Isolating malign internet traffic?

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
Okay, I have a professional question and I know there are some IT folks on here.
If a shooting war were to break out between the US and say, Russia or China, can the US government shut off internet traffic from the Badguys to prevent malicious internet attacks from Badguyland? (Not talking about shutting down the internet within the US, just internet communication of Badguyland with the world.)
I suspect that Russian (or Chinese) criminals would be given a green light to go hog wild wreaking havoc in the US, but criminal gangs, while damaging, have limited capabilities. Hostile government malicious internet attacks would be more robust, I would imagine.
Can bad guys hide their origins (like a VPN, but more robust), or, in the event of a major war, is it just going to be a free-for-all on the internet?
 
  • Like
Reactions: seebell

2003TIDE

Hall of Fame
Jul 10, 2007
7,361
2,602
187
ATL
I'm trying to wrap my brain around how this would work in theory. A few thoughts.

1. Are you talking about ISP's physically shutting down overseas links?
2. US ISP's could black hole traffic from certain countries
3. BUT nation states you are talking about surely have a way to hide the origin of the attack
4. The internet is super redundant. So in terms of offensively disabling equipment to block traffic, the US offensive capabilities would have to disable every ISP router with an egress path out of the enemy country
5. Security products have the capabilities to block certain GEO's, but the products I'm familiar with are enterprise level. I don't have any working knowledge of products ISP's have deployed.
 

B1GTide

TideFans Legend
Apr 13, 2012
39,241
27,453
187
If you are worried about what a foreign country might do via the internet you have to consider the probability that they already have the resources in America to launch that kind of attack right here. They need not initiate the attack from abroad, and they certainly wouldn't want it to be traced back to its origins.
 
  • Like
  • Thank You
Reactions: Jon and UAH

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
If you are worried about what a foreign country might do via the internet you have to consider the probability that they already have the resources in America to launch that kind of attack right here. They need not initiate the attack from abroad, and they certainly wouldn't want it to be traced back to its origins.
That is actually a good point. Cyber attacks can launched from anywhere.
That said, Russia's GDP is smaller than Texas', and out of the money Russia makes, Putin has to steal his own income, keep the oligarchs happy (so they don't kill him), fund foreign adventures like Donbas, Syria, and Nagorno-Karabakh, and even spend a little bit trying to keep the Russian people happy (e.g. repair roads, staff hospitals, run schools, etc.). Bearing in mind the latter task, Russia is on track to lose another million people this year through death and emigration.
Maintaining agents overseas (especially tech-savvy sleeper agents) is not cheap so has to be engaged in selectively.
 
  • Like
Reactions: B1GTide

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
I'm trying to wrap my brain around how this would work in theory. A few thoughts.

1. Are you talking about ISP's physically shutting down overseas links?
2. US ISP's could black hole traffic from certain countries
3. BUT nation states you are talking about surely have a way to hide the origin of the attack
4. The internet is super redundant. So in terms of offensively disabling equipment to block traffic, the US offensive capabilities would have to disable every ISP router with an egress path out of the enemy country
5. Security products have the capabilities to block certain GEO's, but the products I'm familiar with are enterprise level. I don't have any working knowledge of products ISP's have deployed.
Generally, I'm asking myself if a shooting war breaks out with a tech-savvy opponent (mainly Russia or China, is there a way to isolate the West from the damage that could be wrought via malignant actors via the internet, without shutting the internet down inside the West?
 
  • Thank You
Reactions: seebell

Jon

Hall of Fame
Feb 22, 2002
14,117
8,327
182
Atlanta 'Burbs
Generally, I'm asking myself if a shooting war breaks out with a tech-savvy opponent (mainly Russia or China, is there a way to isolate the West from the damage that could be wrought via malignant actors via the internet, without shutting the internet down inside the West?
short answer, no not really not anything that a powerful nationstate with deep resources like china can't get around. Russia doesn't have the same resources but they are amazingly good at leveraging what they do have which is a very well educated population and the desire to cause havoc for us.
 

2003TIDE

Hall of Fame
Jul 10, 2007
7,361
2,602
187
ATL
Russia doesn't have the same resources but they are amazingly good at leveraging what they do have which is a very well educated population and the desire to cause havoc for us.
Yeah lots of really good programmers come out of Russian.

Side note -Any of you guys ever read Flash Boys? It is about the early days of HFT. A lot of the early programmers were Russian because they were really good at writing super efficient code. The reason given was because in universities in Russia resources/mainframe time was so limited they learned by writing their code by hand first, optimizing it on paper, then trying to enter it in to get it to run in their time window.
 

Jon

Hall of Fame
Feb 22, 2002
14,117
8,327
182
Atlanta 'Burbs
Yeah lots of really good programmers come out of Russian.

Side note -Any of you guys ever read Flash Boys? It is about the early days of HFT. A lot of the early programmers were Russian because they were really good at writing super efficient code. The reason given was because in universities in Russia resources/mainframe time was so limited they learned by writing their code by hand first, optimizing it on paper, then trying to enter it in to get it to run in their time window.
no I haven't but I like Lewis and his other works. Might have to.

I fronted as a sales guy for a group of Russian Programmers here in Atlanta back in 2002/3 and they were all brilliant. Guys that could make things happen in code that was never intended by the original code writers. What they were terrible about was documenting their work and turning it over. I always thought of them as hacker/tinkerers everything will work but don't look behind the curtain at the guy pulling all the levers to make it work.
 

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
short answer, no not really not anything that a powerful nationstate with deep resources like china can't get around. Russia doesn't have the same resources but they are amazingly good at leveraging what they do have which is a very well educated population and the desire to cause havoc for us.
Thanks.
On one hand, an internet-leveraged society like Estonia can realize efficiencies via the internet. On the there hand, an internet-leveraged society like Estonia is incredibly vulnerable to nation-states that would use the internet to cause havoc.
I guess we are in for a wild ride should a shooting war break out with either of those two.
 

4Q Basket Case

FB|BB Moderator
Nov 8, 2004
6,879
5,021
237
Tuscaloosa
You pose an interesting question. But I’d also say that that knife cuts both ways. It’s not like only the bad guys have offensive hacking capability. We do, too.

A hacked-off (pun intended) NSA and CIA, with shackles off due to war, would be formidable.

Whose hackers are better? I don’t know. But I know it would be a contest.
 
  • Like
Reactions: dtgreg and B1GTide

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
One last post and I'll let this go.
In 2007, the Tallinn city council decided to move the Soviet World War II monument from the middle of town (where it had become the center of ethnic rancor between Estonians and ethnic Russians) to the Soviet military cemetery outside town.
Russia went nuts, saying "only a pro-Nazi city would be so ungrateful as to takedown a monument to the soldiers who liberated Estonia from the Nazis," Tallinn city council has "decided to chop up the monument," etc. etc.
Shortly thereafter, Estonian banks were shut down by a barrage of DDOS attacks, mostly coming from Russia. Every Estonian bank was influenced. No automatic tellers worked. Nobody could get cash. For days on end, etc.
Now, that reaction was only over the moving of a war monument. Imagine how motivated the same Russian hackers would be if Russia was at war.
My advice to my Tidefans brethren, if a war is looming with either China or Russia, best have some food on hand and some cash. Not a year's worth of food, and not $100,000 in cash, but enough until the banks get things sorted, however long you think that will be.
 

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
You pose an interesting question. But I’d also say that that knife cuts both ways. It’s not like only the bad guys have offensive hacking capability. We do, too.

A hacked-off (pun intended) NSA and CIA, with shackles off due to war, would be formidable.

Whose hackers are better? I don’t know. But I know it would be a contest.
You are right. David Sanger (NYT journalist) wrote a book called The Perfect Weapon about national offensive cyber capabilities. The thing about them is, the capabilities are normally locked behind the cipher lock and nations tend to be very closehold about what they can and cannot do. If you tip off your oppponentthat you can employ software to cause uranium enrichment centrifuges to destroy themselves before you actually deploy that capability, your enemy/target has a powerful incentive to develop countermeasures. So these are very secret capabilities. On both sides.
The Russians have some advantages.They have effective hackers. They are "morally flexible" about their use. They believe they are already at war with the West, whereas the West does not really care much about Russia one way or the other.
 
  • Like
Reactions: dtgreg and TIDE-HSV

4Q Basket Case

FB|BB Moderator
Nov 8, 2004
6,879
5,021
237
Tuscaloosa
You are right. David Sanger (NYT journalist) wrote a book called The Perfect Weapon about national offensive cyber capabilities. The thing about them is, the capabilities are normally locked behind the cipher lock and nations tend to be very closehold about what they can and cannot do. If you tip off your oppponentthat you can employ software to cause uranium enrichment centrifuges to destroy themselves before you actually deploy that capability, your enemy/target has a powerful incentive to develop countermeasures. So these are very secret capabilities. On both sides.
The Russians have some advantages.They have effective hackers. They are "morally flexible" about their use. They believe they are already at war with the West, whereas the West does not really care much about Russia one way or the other.
Good point about keeping capabilities quiet. I've been told that Putin was not happy about the Colonial Pipeline hack, but I figured it was because his guys were poking the bear unnecessarily, and paybacks are hell.

I hadn't considered that they tipped an ability we didn't know they had, didn't get much for it in the great scheme of things, and now that ability isn't what it used to be.

Maybe Putin's concerns were more about wasting a capability than what I had initially attributed them to.
 

B1GTide

TideFans Legend
Apr 13, 2012
39,241
27,453
187
My advice to my Tidefans brethren, if a war is looming with either China or Russia, best have some food on hand and some cash. Not a year's worth of food, and not $100,000 in cash, but enough until the banks get things sorted, however long you think that will be.
My advice - don't waste a second of your life worrying about this. It isn't healthy, and it won't help to prep - at all.
 

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
Good point about keeping capabilities quiet. I've been told that Putin was not happy about the Colonial Pipeline hack, but I figured it was because his guys were poking the bear unnecessarily, and paybacks are hell.

I hadn't considered that they tipped an ability we didn't know they had, didn't get much for it in the great scheme of things, and now that ability isn't what it used to be.

Maybe Putin's concerns were more about wasting a capability than what I had initially attributed them to.
I think some stuff that happens in Russia without Putin's prior approval.
Once he was elected to the presidency, he told the Russian-Based Organized Crime (RBOC) "keep doing what you are doing. I will not put you out of business, just realize that the biggest, toughest organized crime gang in Russia is me (and the siloviki). If you embarrass us, we will hurt you. If you do not keep us paid off, we will hurt you. And sometimes, we are going to need you to do stuff that we do not want government fingerprints on. Now, carry on."
This applies to internet crime as well.
 
  • Like
Reactions: TIDE-HSV

Tidewater

Hall of Fame
Mar 15, 2003
18,829
4,538
187
Hooterville, Vir.
Good point about keeping capabilities quiet. I've been told that Putin was not happy about the Colonial Pipeline hack, but I figured it was because his guys were poking the bear unnecessarily, and paybacks are hell.

I hadn't considered that they tipped an ability we didn't know they had, didn't get much for it in the great scheme of things, and now that ability isn't what it used to be.

Maybe Putin's concerns were more about wasting a capability than what I had initially attributed them to.
I do not think anything associated with the Colonial Pipeline was new. I thought it was just ransomware used against a lucrative target.
My point (taken from Sanger) is that just because the Russians (or the Chinese or the Americans for that matter) have not done a thing through the internet, does not mean they do not now have the capability to do that thing. They may be waiting until they really need it.