
Web’s Anonymity Makes Cyberattack Hard to Trace - peter123
http://www.nytimes.com/2009/07/17/technology/17cyber.html?_r=1
======
froo
I personally loved this part of the article

 _"the consensus of most computer security specialists is that the attackers
could be located anywhere in the world."_

Well... duh.

Although it raises an interesting question, if most of the computer security
specialists agree that the location of the attackers is somewhere on the
planet, where do the minority think the attacks are coming from?

Tinfoil hat time I think.

~~~
wmf
You're interpreting it wrong. The majority doesn't know where the attacks are
coming from, but the minority has a specific hypothesis about where they are
coming from (e.g. North Korea).

------
csbartus
Sounds like a political PR for internet cenzorship.

Remember in the last couple of months US, UK, France, UK, Netherlands and
Australia started legal procedures on internet cenzorship and against web
anonimity.

As politics started to loose influence on masses due to the mainstream media
crisis it would be very actual to start an internet war like this.

------
nwatson
Europe increasingly requires their ISPs to track "IP detail records" (IPDRs)
summarizing network activities into/out-of/within their networks using
products such as SenSage (<http://www.sensage.com/solutions/cdr.php>). A
number of telcos/ISPs acknowledge using the product (see
<http://www.sensage.com/customers/index.php>), and many more likely do.

No matter what you think of censorship, it will be interesting to see how law
enforcement starts using gathered data to track down origins of attacks. Given
a number of identified attacking zombie computers serviced by a several
(regulation-complying) ISPs, network forensic detectives will increasingly
manage to trace back activities through the event-funnel/layers to the
computer of origin. You need not have recorded all intervening links for all
zombies ... I'm sure heuristics will be developed to identify with high
confidence the computer(s) of origin.

A natural rebuttal: "no set of DBs can possibly have stored so much data that
they have the full network capture to trace back attacks." SenSage & competing
products don't store the full network capture, but just enough info to figure
out the temporal/topological aspects of an attack. That still requires many
terabytes per telco for several years of data, but the products can crunch
that data real fast.

Here comes the knock on the door ... you ready?

------
Tichy
Very misleading I think. The hackers were not anonymous because of Web's
anonymity, but because they went through a chain of hacked computers. Hardly a
method that is available to the average person.

