"We All Live in a Hacking Submarine..."
A bit of whimsy for your Monday morning.In a previous article I explored the links between hacking and guerilla warfare. Today, to extend the metaphor of hacking as war by other means, lets take a look at how your garden variety computer malwarist is like a U-boat.
And, by analogy, what do to about them.
For you purists and experts, I am specifically talking about Diesel Electric boats and drawing historical parallels and lessons primarily from the record of World War I & II. This is not to say that there are not important lessons from modern submarine warfare, but a 21 century Nuclear Attack Boat is an altogether much more lethal kind of fish. If hackers were like nuke boats, nothing in cyberspace would be safe.
Diesel electric submarines are small, independent hunters. They carry a powerful ship killing weapon, the torpedo. Their advantage is undetectability, it allows the submarine to choose the time, place and conditions of the attack. The sub would acquire the convoy while still at long range. It would plot the track of the targets and run ahead of the target track on the surface at night. Then, at dawn the submarine would dive and wait.
As the convoy approached it would set up the attack, choosing the juiciest targets and quietly setting up the firing solution, until all was ready. At best, the first indication of danger to the target ships was the wake of incoming torpedoes, more often it was the sound of the first torpedoes detonating.
After the first several ships were sunk, the escorting destroyers would race to the assumed position of the sub and begin to depth charge the predator while the convoy turned away at top speed. Sometimes the destroyers would get lucky, but most of the time the sub would survive a depth charging, which was little more than blindly dropping TNT filled cans set to detonate at the sub's assumed depth.
Most of the time, the sub would get away to celebrate victory and kill again.
Stealth was the key, stealth and the ability of a small ship to carry a load of ship killing weapons, the torpedo. Submarines used their invisibility, a lot of patience and a bit of luck to set up the attack precisely to inflict maximum damage with minimum risk to itself. It was this ability to hide that allowed what was otherwise a small, slow, and vulnerable ship to become a dreaded ship killer. In the case of the American submarine campaign against Japan, this dreaded ship killer was decisive, bringing the Japanese war economy to its knees.
Hackers pretty much follow the submarine model. Vulnerable if every detected, they use stealth and devastating weapons to wreak havoc, choosing the time and place of their attacks, breaking off when frustrated or threatened. Then, reappearing in a different guise to attack the target from a different vector.
For both hacker and submarine, the advantages lie with the attacker in the context of the individual action. Given enough time and remaining undetected, the Hacker, if determined, will break through. Over time, the advantage is with the attacker, much like playing blackjack against the house. The good guys may win a few, may even have a winning streak, but in the end its the house that gets everyone's money.
The Anglo Americans beat the German U-boats by realizing the fundamental nature of the conflict and by changing its basic framework. Using intelligence, aerial reconnaissance and Radio Direction finding to locate subs when they transmitted on their HF radios, the Allies began in effect to shrink the Atlantic. By having a general idea of submarine movements, convoys could be routed away from danger and hunter killer groups routed towards the submarines. Aerial patrols reduced the areas where submarines could operate on the surface in daylight, and after radar was invented, reduce surface operations even further. For a boat that had to re-charge its batteries every day that acted to seriously restrict range and speed.
By 1944, much of the Atlantic was off limits or very dangerous to the U-boat. It still had its advantage of stealth, but was unable to use it effectively. Moreover, more and more U-boats were destroyed before they even got close to a convoy.
The same kind of thinking needs to inform the whitehat community as we address the blackhat. If all we do is sit behind our firewalls and wait, we are like destroyer captains peering after periscopes in the gloom. What will have to come eventually is coordinated action between companies and their security groups. Not just attending the same conferences, but actual realtime coordination of detection and tactics to shut down hackers. We also need realtime strategic coordination, to begin the gradual process of denying safe zones of operation to the blackhat. Eventually, we need coordination with law enforcement to create methods to seek out and neutralize blackhat individuals and groups.
When hacking was defacing the occasional website, maybe it was amusing. Today the world runs on computers and their networks. We cannot adopt a defensive strategy if we are going to make cyberspace safe.
posted by Maurice_Basilius @ 8:34 PM
0 Comments:
Post a Comment
<< Home