The Big Hack This Week ....

By Paul Rosenzweig
Wednesday, August 28, 2013, 10:06 AM

No, I'm not talking about the Syrian Electronic Army's likely take down of the New York Times website yesterday -- though that is probably what you were thinking and also probably the only one you've read about.  That reflects, I think, a unique US-centric view of cybersecurity.

This week's biggest hack, however, was apparently (and I say apparently because reporting is unclear) a large denial of service attack on the .cn network in China.  According to Computer World for roughly 6 hours significant levels of traffic were effected as the ccTLD (country code top level domain) servers were under assault.  The Register, in the UK, quotes the head of CloudFlare to the effect that 32% of the traffic in China was degraded.  The effect was so significant that it could not be disregarded and concealed.  It has been attributed by the China Internet Network Information Center to some external malicious actor.  China has the largest online population in the world -- and that means that the .cn network is one of the largest domains around.  Not as big as .com (at least not yet) but on roughly the same scale.

So what happened and who did it?  Of course nobody knows.  And its possible (though unlikely) that a review will establish that the flaw was some unanticipated technical glitch of an unusual scale.  But if it was a malicious actor ... well, that's pretty significant.  I see only two possibilities:

1) This may have been a nation-state (like the US or Germany or Japan) flexing its muscles a bit.  If so, why now?  Why this target?  And what message were they trying to send?  It's a rather daunting prospect to imagine that, say, American national agents were doing a demonstration of concept attack on China as a way of attempting to deter Chinese cyber espionage.  That would be a =huge= policy shift for the US.  And whether it's a good one or a bad one would remain to be seen.  I would think it an unwise escalation, but I can see the other argument.  On the other hand....

2) Even more troubling is the possibility that it was NOT a nation-state -- in other words that some smaller ad-hoc group of individuals has access to a sufficiently large set of botnets and controllers that it is capable of disrupting one of the largest cyber infrastructures in the world.  At least we can assume that nation-state actors will be rational (or semi-rational) in their behavior.  But individual groups are only as rational as their membership -- and in some cases that can be pretty darn irrational.

Only time, and forensic analysis, will tell in the end what caused the .cn take down.  But for now, we can see it as yet another troubling sign of instability in the network.