Geographic Location of Attack Servers: UK
In yesterday’s post, I pointed out that escalating a cyber conflict was not in the best interest of the United States. Here is the scenario: based on the identities of the sites under attack and the nature of the code being used, a number of allegations surface that North Koreans are behind the attacks. US Congressmen call for a show of force in cyber space.
What are the problems with this scenario? We don’t actually know who actually carried out the attacks. We certainly don’t know who gave the order to do so. We don’t know why the order was given. And we don’t know whether, by retaliating against the target du jour, we are hurting (or, at worst, actually helping) our true adversary.
Wired’s Kim Zetter reported yesterday that the master server is located in the UK. (Cheeky URL: Brits Attack US.) So what do we learn from that? Should we add the UK to the list of potential adversaries? Should we quarantine all web traffic from the UK until they have cleaned up their act? Should we launch a show of force against the UK in cyber space to demonstrate that we mean business? Imagine if the same server had been located in Hong Kong, or Tehran, or Somalia. The howls for retaliation would be far louder.
Best case scenario, we can lean on the company that owns the servers involved, and perhaps find someone at the end of the paper trail. If we are really lucky, we could find a small-time criminal or a misguided activist desperate to bend nations to his will with a five-year-old worm.
The most dangerous possible outcome (and particularly unlikely) at this point would be if we discovered unmistakable evidence of direct involvement by a foreign government in the attacks. Political pressure to retaliate would go through the roof. Civilian leaders would be stuck in a brave new war, where we can neither protect the things we hold dear nor forecast the consequences of our actions. Attackers have the advantage. Deterrence fails spectacularly. At present there is no law governing the scale, manner, and scope of proportionate or just retaliation in cyber space.
Here is an excerpt from Zetter’s piece.
Cyber Attacks Traced to the U.S., Britain
International fingerpointing in the recent cyber attacks against U.S. and South Korean websites has widened to include Great Britain, as researchers examining the attacks trace them to a server in the United Kingdom.
But the British company that owns the server says it, in turn, traced the attacks to a VPN connection originating in Miami, Florida.
With hawks in Congress and the press urging President Barack Obama to launch an all-out cyber war in retaliation for the website outages, things are looking bad for the Sunshine State. Though it should be noted that the Miami connection was likely just another proxy used by the hacker, who could be based in the U.S. or anywhere else.
Researchers at Bkis Security in Hanoi, who reported findings about the British server on their company’s blog, say that the denial-of-service attacks that struck more than three dozen government and commercial sites last week were launched from more than 166,000 computers in 74 countries controlled by a server in the UK. The IP range for the server is 195.90.118.xxx, which is registered to Global Digital Broadcast, which streams digital TV content from Latin America to consumers.