THE OPEN SOURCE WAR ONLINE
A good indicator of how effective we will be against open source guerrillas in warfare, is seen in the current battle against Internet crime. Over the past decade, the threat has progressed from casual hackers breaking systems for the joy of it into a thriving open source criminal industry replete with micro-markets (bazaars) for project development. A good overview of how rapidly we are losing the war was recently provided by Neil Schwartzman, in his article, "Trench Warfare in the Age of The Laser-Guided Missile." The title is a little confusing, but the meat the article is right on target.
Here's some background. The similarity in the dynamics of these online criminal networks to what we are experiencing in the real world in Baghdad, is pretty clear. Contrast the structure of a Phishing network provided with Christopher Abad with the marketplace for IEDs in Iraq. In each case, a dynamic marketplace is used to produce virtual teams for entrepreneur financiers to accomplish specific attacks. Also, in each case, the rate of innovation from open source tinkering with basic technologies and skills is rapid and ongoing.
Self-Replication Changes Everything
Despite the similarity in how the threat has developed, the open source security networks used to fight these criminals (governments have been largely absent from this fight) have been successful until relatively recently (their rapid development of counters to new threats serves as a interesting point of comparison to the institutional response to Iraq and other places). Unfortunately, as Schwartzman points out, the integration of spamming, viruses, worms, phishing, and botnets have produced a substantial improvement in method for online crime.
Firstly, these new combinatorial networks now form a complete cycle that connects innovation with substantial financial rewards. Secondly, this new network configuration now makes it possible to gain huge leverage through self-replication. Self propagating bot networks now number in the millions of computers (and growing) and the sophistication of the attacks these networks can power is quickly overwhelming any effective response. NOTE: open source guerrillas have a less effective, but still very powerful, means of self replication through the use of systems disruption (see State Failure 101 for details).Response?
It will be interesting to see the response that is generated by this new online threat. If history serves as a guide, balkanization/fragmentation may be the result rather than the integrated government/private partnerships that Schwartzman advocates:The fight against computer-aware criminals is now at a critical juncture demanding we de-silo the false barriers between types of threats and the people who deal with them, because the nature, power and scope of the blended attack (spyware, spam, viruses, phish and bots) that currently exists is actively threatening the very foundational infrastructure and continued viability of the entire Internet.As we look forward, we can expect to see the threats we see developing online bleed into the real world relatively soon. The technology and the methodologies are now powerful enough to do real damage to existing systems through brute force systems disruption.
Schwartzman misses a beat by failing to take account ways in which the 'good guys' could utilize new technology to band together and form new and creative solutions to the problems at hand. This technology has not been implemented yet, but the ideas are in the year.
Posted by: Tuor | Wednesday, 17 January 2007 at 10:55 PM
very interesting article. only one question from a non-native speaker: what does "black-swan level improvement..." mean?
I couldn't make sense of my search results and it certainly does not have anything to do with Black Swans ( http://en.wikipedia.org/wiki/Black_Swan ), does it?
Posted by: g. | Thursday, 18 January 2007 at 02:11 AM
See: http://en.wikipedia.org/wiki/Black_swan_theory instead.
Posted by: Tuor | Thursday, 18 January 2007 at 06:38 AM
Richard Clark (yea, the guy who ran the country on 9/11 while Bush did a tour of secure air bases and Cheney hunkered down in the bunker) has a new fiction book based on much of what you've laid out here -
http://tinyurl.com/2gewnp
Like he said, "sometimes you can tell more truth through fiction"
Posted by: salsabob | Thursday, 18 January 2007 at 01:30 PM
P.s. What is the status on your new book coming out?!
Posted by: salsabob | Thursday, 18 January 2007 at 01:32 PM
According to Asia Times Online, the Indian software industry now is being threatened by Lashkar-e-Toiba and other terrorist groups:
http://www.atimes.com/atimes/South_Asia/IA18Df01.html
quote:
BANGALORE - Are India and its software hub, Bangalore, in danger of losing their competitive edge because of the rising costs of operating here?
India's large pool of technically skilled, English-speaking manpower and low operating costs have made the country an attractive location for multinational companies, especially in the information-technology and IT-enabled-services sectors.
But this might be changing, warn analysts. With the IT sector increasingly figuring on the agenda of terrorists and a range of other threats to employees and data safety emerging, there is a growing concern that the cost of stepping up security could erode India's cost advantage.
Unease over the issue, which has been rising over the past couple of years, has spiked in recent months as evidence of possible terror threats to Bangalore has emerged.
Two weeks ago, a suspected Kashmiri militant was arrested in a Bangalore suburb. According to police, he was carrying arms and ammunition, a satellite phone, SIM (subscriber identity module) cards and a map of the city with markings indicating the locations of the airport and the offices of IT majors Wipro Technologies Ltd and Infosys Technologies.
This is not the first time that Bangalore and its IT sector have appeared on the terrorist radar. Intelligence agencies have been warning of possible attacks on IT companies since 2004. Interrogation of arrested terrorists had revealed that Bangalore was a target. In December 2005, an armed attack on the Indian Institute of Science, a premier scientific-research institution, confirmed that the city was indeed vulnerable to terrorism. Investigations and search operations that followed the attack indicated the existence of sleeper cells and a terror network in several towns in Karnataka state.
Then last July, a software engineer - reportedly a former employee at Oracle India in Mysore, a town 145 kilometers from Bangalore and an emerging software hub - was taken into custody for alleged involvement in the serial bomb blasts on suburban trains in Mumbai. In October, two men with suspected links to the Pakistan-backed al-Badr were arrested in Mysore.
Indian authorities have been saying that the IT sector is vulnerable to attacks as such terrorist outfits as the Lashkar-e-Toiba are keen to undermine India's growing economic might and international profile. Indian IT giants such as Wipro and Infosys have been identified as likely targets. No multinational company has yet been identified as a likely terrorist target.
However, multinational companies seem to be no less vulnerable. The US State Department issued alerts in 2005 and 2006 warning its citizens of possible attacks on US interests in Delhi, Mumbai, Kolkata and Hyderabad.
Indian intelligence agencies have been warning that in the context of growing ties between India and the United States, the possibility of jihadis attacking US interests in India is growing. "The US Embassy and consulates in India are fortresses. It would be far easier to strike a multinational company. Such an attack would accomplish multiple objectives - hit the Americans, the Indian economy and India's ties with the US," an Intelligence Bureau official told Asia Times Online in October.
:end_of_quote
Posted by: Duncan Kinder | Thursday, 18 January 2007 at 03:18 PM
Thanks Duncan. Salsa: end of April is the release date.
Posted by: John Robb | Thursday, 18 January 2007 at 04:07 PM
Virtualization technology pretty much nails down the virus/hacking threat. If you keep your data separate from your virtual OS, you can simply nuke any infections at the end of every session, solving the problem of botnets.
Virtualization won't solve everybody's needs but what we're likely to be forced to will be a model where we only connect to the outside world via a virtual OS session that we trash daily and restore from known-good backup and save our full speed work for gaming, rendering, and other tasks that require every spare CPU cycle possible.
Once the botnets are largely dismantled due to virtualization, the largely anonymous transmission mechanism that makes malware so scalable is limited and we're down to a system that can handle the open relays, etc. that remain.
Posted by: TM Lutas | Thursday, 18 January 2007 at 06:02 PM
Virtualization cuts both ways. The recent development of virtualized rootkits means you can never be sure if your OS image really is clean or is just a virtual image held by a superpositioned rootkit. Add to that such ideas as Greg Hoglund's VideoCardKit http://www.rootkit.com/newsread.php?newsid=72 , a rootkit hidden in the NVRAM of a peripheral device & you have a blended threat that sets the balance back in favor of the attacker.
Security is a never-ending process that'll always see-saw back & forth for advantage between attack & defense.
Posted by: scalefree | Friday, 19 January 2007 at 01:33 PM
Botnets are used to attack networks, not individual and real physical computers. The point is to overwhelm and disable response at and from the target. A botnet can attack a virtual machine just as easily as a physical machine, or a botnet can attack a farm of VMs just like an attack on a farm of physical machines.
And with Vista being severely restricted in terms of virtualization, the advent of VMs may go down under legal restrictions.
Further, VMs don't really do much to stem the rising tide of zombie machines. That is, the zombies in the botnets are largely home computers and thus are not VMs that are largely managed by professionals. And professionals are much more likely to have already taken substantial security measures to protect their server farms, whether physical or virtual. Home users do not have the expertise to protect their machines nor to set up and manage VMs.
For an interesting story about the botnet that took down the network that hosts this blog, see Wired 14.11.
http://www.wired.com/wired/archive/14.11/botnet.html
Posted by: dano | Saturday, 20 January 2007 at 01:39 AM