Ramblings of an old Doc
Attribution
Published on June 23, 2017 By DrJBHL In Personal Computing

 

This post has zero to do with politics. I want none on it. While it is relevant to recent events, there's a lot more to it, namely how the Internet has to change for everyone's security (and why it probably won't).

The simple fact it that it is extremely difficult to catch cyber criminals and not much effort is made to actually do so. Why? Because it is almost impossible to accurately attribute attacks. This is because of the way the net was designed by DARPA way back when there was no cyber crime, and when it wasn't anticipated at all.

"The pioneers sough to establish a robust, non-centralized internet that could not be physically destroyed by attacking a few key communications centers, and that could ensure secure communications. The pioneers sought to establish a robust, non-centralized internet that could not be physically destroyed by attacking a few key communications centers, and that could ensure secure communications. But every day, nowadays, there are millions of attacks,” he said. “Nobody goes after the criminals. So why not develop the technologies to do so? Change the internet protocol,” he urged. “You need to re-engineer the internet to enable identification of the source of everything." -Gen. Y. ben Israel

"How does the internet work? You want to send me an email. You have a supplier. Netvision, say. Netvision has Wi-Fi. You’re in contact with a local server, one of thousands. It takes your note and breaks it into packets, each of which has its own ID. That server sends all the packets to all the servers it is in touch with. And all those servers send all those packets to all the servers they’re in touch with. It’s a global infrastructure. Now, one of those servers is my local server. It puts all the packets together and delivers your note to me.

Why was the internet set up like that? One: You’d have to destroy half the world to prevent your note being delivered to me. Two, no single packet has all the information. So everything is secure. That’s how the internet was set up by DARPA." - ibid

Because there are so many methods of attack and so many variants, individual defense is a virtual impossibility. Developing endless tools for defense is equally pointless. What has to happen (if we wish to put an end to the attacks) is redesign of the internet to make attributaability and answerability the sine qua nons.

That would mean that there would be no more privacy regarding the source of posts and communications, etc. It would not mean that personal data would be involved. In fact, personal and financial data would become infinitely more secure.

Unfortunately, insecurities in OSs, software and browsers have to be addressed, as well. Intelligence agencies and law enforcement agencies are in conflict here with personal and state attributability and accountability. Intelligence agencies are very much interested in maintaining vulnerabilities...and that's probably why the net won't change, despite the positives of attributability for law enforcement and for intelligence as well.

 

Sources:

http://www.timesofisrael.com/to-stop-russia-and-other-hackers-we-need-to-overhaul-the-internet-says-top-israeli-security-expert/

https://www.questia.com/library/journal/1G1-280967312/state-level-cybersecurity

https://ccdcoe.org/publications/2010proceedings/Shackelford%20-%20State%20Responsibility%20for%20Cyber%20Attacks%20Competing%20Standards%20for%20a%20Growing%20Problem.pdf


 



 

 


Comments (Page 2)
on Jun 26, 2017


These issues predate computers by millenia--these are the same techniques (proxies and secret/coded communication) used by criminals and spies for all of human history. So in essence, the problem you are trying to fix is humanity itself.


let's not be disingenuous about what the problem that needs solving actually is.
 

The problem is attributability and accountability and the internet, i.e. the subject of the OP. Let's not try to obfuscate that. That DARPA designed it without anticipating malware, etc. is a fact. That's what needs fixing, and it can be and should be fixed. That isn't "fixing humanity". That's just fixing a product which has been exploited for crime and espionage, and there's absolutely nothing wrong in doing that. Nothing at all.

It won't happen, though, because of the power of the interested agencies, just as fixing software vulnerabilities isn't always in their interest...

on Jun 26, 2017

DrJBHL
The problem is attributability and accountability and the internet...That's what needs fixing, and it can be and should be fixed.

Saying it doesn't make it so, doc. This is the same argument being made by the law enforcement folks. They insist there must be some way to hold bad actors to account, but they don't know what they're actually asking for because they don't understand how things actually work. It's like telling a homeless person that the only problem is they need to buy a house.

Any network traffic today can already be traced to its immediate source. Email (as given by Mr Ben-Israel) is a bad example because that's a disconnected one-way protocol, where there isn't actually a live connection end to end all at once (SMTP relays act as proxies, though they do add themselves to the headers as they pass a message on). It's also not used for attacks other than infected machines passing spam or infections on, and as such isn't really relevant to the concerns at issue. And there are many techniques already in use today for blocking emails originating from SMTP gateways which can't be trusted to verify their users (DKIM, etc.).

However, if someone access a website, or logs into a server, etc., the IP that traffic came from is right there in every single packet of that communication. It has to be in order to do two-way communication, after all. And ISPs already know what subscriber they've issued an IP to. This is how people get sued for peer-to-peer copyright infringement.

The problem is that in these cases where you have professional criminal activity going on, the immediate source is not the original source; you have nodes in the middle sending traffic on others' behalf. So even if a victim observes the traffic coming in, and sees where it is coming from, that tells them little of value unless the bad actor is a really low-level sort who doesn't even try to hide their tracks. And there is absolutely nothing you can do about that short of controlling or recording ALL communications AND what is done with them on individual nodes. Given we're not omniscient/omnipotent beings, that is impossible on its face.

This has nothing to do with the internet being redundant, or how TCP/IP works. So long as users or nodes on a network can act freely (impossible to prevent-people have free will and can write their own software) and communicate securely (impossible to prevent-you can't un-invent encryption, steganography, etc.), you cannot get what you want.

 

on Jun 26, 2017


Saying it doesn't make it so, doc.

Except in this case...and in fact it should be for everyones' welfare. Much like a defective traffic light.

on Jun 26, 2017

It's clear at this point you're not even reading a word I type. Asserting the impossible should be possible because it's in peoples' best interest doesn't make it any more true. No matter how many times you repeat the claim.

I sincerely hope you never get the totalitarian/surveillance state you're ignorantly wishing for (because that is the closest humans could ever get to solving the 'problem', and is exactly the solution that will be pushed if we try, and it still won't actually work). But I'm done trying to explain to you just what you're asking for.

on Jun 26, 2017


It's clear at this point you're not even reading a word I type.

Really, I think you've made your point ad-nauseam and any continuation is more "mine is bigger than yours is".

No need to continue with this.

on Jun 26, 2017

Hehe, ah shit.  

on Jun 26, 2017

I think those who created the Internet perfectly understood the danger of "someone" controlling the Internet. We should be very grateful for the freedom Internet has given to billions of people.

I think the title of this thread is very disturbing. Since when has giving up freedom for "security" been a good idea? Important systems like power production, aviation and others should always be offline anyway. Only a closed system is secure.

Internet is actually one of the few areas where I think governments, tech-corporations and ISPs are doing a good job. Internet in its current form is pretty much the only reason I am hopeful about the future of this world.

on Jun 26, 2017

anotherside

I think those who created the Internet perfectly understood the danger of "someone" controlling the Internet.

They understood how to make it virtually indestructible. They had no conception of malware nor of cybercrime since they did not exist. 

anotherside

Since when has giving up freedom for "security" been a good idea?

Since never. However no one would be giving up freedom. They would be giving up anonymity. We all would be gaining attributability. Cybercriminals know they are anonymous and can hide with the net being as it is at present. The correlate of freedom is responsibility. There is no responsibility with anonymity and without attributability. Freedom without responsibility is anarchy.

Wouldn't you feel better if criminals couldn't rob a bank by leaky code and never get caught? Wouldn't you sleep better if no one could steal your identity and be virtually certain of getting away with it?

on Jun 26, 2017

 There is one way and one way only to solve the attributability problem, and that is to make every person uniquely identifiable to any computer.  Bio-tag, arm tattoo, universal surveillance - take your pick. 

 

Mark of the Beast, anyone?

on Jun 26, 2017

and then some of us will unplug from the internet and go back to fidonet.

on Jun 27, 2017

As an individual whose work deals specifically with network traffic security/integrity I am still constantly reminded just how much I,  even as an "IT person" still don't know/understand about same.

I can however agree with everything kryo said above.  The individual referenced in the OP most definitely has little to no "real idea" what he is talking about and unfortunately without knowing "why" something works it is pretty pointless to debate changes to the "how".

on Jun 27, 2017

Anything can be changed. It was created to be one way, but it is not immutable. Nothing really is except entropy...and being the head of Israeli cyber security - probably means he knows a little something. Maybe even more than you guys. If he says it can be re-engineered, it certainly can be. Which was my original point.

on Jun 27, 2017

Yes, anything can be changed.  The argument revolves around should it and how?  These questions however cannot and should not be debated by people like 'the professor' who simply see the internet as a 'series of tubes'.  

In the world of physical security we secure things via (my favourite principle) 'least privilege'.  We secure rooms, floors and even entire buildings via this principle.  It is when an individual human is compromised (ie. a security guard etc.) that breaches in our systems happen.  The same happens in the digital world.  The only way to truly secure anything in the digital world is using the 'least privilege' computing principle (anyone worth anything in the industry knows this) so then why are breaches still so common and seemingly becoming more so?  Because the individual users are still being compromised faster than they are being secured.  The individual users and their digital machines are the weakest link in world 'internet security', not actually 'the internet' (network infrastructure) itself.  This is the 'key something' real network engineers understand and something Mr. Professor does not.

More often than not, the 'heads of security' I've encountered in my many many years of service in IT, resemble the fat doughnut-eating security guards who are seen to 'protect' our sensitive buildings when the reality is the 'least privilege' enforced by the elevator card-access systems, fingerprint/retina scanners etc. are the ones actually doing the protecting.

Once again, there is little to no point in debating how to change something, when you really know next to nothing about why it works in the first place.  The good professor should stay good at what he knows, and leave the other things up to those who specialize in the correct field(s).

 

 

 

on Jun 27, 2017

'least privilege' might be all well and good (iff everyone uses it, and if anyone would post about it ), but attributability would do plenty in catching the evil doers (another global ransomware attack in progress as we speak).

The good professor is running a prestigious cybersecurity conference as we dither about something which (as I've noted ad nauseum won't happen anyway). And, you and I should realize we're getting the non-linear conversation via a non-tech reporter who might, just might have needed verbally inaccurate descriptions of things. 

To think the Israelis would make someone ignorant of IT a Major General in charge of it, and that a University like Tel Aviv U. would do the same is ridiculous.

on Jun 27, 2017

Hey, I know Fido!  Used to run one of his kennels.

 

Meta
Views
» 10556
Comments
» 53
Sponsored Links