Anti-Hacker Kill Switch Voodoo Containment Systems

Wednesday, June 15, 2011

J. Oquendo

850c7a8a30fa40cf01a9db756b49155a

Aggressive Cyber Killswitch Anti Hacker Voodoo Containment System

Internet killswitches [1], taking over global botnets [2], covertly building communications channels to bypass government in foreign countries (Shadow Internets), sounds amazing.

Now if you thought these were criminals, you were wrong, for it is nothing more than the United States government at work.

For all the news I often read about, concerning other rogue countries targeting the United States, almost all of the news regarding what my government does [1,2,3] goes by relatively unnoticed or unspoken about by most media outlets, let alone security outlets.

While the topic may appear to be politically charged, I will try to keep a focus on the technological aspect of 'ye ole killswitch.'

Internet killswitches: Who needs them and why. It is rather ironic to even think about the United States attempting to carry out some form of killswitch considering that at the same time, the government is trying to build a system to bypass other countries' killswitches.

Certainly a cyberparadox if I have ever seen one. The mere notion of what the intended purpose is for is outrageously flawed, nevertheless the pursuit is on to build it anyway. At what cost, what savings, what benefits?

Keep in mind as you read this that 1) I do not work for any government agency 2) I do not work for any government contractor 3) I could care less about which politically party did what this week 4) I am approaching this from an outside scope.

That scope is one of the security engineers whose responsibilities included defending networks and compromising networks via penetration testing for clients. With this said, let us now look at the cliffnotes:

  • Stop an attack from taking out the N (where N is whatever sounds groovy, Nuclear Reactor, Electrical Grid, etc.)
  • Prevent obvious catastrophe via way of the above cliff note
  • Save the citizens and money from the two cliff notes above


We can hone in on cliffnote number one and assume that "we need to stop attackers from causing catastrophe which could lead to injuries and or death and cost in upwards of X amount of money."

This leaves us with the underlying goal of nipping an attacker at the bud. Feasible? Not really. Practical? Not really. Cost effective? Not really. So why are we wasting our time with this? Same question I ask myself every time I read another article concerning killswitches and the likes.

America has been warned over and over about attribution over the Internet with the most resonant content from the Center for a New American Security's (CNAS) "America’s Cyber Future: Security and Prosperity in the Information Age" more specifically the chapter titled: "Separating Threat from the Hype: What Washington Needs to Know about Cyber Security" [4].

Yet with clear and accurate pictures given, our government is still pursuing security blindly, approaching defensive measures incorrectly and will likely spend millions if not billions following security charlatans.

At what point will we take a corrective approach to defensible security as opposed to the continuing downward spiral of following those in the herd? We know who "those" are, the ones responsible for an Alphabet cereal acronym of guidelines, regulations, measures, etc.

You know, the kind of stuff only a suit follows. Political? A little and I apologize however, it needs to be stated in order to prepare you to understand why it will fail technically.

As a defender of networks, it has been repeated ad-nauseam that we are approaching this wrong. A killswitch as defined slash conjured up slash depicted slash theorized, would allow the United States to block incoming or outgoing connections to a specific destination or from a specific source.

While it may sound good on paper, the reality is that in an attack, especially a semi sophisticated attack, this killswitch will do nothing against an internal implosion.

Go and take a harsh look at Stuxnet again, if you haven't been bored by it and try to understand it from the non-technical realm. Stuxnet had a specific payload that targeted something specific. There would have been no killswitch in the world that would have stopped it.

So what, if anything, would a killswitch do when the threats are local. There is a theory of those feeding nonsense to the government that Country Y is building large scale attack vectors.

"Capable of taking us out just like in the movie Die Hard. OMG! We must act now and be prepared." It is nonsense like this that translates into these insane and obsolete ideas of killswitches. "We can cut the cord, all will be fine..." This is not and can never be the case. Anyone pitching this idea needs to be sent to Camp X Ray for an interview.

Creating a killswitch for the Internet would never work because of the flaw in attribution. Who is attacking? Seriously, ask yourself, who is attacking? This is at the core of why most of these ridiculous ideas will fail.

Because we cannot attribute an identifiable aggressor, then who are we cutting ourselves off from? Not to mention, because of the flaws associated with attribution, an attacker can pretend to be anyone he or she or Country Y wants to be. In fact, should a killswitch ever be implemented, an attacker can cause huge financial fall-out by simply pretending to be a country of his or her or Country Y's choice.

Imagine having an entire banking infrastructure disconnected because of a bunch of script kiddies [5]. For every step this government (the United States) takes, they seem to take the same redundant steps backwards.

What monies can be saved here with a killswitch? The more I think about it, the more I say none and the more I see money being dumped into a bottomless pit. Rather than waste money and resources on nonsense, it would be more beneficial to support the engineers who created most of the protocols associated with the Internet.

Sponsor them to build a bulletproof network. One where spoofing is not an issue. One similar to say SIPR or NIPR where mission critical business MUST have security at the forefront of operations.

Otherwise, I may need to dig a hole in my yard, register "Aggressive Cyber Killswitch Anti Hacker Voodoo Containment System Inc," apply for a GSA # and point government to my bottomless pit. Why waste money and time on nonsense? [6]

Whatever... For Sale... Dirt Cheap

J. Oquendo
sil at Infiltrated dot net

[1] http://www.huffingtonpost.com/2010/06/17/internet-kill-switch-woul_n_615923.html
[2] http://www.fbi.gov/news/stories/2011/april/botnet_041411
[3] http://media.cbronline.com/news/us-building-shadow-internet-to-circumvent-web-censorship-by-repressive-regimes-140611
[4] http://www.cnas.org/node/6405
[5] http://en.wikipedia.org/wiki/Script_kiddie
[6] https://infosecisland.com/blogview/14329-Security-Stupid-Is-As-Stupid-Does.html

Possibly Related Articles:
5046
Network->General
Information Security
Government internet Attacks Kill Switch National Security hackers
Post Rating I Like this!
Default-avatar
Lucian Andrei I agree with you. This is completely crazy.
Everybody is saying that China will attack US, which is the stupidest thing possible. This will not happen soon because:
- China is selling a huge amount of s..t in US
- China owns a big percentage of US
Maybe when US will be down in the knees they will give the US the final punch, but it is not the case yet.
I really hate those security companies that are using fear to sell their frakty products (DLP, AV...). They are huge, they have tons of money and influence, and it needs a powerful, educated opponent to stop them. I doubt that this will happen.
For those interested I recommend you to read the book “The Culture of Fear”, and you’ll better understand the game.
1308230320
850c7a8a30fa40cf01a9db756b49155a
J. Oquendo People are no longer differentiating espionage from any type of attack. I blame this on the media and security (un)professionals who often mince their words with the reality. Is China spying on it? Absolutely. The same applies to us. All countries spy, this is nothing new. The likelihood of a country trying to "take over the electric grid" is akin to a mass global suicide in the sense that any country would be insane to do so. That would be a conclusive declaration of war.

Because we have a lot of debt with China owing this country, unless business people are insane, they'd be throwing away their money on some type of attack as described by media. They attack, we declare war, casualties, and so on but guess what... Ultimately they lose money as they can kiss any IOUs goodbye. This is common logical sense though however, its easier and more newsworthy for media outlets to paint a boogeyman. Nothing new here: http://www.infiltrated.net/chinaBoogeymen.html

As for security companies, they're not going to come out of the woodwork and explain it logically, they all have money to make. That's a given. One of the big reasons I choose not to go to a large company is just that, wouldn't last long with my big mouth. I can see getting canned for calling a spade a spade.
1308236654
A3ae6fdd60ed95acaa132aa3b8b17693
Info Assurance I agree with your analysis on this issue. I think the we need to watch the other hand. These politicians (no matter what affiliation) are always trying to garner more control over every aspect of our lives, including our Internet usage. So they try to pass legislation saying it's for our protection from an outside threat, when in reality its a way for them to lock down their own people. There is a rising amount of unconstitutional acts occurring (has been for many decades) and this is one of them. If we lose our "free speech" on the Internet the whole landscape changes. What is the first thing countries like Iran and China do to squash dissent? They target Internet usage and speech. The sheeple must wake up and realize nothing is as it seems.
1311778717
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.