Sunday, December 19, 2010

Untraceable Sources of Malware

By far the greatest threat to the commercial, economic and political viability of the Global Information Infrastructure will come from information terrorists. Information terrorism has ceased to be an amateur effort and has migrated into the hands of well-organized, highly trained expert professionals. Information terrorist attacks can be expected to become a decisive element of any combined threat to the economic and social integrity of the international community. Nations whose lifeline becomes increasingly dependent on information networks should realize that there is no sanctuary from information-based assaults. Commercial organizations, especially in telecommunications, finance, transportation and power generation offer choice targets to massive disruption.

The introduction of Anonymous Re-mailers into the Internet has altered the capacity to balance attack and counter-attack, or crime and punishment. The widespread use and easy access to acquiring the capacity to launch anonymous (e.g. untraceable) messages and software is now a development that warrants attention in mounting defenses in cyber operations (Strassmann and Marlow, 1996). *

One of the most pervasive techniques for hiding the source of malware is the Tor anonymity network.**  It is a system composed of client software and a network of servers, which can hide information about users' locations and other factors, which might identify them. Use of this system makes it more difficult to trace Internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms. It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business, by keeping their Internet activities from being monitored. The software is open-source and the network is free of charge to use.

Tor works by relaying communications through a network of systems run by volunteers in various locations. Because the Internet address of the sender and the recipient are not both readable at any step along the way (and in intermediate links in the chain, neither piece of information is readable), someone engaging in network traffic analysis and surveillance at any point along the line cannot directly identify which end system is communicating with which other. Furthermore, the recipient knows only the address of the last intermediate machine, not the sender. By keeping some of the network entry points hidden, Tor is also able to evade many Internet censorship systems, even ones specifically targeting Tor. ***

DoD cyber operations must be protected against incoming transactions that originate from every anonymous source. Even though anonymous transactions can be routed through an unsuspecting insider, strong authentication of every source can protect the DoD network. In the case of a hostile insider acting as a conveyor of anonymous traffic the only defenses are techniques that are monitored by counterintelligence personnel.