The topic of offensive strategies against hackers comes up frequently and I am surprised and dismayed by the US strategies on combating cyber terror. The Americans are still thinking in a conventional warfare paradigm – in defending a new domain, William Lyn writes:
It must also recognize that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult and time consuming to identify an attack’s perpetrator.
Dismantling terrorist infrastructures and social fabrics is neither retaliation nor vigilantist and I am dismayed by the DoD strategy of combating terror with defenses instead of using anti-terror techniques
Predicting cyberattacks is also proving difficult, especially since both state and nonstate actors pose threats…..Given these circumstances, deterrence will necessarily be based more on denying any benefit to attackers than on imposing costs through retaliation.To stay ahead of its pursuers, the United States must constantly adjust and improve its defenses.
At a network level, you would and should black list the source of the malware – it might be an IP address that gets blocked at the firewall level or at a blacklist level or as a modified signature in a content filtering/IPS system.
However – this is a defensive strategy that we know is not very effective strategy in the long term, since it doesn’t address the root cause of the threat. A more interesting approach, used several years ago against Code Red – redirects requests back to source IP addresses – if large numbers of attacked web servers would do that – it could create a DDOS attack – punishing the attackers in a turn about is fair play strategy.
Attacking social networks of hackers
Although there are offensive alternatives such as mounting systematic DDos attacks on the attackers or developing targeted spyware such as Stuxnet, even more intriguing is the notion of using a demand-side strategy to reduce the social value of being a hacker. Let’s learn from the counter terror success of the Italians in the late 60s with dismantling the Brigatisti. The Italian government infiltrated the Red Brigades – bred mistrust and quickly rolled up the organization.
Attacking the social networks of people who develop and distribute malware would involve infiltrating the hacker underground, arresting hackers for criminal activity and cutting deals in return for actionable intelligence.
Since malware is a form of terrorism – I believe that this strategy could be effective since it goes directly to the source and potentially denies a key hacker benefit – the social gratification.
While an interesting idea – the key barrier to this strategy is deploying it where hackers operate and obtaining the cooperation of local law enforcement.
As Mr. Lynn writes in his article in Foreign Policy – the Americans are keen on cooperation:
Cyber Command’s third mission is to work with a variety of partners inside and outside the U.S. government. Representatives from the FBI, the Department of Homeland Security, the Justice Department, and the Defense Information Systems Agency work on-site at Cyber Command’s Fort Meade headquarters, as do liaison officers from the intelligence community and from allied governments. In partnership with the Department of Homeland Security, Cyber Command also works closely with private industry to share information about threats and to address shared vulnerabilities. Information networks connect a variety of institutions, so the effort to defend the United States will only succeed if it is coordinated across the government, with allies, and with partners in the commercial sector.
While it’s not clear that the Chinese or Estonian governments would play ball- if the Americans are really intent on combating cyber terror through international cooperation, perhaps they should trade in their defense-oriented strategy for an anti-terror and demand-side strategy.