Write at least a two page paper in current APA format that lists at least three vulnerabilities

Lecture

IS696 Week 6 – Digital Self-Defense

Slide 2

This week’s lecture focuses on how to implement security within wireless technologies so that we can properly protect and defend the wireless networks that have become, not only common, but almost a necessity, in the way we communicate today. One area of defense that is often overlooked is the investigative side of the puzzle and the need to be able to properly and accurately determine the determine the true source of attacks against these wireless networks; it’s actually quite a large problem. The goal of this lecture is to give you a slightly different perspective on how to defend these networks.

Slide 3

On physical networks, skilled hackers, whether sponsored from a nation state or sitting in their parent’s basement, tend to use one or more intermediary systems as hopping points in route to their ultimate target. These hopping points help to conceal the true identity of the hacker as the victim system is only able to see the most recent hopping point. This methodology creates problems for network defenders as they are unable to establish a solid modus operandi for comparison with future attacks. It also creates problems for law enforcement agencies that are unable to act on their desire to achieve some level of attribution through criminal proceedings because the true perpetrator is masked. The concept is similar in the wireless networking world except that hopping points aren’t needed because the anonymity of connecting to a random, or targeted, wireless network already exists to some degree. I have heard stories of penetration testers using long range wireless antennas to connect to wireless networks on the 35th floor of a building while they were sitting in a lobby on the first floor. It’s doubtful anyone on the 35th floor knew where this connection was coming from. But these attacks are usually only one piece of a larger attack that will primarily use a physical network path so there is a still a need to determine where internet traffic truly originates from.

Slide 4

During the past two decades much research has been conducted on tracing internet packets using various packet marking techniques, by prodding Internet Service Providers to get more engaged, through mapping the various segments of the internet, and by adding new fields to very old protocols. All of these are great ideas but they all share one common shortfall; too much dependence on external forces that are out of the victims control. It would be nice if every ISP on the planet decided to start marking every packet that flowed through their routers. Nice, but not realistic. It would also be nice if modifying the internet protocol was a painless task but that is also not the case. And so the only logical choice that remains is to build a methodology that will allow for the surreptitious tracing of malicious internet packets using the data that is available in currently used protocols. Hackers have been manipulating these protocols for their gain for a long time and it is time for the tables to be flipped to the defenders’ advantage. Unfortunately, the victims of any hacking attacks are left in a difficult position because the laws of the world have not yet caught up with the technological methods employed by hackers. Hackers know they have the upper hand because it is too difficult to track them and, even if they are caught, many of the laws designed to punish them can be circumvented on the technicality of the laws verbiage.

Slide 5

And so we are confronted with two issues; first a tool must be developed that can track and identify hackers and second, laws must be shored up to effectively prosecute them once they are caught. But there is also a third issue that is somewhat related that gives victims the ability to defend themselves when law enforcement options are not readily available. Each of these needs involve technologies and legal polices that need to be developed but the idea of digital self-defense stands out as in interesting one because if a person could identify their attacker they may be able to respond in kind. The right to self-defense or self-preservation is one enjoyed by most every person on the planet. Even in the most oppressive nations citizens are allowed to defend themselves against unwarranted actions of other citizens. While this right may not extend to defense against government action it certainly gives the citizen the right to halt any physical action taken against them and in some cases to disable the attacker so that further aggression cannot be taken. In these situations, the identity of the attacker is readily known and there is rarely the possibility of responding against an innocent bystander except for by pure accident. The level of response action is usually limited to a proportional amount of force as that which was received. For example, chapter 9 of the Texas penal code only allows the use of force against another if it is “immediately necessary to avoid imminent harm” and the other individual was committing a crime. The statute further stipulates that deadly force can be used in the same situation if the crime being committed includes deadly force. This defensive rule allows the victim to respond with an equal amount of force to disable the attacker from committing further harm. These same rights should be enjoyed in a digital fashion as well but the implementation may be a little different. In a physical altercation disabling an opponent may be as simple as throwing them to the ground or striking them in the face. In more extreme cases it may require the use of a weapon to scare them into submission or injure them if necessary. In the digital world there are technical limitations to the actions that can be taken in response to an attack. Blocking the attackers IP address is the common action used today but that only forces the attacker to change addresses and strike again. So it is effective only for a short period of time. If the targeted vulnerability is known then a patch can also be put in place to keep the attacker from penetrating the system but that will not stop them from attempting other forms of attack. These are defensive measures that should be used but there should also be an offensive component that will keep the enemy from returning. If the true source is known the victim can find a potential vulnerability and launch a responsive attack in an attempt to disable the attackers system. This could equate to the use of equal force limitations within self-defense laws by disabling a core piece of the attacker’s hardware such as the hard drive or corrupting the operating system. This method would halt the current attack and disable the perpetrators ability to conduct any attacks in the immediate future. More serious attacks might require more drastic responses.

Slide 6

In theory digital self-defense is for individuals but it could also be applied from a corporate perspective since it is more common to see companies targeted for information and disruption than it is individuals. For this reason, companies should begin training for response capabilities so they are prepared for the future landscape. It is also important to note that in some cases a digital attack can achieve non-kinetic results and these actions can easily bring about physical harm and even death. For example, attacking the systems that control a power grid and shutting down the power during a major winter storm could cause the loss of heat in many homes and bring death if the outage persists. Governments cannot simply stand by and watch this happen; they may be forced to take attribution. So whether it is governmental or personal attribution there seems to be a need for some level of digital self-defense capabilities. It is still just a catch phrase today but advances in hacker identification may change it into a reality. On the legal front, more discussions should be held to determine the appropriate level of legal action that should be taken against hacking. Attacks should be categorized within various levels so that all attacks do not have the same punishment. Worms and virus’ that greatly disrupt large portions of the internet might be worthy of heavier punishments than those attempting to break into a single system for the purpose of stealing information. Requiring the development of in depth composite maps of the internet may also help to locate sources more quickly. Furthering the cause of digital self-defense as a right for all citizens could be pursued as part of the legal process. This by itself will be a huge challenge and an uphill battle but cannot be left out of the equation. Online business and personal transactions are increasing exponentially with the addition of smart phones and the explosion of the accompanying applications. The more people use the internet for these types of transactions the more susceptible they will become to attack; and all the more reason why they will need the ability to defend themselves when necessary.

Slide 7

The internet is a dangerous place and as long as hackers continue to have the freedom to attack at will without any attribution then the internet will only become more dangerous. This is not unlike the piracy of the 18th and 19th centuries. Pirates knew how difficult it was to be tracked at sea and so they profited from their criminal activities by pillaging merchant ships and ports at will. Even with laws in place that made their actions punishable by imprisonment or death they continued to thrive because the law itself did not provide the mechanism for the capture of pirates. It was not until the various navies of developed nations began to systematically hunt the pirates at sea that their lucrative enterprise dried up and they were driven out of business. There are many similarities between sea piracy and the internet. Just like the worlds waterways, the internet crosses into virtually every country on the planet and each of these sovereign nations have chosen different methods to police the internet or to do nothing at all. Even in countries like China where internet traffic is highly regulated there remains a high level of hacking activity. It will take a concerted and coordinated effort by many nations to curb criminal activity on the internet and even then it will only reduce it to a manageable level.

Slide 8

Creating laws that allow individuals to digitally defend themselves when they are the victims of an attack could help curb this problem. Certainly merchant ships on the high seas were allowed to defend their goods when attacked and anyone physically attacked in most nations today are also allowed to defend themselves against threatening action. It only stands to reason that these same rights should exist in the digital world as well. But the first step must be identification so that the response action is not hastily taken against an innocent bystander. Next the laws should be developed to protect the victims of such attacks. And when we finally reach that point we should be able to clean up most of the nefarious activity that is prevalent on the internet today.