Running...
So, as some have already noted, I spent Saturday last weekend doing the Stockholm marathon. I was pleasantly surprised that it wasn't harder and given that it was 27 degrees, I think I have to be quite happy with my result!
« May 2008 | Main | July 2008 »
So, as some have already noted, I spent Saturday last weekend doing the Stockholm marathon. I was pleasantly surprised that it wasn't harder and given that it was 27 degrees, I think I have to be quite happy with my result!
I was pointed to an article in the Armed Forces Journal where Col Charles W. Williamson III argues that the US Air Force needs to develop a BOTnet army as part of the US military capability for retaliatory strikes. The article brings up some interesting issues, the one that I believe carries the most weight is the argument that we (well, people living on the Internet) are seeing an arms race. It is true that more and more nations are looking into to or developing various forms of offensive weapons systems for the use on the Internet. Col Williamson seems to argue that the greatest of these threats is that of DDoS attacks targeted at US systems (I presume any system in the US conducted by a foreign adversary. I will note that he seems to go to some length to not narrow the scope to nation states). Here I would first like to point out that I disagree. The largest threat will be from specially crafted hostile code that leaks secrets or that could be activated when needed to perform a task or incapacitate the infected system.
Col Williamson however, seems to believe that with a US AF DDoS strike capability that was great enough - that would be a deterrent for adversaries to attack US systems. Here he is starting to loose track of some fundamentals of DDoS attacks. He compares a DDoS attack to that of carpet bombing, but misses the point that a DDoS attack would be carpet bombing all the way from take-off at a inside the US located airbase all the way to the home of the adversary and back again. Yes, you might not cause any lasting destruction on the way - but it's more likely you do and it's more likely that the countries in the flight path that gets bombed for no reason might turn hostile. Even close their airspace or try and take out the bombers. This is all left unexplained in Col Williamsons article.
But for now, let's leave the fact that there is no real way to transport the attack traffic to the destination without collateral damage and instead concentrate on why DDoS attacks are successful (if they are). They normally target a a very specific target - mostly for blackmail. And the key is that this is successful only for as long as the indented target is down. Often enough infrastructure in the path is what falls over first, taking out the attack traffic and possibly giving the victim breathing space. Col Williamson gives three examples of DDoS attacks. On CNN.com and Yahoo in 2001 and on Estonia in 2007. The first two examples proves the point I made earlier. They where narrowly focused attacks, with (most likely) a commercial gain as goal. The attacks on Estonia are actually very different to what Col Williamson seems to believe. They where actually from a military POV a failure. They targeted a vast number of destinations, and the reason they actually created any impact at all was due to lesser developed infrastructure in terms of available capacity. This would not be true for the US as a country, but perhaps for individual systems in the US. So which systems does Col Williamson believe are important enough to lead to a retaliatory strike? He doesn't say.
Further, the article does not seem to take into account how you would handle the fact that if a nation state was the adversary you would need a very small target list for the attack to work, and finding web-sites that makes a difference and works is not easy. If the adversary was an organization like Al-Quida, the retaliatory strike would be down to taking out their web-page, probably located in a completely innocent country. The effects would be - none I assume.
However, the proposal have some merit - I guess. If the adversary would be a smaller country, where connectivity to the rest of the world could be saturated or the national infrastructure was poor - an attack would have an effect on the national infrastructure. But I guess that if that is the case, it is also fair to assume that their dependency on network infrastructure is less. So DDoS attacks are asymmetric, and asymmetrical treats are hard to carpet bomb out of existence. A lesson you would think the US military (or any military for that matter) had learnt by now.
I believe that there is a real future in cyber warfare and that Col Williamson is right in that there is an arms race. But DDoS attacks are just not part of it.
Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There is also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country.
Many people seems to have interpreted the text in the proposed law on performing the intercept at co-opertaion points to mean the Swedish IXPs, which I guess is part of the reason why I get these questions. Now, when it comes to the implementation of the law, I am a foreigner living in Sweden so I will probably be the last to know :-). That said, I do have a few view points on this topic.
1) If you are to intercept Internet traffic on a larger scale, Internet Exchanges (IXPs) are actually quite poor locations to do so. First of all (At least for Sweden) there is a rule of thumb that we only see around 50% of the national traffic (the rest is private peering) and only 50% of all traffic stays in the country (the rest is Internet transit traffic). The figures are surely not exact, and peer2peer traffic means that probably some more is national traffic, but let's assume this is a valid estimation. IXPs further the drawback that they are normally one or more Ethernet switches. So you will need to drop all traffic or mirror certain ports. The problem with the latter is that the collected traffic no longer fits on one port on the switch and you need to start doing fancy aggregation of your mirrored traffic (if it is at all doable).
2) If you want to do traffic interception effectively, or if I where to do it. I would concentrate on the top 5 transit providers. I would intercept traffic between their routers and their WDM system leaving the country. You would most likely intercept 80% of the traffic leaving the country (Which is what FRA says they are interested in). If you want to also intercept traffic inside the country it becomes much tricker as a lot of traffic stays inside the wholesale DSL product of the former monopoly.
3) I am sure that the public reasons why FRA want this capability, to intercept terrorist and criminal traffic is true, but the problem with that intelligence is that you only know what you are looking for after an event has happened, and as you are screening traffic based keywords and discarding the rest (I will assume that is the only scalable way - and also what FRA have said in public what they are and will be doing), it's then a bit late to look for that data. However, Sweden also happens to be a large transit country for cable based traffic out of Russia, the baltic states, Finland and several of the former USSR countries. I would guess that much more interesting to FRA, and for intelligence in general, is trying to find encrypted (and non encrypted) traffic from other states, that passes through Sweden. This encrypted material would be useful to the code-breakers at FRA (which is also one of their operating areas - but one that is less talked about). It would also probably be hard currency at the worlds Intelligence agencies flea-markets. What is more interesting is that if that would be FRAs true motives, that would be a much easier sell to the public, but it would not be acceptable in Sweden's relations with other countries.
4) What the legislation proposes is hardly unique in the intelligence business - and is actually what they have been doing without any oversight for radio communications for a long time. To ask for permission to continue, is either very clever or extremely naive.
Personally I am a bit split in this question. I partly believe that we are heading to a society where privacy is fundamentally being given up by our politicians. On the other hand, I also believe we are just starting to become aware of what has always been going on. FRA actually used to have permission to intercept traffic during and after WWII. So in reality the proposed legislation won't change much. However, it's also the case that the current legislation does not really provide for proper oversight, control and what I would like to see - clear and hard punishment for violation of the oversight, leakage and use of the data collected. So I think the law as written should not pass, but I have less issues with the fundamentals behind it.
So I have finished reading "The Climb" after having read "Into thin air" last fall. The two accounts (or rather the account in "Into thin air") of the same tragedy of 1996 on Everest has been the source of great controversy of the years, especially shortly afterwards. For those of us who where not on the mountain those days in May 1996, what really happened will never be clear. From the accounts it's also obvious that altitude and fatigue made even some of the people that where the unsure of what was happening.
It's always bordering to silliness to have someone who wasn't involved try and analyze events and motives, but after reading the two books I am left somewhat puzzled on the more general issues around the controversy. Jon Krakauer, in "Into thin air" and in other fora, seems to have been accusing Anatoli Boukreev of neglect as he descended ahed of his clients - a fact that Krakauer attributes to the fact that Boukarev would have been poorly dressed and climbing without oxygen. The first assumption is in "The climb" refuted with proof of the photos from the summit. That Krakauer to my knowledge never explained to admitted the error seems dubious to start with. But let's ignore that and concentrate on the main point of Krakauers criticism. That Boukreev descended early, and did not wait for his clients. Boukreev says in the taped hearings directly after the tragedy that while on the summit he felt the wind start to pick up and became worried about the weather. So did others.
One must assume that Krakauer views that a better action would have been for Boukreev to stay on the mountain, with the very spread-out group and assist them. We are now heading for speculation but one must assume that Boukreev would then have used the extra oxygen that Scott Fisher had organized as backup for Boukreev. O2 that was now used by the clients instead, that needed it as the slow ascent had lead to them using a lot more of their own O2 than what had been planned for. Instead, with Boukreev descending he got to lower altitude, got rest. All of which I assume would help him to get the strength later on to go out in the storm and find, and bring back the others. So in that regard, as just the reader of the books, I have to assume that less clients would have made it safely down had not Boukreev descended.
However, there is of course the argument that had Boukreev stayed on the mountain, he could have helped them find camp faster. I however doubt that. The party was very spread out, at extremely high altitude. It would have meant that he would have had more strength and some over natural ability to navigate in the whiteout - that non of the other guides had.
However, again - it's hard to speculate. Both books are well written, and give their accounts of what happened on the mountain.
Today I went to Val Ferret and had the first outdoor climbing day!
Unfortunately you can't really see the rock between the trees. It's basically next to the dam. We kept it easy to make sure that everyone enjoyed it. The weatherforecast was a bit unstable but in the end we had a beautiful day with stunning scenery. The climbing there is not that challenging but I just love the view!
So I am at my first ICANN meeting here in Paris. I am actually here as I got invited to talk about the role TLDs can play in IPv6 adoption or even more preparedness.
As this is my first ICANN meeting, perhaps I shouldn't be judging to much, so the following is written tongue in cheek, but I must say that for being the Internet Corporation for Names and Numbers, the awareness of IPv6 in general and the depletion of IPv4 in particular is stunningly low.
I mean, this has been the hottest and most debated topic for years, and here it seems to be mostly news. On the other hand, I am not sure what I expected from here.....
This morning I noticed that even the BBC had picked up the discussion at ICANN on wether to allow for new gTLDs to be registered (i.e .kurtis) or not. This is not exactly a new topic and it has been discussed for a long time and in many foras. I have to admit that I fail to see the needs for new gTLDs, at least a general acceptance of new gTLDs. Approving a new gTLD, no matter what it is - is a license given to the gTLD operator to print money. Simply because most multinational and other players will per automatic register their domain names. You probably wouldn't even have to market it. At the same time you can charge for your registrations, and operate the gTLD at a fairly low cost if you want. So your commercial success is almost guaranteed. This was even picked up by the BBC report this morning.
What benefits would there then be from new gTLDs? Well, of course you could have like lindqvist.familiy, but I have to admit that the value of that over kurtis.lindqvist.name is hardly noticeable. Besides, the DNS works poor as a white/yellow pages directory so you would need to know what you where looking for before you could find the family name.
So without having looked at the current proposals in any more dept - allow me to be very skeptical.
This page contains all entries posted to Kurtis's Blog in June 2008. They are listed from oldest to newest.
May 2008 is the previous archive.
July 2008 is the next archive.
Many more can be found on the main index page or by looking through the archives.