberSecurity Advisory Panel. Maybe they go by press releases and rumors in the press. An actual intelligence operation (as all governments have and quite a few terrorist organizations as well) might have live humans they can pump for information. Anyway, after a time, they gather enough information to know how to make the dashboard show what they want it to show.

I’ve described this as an entire intel program but it doesn’t have to be. The dashboard will be something most security geeks will be interested in. Information about it will get out. Maybe it will show up in the trade press, or in casual conversations at conventions or on IRC. The trouble is, once people learn how to manipulate the system, worse scenarios become possible or even likely.

read more »

There’s already a new chapter in the story of the alleged confession that Russia was behind the cyber attacks on Estonia in 2007. (See http://www.chaosprg.com/blog/2009/03/the-coming-cyberwars/) for previous discussion. In that post I discussed the (improbable, I thought) claim of a Russian official that his assistant had started the attacks for purely patriotic reasons. Now there’s a new story that the previously unnamed assistant has come forward and said it’s true, and added some fascinating details.

In an article by Charles Clover in the Financial Times (Kremlin-backed group behind Estonia cyber blitz), the assistant in question, a Mr. Konstantin Goloskokov, is quoted as claiming not only that he started the attacks but – and this is the really interesting part – that he enlisted members of a group called Nashe to carry them out. He insists that the decision to do this was spontaneous, not something prompted by orders from the Russian government and that there was nothing illegal about it. It wasn’t a denial of service attack, it was just more service requests than the Estonian servers could handle. The article does not say if he used air quotes or an “end sarcasm” tag when explaining this.
read more »

What do you do if a foreign government attacks your country’s computer systems? In America we apparently throw a lot of money down a hole and then the guy theoretically in charge of defending our networks quits.

Anyone who has followed the news knows this is not a hypothetical question. For example, two years ago when Russia invaded Estonia there was a concurrent denial of service attack across the Internet on Estonian servers. This attack caused communications difficulties that may have affected the Estonia response to the invasion (not that there was ever very much they could do) and even reportedly disrupted such things as ATM transactions (See Russia’s Cyberwar on Estonia)

Recently, a story has been circulating that the Russians have admitted to being behind the Estonian attacks (See Russian politician: ‘My assistant started Estonian cyberwar’). There’s less to this story than meets the eye, though. Sergei Markov, a Russian government official, claimed recently that a deputy (who he conveniently refused to name) of his was outside Russia at the time the war began and started the cyber attacks entirely on his own, as a “reaction from civil society.” Apparently this was meant to indicate that the attacks had nothing to do with any official strategy but were a spontaneous uprising of the proletariat against the reactionary forces etc. etc.

In other words, it sounds like typical old-fashioned Soviet propaganda and just doesn’t pass the smell test. Unless the Russians really want the world to believe that low grade government functionaries often have access to destructive botnets that can be turned against any country that happens to annoy them?
read more »