2B1 Children's Machine DoS Attacks?!


While I occasionally question the One Laptop Per Child project, and believe that constructive criticism is integral to any project, I would never think of physically attacking the 2B1 Children's Machines themselves.

Unfortunately, there are those not as respectful as I. There are people who would, and will, attempt to harm each laptop they can gain access to. One way would be through a massive Denial of Service (DoS) attack.

Carl-Daniel Hailfinger, an OLPC participant, recently spent a whole night writing up the technical ways a DoS attack could happen. He defined four broad methods - power management, network, hardware, and other - which I'll not bore you with here.

After discussing it with the OLPC Security listserv, he followed up with a very interesting profile of who might launch such attacks. Here are the three main threat groups according to Carl-Daniel Hailfinger:

  1. The "because we can" group: People who will attack our security model to prove the point that we forgot to consider something. Background of these people is probably academic and/or classic creative hacking.
    Impact scale: Low, single machines or just academic papers about the threat.
  2. The "bragging rights" group: People who want to get peer recognition (peers would be script kiddies or crackers or just classmates) and maybe even get mentioned in the news. They won't care about any (permanent) damage or other ill side effects of their attacks, the resources they spend to achieve their goal are disproportionately large.
    Impact scale: High, at least a few thousand affected machines per instance would be defined as success, but if larger target groups are possible, they won't stop at a few thousand machines.
  3. Politically motivated attackers: They disagree with the politics of the project (one laptop per child/being based on Linux/"imperialistic tool"/etc.) or the politics of the local distribution entity (no distribution to certain areas/ethnic groups/political opponents/etc.). Attacks are performed to either get media coverage or to "fix" perceived injustice.
    Impact scale: Medium to low. The group of attackers is probably very small (if any), their skills and target count are likely to match group 2.
While I'll not disagree with the three groups Carl-Daniel suggests, I do wonder if the third group might be a greater threat than he imagines.

Looking at the distribution patterns governments have with other resources, be it classrooms or corn, usually the wealthy/politically connected/logistically advantaged receive a disproportionably larger share. Don't expect children's computer allocations to be any different nor the disenfranchised to be any less militant than they are already.

In many nations, the unequal distribution of resources has sparked protests, riots, even rebellions. If the One Laptop Per Child 2B1 distribution is also unequal, the laptop itself may become a symbol of socio-economic disparity, and therefore a desirable target for politically motivated attackers.

Attackers that would outnumber, if not outsmart, the 2B1 recipients, and could create the ultimate denial of service attack - physically removing the laptop from the original recipient.

Related Entries