As many regular readers know, I’m in Dublin. My Internet access is still completely reliant on the libraries and their wonderful WiFi. Unfortunately it’s 11:00 on a Saturday and while my 3 year old is up – the libraries aren’t.
Why am I giving you my sob story? Well, I wanted to share this super fun story I read in Wired – but I can’t balance it with any online research. So read it with a grain of salt.
Web War One tells the story of how Estonia (Europe’s best wired city) was apparently taken offline by hackers at request of Russia (maybe a few Russians, maybe the Russian government). The story reads like an adventure novel – if you have the time it’s fun to read. What I thought would be interesting here is to talk about how they were taken down.
How it happened – DDoS
DDoS stands for distributed denial of service. DoS I knew – the disturbed version, or at least that name, was new to me. Essentially, to take down a server you get a lot of computers to send a lot of traffic (packet of info) to it at once. The sheer volume can bring down the server.
The distribution channel usually comes from a “Bot Herder”, who has control of a botnet, a worldwide network that can include 100,000 computers. The network is often comprised of “Zombies”, computers that have been infected unknowingly by the bot.
So when the bot herder wants to attack, he simply sends the word to the zombies to send out tremendous amounts of information to given target. (Often these botnets are used by spammers, phishers, and for denial of service attacks.)
The result is that the targeted server gets overworked and effectively shuts down – or as in the case of Estonia, the server is shut off from International traffic to at least allow local traffic in. (That’s not to say that traffic couldn’t be coming from inside – often some is, but often the attack is from the outside and/or most of the botnet zombie computers are outside.)
So that’s how easy it is. It’s kind of scary. To overcome disaster Estonia called in CERT members and “Vetters”, people who are known in the security industry to be good guys – who then call on their social networks to thwart the attack by shutting down various individual computers. (Again a fun read – and I’m not usually an espionage fan.)
So now what?
The lack of attention paid to the Estonia incident is disheartening. It seems as if policy should be put into place – or at least funding made available – to research protection and prevention of such attacks.
A couple of years ago my dad worked for a company that had a data intrusion detection product for carriers and providers. I know it protected from DoS, or at least some types. That company is no longer around. And here is where being offline kind of hurts – but I’ll at least throw out the need and question for folks to ponder.
This type of an attack is very common ann as well as sql injections and a few other .These can be protected from by some simple security tricks but it has to be done before the attack because its hard after the attack has started to keep them from taking it down.
Now lets talk about how bots are distributed,lots come in emails where u have an attachment or other sources where these small scripts hide.The bot then takes control of your computer and it works like a trojan giving the the person at the other end control over what he wants to use your pc or server for.Many are used as spammers .I could talk on this all day and into tomorrow but the first line of defence is you and you are the one who allows your system to be controlled which then allows larger systems to be controlled and so on.
By: jamie on September 2, 2007
at 8:26 pm
ann something else for u to research ,this spring the internets main servers which are based in california where hit with a ddos attack also which took out a numver of the servers in which if they had been successful they could have taken out the whole internet.That fits well into this.
By: jamie on September 2, 2007
at 11:30 pm
http://news.softpedia.com/news/Estonians-Bash-Hackers-63403.shtml
By: jamie on September 2, 2007
at 11:33 pm
http://news.bbc.co.uk/2/hi/europe/6665195.stm
By: jamie on September 2, 2007
at 11:36 pm
http://www.manilatimes.net/national/2007/feb/09/yehey/techtimes/20070209tech1.html
By: jamie on September 2, 2007
at 11:37 pm
http://www.tlanews.com/TLA/NEWS/2006sec/2007-02-08-dns-attack.htm
ok thats enough reading for u
By: jamie on September 2, 2007
at 11:38 pm
Check out the Storm Worm, Ann.
http://www.techmeme.com/070901/p7#a070901p7
By: P Fleck on September 3, 2007
at 1:14 am
the storm worm is a good one ,very good example of a self propogating virus which is a slow developer
By: jamie on September 3, 2007
at 1:30 am
i posted 2 sites to your email that will help u understand more
By: jamie on September 3, 2007
at 2:00 am
Thanks guys! You have given me plenty of reading here. I have downloaded everything to read later. (My Internet connection is still reliant on the library here, which closes for lunch soon.)
I ma hoping that the info you’ve sent will include a little info on anti-bot filters for individual computers. I figure it’s different but similar to virus check.
Thanks! Ann
By: Ann Treacy on September 3, 2007
at 10:04 am
spybot search and destroy is a good one and its free.There is another product called hijackthis which is free also but be careful using it .Bots are malware and are made specifically for intrusion purposes
By: jamie on September 3, 2007
at 1:12 pm
http://www.theregister.co.uk/2007/05/02/dos_trends_symantec/
this site will keep u up to date on lots that happens in the computer world
By: jamie on September 3, 2007
at 1:17 pm
I know it’s kind of tangential and maybe it’s because I’m bored out of my mind in Dublin – but I find all of this so intriguing. And while I say it’s tangential – it is related. I think if we’re touting broadband as a economic develop tool and general tool to make life better (which after a week without it I can attest to!) then it’s important to look at the what ifs too.
Do you think there is anything that can be done from a policy perspective to minimize the risk? Do you think it’s possible to track the culprits of these DDoS and Storm Worm attacks? I’m assuming that technically we can create patches but that the answer at this point is trying to keep ahead of the bad guys.
By: Ann Treacy on September 3, 2007
at 1:50 pm
The tracking has been done for years and as you will see in the media about spammers as well as bot herders being charged with crimes .Also most virus writers get caught also .This isnt as hard as it may sound as with everything on the net there is always a trail and you just have to be able to pick the right fork in it.
As far as a policy goes they have been implemented for years and work good at time of implementation but like everything else most times the upkeep is lax and then comes the exploits.I used to teach a course in ethical hacking to people working for businesses so they can use the ethical side to keep people at bay using the same tools to repell attacks the by users same tools or more advanced tools .Its all a big video game and there is no end to it.When we start providing services one thing we will make sure is in place is encrytion services which does help
Now to answer on staying ahead of these people ,i wish i could say yes but that will never happen.These people creating these toys are being paid to generate them and as long as there is money for criminal activity then these people will continue to develop.They are always working to develop exploits and when u have companies that dont finish there programs before they provide it to there customers then they promote this .
By: jamie on September 3, 2007
at 2:20 pm
On a dangerously random note – how do you feel about hiring hackers with a past as for security? I’m not actually partial to it. They may know the ins and outs but I think there are enough people who also know the ins and outs who have skated on the wrong side of the law who are capable too.
That’s a purely curious question there.
By: Ann Treacy on September 3, 2007
at 2:54 pm
There was a conference for black hat hackers at the end of july first of august iin las vegas,2/3rds of the attendees where govt law enforcement staff .The others who where there are some of the top security people in the country.The people not employed by the govt where approached for a job with the govt.I also see that people have a bad approach towards what they think hackers are and what they do,most hackers work for the good of the internet and would never do harm.To them the internet is like that toy u have to take apart to see how it works and to see if you can teak it to make it better.Then you have script kiddies and crackers and those are the ones who do the harm ,mind you there are some i would consider hackers that do harm also.2 of the worlds best known hackers are the ones who developed what we are on right now,Mr Jobs and Mr Gates.Also Kevin Mitnick works in the security field.For me to answer that in a single way would mean im closed minded and you cant be in the computer field .So to answer your question yes i would hire some because they have a special knowledge which if they are being paid for it then they are less likely to use it for negative work.Most negative based so called hackers are in eastern block and asia.
By: jamie on September 3, 2007
at 3:07 pm
Interesting – thanks. As far as I know most of the hackers I’ve known have worked for good – but I’ve met a few that I didn’t know well who seemed to like to give the impression that they could be menacing, which made me think a) probably they weren’t really that good and b) I would never want to hire them. But personality may have been the final decider.
By: Ann Treacy on September 3, 2007
at 3:14 pm
people who brag on the side of hacking are just that,a true hacker will not talk about what they can achieve because of the potential of legal implementations.The hacking community works under a paranoia and they dont show themselves or talk about them selves unless they are wanting to have things noticed.Those 2 sites i pasted to your email will explain many things.
By: jamie on September 3, 2007
at 3:32 pm
ann after working in the security side of the internet its nice to still get the updates from the business.here is something of interest to u.
http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html
By: jamie on September 4, 2007
at 5:09 pm
http://www.informationweek.com/news/showArticle.jhtml?articleID=201804528
this will show u the affects of a botnet and the power it gathers
By: jamie on September 7, 2007
at 5:14 pm
http://www.wired.com/politics/security/news/2007/09/pfizerspam
By: jamie on September 7, 2007
at 5:20 pm
http://it.slashdot.org/it/07/09/07/1314258.shtml
its funny how countries we outsourced to now outsources to us
By: jamie on September 7, 2007
at 5:41 pm
http://www.informationweek.com/news/showArticle.jhtml?articleID=201804771
u may enjoy
By: jamie on September 8, 2007
at 4:34 pm
http://www.informationweek.com/news/showArticle.jhtml;jsessionid=F2N3UOSTJFY0YQSNDLRSKHSCJUNN2JVN?articleID=192501817
now if the big city is going wireless hmmmmm why shouldnt others.
By: jamie on September 8, 2007
at 4:38 pm
more info
http://whitepaper.informationweek.com/cmpinformationweek/search/index/sol_summary/90326?pos=1&trkpg=PARTNER_SEARCH_RESULTS_CMPINFORMATIONWEEK&stype=Minneapolis%20Goes%20Wi-Fi%20With%20WiMax%20To%20Follow&n=90326&c=CMPINFORMATIONWEEK
By: jamie on September 8, 2007
at 4:43 pm