Tag Archives: networking

Kill Zombies

Slashdot links to two amazingly interesting posts, “Owning Kraken Zombies, a Detailed Discussion” and “Kraken Botnet Infiltration.” Kraken is a botnet, or network of infested computers, that is used for bad beeds such as password cracking and distributed denial of service attacks.

The researchers discovered a way to kill Kraken, limiting the zombie infestation. As the researchers note, “What if that target system is responsible for someones life support?”

The law should allow for zombies to be lobotomized at will, and should protect those who do so. Any bad effects should be the responsibility of those who care and give support for the zombies — their system administrators — and note anti-zombie “concerned local citizens.”

That’s the 2nd Amendment applied to cyberspace. That’s the American Way.

Styles of Networked Politics (Scoop Considered Harmful)

Aristocratic Right Wing Blogosphere Stagnating,” by Chris Bowers, MyDD, 12 June 2005, http://www.mydd.com/story/2005/6/12/17357/3049 (from tdaxp).

Conservative Blog Sprawl Is A Serious Threat To Progressive Blogosphere Dominance,” by Chris Bowers, MyDD, 7 July 2005, http://www.mydd.com/story/2005/7/7/184341/5955.

Earlier I blogged Chris Bowers’ analysis of the rise of big liberal blogs. Specifically he described Scoop, a reader-friendly blog package that allows any commentator to write front-page stories. Famously, he wrote

In short, the anti-community nature of right-wing blogs has resulted in a stagnant aristocracy within the conservative blogosphere that prevents the emergence of new voices and, as a result, new reasons for people to visit conservative blogs.

Unless right-wing blogs decide to open up and allow their readers to have a greater voice, I expect that the liberal and progressive blogosphere will continue its unbroken twenty-month rise in relative traffic.


Because the big liberal blogs are more commenter-friendly that the big conservative blogs, there are more big liberal blogs and many more small conservative blogs. While a dailyKos reader can get his thoughts published on the dKos homepage, and seen by thousands, an Instapundit reader has to start his own blog and hope it gets linked to.

But now, Mr Bowers looks at the other side: because liberal blogs are so easy to join, big liberal blogs kills off the liberal grassroots before it can even form

To a certain extent, this is probably the result of several large progressive blogs offering quick and easy ways to take part in large communities, something that is not found nearly as often on large right-wing blogs. Why start a local blog when you can just have a diary on Dailykos? Whatever the cause, however, this is a serious problem that progressives must both accept and face. Certainly there are some very good local lefty blogs communities, but overall local blogging is dominated by conservatives. The Thune bloggers are just one example of the impact this can have on a campaign.


(The “Thune bloggers” Bowers talks about are South Dakota Politics, Sibby Online, and other Republican sites in South Dakota that helped to remove Tom Daschle from the Senate.)

Scoop and other tools of the liberal blogosphere have made centralization much easier. Liberal bloggers have adopted top-down, Soviet-style network-centric warfare as their de facto doctrine. Liberals are pushing power up, concentrating power and leading to mental isolation seperating the leaders from the led. Meanwhile, conservative bloggers use simpler tools to spread in more places. Conservatives are pushing power down. The conservative bloggers have adopted netwar as their de facto doctrine.

So which strategy is better? Is NCW best, because elections are like set battles? Is netwar best, because politics is a game of heart and minds? The answer: politics is a full-spectrum battlespace, and both net-centric war and netwar should be used by a wise politician.

Urban Political Networks (The State Stays Weak)

Keeping the State Weak,” by TM Lutas, Flit(tm), 13 June 2005, http://www.snappingturtle.net/jmc/tmblog/archives/005439.html.

One of my blog role models, and tdaxp commentator, TM Lutas worries about the political implications of street cameras

I ran across an article on street cameras themed on the idea that they’re really not such a bad thing for civil liberties. It’s not a bad piece but misses the real problem of the cameras, they make the state too strong. A society where everything done by an individual in public is captured, stored, collated, and attached to a personal file makes it too easy to keep tabs on dissidents, on the loyal opposition, even on personal enemies of those in power.

The US has plenty of experience with corrupt governments. The municipal history of most major urban centers in the US can lay out entire corrupt eras where the city was controlled by this or that corrupt “machine”. Corruption is not something that is of mere theoretical interest but a real, live concern that is a problem from the beginning of the Republic to today.

So what happens when those street cameras are controlled by a corrupt group that is technically savvy?

This is a concern that city governments will use Network-Centric Politics to stay in power. This is related to Network-Centric Warfare, the “hi-tech blitzkrieg” that the Pentagon is planning to defend Taiwan. Lots of technology, lots of technological networks to be build, very top-down.

The citizen’s solution is fourth generation politics. Related to Fourth Generation War, or “netwar,” it relies on human networks to win. 4GW allows common people to use the infrastructure to their advantage, bypassing points of resistance like rivers bypass mountains. So what is the solution if an American city corruptly uses the surveillance cameras to spy on “enemy” meetings? Meet where the cameras cannot see. Or do something completely asymetric, like swarm enemy politicians and neutral media.

Barnett and Berman Network Security (CompSci And PoliSci Makes NetSci)

Life After DoDth or: How the Evernet Changes Everything,” by Thomas P.M. Barnett, Proceedings of US Naval Institute, May 2000, http://www.thomaspmbarnett.com/published/ladod.htm.

The Death of a Firewall,” by Stuart Berman, Network Magazine, 1 June 2005, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=163700676 (from My Kids’ Dad).

In an article discussing how to “maintain and protect our economic networks with the outside world,” geostrategist proposes a “Department of Network Security” (DNS) that will tackle international organized crime, insurgencies, and terrorism. DNS will partially replace the Department of Defense, with the other end being in the Department of Global Deterrence (DGD) . In his words,

First the unpleasant truth: the Department of Defense’s raison d’être died with the Cold War. No one likes to talk about it, but that’s what happened. Created in the National Security Act of 1947, the DoD is wholly a creature of what eventually became the United States’ hair-trigger during the nuclear standoff with the Soviet Union. Prior to that, we basically stuck to the Constitution’s mandate to “provide and maintain a Navy” on a constant basis and to “raise and support Armies” as the situation demanded.

But that strategy died with the start of the globalization era. Now, security rationales are subordinate to economic imperatives. So why haven’t we seen, as Joseph Nye might say, the “return of history” in the U.S. national security establishment?[2] Why haven’t we repealed the 1947 National Security Act and thrown away this outmoded unification of two defense concepts [meaning, “Why haven’t be eliminated the Department of Defenset?” – tdaxp] that constantly compete against one another—to the detriment of both?

DNS will discard the traditional notion of military service separate from civilian life. For most personnel, it will adopt a consultancy model, whereby the agency rents career time versus buying entire lifetimes (essentially the National Guard model). DNS’s officer corps will remain career managers, but with frequent real-world tours of duty in technology, industrial, and business fields. This organization will be networked in the extreme, because networks will be what it is all about. This means no separate legal system and the end to posse comitatus restrictions.

Posse Comitatus is the federal law that ended Reconstruction by preventing the military from protecting democracy in the Southern States. The Posse Comitatus Act was the first capitulation of the United States in a War on Terrorism. Barnett, foreseeing a new Global War on Terrorism, realized that it must end if we are to have network security

Stuart Berman of MKD has his own thoughts on network security:

Three years ago, I proposed to our technology architects that we eliminate our network firewalls. Today, we’re close to achieving that goal. Back then, I thought that network-based firewalls were losing their effectiveness, enabling a mind-set that was flawed. Today, I’m certain.

Perimeter security was originally intended to allow us to operate with the confidence that our information and content wouldn’t be stolen or otherwise abused. Instead, the firewall has slowed down application deployment, limiting our choice of applications and increasing our stress.

To make matters worse, we constantly heard that something was safe because it was inside our network. Who thinks that the bad guys are outside the firewall and the good guys are in? A myriad of applications, from Web-based mail to IM to VoIP, can now tunnel through or bypass the firewall. At the same time, new organizational models embrace a variety of visitors, including contractors and partners, into our networks. Nevertheless, the perimeter is still seen as a defense that keeps out bad behavior. Taking that crutch away has forced us to rethink our security model.

Our new security posture gives our users access to more applications regardless of their location and without sacrificing security. The new security architecture isn’t focused on our network firewall. Instead, we embed security within our internal network. This begins with separating our servers from our clients. We can do that now, thanks to layer-3 data center switches that allow for the low-cost creation of subnets. By defining simple ACLs, we further isolate our backend servers.

While Barnett is talking about geopolitical network defense, and Berman is talking about I.T. network defense,both thinkers are analyzing network defenses and both come to the same conclusion: we can no longer trust a border to protect us. In a world where we need to increase “connectivity with the outside world” (in Barnett’s words), trusting a “perimeter” to “keeps out bad behavior” is a “crutch” (Berman’s terms).

Stuart Berman talks about putting “security within our internal network” (emphasis mine). Barnett talks about ending the “traditional notion of military service separate from civilian life.” Same thing.

Turns out my two programs of graduate study, Computer Science and Politican Science, aren’t so different after all.

Computer Science + Political Science = Network Science.

Network Discovery (Nmap, Cinema, Iraq Warriors, and American Feminists)

What You See Is What You Get — or Is It?,” by Margaret Heffernan, WITI Careers mailing list, 24 May 2005, http://www.witi.com/careers/2005/culture.php.

In The Matrix Reloaded, our heroine needs to take over the city’s electricity network to turn off alarms.


While in Battle Royale, our hero’s friend needs to subvert the system’s security network


What do both characters use? Nmap, a network discovery tool. Network discovery lets you know what a network is like. Is it just one computer? Many? Are they secure? Easy to penetrate and subvert?

Likewise, they can be social networks, whether Family/Steep/Pre-Modern Nets…


Ideological/Flat/4th Generation Nets…


or combinations of these…


I’ve written before that in war, the style of network takedown depends on the style of network. But how can we quickly determine what type of network we are dealing with?

In an otherwise bitchy whiny article, Margaret Heffernan gives us a very low tech version of nmap

If offered a drink, always accept — and see who goes to get it. You may be told the hierarchy’s flat, but it isn’t that flat if only assistants get the coffee.

Of course, this won’t always work. Lawrence of Arabia famously includes a scene of Prince Faisal, the head of a very steep network, serving a guest himself. But if a warrior knows the local culture, he can quickly do network discovery with very little technology. This is vital to winning the Second Battle of Iraq in the Global War on Terrorism.

Network Politics, Part 1, 0GW/4GW: Iraqi Sunnis

Note: This is a selection from Network Politics, a tdaxp series.


Earlier I described the fusion of Pre-Modern (or 0GW) and 4G nets, using the religious right in America as an example. Combining the will to power of 4G networks with the strength of families, the American Right Christian are exerting their power as never before.

But what if the situation called for going beyond politics? What if the PM/4G networks were ready to kill people?

Welcome to the insurgency in Iraq

First, take a boring family tree:


Three generations are shown, as well as three original couples. At the time of the diagram there are 12 males, of which five are married (more interested in stability) and seven are single (less interested in stability). Now imagine one of the more influential single males joins the insurgency and, drawing on family rule sets (“heeding your uncle,” “protecting the family,” etc.) recruits four others…

A Fourth-Generation network attached to a Pre-Modern network!

So how is this PMW/4GW hybrid defeated? It has the strengths of both kind of organizations, so it is undefeatable?


One option would be to lakota the insurgency. The Lakota Sioux was a violent Indian nation with a history of aggressive warfare. Allying with the United States in several early Indian wars, the Lakota eventually began massacring white settlers and succeeded in ethnically cleansing the Dakota Territory. After the convention war ended, the Federal Government responded with a hellish system of boarding school designed the destroy Lakota Sioux culture. The federal government succeeded. By removing children from their families and placing them in an alien environment that Lakota culture was not adapted to, it obliterated the Lakota ability to make war. While some warriors will remain, the fighting networks are shattered and the Pre-Modern Networks – families – fade away.

Children, Removed from Pre-Modern Net, Under State-Control

The downsides are numerous

  • Violation of human rights
  • Fits some definitions of “genocide”
  • Unlikely democratic Iraqi government will support
  • Unlikely Coalition members will support
  • Unlikely American people will support

In other words, the Lakota Option would be a massive American moral Isolation [PISRR] attack on America. Not a future worth creating.

More attractive is targeted denial of service attacks.

I earlier described a real-life DOS attack. DOS attacks are a form of “node takedown” or “politics of personal destruction” where the goal is to prevent leaders (ironically called “servers,” because they “serve” information) from talking to followers (called “clients”). Instead of America being morally isolated, we morally isolate the anti-Iraqis. Here’s how:

  1. Police capture any insurgent from the clan.
  2. Every single male is taken for questioning
  3. Police determine which single males are opinion leaders. No confessions are accusations are needed. The police only need to know which single males in the family are considered “important” or “honorable.”
  4. Police then launch the DOS attack on the single male opinion leaders. This can be indefinite detention, spreading disinformation that the targets themselves are cooperating, public humiliation (particularly sexual in a conservative society like Iraq), etc. No one needs to be tortured or killed. But the single male opinion network must be shattered
  5. Afterwards, the formerly important and honorable single males are disreputable. They do not attract followers from their tribe or clan.

Taking the same chart used previously, but snipping only the two leaders, we now get…


…A Peaceful Iraq!

Network Politics, a tdaxp series
Introduction: Net-Attacks and Counter-Attacks
Part 1, 0GW / 4GW: Iraqi Sunnis
Part 2, 0GW / 4GW: Christian Conservatives
Part 3, 1GW / 4GW: George Soros
Part 4, 2GW / 4GW: Social Security
Part 5, 4GW / 4GW: John Kerry

Larry Is A Genius (Net Attack Reading List)

The One Thing Wrong…,” by Larry Dunbar, tdaxp, 7 May 2005, http://www.tdaxp.com/archive/2005/05/04/net-attacks_and_counter-attacks.html.

Over the past few days I have been blessed by a wise, well-spoken, and tremendously friendly commenter. Larry Dunbar is a genius. As I’ve said this about one other person — Mark Safranski — that means a lot. Larry has been putting me to shame with briliant thought after thought, while I struggle to find the right words.

He’s given me two wonderful posts in reaction to my article, Net-Attacks and Counter-Attacks, which compared the defense of a Costa Rican online gaming house to styles of war. Here’s his latest, with my comments.

How do you know it wasn’t the Russian police to begin with, and their objective was to get networked with someone in the gaming industry?

Agreed. The original article speculated on whether The Mercenary was behind it, and used the Enemy and the Mercenary Forces (the Russians) as tools. It may have been the Russian police themselves, too.

The greatest argument against the Enemy planning all of it is that computer networkers may be bad social networkers — but such assumptions are always dangerous.

You show no lines off the yellow blocks of the Russian police still attached to the enemy. Even if it was legit, I would expect to see either lawyer, family members and other partners with the enemy still attached to the Russian Police. In fact when the enemy is let go by the police, he now takes a piece of your company and begins another attack somewhere else.

Great point!

The Enemy is not fully disconnected — he is very connected to dangerous people.

I showed him as isolated, assuming he is now lost in a miserable system and out of contact with his assailants. This also furthered the analogy between the CSO Magazine article and an assassination of a tribal chief. You caught me in an assumption.

I’m trying to see a win-win situation here and it is hard to see. The mercenary is now stronger than your enemy was. The enemy, if he survives, is now just a little smarter than before. You also have the fact you are dealing with, at least in some context, the Russian police. My guess is you will suffer another attack simply because there are too many people relying on the enemy to attack so they can be rewarded.

Perhaps this established a high cost of attacks which prevents repeat, but otherwise I agree.

What struck me about the CSO article was how very close it was to the plot of Sons, by Pearl S. Buck. The second book in The Good Earth trilogy, Sons focuses on a Warlord in the early Chinese Republic. The maneuvering in the book is very, very similar to the net-attacks described in the article.

Additionally, the trilogy itself is a terrific introduction to different styles of politics and war. Pre-Modern Politics, 1GW, 2GW, and 4GW are major themes of the series. Written in the 1930s by a woman, and spanning from about 1870 to about 1935, I highly, highly recommend the books:

  1. The Good Earth
  2. Sons
  3. A House Divided

PS: If you care about plot, be careful of the Amazon reviews. They can give a lot away.

Network Politics, Introduction: Net-Attacks and Counter-Attacks

Note: This is a selection from Network Politics, a tdaxp series.


How a Bookmaker and a Whiz Kid Took On an Extortionist — and Won,” by Scott Berinato, CSO Magazine, May 2005, http://www.csoonline.com/read/050105/extortion.html (from slashdot).

I’ve been diagramming a lot of different network attacks lately, so it’s neat to read a story about an real-life net attack and counterattack.

It started off with four classes of nodes. An Enemy (blue), conscripted attackers (dark grey), a victim node (light grey), and a Protagonist (red). Visually


The Enemy wanted to extort several dozen thousand dollars from the Protagonist. To do this, he put malicious computer code on many innocent computers, making them “zombies.” At will he could have his zombies attack the victim node — the Protagonist’s web server. This was DDOS (distributed denial of service) attack that prevented the Protagonist’s computer from serving the outside world — disconnecting the Protagonist from his potential customers. The Enemy is directly communications his demands to the Protagonist.

Then, the Protagonist escalated. The Protagonist hired a Mercenary (pink). The Mercenary’s first task was to build a network of defenders (middle grey), which stands between the Enemy’s attackers and the Protagonist’s server. While this does not end the attack, it prevents serious harm as the Enemy’s distributed attacks are now met by distributed defense. The Protagonist and the Mercenary have friendly direct communication, while Enemy is still directly threatening the Protagonist. Visually:


The Mercenary then began the counter-attack. He establishes direct friendly communication with the Enemy, lying about his identity. He determines the physical location of the Enemy — Russia. The Mercenary now co-opts his own networks of attackers — the Russian police (yellow).

In the coup de grace, the Protagonist attacks the Enemy through the Russian police. Visually:


The end state? The attacker zombie nodes are liberated, the Enemy is pacified, the Mercenary has links to both a network of attackers and network of defenders, and the Protagonist can conduct his business safely.


Thoughts to ponder:

  • While the story is about a technological attack on a gambling site, the network diagrams could tell many stories. The same diagrams can be used to examine the assassination of an Afghan tribal chief, the take-down of an insurgent network, a Chinese bandit moving into a valley, &c
  • In the story the Mercenary is altruistic. But assuming he is not, is the Protagonist now in more or less danger than during the original attack? How much potential power does the Mercenary have over the Protagonist?
  • In the story, the Enemy’s attacks are horizontal (devastating, but nonviolent and peer-to-peer) while the Mercenary’s counterattack is vertical (violent, resulting in imprisonment by men with guns). Nonetheless, a successful attack by the Enemy would have been devastating. Can horizontal and vertical attacks be equally destructive?
  • Note that the Enemy has lost all power in the final chart, because he is completely disconnected. The power dynamic has completely changed with all the same nodes still in place. Disconnectedness defines danger. Does connectedness define safety? Power?

Update: Welcome Thomas P.M. Barnett readers. I created this post by combining my graduate study in computer science with political science concepts. If you enjoyed this post, see also my History, Political and Military Doctrine and Connectivity sections.

Question about this post? Confidentially email tdaxp.

Update 28 October 2005: A new version of this analysis, looking at Speaker Hastert’s blog attack on oil companies, is now available.

Network Politics, a tdaxp series
Introduction: Net-Attacks and Counter-Attacks
Part 1, 0GW / 4GW: Iraqi Sunnis
Part 2, 0GW / 4GW: Christian Conservatives
Part 3, 1GW / 4GW: George Soros
Part 4, 2GW / 4GW: Social Security
Part 5, 4GW / 4GW: John Kerry

Cyberwar Within the Context of Everything Else

Gaming War Within the Context of Everything Else,” Fire and Movement, Issue 134, by Thomas P.M. Barnett, Horse and Musket, http://www.thomaspmbarnett.com/published/GamingWar.htm, 2004.

Of content flows and rodeos,” by Stuart Berman, My Kids’ Dad, http://bermans.blogs.com/opinion/2005/01/of_content_flow.html, 4 February 2005.

Stuart Berman is an insightful thinker, and I recently added his blog to my reading list. But this suggestion is dangerously wrong.

2) The analogous layer – should the Internet remain ‘wide open’ or should we adopt Barnett’s model?

Barnett emphasizes the role of technologies in fostering the war of connectivity although he concentrates on the geophysical context (the Internet has multiplied the effects of globalization but those effects tend to be geographic thus the Gap and Core are mostly bounded by national boundaries with special position given to those countries on the border – ‘seam states’). This makes sense as long as the war is fought along physical lines, but some (including myself) are concerned about the impact of cyberwar – that is what happens when the connectivity war starts ‘backflushing’ upstream? Examples above are one aspect of this. In the cyberworld (electronic communications) there is very little relationship between the physical (location and infrastructure) and the virtual (the content and flow) so the seams or the frontlines are almost imperceptible. (A Korean may have her Hotmail account with all of it’s data reside in Seattle and is handled the same way as if it belonged to a man in Iowa.) Clearly China has tried to alter this architecture – the question is should the architecture take into account analogous geophysical global situations or even try to model the architecture along the thinking Barnett offers (in the virtual world regardless of your physical location are you a Core player, a Gap player or a Seam player -> your behavior determines your status not any other factor[nationality, religion, skin tone, gender])? The first option (China) involves firewalling and content control at the physical borders, the second option requires development of identity architectures and virtual firewalling (ala Jericho Forum).

If I am reading this right, the suggestion is dangerously wrong. We have to fight war in the context of everything else. That means cyberwar within the context of too. Dr. Barnett has written

Instead of just gaming war within the context of war, you’d have to game war within the context of everything else—Risk meets Monopoly meets Life meets . . ..

Let me give you an even better example. The U.S. Census Bureau says two-thirds of America’s population growth between now and 2050 will come from Latinos immigrating here from Central and South America. Without that flow of bodies, our Potential Support Ratio (PSR) of workers-to-retirees will plummet dangerously. That’s the future economic strength of this country in a nutshell. Guess what happens in response to 9/11? We tighten our borders and already we see a diversion of that flow to Europe. You want to know who made that call? Bin Laden did. He’s playing a game of Risk we don’t understand, because we lack the imagination to do so—because we only understand war within the context of war and not within the context of everything else.

I think Mr. Berman and I agree with Dr. Barnett that disconnectedness defines danger. And we agree that the focus of the Global War on Terror should be spreading connectivity. But firewalling the Core will do not do this. An Internet where Gap and Seam browsers have their face against the electronic glass is not an internet worth creating.

Cybersecurity is important, and some precautions must be taken. But making the Internet geographically-dependent as Berman and Beijing suggest is not in Barnett’s vision. Berman’s “identity architectures and virtual firewalls” would shut the door on those whom globalization would help the most and reinforce ghettosim. The Great Virtual Firewall of the Core and would be be a terrible step backward.