Ramblings of an old Doc
Published on June 23, 2017 By DrJBHL In Personal Computing


This post has zero to do with politics. I want none on it. While it is relevant to recent events, there's a lot more to it, namely how the Internet has to change for everyone's security (and why it probably won't).

The simple fact it that it is extremely difficult to catch cyber criminals and not much effort is made to actually do so. Why? Because it is almost impossible to accurately attribute attacks. This is because of the way the net was designed by DARPA way back when there was no cyber crime, and when it wasn't anticipated at all.

"The pioneers sough to establish a robust, non-centralized internet that could not be physically destroyed by attacking a few key communications centers, and that could ensure secure communications. The pioneers sought to establish a robust, non-centralized internet that could not be physically destroyed by attacking a few key communications centers, and that could ensure secure communications. But every day, nowadays, there are millions of attacks,” he said. “Nobody goes after the criminals. So why not develop the technologies to do so? Change the internet protocol,” he urged. “You need to re-engineer the internet to enable identification of the source of everything." -Gen. Y. ben Israel

"How does the internet work? You want to send me an email. You have a supplier. Netvision, say. Netvision has Wi-Fi. You’re in contact with a local server, one of thousands. It takes your note and breaks it into packets, each of which has its own ID. That server sends all the packets to all the servers it is in touch with. And all those servers send all those packets to all the servers they’re in touch with. It’s a global infrastructure. Now, one of those servers is my local server. It puts all the packets together and delivers your note to me.

Why was the internet set up like that? One: You’d have to destroy half the world to prevent your note being delivered to me. Two, no single packet has all the information. So everything is secure. That’s how the internet was set up by DARPA." - ibid

Because there are so many methods of attack and so many variants, individual defense is a virtual impossibility. Developing endless tools for defense is equally pointless. What has to happen (if we wish to put an end to the attacks) is redesign of the internet to make attributaability and answerability the sine qua nons.

That would mean that there would be no more privacy regarding the source of posts and communications, etc. It would not mean that personal data would be involved. In fact, personal and financial data would become infinitely more secure.

Unfortunately, insecurities in OSs, software and browsers have to be addressed, as well. Intelligence agencies and law enforcement agencies are in conflict here with personal and state attributability and accountability. Intelligence agencies are very much interested in maintaining vulnerabilities...and that's probably why the net won't change, despite the positives of attributability for law enforcement and for intelligence as well.









Comments (Page 1)
on Jun 24, 2017

Okay, so what need to change, and what attributes of the net (other than anonymity) would be altered?


on Jun 24, 2017

The anonymity and non-attributability of the net...

Read the first source.

on Jun 24, 2017

It's obvious what you want to change.  I want to know how you want to change it.


on Jun 24, 2017

I disagree. The way the internet was built is a feature, not a bug, and those same aspects you want to eliminate are precisely the things that make it a powerful tool for freedom.


That server sends all the packets to all the servers it is in touch with. And all those servers send all those packets to all the servers they’re in touch with.

I don't know what Mr Ben-Israel is a professor of, but it's clearly not of networking, because this is completely wrong (and not in a way that could be explained as gross simplification for an interview). You can read what actually happens here.

Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it.

When someone is waging an attack, they don't do so directly from their own computers. They will typically use previously compromised systems as proxies. Thus the compromised system is the 'origin' of the traffic, and even if you did know who was sending it, you would gain exactly nothing because that compromised system is not going to helpfully log traffic from its commander (which would likely have been routed from any number of other proxies in exactly the same position). Ergo, this isn't something you can simply redesign. What Mr Ben-Israel seeks would require complete omniscience (total awareness and permanent memory) of all network traffic in the entire world, as well as knowledge of how that traffic was used at each node in the network.


Unfortunately, insecurities in OSs, software and browsers have to be addressed, as well.

That is exactly what should be done, and all that needs to be. If client systems were properly secured (least privilege, etc.), it would eliminate most methods of attack other than denial-of-service and social engineering.


on Jun 25, 2017

He knows exactly what he's talking about. 

You can read a bit about him here: https://secdip.tau.ac.il/isaacbenisrael

"Perhaps someone who doesn't even understand how the internet works is not in the best position to demand entirely redesigning it."

I have the feeling that is a fundamentally inaccurate statement.


on Jun 25, 2017

His resume consists of math, physics, philosophy, military intelligence/research, various administrative positions, and politics. None of those things are computer science.

This is what happens when smart people assume they know everything about everything and not just their fields of expertise. Don't fall for the old argument from authority fallacy.

His depiction of how networks function is not just wrong but deeply and fundamentally wrong. If they worked as he described, traffic would scale exponentially with the number of nodes and they would not function at any scale beyond the most local level.


on Jun 25, 2017

And yet he heads the Blavatnik Interdisciplinary Cyber Research Center of Tel-Aviv University...go figure.

on Jun 25, 2017

An administrative position, doc. Managing researchers does not a researcher make.

Maybe it's different in medicine, but elsewhere the folks in charge are pretty much never experts of the field (though they may have some distant past experience in it or something related)--they're experts of being in charge. And often even they themselves tend to confuse that distinction.

on Jun 25, 2017

I trust what he has to say. One doesn't have to be an expert in computer science to understand what's wrong with the 'attributability' problem, and I'm pretty sure he has ready access to world class experts on the internet and its structure and function.



on Jun 25, 2017

 As long as there are proxies, you'll never be able to rely on the source of a data packet.

on Jun 25, 2017

Trust is all good and well, but we're not talking beliefs or subjectives here. He made statements of fact which are easily proven to be unequivocally wrong. So clearly he didn't avail himself of the experts he has access to when he did this interview.

This is a lot like all the law enforcement officials asserting that encryption should be illegal or the government should have a back door. They really don't understand what they are actually asking for--they just know that it makes their job difficult and they think it needs to change.

Mr. Ben-Israel is a military man, so true to that he wants the internet to change to make it easier to defeat the enemy (whoever that might be). That sounds great on paper if you don't mind the chilling effects to privacy and freedom (not a small thing those). And you can demand people be identified or licensed when making statements or sending messages online, as authoritarian countries are doing. But if you want to change the underlying design of computer networks so you can tell positively where traffic came from, in spite of the fact that it's going to be relayed indirectly? That just isn't possible, and anyone who actually understands how these things work would know that.

on Jun 25, 2017

Which is why I agree it should be re-engineered...the consequences are all to apparent to keep it the way it is at present...but the back doors, etc. are the additional layer of insecurity done because of the attributability thing, in part.

Also...his rank was more a professional thing rather than a line officer thing. As for solutions, CEOs do the same...not just military.

on Jun 25, 2017

I'll make it simple with an analogy.

Normal, direct traffic can be likened to corresponding via letter using pony express. The letter has the recipient and return address on it, so you know who sent it, and you can reply back to them, etc. There are other people involved with getting the letter from point to point (the pony riders), but they don't change the address on it.

Malicious traffic on the other hand, is akin to sending a coded letter to a middleman rather than the intended recipient. That person gets the envelope, and reads the coded message enclosed within giving directions to send a letter to someone else, then commits the sender's address to memory and destroys the coded letter before carrying out the directions (much like an old-time spy network). This process repeats any number of times. Finally, the target gets a malicious letter, and the return address on it is the last middleman. That recipient can know who sent them the letter but they can't know who started the whole chain of events. The evidence has been destroyed and the last middleman can't be made to confess, so even if you go after them you won't be able to find who ordered them to do it.

Unless the letters continue and you have access to observe patterns of behavior and work back to the source, the only way you could tell who was orchestrating things would be by directly observing the activities of everyone who could possibly be involved, and recording everything that transpired both in public and in private (since while you can correlate communications, you can't prove whether any given communication was the one without seeing the middleman decode it and reading it yourself). This is liable to be necessary in any case because there is no requirement for the orchestrator to use the same middlemen each time.

As you can hopefully understand, this is not an engineering problem. The sole solution to this 'problem' is total omniscience, because we're talking about knowing and controlling the behavior of people and the nodes on the network, not just how data is transferred among them.

on Jun 25, 2017

Unfortunately, it isn't that simple...not at all like a pony express...because the internet was designed to be virtually indestructible. What has to happen for security from these attackers is the ability to trace things back to the originators and that requires re-engineering. 

Look let's just leave this discussion as it (the re-engineering) won't happen due to vested interests, or until those vested interests are forced to change...

on Jun 25, 2017

The redundancy argument isn't really germane--the point of the analogy was the issue of addressing vs proxies; the pony express bit was just to illustrate that it involves decentralized communication via intermediaries who can't read the content of the communications.

It's not an engineering issue, nor one that engineering can solve. It's not about vested interests either. The point is that it is simply impossible, for two big reasons among others:

- Attribution gets you nothing, because a person (and a computer) can always act on someone else's behalf, and you can't make them tell you that (especially if they don't even know they are doing it).

- Even knowing everyone that everyone communicates with gets you nothing, because you can't put the encryption genie back in the bottle. And there are plenty of ways to encrypt data without making it look like it's encrypted at all, so you can't just prohibit encryption and assume any encrypted traffic that remains is malicious.

These issues predate computers by millenia--these are the same techniques (proxies and secret/coded communication) used by criminals and spies for all of human history. So in essence, the problem you are trying to fix is humanity itself.

You're welcome to end the debate if you like, but lets not be disingenuous about what the problem that needs solved actually is.