The militarization of cyberspace is fast afoot as states or their proxies begin to launch distributed denial of service (DDoS) attacks against critics and adversaries, a security researcher said at an IT security trade show in Boston.
As states try to protect themselves from such attacks, expect the Internet to get more and more militarized, Jose Nazario, senior security researcher at Arbor Networks Inc., told his audience during an information session at the SOURCE Boston Security Showcase on Wednesday.
As more and more vital societal functions are run online, states can wield DDoS attacks and other cyberattacks to knock their victims offline and potentially cause a society to grind to a halt.
During a DDoS attack, according to ComputerWorld.com:
... botnets, or a group of compromised computers used for malicious purposes, attempt to connect en masse to a victim's Web site. The server hosting the site is unable to respond to the abundance of communication requests and shuts down or returns pages so slowly that site is essentially inaccessible.
"The premise is to aggregate bandwidth and knock an adversary offline," said Nazario.
During his presentation, Nazario listed a few high-profile DDoS attacks, allegedly run out of China and Russia. In 2001, the U.S. Pentagon's networks came under an unsuccessful DDoS attack after a U.S. Navy spy plane collided with a Chinese fighter plane. CNN's Web site also experienced a DDoS attack last April for its coverage of unrest in Tibet.
Russia has also been accused of using DDoS attacks against its adversaries. In 2007, a DDoS attack crashed government and bank Web sites in the country of Estonia after the government moved a statue of a WWII Russian soldier.
Last year, Georgia felt the sting of DDoS attacks during Russia's military incursion into the country. "Cyberattacks against Georgian government Web sites," ComputerWorld.com reports, "coincided with Russia's military campaign, the first time in 10 years that Nazario saw an Internet and ground war launched simultaneously."
State interest in DDoS and other cyberattacks comes from the fact that there is plausible deniability. No one has been able to convincingly link the Russian government or government-paid hackers to these attacks.
"We can tell you certain technical aspects, but we can't tell you who is paying them," he said. "There is no smoking gun as to who launches the attacks."
Nazario's claim that government reaction to cyberattacks and cyberwarfare is militarizing cyberspace received a boost of credibility the day before. On Tuesday, Mary Ann Davidson, chief security officer at Oracle, told a subcommittee of the House Homeland Security Committee that the United States should draft a 21st century Monroe Doctrine that warns anyone attacking U.S. cyberinfrastructure that it will be looked upon as an act of aggression.
The doctrine enunciated by President James Monroe in 1823 stated that the United States would not tolerate European influence in the Western Hemisphere and that any intervention in the hemisphere would be considered "dangerous to our peace and safety."