No Order Without Law Online
posted by Dave Hoffman
Truly disturbing article from the NYT on D.D.O.S. attacks. Basic conclusion: attacks are growing in frequency and scope, and commercial operators’ main defense (excess capacity) will soon become obsolete. The worst part (I think):
Despite a drastic increase in the number of attacks, the percentage referred to law enforcement authorities declined. The report said 58 percent of the Internet service providers had referred no instances to law enforcement in the last 12 months. When asked why there were so few referrals, 29 percent said law enforcement had limited capabilities, 26 percent said they expected their customers to report illegal activities and 17 percent said there was “little or no utility” in reporting attacks.
Even our libertarian friends will admit, I hope, that protecting the internet from zombie computers is a pretty good use of the coercive power of the state. So I hope that this makes the list of things that the Obama administration starts paying attention to over the next four years.
November 9, 2008 at 6:57 pm
Posted in: Technology
Print This Post
Responses (5)
Frank - November 9, 2008 at 9:55 pm
I agree, it’s a major problem. Jonathan Zittrain has been predicting the possibility of a massive uptick for a while now, but some critics of his at the Boston Review symposium on his book claim that the threat is overstated. Here’s the always provocative Richard Stallman:
“Zombie machines are a problem, but not a catastrophe. Moreover, far from panicking, most users ignore the issue. Today, people are indeed concerned about the danger of phishing (mail and web pages that solicit personal information for fraud), but using a browsing-only device instead of a general computer won’t protect you from that.”
***
“It is true that a general computer lets you run programs designed to spy on you, restrict you, or even let the developer attack you. Such programs include KaZaA, RealPlayer, Adobe Flash, Windows Media Player, Microsoft Windows, and MacOS. Windows Vista does all three of those things; it also lets Microsoft change the software without asking, or command it to permanently cease normal functioning.
But restricted computers are no help, because they have the same problem, for the same reason.
The iPhone is designed for remote attack by Apple. ”
from
http://www.bostonreview.net/BR33.2/stallman.php
Adam - November 10, 2008 at 5:04 am
test
Adam - November 10, 2008 at 5:07 am
Hi Dave,
Speaking as a security expert, I’m not sure that this is a great use of the state’s power, especially absent a proposal of how the state’s power is going to be used.
Regardless of the power, does it make more sense to track down DDoS attackers or muggers? The effort to conduct a multi-country investigation is much higher than the effort to arrest muggers, and the payoff seems lower.
Then there’s the question of how to employ state power. Will everyone be required to run state-approved anti-malware software? Register their IP address and close down open wifi? Massive data retention and tracking?
Finally, there’s the question of which state we’re discussing. I live in Washington State, and am currently in Spain. Should I have to install something at the border? When I enter the US?
Speaking only for myself,
Adam
Bruce Boyden - November 10, 2008 at 11:53 am
Re: the Stallman article, it strikes me as a pretty paranoid view to categorize all software updates as “remote attacks.” Technology is increasingly interconnected, like it or not. The botnet problem is the result of the lack of expertise or time at many of the nodes. Automatic updates are part of the solution, not the problem, unless your solution is that everyone should disconnect.
Libertarian Girl - November 19, 2008 at 12:52 am
Why should the state get involved? This is something that people can pretty much handle on their own. Should the state go to work for me every day and do my job for me? It’s important to have law professors and law students, but should the state take over law schools and run them?
There’s no reason private entities can’t handle this just as effectively as a state could hope to, through creating better technologies and better security.
How exactly do you propose that President Obama take on “zombie computers”?
Leave a Reply