That form of battle is still largely speculative and can involve some specialized weapons, whereas the siege of attacks from hackers and malware is a daily reality for individuals and businesses. But the two types of conflict share the same medium, and they could share some of the same approaches. Perhaps most significant, the former becomes easier to wage, and more dangerous, in the murky and chaotic environment created by the latter. “Going after the botnets, going after the corporate espionage stuff, won’t remove the threat of disruptive cyber war,” says Greg Rattray, a former White House national security official and author of Strategic War in Cyberspace. “But a cleaner ecosystem would put a brighter light on cyber-war activity, making it easier to detect and to defend against.”
Grin and bear it: In the absence of strong international agreements on fighting cyber crime, ad hoc collaboration sometimes gets the job done–as when Eugene Kaspersky, CEO of the Moscow security firm Kaspersky Lab, helped Dutch police shut down a botnet. But such isolated successes are not keeping pace with the exponential rise in attacks.
At a basic level, flawed technology is responsible for the whole mess. Many components of our current networks weren’t built to be particularly secure (see “The Internet Is Broken,” December 2005/January 2006). Report after report from federal agencies, the National Research Council, and think tanks like Rand has made it clear that fixing cyberspace for good will require accelerating research and development to make hardware, software, and networking technologies more secure–and then getting those technologies rapidly in place. The latest call came in a report issued last November by the Department of Homeland Security, which concluded that “the only long-term solution … is to ensure that future generations of these technologies are designed with security built in from the ground up.”
But securing cyberspace can’t wait for entirely new networks. In the meantime, we must start addressing a host of other systemic problems. Among them: commonsense security practices are often ignored, international coöperation is as spotty as the technology is porous, and Internet providers don’t do enough to block malicious traffic. “Hardening targets–and having good laws and good law-enforcement capacity–are the key foundational pieces no matter what other activities we want to try to pursue,” Christopher Painter, the White House senior director for cyber security, pointed out at a recent conference. Technology Review investigated three recent episodes–an exceptional botnet investigation in Holland, a probe of China-based espionage in India and other nations, and the 2007 Internet attacks on the small Baltic state of Estonia–to glean lessons in how to better police and secure the flawed cyberspace we’ve got, and prepare for the cyber war we hope will never come.
Shadow and Grum
The Dutchman from the town of Sneek was only 19 years old, but he’d already achieved more than most of us can claim: he’d assumed illicit control of as many as 150,000 computers around the world. The unwitting victims had been rounded up by means of clever messages appearing to come from their contacts on Microsoft’s Windows Live Messenger. Those who clicked on a link in the message downloaded a virus; each computer then became a bot. In the summer of 2008, according a U.S. indictment, the man, Nordin Nasiri, decided to sell control of these enslaved machines–a botnet that he called Shadow–for 25,000 euros.
Botnets are among the most serious threats on the Internet. They are the engines behind spam and the fraud and identity theft that spam perpetuates (according to a recent report from the security firm MessageLabs, nearly 130 billion spam messages are dispatched each day, and botnets are responsible for 92 percent of them). They are also responsible for such menaces as denial-of-service attacks, in which gangs of computers flood a corporate or government server with so much traffic that it cannot function. Thousands of large botnets swarm the digital ether, including some that are millions of machines strong. “Botnets are really the root cause and the vehicle for carrying out much of the badness that is going on and affecting everyone,” says Christopher Kruegel, a computer scientist and security researcher at the University of