Cyber War for Crash Test Dummies

A lesson from the old school

The first casualty of war, they say, is truth; and that is certainly the case with the current round of cyber – skirmishing. A man who can confirm this personally is Mark Jeftovic, CEO of EasyDNS, who found his company being vilified and subjected to cyber attack for something he had nothing to do with. You see, EasyDNS had been named by a number of prominent media outlets, including the Financial Times here in the UK, as the company that had revoked Wikileaks website Domain Name registration, thus making it effectively invisible to any Web Browser.

Every web address has a domain name (like, but it also has an IP (Internet Protocol) address, roughly equivalent to a telephone number ( in the case of A DNS (Domain Name Server) performs the lookup that converts the name that you type into your browser to an IP address to make the connection. By deleting an entry from a DNS, you can thus make a website impossible to connect to, unless you happen to know the IP address – it’s like your name being removed from the phone book, but the phone number still works if anyone knows it. In fact, the outfit that had deleted Wikileaks’ DNS entry was EveryDNS, a not for profit company in the USA that has, since the early days of the net, performed this function by allowing users to register their domain name on the system. Jeftovic, despite what was said about him and his company, is in fact a supporter of Wikileaks and has since offered to host the site through EasyDNS.

It serves however to reveal a simple, but basic, insight into what the internet is. A series of communications protocols between US Government computers in the 1970’s that were then applied to any computer in the world that adopted that protocol and was connected to the global phone system – thus creating the internet; and it was there, in the 1990’s, that Tim Berners-Lee’s little programmatic masterpiece, HTML, gave us the web browser to navigate the new environment and create the world wide web. And so it was that an overnight ftp-by-email request to a NASA server for the image of the day, typed in to a green screen display, became a live video feed from the surface of Mars viewed in Google Chrome. Yet it was obvious from the green screen days that the biggest impact of the net was not just the communication, email, usenet and the like, but also the ability to access functionality and data on much more powerful remote machines.

This extraordinary explosion in functionality of the internet-enabled computer has been driven by the rapid commercialisation of the net as it entered the mainstream. The global internet might seem an odd place to fight a war, since it’s all virtual; but in the modern world it connects to an array of assets – government, military, commercial, industrial – that are targets in any war. It also affects something else considered to be fair game by some – civilians, like you and me.

First Manassas

The current round of cyber-skirmishing has broken out following the US Government’s attempt to swat back at Julian Assange as a consequence of his deft sleight of hand in receiving an archive of classified US diplomatic correspondence and then giving it to a number of news portals to publish. Not that Assange himself carried out or even sanctioned such attacks, but nonetheless his Edmund Ruffin – like release of the embassy cables inspired some of his supporters, and others simply up for rumble, to get engaged anyway. Principal among them was the group known simply as Anonymous; so named because it formed on the message boards of gaming sites like 4Chan as disparate users commented with the default id – “Anonymous”. It first attained cohesion when someone jokingly referred to it as a real person and then it took on a life of its own as an internet meme. Since it formed from a random sample of people who played cyber games in western countries, it became the cyber embodiment of Nigel Bagnall’s dictum that “nations are human beings writ large”; in the pure spirit of anarchy targets were agreed and a plan to attack them hatched. An early target, in 2006 was the website of white supremacist talk show host Hal Turner, which cost him hundreds of thousands of dollars and resulted in a lawsuit against 4Chan – and they also participated in setting up a news site in support of the Iranian Green Party during the disputed 2009 election. On the other hand the same group also took music site AllHipHop offline after a spat with some of their members and it was also widely blamed for hacking the Epilepsy Foundation’s website and displaying images of bright flashing lights. Their longest running and best known campaign is the ongoing beef with the Scientology movement; although a better insight into their membership’s psyche would be its long running tie – in with Pirate Bay, a Swedish website that allows users to locate and download copies of the latest DVD’s and CD’s without paying for them. Anonymous’ dislike of the Swedish government goes back to long before Wikileaks, as Sweden prosecuted Pirate Bay’s operators recently. As to who Anonymous really are, that is a matter of some debate. The only arrest made to date, following the pro Wikileaks attack, was a teenage boy in Holland; and given the pattern of actions to date, that might not seem so surprising.

The chosen targets on this occasion were far more mainstream – Visa (for refusing to collect Wikileaks funds), Amazon (for withdrawing hosting services from Wikileaks) and the Swedish Government (for trying to extradite Assange on sexual molestation charges); all considered to be part of a wider front opposing Wikileaks. Their chosen mode of attack was the DDoS (Distributed Denial of Service) – any computer, even a virtualised server existing within a cluster of physical servers in a datacentre, or even dispersed among various datacentres across the world (so called Cloud computing) is still just a machine with a finite capacity, it is vulnerable to being swamped. This is done by using a piece of software that simulates the actions of many users logging on to a webpage simultaneously, thus overwhelming the site and causing it to fail; even if the site doesn’t crash, it still stops people from accessing the functionality which has much the same outcome.

Ploughshares and Swords

This type of software in fact has legitimate uses, for instance to stress test a new server stack or fine tune the search algorithms of a large and complex database. The same technology applied to Malware (Malicious Software) results in a weapon that can be used to attack computer systems, or the public facing parts of them at least. There have been numerous instances of the technology being used by ad hoc activists, such as the group of Irish students in 2001 who brought down the Finance Department server in Dublin, or by governments, such as the attack launched against Georgian military and government systems during the South Ossetia war. Variants, created for criminal purposes, are now available on the net for download. The variant used by Anonymous is called LOIC (Low Orbit Ion Cannon), and was used by them in a voluntary BotNet (Robotic Network), that is a collection of computers, running into the thousands, all operating a copy of the software in synchronisation to take down the target system. An alternative method of attack is to hide the payload program inside a virus and then distribute it onto hundreds of thousands, maybe millions of computers, then have them all activate simultaneously in an enforced BotNet.

DDoS attacks can seem alarming and dangerous, and indeed they are – buts that’s what we thought about viruses when they first appeared on computers. The first true virus, as far as is known, was the Elk Cloner in 1981 which spread via infected floppy disks on Apple II computers; it had been created by Silicon Valley programmer and entrepreneur Rich Skrentka when he was still at high school, it being intended as a practical joke as all it did was display a message a set number of times. Nearly thirty years later viruses have come on somewhat, and we have adapted to defend against them – whether it’s those that try to damage our machines, harvest its data, spread spam or launch DDoS attacks.

Modern server installations are protected by a dual firewall system, consisting of outer and inner lines of defence; the area between is known as the DMZ (De-Militarised Zone) – an area of limited functionality and access where the system’s public facing functions are located; the core systems lie behind the DMZ. A DDoS attack would initially penetrate the outer wall and, sometimes, overwhelm the hardware running the web server but would be unable to penetrate the inner defence. Just as in the early battles against viruses, the defenders soon learned that because the virus was an identical copy of an original file, it had a signature that could be detected and deleted. Similarly, as a DDoS attack comes in the signature of the incoming requests can be detected and blocked. In the fight against the viruses, the Malware writers then developed strains that altered themselves slightly with every copy, the so called polymorphic viruses – this will now evolve into DDoS attacks that subtly alter each page request to confuse the firewall.

Such attacks, while alarming, mostly affect only the public facing parts of a system. In order to attack the core system a more sophisticated tool is required. Attempting to use brute force to penetrate an inner firewall is unlikely to work so an alternative vector must be found; this type of attack would attempt to introduce a virus from within the network itself, and then let the virus attack critical parts of the system. A classic example of this type of attack was the widely reported use of the STUXNET virus to attack the Iranian uranium enrichment facility at Natanz, by a person or persons unknown earlier this year. Probably inserted onto the network via an infected USB stick, the virus installs itself on a computer; it got around the windows digital certification system that identifies genuine commercial software by using two stolen certificates belonging to technology firms RealTek and JMicron, two companies with no connection except that they both have their HQ’s in the same business park in Taiwan.

Having installed itself it then searches the network for a specific type of Siemens industrial control software. When it finds it, it takes over the PLC (Programmable Logic Controller – its control panel) and issues a set of commands to, for instance, make the centrifuges rotate at an erratic speed until they break. So elaborate was this attack that it was described by the IT security firm who analysed it, as the most sophisticated piece of Malware they had ever seen – it is extremely unlikely that this was the work of a disgruntled individual or group. Some observers now believe that it should be linked with the recent targeted assassinations of nuclear scientists in Iran and originates either in Israel or some other Middle Eastern state. This is based on a registry key created by the virus called “19790509”, which can be read as 9th May 1979, the date a Jewish businessman was executed in Iran and a file path that includes the word Myrtus, said to be a reference to the plant Myrtus which represents the male force in some branches of Jewish mysticism. On the other hand, you could point out that the registry key is one of hundreds and could be a co-incidence and that MYRTUS could also mean My RTUs (Remote Terminal Units, a common component in computerised industrial machines).

By now it ought to be obvious that cyber war is anything but virtual. An attack by a militant group or a nation state consisting of massed DDoS assaults against online facilities, together with activation of previously planted Malware on computers in critical systems and followed up with a general virus attack to disable personal computers would have a devastating consequences. So forget about lurid tales of hacking the power grid, with everything that we now know about the inter-dependency of the banking system, what do you think would happen if say, a major bank’s system were taken down ?

Open and Shut

Whilst evidence of cyber espionage between the major powers is abundant, and concerns about attacks from another country natural enough, the cyber war that none of us saw coming was a western civil war. A conflict between ourselves over something that most of never imagined that we particularly lacked – free speech and transparency. Without wishing to seem complacent, if I look at the world as whole there does not appear to much of a “free speech deficit” in western countries, and certainly not in the USA. But before you offer the thought that there are many other more deserving targets if one wishes to punish lack of free speech, I would caution against such approach. You see we’ve been here before, in a desert kingdom far away that suddenly found itself catapulted in the super rich league by a huge supply of oil on their land. But no sooner had they started growing the economy and created a viable middle class then the sons of that middle class started complaining that it was lacking in Islamic values. It was of course pointed to them that there were more Islamic values there in the kingdom than any other place on earth, surely the Christian west is a more un-Islamic place ? And whilst it may have seemed a harmless way to let off steam by letting the youth sound off at the west, what they didn’t foresee was that it would produce a death cult that spread to the sons of wealthy expats in Europe who would then …. well I’m sure you get the drift.

As for the openness of the internet that is rapidly coming to an end. The fight for net – neutrality, the equal treatment given to all types of internet traffic is set to be lost, as user of hi capacity premium content won’t just be paying for the content, they will be paying for bandwidth priority as well. The whole concept of an open net is bogus anyway; this began as a government system, there were always rules of behaviour and there were always places that you couldn’t go. If it’s just letting off steam in chat rooms then it’s no problem, once it tries to take a major ecommerce site offline it becomes something more problematic.

Not everyone wants the chaos of an open web. For many, their primary use for it is social networking, so a better idea of what the future of the web is going to be like is Facebook. This is intended to be more than just a web site; it aims to be an alternative way of accessing web functions, for many people it has become their primary connection to the internet. A range of Facebook apps have appeared, that run only within Facebook and provide you, the user, with just the service stream. This aims to be an alternative environment for computer use, and in hosting its own apps, it is acting in many ways as an alternative operating system. With data and apps hosted in the Cloud, you will require only a basic, low power computer to access it, like an iPad for instance. Expect this trend to spread, with specialised environments growing up to service particular user groups. Also expect such services to go subscription based and to cut deals with ISP’s to provide enhanced bandwidth and connectivity to its paying customers. This is more like a Telnet experience was in the old days, i.e. a way of connecting to a server over the net and have your computer act as a terminal of that server.

Paying customers of these services will expect stricter rules of behaviour enforced; the situation where a youth downloading an illegal copy of a DVD from Pirate Bay gets the same priority for bandwidth as his grandmother using Facebook to keep in touch with her other relatives, will no longer exist. It may be impossible to stop Pirate Bay, but the days not far – off when it will have to operate in a low – bandwidth slow lane.

If the intention of Wikileaks was to improve transparency in government, then I regret that it will fail. Diplomats will carry on just as before, they will simply use a more secure system in future. As for free speech, that will survive in the west perfectly well without Julian Assange’s help, but the west doesn’t own the web – it’s a global system with other major powers, with their own conception of what internet freedom means. If this incident has done one thing it is to underline the growing divide between the west and, for instance China, on the subject of an open internet. Some might say that divide has already become unbridgeable, and that in effect the internet has already divided into two distinct segments, where different rules of behaviour apply.

The future of the internet is not openness, but fragmentation – what is also gone is the philosophy that said everything is free and you can say or do whatever you want. As for the World Wide Web, it was, and is, a misnomer. It should have been called the English-Speaking-World Wide Web, a reflection of the mores and opinions of just a fraction of the world’s people. With the rise of economies like China that have very different ideas what people should, and should not, be allowed to do online, expect the Web of the future to fragment into different geographical and cultural segments, where different sets of rules apply.

OpenNet, DiplomaticNet, AdultNet, ChildNet, ChinaNet, IslamNet, YouAintSeenNothingYetNet

Copyright ©2010 Savereo John

Can I see the real government secrets ?

If you had been near Westminster Magistrates recently, you might have seen a figure emerge from a taxi and scurry inside. Had you spoken to him, you might have found him world-weary and in resigned mood. This was because of what he had just read in the Times – a man had been accused of molesting two women in Sweden and another of arranging the contract killing of his newlywed wife in South Africa. His heart must have sank as he read those words, because that was his days workload. His name was Chief Magistrate Howard Riddle and he was due to have Julian Assange and Shrien Derwani before him that day and ended up having to make two decisions on bail; one for man known for his elusive, nomadic lifestyle who had talked recently of “seeking asylum in Switzerland” and the other a wealthy and successful pillar of the community in a major British city accused of the, apparently motiveless, contract killing of his wife in South Africa.

In the case of Assange it was probably for the best, although I appreciate this will be of no comfort to him, to be out of the public gaze right now. The events springing from the publication of a cache of US diplomatic correspondence have fast spiralled out of his control and are starting to have a far wider impact than he ever dreamed. He might like to reflect on the lesson of the Babel Fish in Douglas Adams, something that by effectively removing all barriers to communication between races became the single greatest cause of war and conflict in the entire history of the galaxy. The documents are now in the public domain and we have accept the reality of that, whilst at the same time hoping that nothing there breaks a sufficiently important confidence that it leads to conflict. I personally hope that it won’t come to that; in fact, I believe that the archive will become a key historical reference source for generations to come, a unique snapshot in time of the mundane day to day work of the diplomatic corps of a major power in the early 21st century and the impressions and intelligence they came across; to be pored over by future generations like Suetonius or Machiavelli are today.

That the content is not news to many in the West is because they have read most of it already in the press and in the blogosphere; and surely that it is the point – these aren’t secrets, they are mostly gleaned from local media and general political gossip. I’m prepared to be proved wrong if a future release uncovers something truly secret, but my strong suspicion is that the high level confidential stuff isn’t here at all, that’s all sent by a more secure route; unless that is the world of espionage is a deal less exciting and hi – tech than I’ve been led to believe by messrs Le Carre and Forsyth. As for the risk of him being extradited to America, that is unlikely to happen; they already have the true culprit, Bradley Manning, and can charge him with whichever crime they want up to and including whatever their equivalent of High Treason is.

Perhaps a stay in Sweden would be better for him then, as from what I’ve seen when I was there I would feel sure that the accommodation will be an improvement on the Segregation Unit of Wandsworth nick, banged up with a load of sex offenders. The food’s not bad either, try the Pyttipanna. For the record, I think of him as I do the other man who came before the court that day, Shrien Derwani –that each is an intelligent, yet surprisingly naïve man, and I am going to take a lot of convincing that either of them is rapist or a murderer – that is for the authorities to prove in either case and nobody envies the task of either the Swedish or South African judge there.

In fact, I can imagine that when a man of rock star celebrity with a healthy interest in women is suddenly brought into contact with an array of adoring Swedish females, it would take the forbearance of a Saint to resist. He might have spent some time, however, talking to Swedish men first; this is a land with the strictest laws against rape in the western world and where the most common joke among men is “never sleep with a Swedish woman without her written permission”. In those circumstances a modicum of self control can save an awful lot of grief later.

Similarly, whilst I’ve never been in South Africa, I have been in Nigeria. Changing a large amount of money on the street (the rate is far better than the banks) and hiring a car and a driver with cash (not too many Visa signs there) are not at all unusual, and neither is the other thing he asked for. But what whoever it was that briefed him should have said as well is “don’t even attempt it without local, preferably family, contacts to do all that stuff for you.” If on the other hand you were a newly arrived oyibo, who had done his research and was keen to appear savvy and did indeed try to do all that stuff alone on your first ever visit – then when you ask the inevitable “can I see the real Africa” you can end up getting carjacked and having your wife abducted, raped and murdered and then get accused of arranging the whole thing yourself whilst simultaneously being linked to every unsolved carjacking involving an Indian.

Let us all hope that the question “can I see the real governments secrets ?” doesn’t have such a tragic ending.

Copyright ©2010 Savereo John

This is the voice of …..

Well I tried, I really did. Whilst the world’s press and the blogosphere went into a feeding frenzy over Julian Assange and Wikileaks I held my tongue, well my keyboard at any rate. With the erstwhile editor-in-chief of Wikileaks, who increasingly resembles the Mysterons in Captain Scarlet, announced that he intended to bring down a major bank (although not the one he keeps his money in, one assumes); I kept my own counsel.

Similarly, when the first non – revelations of the leaked embassy documents, those pertaining to private discussions with Arab leaders, informed us that they fear Iran even more than the West does and that they privately egged on the Americans to launch a military strike to remove Tehran’s ability to construct a nuclear weapon, I stayed silent.

True, this might have come as a surprise to a Middle East citizen, used to the tame state-controlled media of that region that loves, together with the anti-establishment left here in the West, to propagate the myth that all the Middle East’s problems are caused the rampaging giant of American imperialism stamping all over the region in its insatiable quest for world domination. But for anyone who actually reads the free press here, it was plain from the beginning that September 11th was caused by the fractious, backstabbing internal politics of the Middle East rather than the foreign policy of the USA – Saudi Arabia’s refusal for decades to admit that it had a terrorism problem did far more to foster the growth of Al Qaeda than anything the USA did. Similarly, the prospect that Iran’s acquisition of a nuclear bomb is terrifying to Riyadh and Amman since Iran plainly cannot control all parts of its own state, such as the Revolutionary Guard, and that a Middle East nuclear arms race would be the inevitable result, is a surprise to nobody other than the terminally naive.

Similarly, I was underwhelmed to learn that the USA spies on the UN – I would have been more surprised to be told that there is single member of the Security Council that doesn’t spy on the UN and the other members. But no matter, anyone who follows the news closely enough would have known that; just as they would have known that China is so terminally brassed off with North Korea that its actually prepared to countenance a unified, pro- Western, Korea on its borders. Quite a turnaround, considering that China entered the Korean War precisely to prevent that from happening – but still not that much of a surprise really.

Yes, I kept my own counsel throughout the faintly nauseating sight on TV of the massed ranks of the British Champagne Socialist Fraternity lining up to stand surety for Assange at City of Westminster Magistrates Court. Included in their number was John Pilger, who famously lionised George Galloway after he had insulted an array of American Senators on world TV; alas that Galloway hadn’t been so brave in front of Saddam Hussein, or indeed that Assange hadn’t released a batch of Russian State secrets.

So my dignified silence continued unbroken, despite my fear that if Assange doesn’t acquire a sense of proportion, or at the very least a conscience from somewhere, that by dumping all the USA’s private diplomatic correspondence on the web he is going to end up triggering a war between two countries. And so I kept quiet

That is until this morning when I learned that the Websites of the Swedish Prosecuting Authority and the lawyers representing the two women he is accused of raping had been brought down by the “Anonymous” hacker group, acting against Assange’s accusers. And so I must therefore put my hands up and finally admit that Assange and his acolytes have finally put something genuinely new in front of me. This has to be the first time I have ever heard of a website attack mounted out of sympathy with the accused in a rape case. No wonder they want to remain Anonymous. It takes a lot to make one side with a government in this day and age, even a liberal and open one like Sweden, but Assange and his clueless cronies may just have done it.

It’s taken a long and hard struggle in western society to get rape allegations taken seriously, part of which is the recognition of the courage that it takes for the victims to come forward – we can’t allow this man and his supporters to use his celebrity status to overturn the due process.

So, to the Prosecutors and the women’s lawyers involved, let us all wish them Lycka Till !

Copyright ©2010 Savereo John