Image: Illustration by Curt Merlo
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
It’s starting to get weird out there. When WikiLeaks released classified U.S. government documents in December, it sparked several rounds of online conflict. WikiLeaks became the target of denial-of-service attacks and lost the support of its hosting and payment providers, which inspired sympathizers to counterattack, briefly bringing down the sites of MasterCard and a few other companies. Sites related to the hackers were then attacked, and mirror sites sprang up claiming to host copies of the WikiLeaks documents—although some were said to carry viruses ready to take over the machines of those who downloaded the copies, for who knows what end. Months before, an FBI official said disruption of the Internet was the greatest active risk to the U.S. “other than a weapon of mass destruction or a bomb in one of our major cities.”
Attacks on Internet sites and infrastructure, and the compromise of secure information, pose a particularly tricky problem because it is usually impossible to trace an attack back to its instigator. This “attribution problem” is so troublesome that some law-enforcement experts have called for a wholesale reworking of Internet architecture and protocols, such that every packet of data is engraved with the identity of its source. The idea is to make punishment, and therefore deterrence, possible. Unfortunately, such a reworking would also threaten what makes the Internet special, both technologically and socially.
The Internet works thanks to loose but trusted connections among its many constituent parts, with easy entry and exit for new Internet service providers or new forms of expanding access. That is not the case with, say, mobile phones, in which the telecom operator can tell which phone placed what call and to whom the phone is registered. Establishing this level of identity on the Internet is no small task, as we have seen with authoritarian regimes that have sought to limit anonymity. It would involve eliminating free and open Wi-Fi access points and other ways of sharing connections. Terminals in libraries and cybercafes would have to have verified sign-in rosters. Or worse, Internet access would have to be predicated on providing a special ID akin to a government-issued driver’s license—perhaps in the form of a USB key. No key, no bits. To be sure, this step would not stop criminals and states wanting to act covertly but would force them to invest much more to achieve the anonymity that comes so naturally today.
The price to the rest of us would also be high. The Internet’s distinct configuration may have made cyberattacks easy to launch, but it has also kindled the flame of freedom. One repressive state after another has been caught between the promise of economic advancement through abundant Internet access and the fear of empowering its citizens to express themselves freely. An Internet without the attribution problem would introduce a new issue: citizens could be readily identified and punished for their political activities.
We need better options for securing the Internet. Instead of looking primarily for top-down government intervention, we can enlist the operators and users themselves. For example, Web site operators could opt into a system of “mirror as you link.” Whenever their servers render a page, they cache the contents of the link. Then, when someone tries to get to the site and can’t, he or she can go back to the original linking site and digitally say, “I can’t get that link you just directed me to. Would you mind telling me what was there?”
Such a system of mutual aid would draw on the same cooperative and voluntary instinct behind the development of the Internet itself. If I participate as a Web site, I will know that others linking to me will also mirror my material; we each help the other, not simply because it’s the right thing to do, but because we each benefit, spreading the risk of attack and cushioning its impact among all of us. It’s a NATO for cyberspace, except it would be an alliance of Web sites instead of states.
Rights & Permissions
See what we're tweeting about
12 Comments
Add CommentThe attribution problem is essentially impossible to resolve. It's not something that can be solved in the Internet architecture or protocols, because that's not where the problem is. Every packet of data on the Internet IS already engraved with its source, an IP address. The problem is that the machine sending the data may be acting on behalf of someone else -- the proximate source is not the ultimate source. We have proxy servers that voluntarily transmit data on others' behalf (a special case of this is TOR networks, which use multiple relays and encryption so that even the network operators can't find the originator), and botnets, where a third party takes control of thousands or millions of computers. As long as computers can initiate network communications independently of interactive commands by users, you can't stop these types of activities.
Reply | Report Abuse | Link to thisIf it ain't broke...don't fix it!
Reply | Report Abuse | Link to thisThere has never been a cyber-attack of critical infrastructure, and it's not for a lack of trying.
We are hardly bothered by viruses, spam, or DDOSes.
On the other hand, the "chilling effects" of removing anonymity would be catastrophic. There is a reason why it was put in the US constitution centuries ago.
It is simply naive to think that, granted the power to filter the Internet, people will only use that power for good. And once that power is granted, there will be no way to know whether it is being abused, no way to safely investigate, or report on it.
Far better is it to learn to live with anonymity. If you don't want identity theft, do not put your financial information online. If you want privacy, be anonymous. If you're afraid of predators, do not trust so called friends that you have never met.
If someone libels your name, be a better person, or company, or government, and it will happen to you less than your competitors. If you are a creator, put your work online; you'll become famous, then sell what isn't online. If your business model is outdated, then take up a trade.
Information is not, itself, dangerous. Fraud is stealing money, not information. Terrorism is destroying flesh, not information.
Information is harmless. But a lack of information is never good. And the ability to restrict information is worse than a license to commit fraud, it is worse than terrorism.
I can't verify this, but I think that the core of the attack on Wikileaks, Julian Assange, and internet freedom in the USA today is not necessarily from government. There is some such pressure, certainly.
Reply | Report Abuse | Link to thisBut the big boys in the banking sector are far more arrogant and used to getting their way when they want it than anybody in government. And they are looking at the distinct possibility of going to prison for the rest of their lives after Wikileaks processes their files and posts them. That is a much stronger motive to twist arms to exert the kind of criminal pressure on the government of Sweden that we have seen than anyone in the State Department has.
In a not unrelated story …
Reply | Report Abuse | Link to thishttp://www.examiner.com/social-media-in-national/us-gov-software-creates-fake-people-on-social-networks-to-promote-propoganda
You can never successfully control what EVERYONE else does. To attempt to do so will always be doomed because someone will always figure out a way to circumvent your controls. Those who fear attacks should set up reasonable security measures for themselves and allow others to act freely the same way. That's how the non-cyberworld operates. Cooperation is more powerfull than total control.
Reply | Report Abuse | Link to this"Every packet of data on the Internet IS already engraved with its source, an IP address."
Reply | Report Abuse | Link to thisUh, no.
While technically true, there is no guarantee that the ip address is a valid one. Attackers who have no desire to form a legitimate connection routinely forge the return IP addresses when they flood targets with UDP packets.
A solution, which wouldn't compromise the essential anonymous nature of the internet, would be to require all ASs to implement source level filtering, i.e. ensuring that packets they are sending out could have originated within their network. If for no other reason than to make DDOSs traceable back to their source hosts.
This would cause programs that rely on forged packets to do firewall tunneling to fail, i.e. Skype, but there really ought to be a less hackish solution for that anyway.
As you say, criminals will still be able to proxy their connections through owned hosts on the internet, a problem that will never be solveable, so more invasive tracking measures will only hurt our freedom of speech, of which being able to post things anonymously is essential. Even in the Founders' days, the anonymous broadsheets were a core component of free speech.
I read a few days ago on Ars Technica that some large bank believed to be Bank of America was a major player in attacks against Wikileaks because of some "dirty laundry" they have. I think the government has a right to keep some things secret, but I also like the idea of something like Wikileaks (or Anonymous) keeping companies/governments honest. Hopefully whatever bank it was has that dirty laundry shown to the whole world, if for no other reason than to send a message: we'll only put up with so much BS before striking back.
Reply | Report Abuse | Link to thisI have to disagree with boothie on the statement that, "If it ain't broke...don't fix it!
Reply | Report Abuse | Link to thisThere has never been a cyber-attack of critical infrastructure, and it's not for a lack of trying.
We are hardly bothered by viruses, spam, or DDOSes." That may be true of the USA so far, but look at what Russian hackers have been accomplishing in Estonia...to act as if the U.S. is total cyber-terror proof is naive and shortsighted. Just look at the post in the BBC: http://news.bbc.co.uk/2/hi/europe/6665195.stm
Webmaster, http://mybadcomputer.com/
Jonathan Zittrain is a sweet, kind, and well-meaning guy with a very rosy, optimistic view of human nature, but he's seriously confused about how the Internet works. The gap between what the cellular network knows about its users and that the Internet knows is not nearly as large as he imagines. You don't get on the Internet without an ISP handing you an IP address, and most of the time you have to pay a fee for the service. The exceptions - open Wi-Fi access points and the like - are about as profound as the exceptions to the cellular model: I can steal your cell phone, but the phone is registered to somebody, somewhere, just as the open Wi-Fi access point is.
Reply | Report Abuse | Link to thisThe underlying problem for the Internet is the nature of the trust relationships that are required among network operators and users to keep the system running. The Internet is amazingly collaborative, because it must be; the design requires collaboration and cooperation. But nobody wants to cooperate with malicious players, and that's the rub in the systems of blind cooperation that Zittrain fancifully promotes.
There are many more malicious sites on the Internet than Zittrain imagines. It would be nice if he would write something about the real Internet instead of the fairy tale Internet that exists solely in his imagination.
Experiment: Try encrypting a bunch of personal data (e.g. bmp screenshots of a recently submitted obligatory census session over https) to an archive file in some regular working space. (I used a local machine networked to a medium sized company proxy server) On the next day, check if it becomes difficult to evoke responsiveness from that same computer. If so, delete the encrypted file(s), reboot and compare. In my case, I got my responsiveness back on a machine that takes 25 minutes nevertheless to start. I got my machine responsiveness back. This may be the tip of a new iceberg of things to come with competition in the not-so-clean backdoor access business.
Reply | Report Abuse | Link to thisReally a nice article and good info as well.
Reply | Report Abuse | Link to this===================
<a href="http://compareenergyprices.org.uk" rel="dofollow">Compare Energy Prices</a>
There IS a method to stop the DDOS/Smurf attacks, however the method would require (almost) complete cooperation amongst all internet providers. The solution isn't to track an attack and stop it, the solution is to prevent attacks from ever happening.
Reply | Report Abuse | Link to thisEach company connected to the internet has a set or range of IP addresses it either owns or leases..and since individual user must always connect through a company the company and their respective uplink ISPs can push eACLs (Extended Access Lists) to their edge routers (where users/companies connect to upstream networks/ISPs) to block non-source IPs. Meaning, if Company A owns/leases IP range X then both Company A and their upstream providers can put in eACLs to block traffic that isn't sourced from IP range X.
If Company A doesn't comply, then their upstream ISP can turn off their service until they do. With this method in place an attacker couldn't attack anyone anywhere by trying to spoof/fake his origination IP address and only the packets sourced from his real IP address (or his company/providers range) would be permitted through. If the hacker/attack still persisted with the attack using his real IP address (or within the range of his company/provider) then at a minimum the attack can be tracked to the company/provider and A) the attack can be stopped and B) most likely the company/provider can track the attack much easier and nab the tracker.
The furthest edge of any network is where a user connects to that network, the above idea can pushed to that extreme edge and would eliminate any spoofing/dynamic attacks. Translation: every port/user connected to the internet would have an eACL preventing fake-sourced packets from being sent. And with spoofing eliminated you have effectively eliminated attacks.