from the take-your-pick dept
As you know, last week, large chunks of the internet spent hours writhing on the ground and totally inaccessible thanks to a giant DDoS attack that appears to have been launched via a botnet involving insecure DVR hardware (which can’t be patched — but that’s another post for later). Of course, whenever this kind of thing happens, you know that some people on the politics side of things are going to come up with dumb responses, but there were some real whoppers on Friday. I’m going to focus on just two, because I honestly can’t decide which one of these is dumber. I’ll discuss each of them, and then you guys can vote and let us know: which of these is dumber.
First up, we’ve got Marsha Blackburn, who is not just a member of Congress, but (incredibly) on the House Subcommittee on Communications and Technology, which is often considered to the subcommittee that handles internet related issues. We’ve written about her quite a few times before, highlighting her efforts to block broadband competition and gut net neutrality. She’s also argued that fair use is just a buzzword and we need stronger copyright laws. Not surprisingly, she was one of the most vocal supporters of SOPA who only finally agreed to dump the bill days after the giant online protest.
And apparently she’s still upset about all that.
On Friday she went on CNN to discuss a variety of things, and the first question from Wolf Blitzer was about the DDoS attacks, and her answer is the sort of nonsense word salad that is becoming all too common in politics these days, but where she appears to suggest that if we’d passed SOPA this kind of attack wouldn’t have happened. She’s not just wrong, she’s incredibly clueless.
Here’s what she said:
Wolf, you don’t know who is behind this, you do not know if it’s foreign or domestic. What I do know is over the years we have tried to pass a data security legislation. There’s been bipartisan agreement in the House. It has not moved forward in the Senate. We also know that a few years ago we tried to do a bill called SOPA in the House which would require the ISPs to do some governance on these networks and to block some of the bad actors.
And of course, there were all of the cyberbots that took out after us that were trying to say ‘no you can’t do that you’re going to impede our free speech.’ We said ‘no we’re trying to keep the roadway clear and to keep some of these bad actors out of the system.’
So, what you have now, whether it is foreign or domestic, no one knows. No one knows who has released some ransomware, spyware, malware into the system that is cau… and bear in mind also this malware can live on your system for a year or much longer before it is detected.
And that is how you’ve had some of these extensive data breaches because the malware gets into the system, it rests there, it is pulling information and at some point, it activates. And as I tell my constituents, be careful what websites you go to, be careful what emails you open because you may be unintendedly inviting that malware or spyware into your system.
Okay, so. Almost nothing that is said above has anything to do with the DDoS attack. Not at all. Not the “data protection” bill, which is basically about requiring companies to reveal breaches to those impacted. But most certainly not SOPA, which had nothing whatsoever to do with anything having to do with cybersecurity or online attacks or DDoS. And “cyberbots”? Is she implying that the millions of people who spoke out against SOPA were some sort of fake bots? SOPA wouldn’t have done anything to stop this kind of attack at all. It had nothing to do with this issue in any way shape or form. Not that Wolf Blitzer seems to know or care about any of that as he just accepts that answer and moves on.
So that’s the first dumb response. Now the second: the IANA transition. We’ve been discussing this for years, and as we’ve explained, the transition is a good thing in taking an argument away from countries like Russia and China who have been trying to get more control over internet governance, by dropping an almost entirely superficial connection between the fairly minor IANA function and the US Commerce Dept. The transition happened a few weeks ago and nothing on the internet has changed, nor will it, because of this transition. It’s a non-story. But, Ted Cruz tried to make it a story and now it’s become a partisan thing for no good reason at all. And thus, given an opportunity, partisan sites are blaming the IANA transition for the DDoS:
Today there was a major attack on a part of the Internet that few people pay any attention to. It?s critically important though, and any disruption threatens both our prosperity as Americans, but also our freedom to communicate with each other.
This is a great reminder of why President Obama?s Internet handover plans are so threatening to our way of life.
Probable foreign attackers effectively took thousands of companies off of the Internet today by attacking a major Domain Name Service (DNS) provider: Dyn. This two-hour outage surely cost many people, very much money.
What is DNS, and why is it so important? Put simply, DNS is the system that tells people how to find you online. It converts the names of servers and sites, into numbers that the Internet Protocol can find. It?s an essential service of the commercial Internet.
And yet Barack Obama is trying to hand control of DNS over to the Chinese and the Russians. Ted Cruz has been warning people about this, and so have I. People tend to tune it out, because it sounds like a very technical, obscure issue that isn?t very important.
Well, first of all, newsflash: the transition happened three weeks ago, and Neil Stevens at Red State is so concerned about this he didn’t even notice. Damn. Sneaky Obama. Second, the hand over of the IANA functions has absolutely nothing to do with a DDoS attack or what it would take to prevent it. Yes, there are some ridiculous aspects to the DNS system, some of which are managed by ICANN. But (1) the IANA transition has nothing to do with “handing control” over to the Chinese or Russians (in fact, it’s the opposite — it takes a big argument away from the Russians and Chinese that they had been using to try to seize more control, and actually makes it much more difficult for them to take control by making sure nationstates actually have very little say in internet governance). And (2) the IANA transition has fuck all to do with DDoS attacks.
Both of these examples seem to be completely clueless, technically illiterate people using real problems (the fragility of DNS systems, the massive unsecured bot-infested systems out there, the ease of taking down important systems, overly centralized critical systems), and using them to pitch some entirely separate personal pet complaint or project. But both are completely ignorant. The only question is which one is worse: