Finding The Hidden InfoSec Story

Piracy and Letters of Marque


Photo Credit: jm209 via Compfight cc

[Edited 25.5.2015: This analogy is based on the keynote by Thomas Dullien here and an original piece by Florian Egloff here]

 

In centuries past, nation states warred on the high seas. For one reason or another, nation states would decide to allow (using letters of marque) non-government officials, ie, private warships/pirate ships, to legally attack and damage/sink/capture ships bearing the flag of a country that they had a beef with. Motivations for doing so could, theoretically speaking, be patriotic or financial.

Since the risks involved were substantial, it’s hard to imagine many doing it for patriotic reasons unless directly asked to supply a number of ships by say the king for this purpose. The financial motivation is realistic, which is nicely illustrated in the children’s books about Horatio Hornblower that I read as a kid. This dastardly curmudgeon captain earns quite a lot of money on top of his salary from prizes that he captures and sends off to or escorts to his home harbours.

In our day, the battlefield has changed from the seven seas to a sea of bits and bytes. In this modern battlefield, letters of marque are seeing use once again, formally as exemplified in US Defense contractors with offensive mission contracts, or informally as when the US blamed North Korea for the Sony hack (the jury is still out on what really happened) and someone, presumably US citizen(s) acting in retribution, proceeded to take the country off the Internet for a period of time with no repercussions for these actions, which in this case has to be taken as implicit approval.

However, while it can be simple to spot which flag a ship is flying and then proceed to attack and capture it, attribution on the high seas was not always straightforward. Ships could fly false flags and even pirate flags. If you wanted to be certain that you weren’t letting a potential enemy go, you’d need to shoot a shot across their bow, and once stopped, board and search it to be able to attribute it to a specific country.

When you transpose this aspect of attribution onto our modern battlefield of bits and bytes, the waters become much muddier. Ships are software constructs (attack delivery vehicles) and cannonballs (exploits) are attackers, but you cannot efficiently stop the ship (the malware) and search it to attribute it to a specific country (coder/group who created it), because planting false flags is so easy.. Software constructs can literally fly flags of every nation and group simultaneously. You can also look at the cannonballs, but they’re also made of code and cannot reliably be attributed. You can try to trace back the trajectory of the cannon ball to the point of origin – the cannon (which for this analogy is the IP address), but even knowing where the cannon was at the time of firing doesn’t give you attribution, because the cannon could have been remote controlled from the other side of the world (remote controlling a server via VPN or similar).

Thus the modern day high seas battle becomes the equivalent of an aerial battle between fleets of semi-transparent Flying Dutchmen that somehow fire real physical cannonballs against each other despite the ephemeral form of the ships. The only easily identifiable actors on modern high seas are the cities, harbours and forts on land, which often take a real beating from the Flying Dutchmen but just as often from remote controlled cannons located within the cities, harbours or forts themselves.

This begs the question: what will you do with your letter of marque then, when you cannot easily prey on the ships of your enemies? How do you reliably claim your prize money when you return your captured vessels to port? How will the port authority be able to verify that the vessel indeed came from the country/point of origin that you claim? How will the media know when to trust you, if you repeatedly cry wolf but don’t supply proof because the proof doesn’t exist?

 

 

I think you should read this article on hype: (http://www.tandfonline.com/doi/pdf/10.1080/03071847.2014.969932 by Robert M. Lee and Thomas Rid)

and this article on attribution: (http://www.tandfonline.com/doi/abs/10.1080/01402390.2014.977382# by Ben Buchanan and Thomas Rid)

Author: Claus Houmann

Share This Post On