Infiltrated dot Net

Aggressive Cyber Killswitch Anti Hacker Voodoo Containtment System
Written by J. Oquendo   

Internet killswitches [1], taking over global botnets [2], covertly building communications channels to bypass government in foreign countries (Shadow Internets), sounds amazing. Now if you thought these were criminals, you were wrong, for it is nothing more than the United States government at work. For all the news I often read about, concerning other rogue countries targeting the United States, almost all of the news regarding what my government does [1,2,3] goes by relatively unnoticed or unspoken about by most media outlets, let alone security outlets. While the topic may appear to be politically charged, I will try to keep a focus on the technological aspect of 'ye ole killswitch.'

Internet killswitches: Who needs them and why. It is rather ironic to even think about the United States attempting to carry out some form of killswitch considering that at the same time, the government is trying to build a system to bypass other countries' killswitches. Certainly a cyberparadox if I have ever seen one.The mere notion of what the intended purpose is for is outrageously flawed, nevertheless the pursuit is on to build it anyway. At what cost, what savings, what benefits?

Keep in mind as you read this that 1) I do not work for any government agency 2) I do not work for any government contractor 3) I could care less about which politically party did what this week 4) I am approaching this from an outside scope. That scope is one of the security engineers whose responsibilities included defending networks and compromising networks via penetration testing for clients. With this said, let us now look at the cliffnotes:

  • Stop an attack from taking out the N (where N is whatever sounds groovy, Nuclear Reactor, Electrical Grid, etc.)
  • Prevent obvious catastrophe via way of the above cliff note
  • Save the citizens and money from the two cliff notes above


We can hone in on cliffnote number one and assume that "we need to stop attackers from causing catastrophe which could lead to injuries and or death and cost in upwards of X amount of money." This leaves us with the underlying goal of nipping an attacker at the bud. Feasible? Not really. Practical? Not really. Cost effective? Not really. So why are we wasting our time with this? Same question I ask myself every time I read another article concerning killswitches and the likes.

America has been warned over and over about attribution over the Internet with the most resonant content from the Center for a New American Security's (CNAS) "America’s Cyber Future: Security and Prosperity in the Information Age" more specifically the chapter titled: "Separating Threat from the Hype: What Washington Needs to Know about Cyber Security" [4] Yet with clear and accurate pictures given, our government is still pursuing security blindly, approaching defensive measures incorrectly and will likely spend millions if not billions following security charlatans.

At what point will we take a corrective approach to defensible security as opposed to the continuing downward spiral of following those in the herd? We know who "those" are, the ones responsible for an Alphabit cereal acronym of guidelines, regulations, measures, etc. You know, the kind of stuff only a suit follows. Political? A little and I apologize however, it needs to be stated in order to prepare you to understand why it will fail technically.

As a defender of networks, it has been repeated ad-nauseam that we are approaching this wrong. A killswitch as defined slash conjured up slash depicted slash theorized, would allow the United States to block incoming or outgoing connections to a specific destination or from a specific source. While it may sound good on paper, the reality is that in an attack, especially a semi sophisticated attack, this killswitch will do nothing against an internal implosion.

Go and take a harsh look at Stuxnet again, if you haven't been bored by it and try to understand it from the non-technical realm. Stuxnet had a specific payload that targeted something specific. There would have been no killswitch in the world that would have stopped it. So what, if anything, would a killswitch do when the threats are local. There is a theory of those feeding nonsense to the government that Country Y is building large scale attack vectors. "Capable of taking us out just like in the movie Die Hard. OMG! We must act now and be prepared." It is nonsense like this that translates into these insane and obsolete ideas of killswitches. "We can cut the cord, all will be fine..." This is not and can never be the case. Anyone pitching this idea needs to be sent to Camp X Ray for an interview.

Creating a killswitch for the Internet would never work because of the flaw in attribution. Who is attacking? Seriously, ask yourself, who is attacking? This is at the core of why most of these ridiculous ideas will fail. Because we cannot attribute an identifiable aggressor, then who are we cutting ourselves off from? Not to mention, because of the flaws associated with attribution, an attacker can pretend to be anyone he or she or Country Y wants to be. In fact, should a killswitch ever be implemented, an attacker can cause huge financial fall-out by simply pretending to be a country of his or her or Country Y's choice. Imagine having an entire banking infrastructure disconnected because of a bunch of script kiddies [5]. For every step this government (the United States) takes, they seem to take the same redundant steps backwards.

What monies can be saved here with a killswitch? The more I think about it, the more I say none and the more I see money being dumped into a bottomless pit. Rather than waste money and resources on nonsense, it would be more beneficial to support the engineers who created most of the protocols associated with the Internet. Sponsor them to build a bulletproof network. One where spoofing is not an issue. One similar to say SIPR or NIPR where mission critical business MUST have security at the forefront of operations. Otherwise, I may need to dig a hole in my yard, register "Aggressive Cyber Killswitch Anti Hacker Voodoo Containtment System Inc," apply for a GSA # and point government to my bottomless pit. Why waste money and time on nonsense? [6]

 

Whatever... For Sale... Dirt Cheap

 

 

[1] http://www.huffingtonpost.com/2010/06/17/internet-kill-switch-woul_n_615923.html
[2] http://www.fbi.gov/news/stories/2011/april/botnet_041411
[3] http://media.cbronline.com/news/us-building-shadow-internet-to-circumvent-web-censorship-by-repressive-regimes-140611
[4] http://www.cnas.org/node/6405
[5] http://en.wikipedia.org/wiki/Script_kiddie
[6] https://infosecisland.com/blogview/14329-Security-Stupid-Is-As-Stupid-Does.html