Arbor Networks: Security to the Core

First, Radio Free Europe/Radio Liberty is reporting that a Kazakh website was crushed by a DDoS attack. The site, zonakz.net, appears to be a news site that may have posted, from time to time, articles critical of Moscow’s position on things. I have no data on the supposed attack in any of our monitors.

Secondly, an opinion piece from UPI titled Silent cyberwar. In this far reaching editorial by Arnaud de Borchgrave, one paragraph stands out:

Estonia in 2007, Georgia in 2008 and Kyrgyzstan in 2009 were targets of massive denial-of-service attacks organized by FAPSI, the Russian Federal Agency for Government Communications and Information, which is the Russian National Security Agency, through a variety of proxies that gave FAPSI plausible deniability. Had Russia paralyzed communications by physical attack, it would be an act of war. The aggressors in a cyberattack are almost impossible to pin down.

To date no one I know has given evidence that anyone such as FAPSI has been behind these attacks. This kind of claim appears to be unsubstantiated, unless I’m working with incomplete data. (Hat tip to IntelFusion.)

Thirdly, at Black Hat DC, Paul Kurtz reportedly stated that the US must consider the impact of militarizing cyberspace. While I agree that there needs to be better coordination between intelligence agencies, law enforcement, private industry, the military and any needed first responders, Kurtz appearantly then calls for re-exploring the US military’s case for full on Internet accounting:

Kurtz says cyberweapons require a deterrence policy, and to successfully deter an attack, you first need a capability to trace the origin of the attack. “I would argue that we need an active capability to trace back attacks,” which requires the collaboration among industry, law enforcement, and the intelligence community, he said. Then cyberweapons can be developed and potentially used to “suppress the use of kinetic weaponry.”

This point is also argued by the blog Half of the Spear in which the author writes,

What I don’t understand is how people think the deterrence or non-proliferation models are going to work in cyberspace. There is no Geiger counter for malcode. You can’t send inspectors in to see if a nation’s “peaceful software development lab” isn’t really a front for cyber weapons.

Well said.

BONUS: SRI has released a brief analysis of a new variant of Conficker that *may* allow for new update capabilities outside of the well known DNS rendevouz methods. They dub it “B++” as a variant name. We have not been able to independently verify this as we have not received such samples. So far we tracked 2.6 million unique IPs of the known variants in the sinkhole yesterday. Ouch.

This entry was posted on Thursday, February 19th, 2009 at 7:34 pm and is filed under ATLAS, Attacks, Critical Infrastructure, Policy, Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.