Talking Sense On The Cyber Threat

(BBC) Ross Anderson is Professor in Security Engineering at Cambridge University, and an author and blogger specialising in computer security and cryptology. The programme two team met with Ross to discuss the security issues arising from the success of the web; whether the cyber attacks upon Estonia in 2007 were really of such a proportion as to warrant fears that cyberwar will emerge as a new form of warfare; and just how much our online data, links and relationships might tell others about us.


INT: Do you think it's quite a difficult balancing act for Governments like China, on the one hand the internet presents them with great business opportunities and on the other hand, it results in information being leaked out that they wouldn't otherwise want the world to know?

ROSS: Well is internet security in China a balancing act you say, well whenever I hear civil servants in Whitehall using the word balance, I become distinctly uneasy. Often it's used to justify doing half of a wicked thing, rather than not doing wicked things at all and in fact there is that kind of thing for the Government in China. They can't simply turn off the internet, because Chinese businesses live by export and they need to talk to western customers. Chinese universities live by getting information from western universities, by reading research papers, downloading lecture notes and so on and they can't block that. They do want to block [inaudible 00:33:24], they do want to block stuff related to the Dalai Lama. So it's hard. Ultimately I think it's undoable and all they're succeeding in doing is raising the bar for a little while, in the end though I believe that China like everywhere else that develops, will become open and democratic like the west.

INT: And just on that subject, how close do you think Chinese authorities or any Government for that matter would ever come to fully controlling the web and censoring it, in a way that they desire?

ROSS: There have been unceasing attempts, even in the west to control the web. During the 90's we had the crypto wars, where GSHQ and the NSA said that we all had to give them copies of our crypto keys. We then had various child pornography scares, we now have an initiative in Brussels for example, that would require all member states to require that their ISP's put in blocking services, or sensibly to stop child pornography. Of course, the music companies are waiting in the wings and as soon as these mechanisms exist, they will be in parliament and they will be in [inaudible 00:34:29] demanding the use of these mechanisms to stop file sharing. There are all sorts of people you know, who see the internet as a threat and who want to control it using whichever excuse will work in the politics of the day. Ultimately I think this is [inaudible 00:34:45] because the world is just becoming so connected, that in western countries, you know there's nowhere you can put the censorship anymore. The networks are too dense, floors of information are too great, that censorship is basically a lost battle.


INT: Just going back to the origins of the internet, what is in the kind of architecture of the internet and the thinking behind the creation of the internet, that makes it so difficult to censor and to really get to the centre of?

ROSS: The critical thing about the internet that makes it censorship resistant, is the end to end principal. This is the idea that the network at its core, is a dumb network. It just forwards packets from one address to another. The intelligence, the programmes that act on this information, are at the end points. The end points might be web servers, they might be individuals, people's pc's who are talking to each other and therefore it's difficult to create a point in the centre, where you can do the censorship. Now with some applications, there are virtual centre arise and a good example is Google, because although at the network level Google is an end point of the network, from the point of view of search, it's a core component and so if you're the Government of China, you can say to Mr Google, right, you censorship your search or you can't do business in our country and that's a persuasive argument, at least for large and powerful Governments to use. But for the majority of applications, the end to end principal remains extremely important, if not paramount and therefore the information can flow from one end point to another end point through all sorts of different paths. It can be encrypted from end to end, so that if you monitor the network in the middle, you just simply don't know what traffic is coming past and in short there's no real point of leverage, there's no real point of control in the centre.

INT: So in comparison to other media, would you say that the internet is relatively de-centralised and because it's got different pathways, that is what makes it more difficult to control and censor?

ROSS: That's also an aspect to it. In addition to the end to end principal, the principal that the intelligence lies at the edges of the internet, rather than in the core, which just forwards the packets from one computer to another, there's also the fact that the internet is a many to many medium. Most of the media that we had previously, at least the technological media, were many to one or one to many. The BBC broadcast system for example, is one to many. You've got one company broadcast content to tens of millions of users, but with the internet you have millions of people creating their own content and millions of people consuming this content and for the most part, they're communicating fairly directly with each other. Now there are some virtual centre points like Google and Facebook, but apart from that, the communications are basically many to many in an end to end network and that makes it fundamentally difficult to censor.


ROSS: Cyber war is an interesting concept. At one level it's just a re-marketing by agencies such as GCHQ and the NSA of stuff that they've been doing for decades anyway. Listening in to other people's phone calls and being able to do jamming attacks for example, against their air defences and where cyber was first supposedly deployed in Gulf War One, that was basically what was involved. It was jamming the Iraqi's air defences and their communications networks, to ensure that the first wave of bombers got through. There's been an awful lot of hype about the concept of cyber war, particularly in the past 10 years and particularly since 9-11, as organisations such as the Department of Homeland Security has sought to build huge empires, imposing often unnecessary security controls on industries such as the electric power industry. None the less, it is clear that as the world becomes more connected, there will be the opportunity for nations to do bad things to each other. We haven't seen very much of it yet, but it's something that we have to think about for the future.

INT: What are the most common techniques used to attack a country's internet system and how do they work?

ROSS: Well we haven't seen attacks on country's internet systems so far, by other nation states. So we've got a shortage of examples.

INT: So you wouldn't say Estonia was a Government sponsored attack?

ROSS: People who are knowledgeable about such matters, generally don't believe that the attack on Estonia was an act of Russian State Power. They caught and convicted some ethnic Russian youngster for doing it with a small [inaudible 00:48:02] and basically the problem in Estonia was that their internet infrastructure was really, really ropey. It wasn't put together with any real resilience or band width and almost any attack could have knocked it over. Had the attack that had been done on Estonia by those kids, been tried on say the BBC's website or the Microsoft website, then it probably wouldn't even have been noticed. So the lesson there is that if you've got critical infrastructure, you should engineer it properly and size it properly, so that it can withstand minor botheration.

INT: Can you just briefly explain how Denial Service Attack works?

ROSS: How the Denial of Service Attack typically works, is that the attacker gets a few hundred or a few thousand machines, which he has subverted using Malware and gets them to send lots and lots of messages to the target. We for example got one of these on one of our machines in the lab, after we had come to the attention of a [inaudible 00:48:57], a Russian criminal network that we were attempting to monitor and measure and they got something like three or four hundred machines, sending something like six megabytes per second off our machines and of course being a university, we had proper infrastructure and were able to completely ignore that. We've got two gigabytes of connection into the lab. Whereas if that had attacked a private individual at home, with a two megabyte ADSL connection, it would have completely saturated the link and denied them service to the internet.

INT: So is it a case of bottlenecks being created, i.e. lots of computers being appropriated and those computers channelling traffic to one particular site, overwhelming it and then brining it down that way? Is that how it works?

ROSS: The idea of a, denial, distributor denial of service attack is that you've got a few hundred or a few thousand computers and get them to all send traffic to a target site, which if it is somebody's computer at home, overwhelm it so it can't go on line anymore. However if you try that with a big website, university system for example, the BBC system, then it's just thousands of time bigger and it won't work. Now the problem Estonia is that they had parts of their critical national infrastructure, which were you know sized like domestic systems, with only a few megabytes of connectivity, rather than size like professional systems with gigabytes of connectivity and this meant that it was easy for an attacker to bring them down.

INT: So what do you think can we learn from the Estonia experience?

ROSS: The main lesson to be learnt from the Estonian experience is that if you've got critical national infrastructure, you should engineer it properly and you have some capable geeks who take part in the International networks, or people who are interested in such things, who keep up to date on what's going on and what techniques are available to count all the bad stuff that happened.

INT: How serious is the threat that cyber attacks present to national security? You know, how much of an impact does it have on a country when in the case of Estonia, banks were brought down and you know institutions, internet sites were brought down?

ROSS: The Estonian example I think was very much an out [inaudible 00:51:15], because the Estonians were incompetent, they just hadn't paid attention to the possibility of being attacked in this way. Somewhere like Britain, I think the threat level is very, very low. The idea that we would be attacked online by terrorists for example, is something I have never really lost very much sleep about, because terrorism functions by shedding blood, by killing people, by inspiring terror. You know, by pressing all the buttons that the, in the animal part of our brain, that cause reactions to go off and we feel we're personally under attack, when we feel that our lives are at threat, when we're reminded of our mortality and pushed towards loyalty to our tribe. Now none of these buttons are pushed, if there is a 30 minute power cut, because somebody hacked a sub station. That's just an annoyance, it's just one of those things that happen in life. It's not going to give anything like the impact that a political militant would want in order to bring attention to his cause.

INT: Can you see the day when cyber warfare becomes an integral part of military combat, when it accompanies you know for example, the invasion of Afghanistan or you know some [inaudible 00:52:34] things where hand to hand combat is accompanied by cyber warfare, to bring down an internet system in a country?

ROSS: Well when we invested Afghanistan, we blew up one of the two telephone exchanges in Kabul, we blew up the old fashioned electro-mechanical one and we left intact the modern digital one, presumably because we had the means to hack into the digital one and wire tap such communications as were still going on. So this sort of cyber war has always been part of the mix, since people started using electronic communications and well you know so what's different. If we get attacked by a substantial nation state actor, you know if we ended up in a war in the Far East with China, or a war in the [inaudible 00:53:21] with Russia or whatever, then sure there's the possibility of bad things happening. But there's a possibility of other bad things happening too, in air attacks, nuclear attacks and compared with the possibility of a nuclear attack, cyber attacks are penny anti stuff. What you can typically expect cyber attacks to be used for in modern warfare, is as in Gulf War One, where these were used basically to see to it that the first wave of bombers got in and got back unscathed and then the first wave of bombers were able to blow up the critical telephone exchanges and air defence radars and so on, which crippled the Iraqi air defence capability and meant in turn that second and subsequent waves of bombers had, had a much safer and freer experience over Baghdad.

INT: Just moving onto, Islamism, what role do you think the web has played in fostering extremist beliefs?

ROSS: It's reckoned that online resources have been used by people who are spreading Islamist ideas, with some moderate effectiveness, in whipping up support worldwide. But then it's only part of a mix, because you know part of that is recruiting people through mosques, spreading information by you know face to face contact, by preachers spreading information by circulating books and pamphlets. It's only part of a bigger mix and it's also important to realise that the web makes available great resources of surveillance and it's well known in the trade that organisations such as the FBI, have the main Islamist websites very thoroughly instrumented and they pay an awful lot of attention to who goes there.

INT: So in as much as the web is facilitated, re-grouping together of different extremist groups, it's also provided the authorities with a mechanism to watch these groups and find out what they're up to?

ROSS: One of the biggest innovations in surveillance, in the past few years, has come about as a result of the spread of social networking sites and of social facilities on all sorts of other sites, because once people make visible who their friends are, it's possible to do a clustering analysis and start looking for covert communities. Now in the old days this was difficult, you had to send out your field intelligent staff to live in the villages and ask who was friends with whom and who was related to whom and so on and you would then, if people had phones, you'd look at their itemised phone bills and you'd look at which households were phoning who. But nowadays, information on who is whose friend is available on sites like Facebook and the 40 other sites that there are worldwide. For example, there are some researchers at MIT, tried to figure out if they could use Facebook to find out who was gay and who wasn't, so you they crawled the MIT part of the Facebook web and then they marked as gay, those people who declared themselves to be such on their Facebook web pages, and then looked at the clusters of friends and marked as tentatively gay, those people who are friends of a whole lot of gay men and worked outwards from that and by means of this, they managed to identify ten of their friends whom they knew were gay, but not out about it. Simply because of their pattern of acquaintanceships. Now exactly the same sort of thing works with Islamism or with stamp collecting or butterfly collecting, or playing the Irish pipes or any other human activity, it's possible by mapping social networks, to figure out affiliations that people aren't necessarily overt about and this is an enormously powerful tool in the hands of the Police and intelligence services, in finding out who adheres to some particular dislike to belief. Be that Islamism, or in China, a love of democracy or whatever.

Copyright © Jewish Internet Defense Force
All Rights Reserved

The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to
Related Posts with Thumbnails