朝鲜的网络攻击及其在网络冲突中的影响 ~ North Korea's network attacks and network conflicts
Source Sohu 2012-3-06 1641 中華人民共和國
2012-3-06 16:41 来源：搜狐网
Rough Mandarin Chinese Translation:
North Korea's network attacks and network conflicts
Source: Sohu 2012-3-06 16:41
Network conflict is a new type of complex strategic issues, conflict with conventional military conflict, the difference between the network of deterrence and nuclear deterrence, and finally pointed out that the United States must strengthen international cooperation by building a network conflict standards and restrictions, introduced The action specification network conflict behavior of international standards, thereby establishing the network space defense system. Networks from the United States and South Korea "denial of service" attacks so far. No one has claimed responsibility for the attack, and no one is able to determine the identity of the attacker. Like many other network events, did not find strong evidence to prove who the culprit is.
Cyberspace anonymous attacks become possible. In cyberspace, the true identity can easily be hidden or forged cunning opponents are usually looking for a scapegoat to be responsible for the attacks. Use botnet makes traceability issues are more complex - through this iteration, the attacker will be able to make use of a third party to hide its identity. Seasoned enemy means to hide their identity is extremely clever; the Confickr worm is the best example of this is reflected. The "Confickr" is a malware infected millions of computers around the world. Many companies and government work together to stop its spread, but we are still unable to determine who made the "Confickr", what its purpose is, and still cannot even clear whether it has been cleared from all the infected system.
Based on traceable difficult, you can get the following conclusions about network conflicts. Network conflict is a new, complex strategic issues. Neither appropriate policy framework to manage conflict in cyberspace, there is no satisfactory words to describe it. The uncertainty is the network conflict most notable feature - this is identity uncertainty by cyber-attacks, determined by the range of collateral damage and potential harm to the target. Many of the concepts such as deterrence, snatch priority, comparative response must be modified or adjusted according to the network environment of uncertainty.
This uncertainty of attacker and defender both have important political implications, and the constraints and limitations caused by the use of the network "weapons". Network attacks using software as its weapon, launched in the interconnected network, suppress or destroy the enemy's ability to provide services for the government, economic or military department. The advanced networks weapons capable of causing disruption or destruction of data, and critical facilities. A series of cyber-attacks to become an unexpected incident, interrupt critical services over a period of time, it may undermine the military command or information system, turn off the supply of electricity or oil pipelines, or interruption of financial services. Network conflict will become part of future wars, military powers not only have the ability to attack data and network, and also be able to rely on these network infrastructure attacks.
The event is not a series of attacks. It is more like a Leigu-demonstrators. Attacker using basic technology, and there is no damage. So far, we have not yet discovered a series of cyber attacks. This is only because no military in the political recognition of such attacks are legitimate, and most of the non-state attacker not yet have the necessary ability to attack. Lastly weakening the concept of cyber-terrorism. In conclusion, then, can be changed to a terrorist organization currently lacks the ability to launch cyber-attacks, because they already have this ability, but did not choose to use. Obviously, such changes are meaningless.
Network conflict environment is due to technical reasons, the original intention of the development of these technologies for commercial transactions, multi-point quick links services. The conflict is the official leader, while the perpetrators of unofficial members, including commercial entities, cyber-criminals and terrorist organizations, these are the complexity of the network environment of conflict intensifies. Cyberspace conflict, criminals, spies, and military personnel are mixed together, cannot distinguish the composition. Some countries has been the development of cyber-criminals become part of its network power - some countries the cybercriminals as its agent or mercenary, an attack against another state.
Network war will not be a "clear" conflict, only with the traditional combat areas belligerents involved where there is a big difference. In fact, the network conflicts occur in a complex environment, involving a large number of non-combat side, including UNITA party, friendly and neutral third party. In cyberspace, the belligerents and non-belligerents even linked together and depend on each other, so a reasonable target of cyber-attacks will inevitably harm the interests of third parties. This mutual dependence caused by state and non-state conflict, anonymity and diversity mixed together, making control network the conflict become a complex task.
To build strategic concept for network conflicts, certain similarities with the use of nuclear weapons, and had spent several years in the United States to develop nuclear weapons national security strategy. We are in a period of time to consider the relationship between the network conflict and security, which the early 1850s, we focus on the argument of nuclear weapons security strategy is very similar, and many early scholars such as Brodie, Kahn forward to make nuclear weapons and arms control In today still have guiding significance for the network conflict. This comparison is valuable, but it exaggerated the weapons and the destructive power of the network, ignoring the uncertainty and complexity of cyberspace operations.
Network attacks when transformed into an act of war?
”North Korea "networking event in early July and did not upgrade to an act of war. This act irksome produces some difficulties for some institutions, but there is no violent conflict or damage. In the present situation, it is similar clashes with most of the network. Network crime and did not upgrade to an act of war, even when the official spy participation did not happen - the current crime and espionage is the main activities of the dominant network conflict morphology. The individuals and countries involved in these activities are not considered during combat, at least for the time being, our rules so, while the lack of international standards of cyberspace also lead to such behavior unfettered. If a country is to catch a spy, would lead to bilateral tensions, the Congress expelled, but does not lead to military action.
The network events in Estonia and Georgia did not develop into an act of war. The full-scale conflict with Russia, the two countries have been a limited number of network attacks, but there were no casualties, territorial loss, destruction or serious disruption of critical facilities. Create political pressure for the two countries, "denial of service" attacks target government and repression, but how to respond to such a repressive attack is still not resolved, in particular, to respond to this uncertainty and hidden.
First of all, we want to determine the upper limit of cyberspace escalation of hostilities, when the destructive power of cyberspace action is equivalent to the physical extent of the damage in the war. If a country sent the task personnel or soldiers detonated in the border pipelines or energy site, at the same time there is a similar behavior in cyberspace will, such activity is different from a criminal or a spy, and then you can take military action to fight back.
Determine whether a network event is an act of war, or whether to take military action to counter the harm national sovereignty is not an operational standard, under the existing laws and norms. A more powerful declaration of the sovereignty of cyberspace to enhance security. Cyberspace is best to be seen as a "pseudo-public interest", the user be able to use the right to choose any path in cyberspace, to arrive anywhere. There are a series of "interconnection" agreement to clarify the public interest. Under the interconnection rules allow across the country between Unicom, without the need for checks or check in advance. This passive demand from the commercial activities in network interconnection agreement (including both ideological reasons, commercial interests). Fundamentally, these agreements allow freedom Unicom, while ignoring the load. If these agreements are put into the airspace between countries means allow any aircraft, whether military or civilian, can leap the airspace of other countries and to reach the destination.
Cyberspace is not far from the sea area. Management controls exist in all network, cyber weapon may use it to achieve its goals - although this control may only last a few milliseconds. All national control applied to cyberspace, some countries do not choose this way. Any case this does not happen, that is able to collect the information passed between the computers in the non-network. Submarine cable or satellite communication seems to be an exception, but the communication between these systems is still limited to the state and the law to which they belong.
The the cyberspace legal and regulatory framework for business services, but also for the attacker to provide cover and concealment may. Western countries, as the most frequently suffered cyber attacks are also the world's most popular legal restrictions, if we can work together to promote the advancement of management and the implementation of punitive action, then, when a dictator conduct cyberspace operations will be punished.
Finally, the judge whether an event is the decision as an act of war depends on a country's political leaders. If, for example, is not a network attack, but North Korea attacked an American vessel, killing the crew, the boat onto the port, plundering ships and imprisoned all personnel, this is not an act of war? The answer should be, as the case may be - in this case (the 1968 attacks on the U.S. Pueblo), the United States chose not to take military action in retaliation, as we the Beirut bombings, or Huo Bata attacks also no retaliatory action. Authorize the implementation of network anti attacks, leaders need accurate information about the cause of the incident and collateral damage, and even if they are able to get them but also in the larger strategic context of decision-making, the risk of military action is required and benefit assessment, should also be considered that there is no alternative to military action, a better way.
That does not exist the network conflicts reflexive rules. Some army regulations, suffered a sudden attack, the commander for the goal of self-defense to give fight back, without the need for approval of superiors. The provisions of this kind is difficult to be implemented in the network space, this is because it is difficult to find the source of network attacks, and also difficult to determine whether such counter will hurt the benefit of a third party.
Deterrence the traceable difficult and collateral damage prediction difficult deterrence strategy is difficult to play a role in cyberspace. Deterrence is a retaliatory threat, but the threat of an unknown opponent is very difficult, and the threat of destruction to the wrong party is unhelpful. The United States has advanced offensive network capacity has been widely recognized, but its deterrent effect is really minimal.
Not traceable, 7.4 event that can be taken to counter the choice will be very limited. We cannot be an unknown attacker in retaliation. Deterrence is the threat of a violent retaliation. This threat can change the value of the enemy estimate of effect and attack. But it is difficult for an unknown attacker implementation of the threat, and also makes the traditional concept of deterrence and traceability difficult - those based on the attacker implementation of the threat of retaliation (including anti-military threats or counter threats) - cyberspace deterrence There are big difference.
The network interconnect space makes the prediction indirect losses difficulty. Indirect loss of range of uncertainty is not intended to affect, and third-party Internet could undermine. Inhibition or interruption of a network may affect third parties; For example, once an attack against enemy networks may affect satellite communications services of a neutral country. There are reports that Israel attack on Syria's air defense network also undermines Israel's national network.
In theory, conventional deterrence is based on the basis of collateral damage measurement. Soviet troops in Germany attacks cause allies and enemy civilian casualties. These actions will remain in countries suffering from a clear military violence such extreme conditions. In some respects, the indirect extent of the damage than nuclear weapons network conflicts easier to predict - the explosion of nuclear weapons and radiological impact does not exceed a certain region; indirectly undermine the impact may be far away from the target in cyberspace. The indirect damage uncertainties may cause cyberspace deterrence fail, leaders may not want to incur the vengeful comeback, this time making a wider conflict or more adverse political consequences.
The threat of counter-attack is the basis of Cold War deterrence strategy. However, this principle of deterrence theory does not apply to cyberspace. In the Cold War, the vulnerability of reciprocity - both sides are able to blackmail the other side of the city and the population. Cyberspace this reciprocity has ceased to exist. Compared to its rival, the United States is more dependent on digital networks, vulnerability means that this asymmetry in the network events affected. Dire threat in the Cold War, the two sides have a clear source, and the two sides have "red light" and limit the default understanding. Network conflict, but there is no such certainty. Non-peer vulnerability traceable difficulties and indirect damage prediction difficult is the limit three important factors in the development of cyberspace deterrence opponents ability.
Deterrence strategy depends on the response to the potential threat of the use of armed attack. This requires understanding of the statement of intent and potential adversary’s definitions and restrictions on post-conflict environment. Cyberspace deterrence is limited, because we have not the ability to determine how to build network capacity, defensive measures and international agreements, to ensure the security of the United States and its allies. Best through strategic international dialogue, cyberspace attack, and defense, and multilateral cooperation, trade-offs, and thus reduce the maximum risk of cyber-attacks.
Norms and restrictions due to the lack of a clear international recognition standard network conflicts and reduce the political risk of network attacks. Standards can play a role to limit the conflict range and normative behavior. Attacker before determination, much enemy reaction assessment. Conflict in cyberspace and there is no clear standard also no restriction National attacker. The attacker does not want to see the current network escalation of the conflict as a wider range of violent actions, or interrupt bilateral relations. Activities they will continue in these clear limitations.
This limitation is reconnaissance or use (spy and crime), interrupt, and destroy the boundaries between the three. Across the boundaries will make any network conflict from escalating further. Another limitation is the disruption or destruction of military targets and destroys key facilities or other civilian targets between the boundaries. These standards or limit network able to accept a certain degree of conflict, but also aggravate the attacker country beyond the risk of espionage and criminal activities.
Rough Mandarin Chinese Translation:
However, cyberspace is not what goal is a legitimate objective of a unified knowledge and understanding. One method is the declaration of a target's physical attack is legitimate, then use the network weapons of their attack is legitimate. Ignored a third-party networking "refuge" discussion about the boundaries between legal and illegal attacks. Energy supply interruption attack that will affect military targets to will affect civilian targets. Cyber-attacks against critical facilities makes the possibility of refuge does not exist.
Negligence and destruction unknown to bear the real political risk so that the third-party network. Highly interconnected means of cyberspace attacks against the enemy that is interested third party damage, may also impact attacker. To some extent, to support global Internet protocol or infrastructure attack is "self-destruct" sex, it would have the goal of the attacker and neutral global network damage. There may be some countries will choose the way of attack, but they belong to an extreme nationalist. Fewer restrictions faced by non-state attacker, but due to their own needs of the global Internet, they will on the offensive to make compromises.
There is another problem to consider whether we need to put the network conflict so fast spun off from its political background. Given the limitations of deterrence, the high vulnerability of countries like the United States this will gain more benefits from the establishment of an international standard. This behavior will change deterrence assessment (by reducing the likelihood of success of the enemy to launch cyber-attacks).
These vague standards of political constraints of network attacks, it is due to the consideration of risks and uncertainties, limited political attack leaders may choose behavior. Network conflict will manufacture the political risk. Found that of course you need to take risks, but more importantly, to expand the scope of the attack to other networks, or purely military targets expanded to civilian targets, such as critical infrastructure, it will lead to greater risk. Inadvertent destruction of the third-party network, including cubic and allies, also need to assume a certain degree of political risk. Increase the intensity of attacks, expanding the attack range will further increase the risk. The political consequences of cyber-attacks, and whether the espionage, the use of activities, interrupt activity, sabotage activities separate issues are worthy of further discussion. Only a few countries - Russia , China , Israel , France , the United States , the United Kingdom , there may be a small part of a highly skilled cyber criminals - have the ability to launch cyber-attacks and can cause serious long-term damage, further upgrade as an act of war. Need to plan time for complex infrastructure attack, reconnaissance, resources and skills, which are currently only a few countries have this capability. These countries as part of their military strategy in response to the crisis that may occur, is likely to have made the network attack plan. While most of the non-national hacker does not have this ability.
Serious network attacks can not be isolated in some of the larger conflict. In the real world, rather than cyberspace, few appear this example, one country against another country (especially the big powers) to take covert sabotage, unless explosive moment in the war or conflict. Political constraints of a country, in terms of the serious network attacks (compared espionage) are very high, and its height is almost equivalent to the limit of conventional military operations. Point of view in the smallest degree, this indicates a serious cyber-attack is a harbinger, a warning, indicate a more serious conflict is about to occur.
However, if there is no more serious conflict, a country prefers to opponents fired missiles do not want to launch a serious network attacks. Benefits for politicians because it is too risky, and too small, especially when it decided to take military action. Cyber weapon is not decisive; cyber-attack does not lead to victory in the conflict, especially against a formidable opponent. Currently, there are not any network attacks beyond espionage or criminal activities exist outside the military conflict.
Even in conflict, once cyber-attacks against civilian targets in enemy countries will bring greater risk. With the critical facilities overseas U.S. military at war and attack the United States is different. Retaliation, many countries will retain the ability to network attacks against the enemy domestic goals, the implementation of a similar attack to be enemy or enemy to take extreme measures to retaliate.
Nuclear strategy development to that they would eventually fall into this pattern, and that use of nuclear attack only when extreme happens, nuclear weapons attack in the general case is reserved. Cyber attacks against civilian targets in enemy territory, must carefully consider whether this model applies. Us and our opponents are not willing to give up to use the the espionage or low-level interrupt action in cyberspace, more serious attacks seems to have retained to deal with the situation worse. Well, the deterrent value of the network response can be enhanced, because we should be retained after the most serious attack retaliation (significant damage to critical infrastructure means).
Non-state attacker in cyberspace for non-state attacker, they did not face political constraints generated by network attacks. , They have suffered from the threat of military force is smaller compared to the national sexual assault. In theory, a non-state attacker can hire cyber criminals to launch an attack, which attack capability is precisely their lack, and media reports that Israel suspected Hamas or Lebanese Hezbollah may have hired Russian attack the cybercriminals its network.
But the activities of cybercriminals political background. National attacker wisest life refuge "among the activities of the government of their basic tolerated. An unofficial approach between the Government and the cybercriminals, when the network of criminals and criminal activities can be limited outside the scope of the host country, and reached attacks requirements required by the government, will be able to be recognized. Thus, cybercriminals can live well, also benefit the local economy, and the government can get a powerful weapon to achieve its political objectives, Estonia or Georgia case fully illustrates this point.
We cannot forget that, in many countries has become a haven for cybercrime, they will be a large amount of capital into the communication monitoring a large number of police use of software tools in order to pursue their political control. The idea that these nationally recognized network crime for ignorant reasons obviously cannot people accept. To know the hacker was cut off in his facility, the door was broken before the computer was confiscated, he want attention from Tallinn to the Kremlin only a few hours’ time.
However, for such advanced and ongoing network tolerate criminal activities of the country there are some benefits. To some extent, it can restrict the behavior of network terrorist activities. Many advanced cyber criminals in their activities, are to follow a set of unwritten rules. Financial criminal activities, digital resources steal activities, political activism and cyber-extortion activities are able to tolerate. Activities for the country and close to the brink of war, so the activities of the network further escalation of conflicts but it will not be tolerated. The senior political environment in which cybercriminals causes them to become mercenaries of many terrorist organizations.
A strong network attack capabilities or countries with a large number of senior cybercriminals can decide whether to provide network attack capabilities as a terrorist organization, this that can directly support can also be of cybercrime activities acquiescence to achieve, but once discovered behavior will be filled with a great deal of political risk. More importantly, this attack may in turn hurt their own interests. The country has a strong network attack capabilities - Israel , France , Russia , the United States , the United Kingdom , China - are impossible to support the extreme network activity.
As cybercriminals become mercenaries and terrorist organizations to carry out cyber-attacks, they should get the job of their national government's acquiescence. Tolerate cybercrime activities in the country have their own understanding of the extreme behavior, unless the occurrence of events that lead to political imbalance, under normal circumstances, these countries do not want to see the advanced cybercriminals become the mercenaries of the terrorist organization. At least for the time being can be seen, for terrorist organizations, particularly the Islamic terrorists, they are difficult to get to this ability.
Even if we accept the political restrictions on the employment practices of this network of terror, and other trends that senior Sebo weapons used in terrorist acts (if current trends do not change) can not be avoided. A highly prosperous black market flooded with a large number of software attack tools, personal information, botnets and other criminal services will be supported by the cybercrime activities. These services can buy or rent, or hire a hacker attack. At this point, be able to buy things on the black market is clearly unable to meet the needs of the advanced network attacks. This will occur in the next few years.
There may be 3-8 years, the technology gap between rough estimate, the network capabilities of the intelligence agencies on the black market to buy or to rent network capacity. Evidence of this conclusion may be more vague and one-sided, but this trend has been nearly 20 years since. This also shows that, after 10 years, may also be more after a short time, terrorist organizations will be involved in cybercrime black market network attack capabilities they need to get.
Confidence and not a substitute for defense, only a small number of countries has a strong ability to be able to implement a serious network attacks. But unless a very big crisis (although we still need to continue to develop the the covert reconnaissance capabilities and network attack capability), these countries are not willing to take this behavior. Currently, the serious network attacks by non-state attacker only occurred in one case, a country that has a strong ability decided to support these attacks (including harboring senior cybercriminals help hide the whereabouts).
Currently, there is a powerful network capacity countries are willing to provide this support. None of the six countries mentioned above or similar countries with extremists are at risk of terrorism, they are unwilling to help the non-state attacker, but also do not want to provide other weapons or support. However, with the continued development of network technology, the tools to launch a serious network attacks on the black market, more and more abundant, and with non-state attacker improve, we must recognize that, for political reasons leaving the country to limit the possibility of non-state attacker is getting smaller and smaller.
Those of the United States is relatively large. Up there a few years’ time, the robustness and flexibility injected into the network and critical infrastructure to consolidate our defense, build a modern legal system to ensure adequate security. Our current defense system is apparently unable to resist the attacks of powerful enemies. The United States needs to develop strategies and plans, cyber-attacks become a tool of national capacity. The transformation of the way by reducing the risk of the network conflict international environment, networking relations with other countries by building a network conflict standards and restrictions, to win international support (as we deal with the problem of nuclear proliferation), will be able to properly handle and benefit from. Frankly, many scholars do not believe that the United States can properly deal with the matter, the first successful large-scale attacks in order to spur the United States to make a change.