George Hurlburt wrote an opinion piece in this month’s IEEE Computer, discussing what to do about the “Dark Web” . His main point is that most defensive cyber security is some form of “endpoint protection”, designed to prevent and mitigate attacks on individual devices. Even setting aside the impossibility of defending the bazillions of tiny, ownerless, nodes of Internet of Things in this way, he points out that much of this effort is of questionable value (though certainly attracting revenue).
Furthermore, the Dark Web is technologically sophisticated, and gaining all the time. The limited successful counter attacks (e.g., the takedown of Silk Road) will soon be defeated by new technology in the Dark Web. (Indeed, Bitcoin is rapidly becoming obsolete, supplanted by other cryptocurrencies such as Montero, which is now a favorite for criminals.)
In this, he has a good point, even without considering the never-ending parade of new vulnerabilities we read about.
Hurlburt falls back on an old rhetorical analogy, declaring that
“Cybercrime is a cancer, spreading from the Dark Web into the rest of the Internet.” (p. 104)
This scary sounding pronouncement inevitably leads to the concluding that cybercrime should be attacked like cancer, trying to understand “dynamic, nonlinear network mechanics to prevent sick cells from clustering into malignant growths that threaten” the healthy body of the Internet.
I’m not a big fan of this analogy, not least because our understanding of cancer is not all that solid, and what we do know has yet to demonstrate that we can actually do much about it. In one sense, though, this is a very apt analogy: just as cancer is an undesirable permutation of the normal biology of the body, the “dark web” is an undesirable application of the normal technology of the Internet. You can’t defeat cancer by eliminating the body, nor can you “defeat” the dark web by banning specific technologies.
Hurlburt’s own interest is in big data-y network analyses, which he want to use to grok the Internet, and identify problematic activity. He wants to use
“big data mining and analytics to create automated mechanisms that systematically identify and eliminate cybercriminals.” (p. 104)
Fair enough, though I remain skeptical of just how much can be gained. But it’s better to have more information than less, that’s for sure.
A specific short-term goal would be better data collection, to provide a widely available benchmark for data mining and machine learning to discover patterns. This project requires the same kinds of effort that all “data commons” need: a trusted institutional framework, technical standards for sharing and annotating data, incentives for private parties to contribute to the common, among other challenges. (There are many other open data/data commons efforts languishing out there: e.g., this, this, this, this, this.) In addition, steps must be taken to protect contributors from unnecessary liability. No one will contribute if it lays them open to lawsuits for negligence.
This is a perfectly good idea, although it is strictly backward looking. Given the rapid changes in technology, one wonders how successful any analysis of past attacks can be?
By the way, such a public dataset would also be available to bad guys, who could use it to develop attacks that avoid past patterns, and hide in the seams of what can be learned from the dataset. In other words, this might ultimately prove to be a boon to the creation of even more effective attacks. Sigh.
I will add to his list the need to develop an understanding of what kind of data is available, and what may be missing from any such data collection. For example, if vast swaths of information are cloaked by data privacy laws or national security barriers, then the dataset will not represent the true picture. There is little chance of effective analysis if the data is a badly unrepresentative sample.
Finally, and quite predictably, Hurlburt wants to go on the offensive.
He has a point. Trying to catch and arrest individual perpetrators is not likely to be effective, even if possible, because the technology is too automated. One small operation can zap millions of devices over many years, and the damage will probably not be stopped by a few arrests.
So, he wants to use is analytics to identify bad activities, and respond with whatever means are available, including malware and cracking tools.
“we might have no alternative than to fight fire with fire and employ the same tactics used by Dark Web sites against them, including DDoS attacks and malware in infiltration.” (p.104)
Setting aside the very real ethical problems here (which he acknowledges), it’s not clear to me how this would work. This is asymmetrical conflict. The Dark Net has very little to disrupt, at least in the conventional sense. And, like cancer (and terrorism), much of the bad stuff is embedded within the stuff we seek to protect. For instance, you can’t just cripple a bot net with a “white hat” DDoS attack, because you are trying to rescue and disinfect the innocent hosts in the net.
Overall, Hurlburt makes some important points about the dubious protection offered by much of the computer security employed today, as well as the importance of putting effective cryptography in the hands of the masses. He also is quite correct that the Dark Web is becoming more and more technically invincible. (I certainly wouldn’t bet my life savings on the IoT or anything that presupposes that the open Internet is safe to use a few years from now.)
I am less confident that Hurlburt’s big data-y approach will prove of much use, any more than it has “cured” cancer. He makes a good case for an easy to use, no fault database of breaches, though it seems no easier than any other open data commons initiative.
I can’t say that I’m enthusiastic for a militaristic, “offense is the best defense” approach. Even if this can be done—which is far from certain—there is always a cost when the “good guys” behave just like the “bad guys”. In many parts of the world the bad guys are deeply connected with the so-called good guys. This will amount to no better than cyber gang warfare and civilians will be caught in the cross fire. This may come, but we should try to find better solutions.
- George Hurlburt, Shining Light on the Dark Web. Computer, 50 (4):100-105, 2017. https://www.computer.org/csdl/mags/co/2017/04/mco2017040100-abs.html