Monday, November 12, 2012

Paranoia on the Security Frontier

Just read this article on the issues the American's brains trust are having with suppliers of major network infrastructure components.  The point of view expressed and the stunning hubris... is just so... sad. Basically the article says that the US gov is paranoid about the Chinese gov being able to pop some malware on some backbone switches at some point in the future.... maybe...

Firstly, this article is yet more China bashing.  Although to be fair there is a little bit of acknowledgment that there are other players in the game but none are named or particularly have the finger pointed at...

Secondly,  the fact that American manufacturers are simply assumed to be free of any government influence is just a tad ideologically blind.  Everyone outside the US is paranoid about the US spy services and what they might be inserting into the Internet infrastructure... but that goes without comment.  LOL. 

The silliest bit of all this is the naive assumption that the US spy services are somehow automagically on the side of the average US citizen... hmmmm?? Said who? Is there any evidence to support that point of absolute belief? Hmmm... could be some evidence for both sides of that argument.

Anyway,  as a third party country who gets to buy from both suppliers... we're just a little bit paranoid about both of them. As mentioned in the article.  At the end of the day... there's nothing for it except to do some independant verification of all significant network infrastructure and design networks to be able to identify and withstand the effect of compromised equipment. 

In any case, its often not the designed in back doors that prove the biggest problem, its the exploits that appear from independ players and the side effects of poor network planning that have the biggest problems.  The other problem with backdoors is that you never know who else knows about them.  Since you can bet that the US spy guys will have purchased a couple of these routers and they do have the resources to take them apart and find any useful compromises... that any backdoor that is inplace or could be inserted via patches is able to be compromised by US players just as easily.  Also by every other 3 letter agency in the world... it would then be a fairly simple activity to block each other from using the backdoors while still being able to use them themselves... unless they wanted to let the others think that they did not know about it but still wanted to be able to block them...

I'm sure that in the minds of the politicians it's all scary to think that someone else can reach out and switch off your backbone routers or do bad things with them... but a simple firewall and some physical seperation should prevent that kind of scenario.  Getting some kind of command and control interface to a backbone router should be incredibly difficult via the actual feed line.  They should be controlled via a complely different internal network that is not carried on the public feed.  This provides both physical and logical security. 

This would prevent them being compromised by either some "foreign government types" or by criminal, hacktivists, rogue spy types or other trouble makers.  But like always, it does not prevent them being compromised by the staff of the backbone provider.  As always, people are the weakest link... not the machines. All a spy agency needs to do is compromise one employee and the whole system fails.... but then again, thats what spy agencies have been doing since year 1.

Must be nice to live in a world where all you need to be afraid of is some malware built into a backbone router.  Do you think the US and Chinese spy kids are trying to rev up yet another cold war to keep their budgets?  Most of us are actually worried about non-state players taking down the networks rather than state backed players.  They have much more interest in taping the flow of information than simply trashing the place. 

There are just so many old-school points of view that underpin this whole debate that are no longer relevant.  I have no doubt that every spy agency in the world wants to pwn every backbone switch they can.  They all want unfetted access to every data centre in the world and everyones email, game sessions, chat boards, porn habits, online bank accounts, bot nets..blah blah blah... but the point is that this is a massive fire-hose of data that is simply a monster to try to do anything comprehensive with.  Very few of them have the sort of infrastructure to store, process or make sense of this in a wholistic way, so mostly they will continue to just dip their toes in while they play paranoia games.  The second one or the other gets enough capacity to be able to control a substantial slice of all this action, the whole concept of cyberwar will be declared "won".  Cause just having the ability to "switch off" someone else's network can be implemented much more cheaply than putting some bad malware in everyone elses routers.  This is why the spy agencies still exist and are still able to out-muscle all the small outfists like the hacktivists and criminals, is because they can still mobalise a set of trained and motivated people on the ground to go and "act" upon a foreign govenments network infrastructure if they so wished. All the wanna-be organisations simply do not have the resources to reach out and touch someone in a systematic way.  Just to make it even more difficult, all the backbone providers spend every day attempting to armour and fortifiy their infrastructure against everything the hacker/criminal/vandal set can think of to stuff things up.  Think of this as crowdsourced penetration testing.  The idea that some backdoor could exist that would be exploitable by a foreign government that could withstand this kind of probing is possible... but not probable.

It reads like some sort of bad plot from a really cheesy cold-war thriller... as I ranted somewhere above... its just a bit sad.


No comments:

Post a Comment