In light of the WikiLeaks brouhaha, I thought I'd ask a question to my fellow libertarians out there. How do you guys think DDOS (Distributed Denial of Service) attacks would/should be handled in a libertarian/free-market/stateless society? Would they constitute trespassing, vandalism, theft, or something else?
The keyboard is mightier than the gun.
Non parit potestas ipsius auctoritatem.
Voluntaryism Forum
Is it a proper analogy to say that a DDoS attack is like when a whole bunch of people try to enter through the door to your shop and clog up the entrance?
To paraphrase Marc Faber: We're all doomed, but that doesn't mean that we can't make money in the process. Rabbi Lapin: "Let's make bricks!" Stephan Kinsella: "Say you and I both want to make a German chocolate cake."
Doesn't a distributed attack require the use of a botnet, which is made up of co-opted computers used against their owners' wishes?
It would constitute doing something against the contract with your internet provider (because no internet provider would ever be allowed access to any other reputable provider).
So the legalities of it are really simple. It could still be difficult to catch the person because it involves hacked computers, but considering there would be way less reason to commit vandalism in a free society, better mechanisms to find irreputable people, and more dire/costly consequences, I don't think it will be that big of a problem (esp considering how small of a problem it already is).
In this instance, whether or not those computers were used against the wishes of their owners might be debatable. I get the impression that there has been a good deal of sympathy for WikiLeaks in the general public. That would make for an interesting poll.
But yes, in principle, you are correct. Those businesses have every right to drop WikiLeaks for any reason they choose. To intentionally sabotage their equipment (private property) is criminal unless it was done so purely in self defense, which clearly isn't the case here.
How would a stateless society handle DDOS attacks? Personally, I figure it would handle them about as well our current system does--poorly.
As someone mentioned earlier, DDOS attacks rely on botnets, which are essentially collections of personal computers that have been "co-opted" by a "botmaster". The botmaster can tell these bots to acces a single Internet system or service causing the system to become busy and deny service (like too many people trying to fit through the door of a store as someone else said).
So if you think about it, DDOS attacks are a lot like pollution. If every internet user every where kept their computer properly secured then we would likely have no DDOS attacks because no one's computer would be coopted into becomming a bot. Of course, not every internet user is secure in this way because they incur very little costs with being part of a botnet.
Now, the question of how to internalize the costs of being part of a botnet will depend on the institutional framework you happen to be imagining. Say that in your hypothetical utopia the internet will exist very much like it does today (where ISPs can't block content from people on other ISPs) and that there is some sytem of common law for settling disputes. Then you might think you could take advantage of some policy perscriptions being floated around right now. For example, some people (like Eric Posner at Univ Chicago) have suggested making the members of a botnet or their ISP liable for the damages they cause. But this isn't really much of a solution if such measures are only adopted in a single political region like the United States. That's the bitch of living in a connected world. A collection of bots in Romania could just as easily shutdown Wikileaks as a botnet in Assange's own neighborhood.
You could potentially address this by abandoning any alligance you have to net neutrality and pray that reputational feedbacks work things out. For example, if a ISP is known to be populated by lots of compromised computers, then other ISPs could block content from users on that "bad" ISP to protect their customers. But I don't know how many libertarians would be comfortable with the idea of allowing a third party decide who they can and cannot talk to.
Really, there isn't a very good solution to DDOS attacks specifically or botnets in general. I figure they are basically just a fact of life we will have to live with for a while.
Ambition is a dream with a V8 engine - Elvis Presley
I think I am the only person here who has been personally DDOS'd, so I have some experience with the matter.
Someone owns the network routers and switches that direct traffic efficiently. Someone owns the cabling and pathways which data travels. If someone DDOSes over such a network, it is no different than if someone played real life bumper cars on a private freeway.
Speaking as someone who owned an Internet service fifteen years ago, and experienced DDOSs, I somewhat concur.
If the intent is to "damage" your property, then it's wrong...this includes the people on net-abuse rallying to flood some ISP with complaints specifically to slam their server, in order to force them to comply with what those idiots thought was right...cutting off a customer or whatever.
The obvious difference, though, is that the moment it stops, it's usually gone. You don't have to live with a damaged bumper, but you would in the real world version. So it's not 100% the same.
The question of the OP presupposes a couple of things:
1) that the internet would even exist in a free-market society
2) even if a free-market society did exhibit an internet, such internet would be technologically the same or very similar to the current internet which is vulnerable to DDOS attacks.
Keep in mind, in our current state of affairs, the internet infrastructue we are all currently using to communicate depends upon the current state monopoly on the legal system -- the enforcement of contracts which may not exist in a free-market.
To be blunt: we can not assume that our level of technological dependence is sustainable without the state. Our internet infrastructure depends highling on the state. Thus, we may actually regress without government thus as public service employee pension plans would regress without government.
Just like printing money makes our current state-dependent money markets unstable, it could be DDOS attacks which cause our state-dependent internet to be too unstable.
How SHOULD DDOS attacks be handled?
How cares? Leave them alone. Anybody who cares to resolve a perceived dispute will figure it out.
LS:I think I am the only person here who has been personally DDOS'd, so I have some experience with the matter.
I build and maintain routed and routing infrastructures for a living. More recently cloud development.
THe best description here is
Daniel Muffinburg:Is it a proper analogy to say that a DDoS attack is like when a whole bunch of people try to enter through the door to your shop and clog up the entrance?
On a side note it's really a mute point as technology is already starting to handle these problems(No intervention needed). Does anyone know what happened to amazon when the Hactivists placed their attention to them?
filc,
the reason amazon was able to repel the ddos attack last year was because they had access to the bandwith to handle it. and they had the bandwidth to handle it because they have to be prepared for huge surges in visitation. if they didn't, then their website would have crashed 2 weeks ago when millions of people probably flooded the site for last minute gifts.
so it wasn't an advancement in technology that saved amazon, it was just the over-provision of resources. if the attack was bigger, it would have succeded.
that shouldn't be surprising since these attacks were probably not very large if they were anything like the attacks on wikileaks.
But Arbor Networks, which analyzes malicious network traffic crossing the internet’s backbones, reports that the DDoS generated between 2 and 4 Gbps of disruptive traffic, slightly above the average for all DDoS attacks, but well below the peak 60 to 100 Gbps consumed by truly massive attacks against other websites over the last year http://www.wired.com/threatlevel/2010/11/wikileaks-attack/
But Arbor Networks, which analyzes malicious network traffic crossing the internet’s backbones, reports that the DDoS generated between 2 and 4 Gbps of disruptive traffic, slightly above the average for all DDoS attacks, but well below the peak 60 to 100 Gbps consumed by truly massive attacks against other websites over the last year
http://www.wired.com/threatlevel/2010/11/wikileaks-attack/
Of course, none of this should be of *any* comfort to probably 90% of all other internet businesses, who don't have and don't need the resources to handle the traffic that amazon does.
Student:so it wasn't an advancement in technology that saved amazon, it was just the over-provision of resources. if the attack was bigger, it would have succeded.
Thats like saying HPC is just an over-provision of resources. Or an Intel I-7 is an over-abundance of transistors. New technology is nothing more then an outgrowth of previous. Technology simply increases in abundance and performance and in the process becoming cheaper. Besides, anyone who hosts web applications knows that bandwidth is only half the problem, and technically should not be a problem. Reports that show that are misleading. A good ISP can throttle such traffic fairly easily.(My own routers are configured in such a way). If we were DDOS'd which we have been in the past, it's because our cloud nodes may not be able to handle it (yet), not because our routers couldn't punch the data through.
The passing of IP datagram's is a trivial exercise when in comparison to actual servers. Thats why historically routing processors have never needed to be that beefy. However recently that is changing.
Amazon:Of course, none of this should be of *any* comfort to probably 90% of all other internet businesses, who don't have and don't need the resources to handle the traffic that amazon does.
And why should they? Why don't they host with Amazon? ANd/Or why don't service providers begin to offer similar services?
Answer: THey do, and we are. Amazon was just one of the first ones around to have the horsepower, and via cloud computing found a constructive way to use it.
filc, my man love for you increases now that I know you're a cloud master.
flic,
I only meant that there wasn't some new tool or technology that saved amazon. 5 years ago excess bandwidth would have deflected the ddos attack just as easily as it did last month.
and you are making it sound like the problem is essentially already solved. i think paypal would tell you otherwise, since their website was flooded once the hactivists decided amazon was too big and decided to go after them (ditto for visa and mastercard).
now, i'm not saying that this probltem could never be solved by better technology. i'm just saying i have my doubts.
personally i think this report from idefense sums up my feelings best:
Ultimately, many defenses, once employed, can later be circumvented by an attaker. It has always been and remains easier for an attacker to adapt their attack vectors or simply increase the number attacking bots than it is for the defenders to mitigate the attack, to increase resources, or to recover. http://complianceandprivacy.com/WhitePapers/iDefense_DDoS_20060428.pdf
as a side note, this is why i think cyber security economics is probably going to be a field on the rise in comming years. taking my que from ross anderson (the leading scholar in the field), i figure most cyber security problems are not inherently technological problems. instead they are behaviorlal/economic problems that require behavioral/economic solutions. http://www.cl.cam.ac.uk/~rja14/Papers/econ_czech.pdf
Student:as a side note, this is why i think cyber security economics is probably going to be a field on the rise in comming years. taking my que from ross anderson (the leading scholar in the field), i figure most cyber security problems are not inherently technological problems. instead they are behaviorlal/economic problems that require behavioral/economic solutions. http://www.cl.cam.ac.uk/~rja14/Papers/econ_czech.pdf
Lots of rent seeking to be found there which would validate your notion that it is a behavioral problem. All rent seeking is.
Problems are solved in the market, not in economic papers.
DoS attacks work so well because ISPs use a stupid charge system. Instead of charging senders per MB they charge flat rates for fixed bandwidth. Fix that and you fix several problems with the internet.
There is nothing "stupid" about the way ISPs charge their customers at present. Most people prefer a predictable Internet bill, so charging people a flat rate for unlimited service makes sense to customers. Maybe there are some people who would prefer to be billed based on how much they use, but that is a very small market, as even people who would save money from that model would probably prefer the current model. You can't manage a budget if you aren't able to predict your costs. I'm sure the RIAA would love to see flat rate unlimited Internet service outlawed, as that would probably stop 99% of the online violations of imaginary "property" legislation, but very few people would voluntarily choose an unpredictable Internet bill.
Web hosts exist that sell hosting where you only pay for what you use. Most people do not use those web hosts and prefer to pay more money to a host for unlimited (or some ridiculous amount of) resources. Such a web hosting service is a great deal if nobody visits your web site, but it is a ripoff if your site becomes popular or has alot of content.
Even cell phone companies sell data plans that sell a certain amount of Internet service for a fixed rate. They do the same thing with cell phone minutes and with text messaging. You can buy a cell phone where you only pay for what you use in any store, but very few people buy them. Mostly, they are for "pre-teens" whose parents don't trust them with a real cell phone.
A DDOS attack is an obvious violation of rights. The difficulty is with identifying those responsible for the attack (specifically the ringleaders). The criminal who attacked Wikileaks would probably be much easier to catch than that Anonymous organization. I think a statist society could probably handle Anonymous better, as a statist society could more easily shut down that 4chan web site. If you indiscriminately target "participants" in the attack, you run the risk of targeting legitimate users who happened to be trying to visit that site at the time of the attack.
Charles Anthony:The question of the OP presupposes a couple of things: 1) that the internet would even exist in a free-market society 2) even if a free-market society did exhibit an internet, such internet would be technologically the same or very similar to the current internet which is vulnerable to DDOS attacks.
Quite right. I see no reason to believe that one or more internets couldn't exist in a free-market society with a comparable level of technological development. The core idea behind the/an internet is multiple computers that are able to communicate with one another in some fashion. One very common type of communication is request-response. When one computer sends a request to another computer, which subsequently sends back a response, we can say that the first computer is the client and the second computer is the server. Hopefully this illustrates how client-server relationships (if not also client-server architectures) readily arise from the idea of computer communication and networking.
My intent with the OP was to try to find out which "real-world" situation corresponds most accurately to (D)DoS attacks on the internet. It wasn't about speculating whether the internet as we know it would even exist in any free-market society. The fault is mine for not being clearer about this in the OP. Suffice it to say, I'm not content to simply wave my hands and say that the market will find a way. I'm curious about which ways it seems likely to find.
Well, I am quite content waving my hands and saying The Market will display a way. I guess I do not understand your curiosity. I do not understand a lot of the pop music that youngsters enjoy these days either.
When I was avidly listening to pop music, the internet did not even exist. If you asked about what the market will find twenty years ago, your search would be endless.
Charles Anthony:Well, I am quite content waving my hands and saying The Market will display a way. I guess I do not understand your curiosity. I do not understand a lot of the pop music that youngsters enjoy these days either.
You can call it "intellectual speculation" if you want. I like to imagine the possibilities. :P
Caley McKibbin:DoS attacks work so well because ISPs use a stupid charge system. Instead of charging senders per MB they charge flat rates for fixed bandwidth. Fix that and you fix several problems with the internet.
Heh isn't this exactly what they're trying to do? But the nay-sayers are crying wolf?
liberty student:filc, my man love for you increases now that I know you're a cloud master.
It's both an exciting, and furiously frustrating thing to be into. A year ago I had some theory's as to how this whole cloud thing, coupled with virtualization, was going to pan out. Now I question my own speculation. Thats what makes it fun though I guess. :)
Over a year ago we were a primarily eucalyptus joint, now we have migrated most our stuff to vmware. Though we still have resources in both. The market moves fast, and so will we!
Student:I only meant that there wasn't some new tool or technology that saved amazon. 5 years ago excess bandwidth would have deflected the ddos attack just as easily as it did last month.
But as stated before, especially in the case of amazon, it was not likely a bandwidth intense DDOS attack. Those are far more difficult to concert, and less efficient, though more damaging as they bring down networks laterally.
The most efficient way to DDOS is just to send a specific web app various requests. Seeing if the node has the computational ability to keep up with the requests. In the case with amazon, their novelty was being the first to scale server performance on-demand.
Any report that comes out pretending to know exactly what kind of DDOS attack was performed on Amazon is sheer speculation. Unless it was published by a hactivist itself, Amazon is not going to release such a report, regarding the vulnerabilities of their internal network, and it's not likely to be the hactivists either. I've read those reports before and I usually just gloss over them. Most of those guys writing that stuff have on idea.
On a side note, this is why companies like Mojang for example, the creators of minecraft, move their hosting to Amazon. Specifically because their existing provider could not handle DDOS attacks. Amazon just gobbles it up.
LS:Problems are solved in the market, not in economic papers.
This
Mostly, they are for "pre-teens" whose parents don't trust them with a real cell phone.
Pay by minute/megabtyte is for people who use 1000th the service of The ISP Employee uploading terabytes of warez from the secret server at the office and don't want to pay a socialized rate set according to the cost of running that. The people that should be paying are the idiots that downloaded freeporn.exe, whose computers are sending attack packets, and uploading with Limewire 24/7. The present internet works about the same as the health care system. It is indeed a rip-off paying for what you get.
The main reason that few people buy pay per use telecom services, aside from general stupidity... well, you find me such a service and I'll buy it. Excellence brought to you by the telecom monopoly.
I don't know the exact technical details of how they propose to operate. The main point for me is that charges must be for upstream, not downstream, according to the load placed on the routers.