La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL
1 recommendation |
La Luna
Premium Member
2012-Oct-6 10:20 pm
In Cyberattacks on Banks, Evidence of a New WeaponOctober 5, 2012, 8:30 pm
In Cyberattacks on Banks, Evidence of a New Weapon
By NICOLE PERLROTH
How were amateur hackers able to take down some of Americas largest banks? And who were they?
Those were some of the bigger mysteries of last weeks cyberattacks on Wells Fargo, U.S. Bank, PNC, the New York Stock Exchange and others, that caused intermittent Internet outages and delays in online banking.
A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.
Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such denial of service, or DDoS attacks in which hackers bombard a site with traffic until it falls offline; in this case, the volume of traffic was simply unprecedented.
They must have had help from other sources, said Jaime Blasco, a security researcher at AlienVault, who investigated the attacks.
Those sources, it turns out, were data centers around the world that had been infected with a sophisticated form of malware that can evade detection by antivirus solutions. The attackers used those infected servers to simultaneously fire at American financial services companies until they fell offline.
That method has never been used to this degree before, said Carl Herberger, a vice president at Radware, who has been investigating the attacks on behalf of many of the victims......» bits.blogs.nytimes.com/2 ··· -weapon/ |
|
1 recommendation |
Other experts close to the situation disagree that it was state-sponsored or even sophisticated at all. quote: "I don't think there's anything about these attacks that's so large or so sophisticated that it would have to be state sponsored," said Prince, the CloudFlare CEO. "This very well could be a kid sitting in his mom's basement in Ohio launching these attacks. I think it's dangerous to start speculating that this is actually state sponsored."
quote: "Those are big attacks," he said, "but they're not so unprecedented that it's worth a press release."
Quoted from an ars technica article. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
La Luna
Premium Member
2012-Oct-6 11:55 pm
I thought it an interesting read nonetheless. |
|
|
said by La Luna:I thought it an interesting read nonetheless yes, la luna.. it explained, in part, how the ddos attacks were so powerful.. servers were hacked and then used for the ddos attacks.. i saw another article about hacked servers: http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/ "This attack injects invisible malicious iframes into some server responses of all web sites on compromised servers." |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
1 recommendation |
to KodiacZiller
said by KodiacZiller:Other experts close to the situation disagree that it was state-sponsored or even sophisticated at all. quote: "I don't think there's anything about these attacks that's so large or so sophisticated that it would have to be state sponsored," said Prince, the CloudFlare CEO. "This very well could be a kid sitting in his mom's basement in Ohio launching these attacks. I think it's dangerous to start speculating that this is actually state sponsored."
That's as self serving a statement as possible & should be viewed in that context. Of course CloudFlare wants the world to believe that a kid sitting in his mom's basement in Ohio could take down a hardened target, as if it's an easy, common task. Why would CloudFlare engage in FUD such as that? Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS."» www.cloudflare.com/overviewWeb site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare. |
|
|
|
If this article (» www.computerworld.com/s/ ··· 12-10-05 ) is true, more serious problems are on the way. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Oct-7 2:12 am
"In an advisory Thursday, RSA said it has information suggesting the gang plans to unleash a little-known Trojan program to infiltrate computers belonging to U.S. banking customers and to use the hijacked machines to initiate fraudulent wire transfers from their accounts."
Now that's a credible threat. Trojanized home computers are a dime a dozen & it's only a matter of time before a large organized attack monetize the inventory. |
|
|
to Snowy
said by Snowy:That's as self serving a statement as possible & should be viewed in that context. Of course CloudFlare wants the world to believe that a kid sitting in his mom's basement in Ohio could take down a hardened target, as if it's an easy, common task.
Why would CloudFlare engage in FUD such as that? Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS." »www.cloudflare.com/overview I don't have much respect for proprietary security vendors, but that still doesn't negate this guy's point. We have no idea who did this. Joe Lieberman is the one who floated the "Iran" angle out there, but he has ulterior motives for doing so (i.e. he wants to drum up support for a military attack on Iran). There are numerous examples of people in the industry crediting Iran or China with cyber-attacks which turned out to be a kid or a group of kids in their basements. The hacks on GoDaddy a few years ago (where certificates were stolen) being one of the most noteworthy. The GoDaddy CEO said it was a highly advanced attack from Iran. Moxie Marlinspike, an independent researcher, proved that it was a single script kiddie who pulled it off using tools downloaded freely from the web (Moxie knows this because the IP address used in the attack downloaded tools he wrote from his website). There is nothing hard about pulling off DDOS. Script kiddies can do it. There are all sorts of hacker tools written in shiny packages ready to point and click. You don't have to be sophisticated in 2012 to pull off most of these attacks. Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare. Website owners are much more likely to face a threat from a script kiddie than from China or Iran. |
|
|
to KodiacZiller
Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.
Blake |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI
1 recommendation |
Snowy
Premium Member
2012-Oct-7 3:21 pm
said by Link Logger:Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.
Claiming the attack was state sponsored is about as grounded as claiming that floods exceeding 60 gigabits per second is a run of the mill DDOS. State sponsored - no way Kid working alone in parents basement - no way Run of the mill - no way What does that leave? An organized group with a focused mission & the wherewithal to pull it off, the major point being it wasn't an Ohio kid working alone in his parents garage, which is laughable if you stop & think about it for a second or two. |
|
Snowy |
to KodiacZiller
said by KodiacZiller:said by Snowy:Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare. Website owners are much more likely to face a threat from a script kiddie than from China or Iran. Yes, I struggled with clarity on that. The point I tried to make is that CloudFlare tried to make it appear as if a script kiddy working alone in their parents garage 'could' have pulled off the attack when that simply isn't true in Sep-Oct 2012 |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL 1 edit
1 recommendation |
La Luna
Premium Member
2012-Oct-7 3:32 pm
....Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such denial of service, or DDoS attacks in which hackers bombard a site with traffic until it falls offline; in this case, the volume of traffic was simply unprecedented.
They must have had help from other sources, said Jaime Blasco, a security researcher at AlienVault, who investigated the attacks.
Those sources, it turns out, were data centers around the world that had been infected with a sophisticated form of malware that can evade detection by antivirus solutions. The attackers used those infected servers to simultaneously fire at American financial services companies until they fell offline.....
It doesn't appear to be your run of the mill DDoS attack. When was the last time servers "around the world" were infected AND involved in an attack like this, with so much traffic generated?
Edit: clarity |
|
La Luna
1 recommendation |
to Link Logger
said by Link Logger:Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.
Blake A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.
Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such denial of service, or DDoS attacks in which hackers bombard a site with traffic until it falls offline;....Apparently, the banks say they could defend against simple DDoS attack, but this was something more. That's what I get out of it anyway. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
1 recommendation |
to La Luna
So... a kid in Ohio links up with a handful of kids in other basements in other states or countries via IRC and they agree it'd be cool to take down some bank sites. That becomes an "organized group". If some of the "kids" are adults who never quite grew up beyond their teen predilection to vandalize and their naive idealism about how the world is organized, that provides a focused mission. Wherewithal to pull it off simply comes from number of players and experience. Given enough of the latter, they might even become sponsored (or employed) by a state whose interests in causing havoc coincide with the little group's.
My point is that in the real world, it can be a continuum... there aren't necessarily causes A, B, or C to choose from. Nor does it necessarily matter. A technique exploited by a kid is a technique exploitable by a nation state... that is, it is a weakness or vulnerability. The only relevant question in my mind is whether there's anything new (either qualitative or quantitative) in what is being done. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
La Luna
Premium Member
2012-Oct-7 3:44 pm
True. If you look at all scenarios, anything is possible.
Could kids, maybe with help pull this off and would they? Possible, but in my mind not likely. To me, there is something more nefarious going on here. But that's JMHO. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
to Blackbird
said by Blackbird:My point is that in the real world, it can be a continuum... Absolutely. For all the possibilities that presents... What it isn't though is " said Prince, the CloudFlare CEO. "This very well could be a kid sitting in his mom's basement in Ohio launching these attacks."An anti-DDOS vendor publicly making that claim need to be publicly called on it. |
|
|
to La Luna
The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.
Years ago you would dream of owning a University because they had nice fat juicy pipes, but now just about every Tom, Dick and Jane has a ample pipe connecting them from home such that even if nothing else changed (ie number of systems involved etc), DDOS attacks will only ever get bigger.
I would be very entertaining to track back the systems involved in the attack and see how many are in China for example (only implying that systems are easier to own in China then elsewhere and not that that this is a Chinese state sponsored attacks).
Blake |
|
4 edits |
to La Luna
i saw where someone speculated that the ddos attacks may have been used to cover up other nefarious activity..
if someone had all of these servers hacked, with malware that was undetectable, as the article says, it doesn't really make sense that they would expose their malware, and that the servers had been hacked, just for a ddos attack, which wouldn't do much, the way that i see it..
i have wondered if it might have been an extortion scheme, where people wanted money from the banks in exchange for freeing up their networks..
i suspect that there is more to this story and i want to know what the rest of the story is.. i also would like to hear more about the supposedly "undetectable" malware on the servers..
on the other hand, the person, or persons, responsible for the ddos attacks could have been trying to do something good by exposing the vulnerability of the cyberworld, today, so that something would be done to improve things.. that is a possibility..
there is one good thing, hearing all these stories about problems relating to malware, and that is that we can hope that there are people who are taking countermeasures to combat the problem..
also, hopefully politicians will become aware of the problem and, so, governments will use their resources to try to combat the problem.. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
said by redwolfe_98:... also, hopefully politicians will become aware of the problem and, so, governments will use their resources to try to combat the problem. Please excuse my cynicism, but if "politicians will become aware of the problem", their "solutions" (without exception) will involve massive pork-barrel expenditures funded by new taxes and licensing fees, coupled with all manner of costly and restrictive registration, record-keeping and regulation. None of it will work as expected, though the distortions it introduces will remain forever, and the end result will be worse than the current situation. All politicians can do, by nature, is attempt to use policy and legislation to restrict and control - they cannot truly create anything. What is needed are creative, sound, scientific, technically-consistent solutions to the problem, incorporated by those in the field because they know it will work. And such solutions will never emanate from either politicians or governments. |
|
|
to Link Logger
said by Link Logger:The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks. Yeah, since many of these higher end servers are running Linux or another Unix variant, sometimes the admins get complacent with security. The truth is, you don't need root access to utilize the box for a DDOS. All you need to do is compromise the server software (Apache) or some other unprivileged process. From there you just put your bot code in userspace and you're good to go. This is why I think MAC systems should be mandatory on a server, especially a high value server. If you are a Linux server admin and aren't running SELinux or AppArmor you're stupid. These days it is not about getting root, thus you have to secure userspace too. |
|
|
to Snowy
said by Snowy:Why would CloudFlare engage in FUD such as that? Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS." »www.cloudflare.com/overview
Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare. You raise a good point. I've had dedicated web servers on 1GBPS+ connections taken down by "bored teenagers". A lot of web hosts place you on a California style 3 strike warning. If you get DDoSed 3 times they cancel your account. You're often left wondering how to combat mediocre things like a bored teenager. Not worrying about Iran targeting you! |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Oct-9 1:30 pm
said by jcliff:You're often left wondering how to combat mediocre things like a bored teenager. Not worrying about Iran targeting you! Welcome to the site! There's no question that there's a legitimate need for the type of services CloudFlare offers. The exception I took with the CloudFlare's statement is how they took an event focused on a few high visibility targets & tried to attribute it to a bored teenager sitting in his parents Ohio basement when they certainly knew that wasn't the case. Dumbing it down to make it relevant to the masses is what that was about. |
|
3 edits |
jcliff
Member
2012-Oct-9 7:24 pm
said by Snowy:Welcome to the site! There's no question that there's a legitimate need for the type of services CloudFlare offers. The exception I took with the CloudFlare's statement is how they took an event focused on a few high visibility targets & tried to attribute it to a bored teenager sitting in his parents Ohio basement when they certainly knew that wasn't the case. Dumbing it down to make it relevant to the masses is what that was about. Hi and thanks! Yes it doesn't surprise me web hosting companies will do what you mention to increase customers. I just wanted to say that the kid in the basement in Ohio can certainly do a lot of damage if he controls a botnet. :P A lot of the time though unless you are on some specialized service a kid with just a couple of "fat connections" can mess up a site. I don't necessarily like cloudfare type services, in the past I have used Amazon EC2 instances as a proxy to the actual site to get around DDoS and DoS. |
|