dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
16

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to La Luna

Premium Member

to La Luna

Re: In Cyberattacks on Banks, Evidence of a New Weapon

Other experts close to the situation disagree that it was state-sponsored or even sophisticated at all.
quote:
"I don't think there's anything about these attacks that's so large or so sophisticated that it would have to be state sponsored," said Prince, the CloudFlare CEO. "This very well could be a kid sitting in his mom's basement in Ohio launching these attacks. I think it's dangerous to start speculating that this is actually state sponsored."
quote:
"Those are big attacks," he said, "but they're not so unprecedented that it's worth a press release."
Quoted from an ars technica article.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy

Premium Member

said by KodiacZiller:

Other experts close to the situation disagree that it was state-sponsored or even sophisticated at all.

quote:
"I don't think there's anything about these attacks that's so large or so sophisticated that it would have to be state sponsored," said Prince, the CloudFlare CEO. "This very well could be a kid sitting in his mom's basement in Ohio launching these attacks. I think it's dangerous to start speculating that this is actually state sponsored."

That's as self serving a statement as possible & should be viewed in that context.
Of course CloudFlare wants the world to believe that a kid sitting in his mom's basement in Ohio could take down a hardened target, as if it's an easy, common task.

Why would CloudFlare engage in FUD such as that?
Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS."
»www.cloudflare.com/overview

Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare.
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

daveinpoway

Premium Member

If this article (»www.computerworld.com/s/ ··· 12-10-05 ) is true, more serious problems are on the way.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

"In an advisory Thursday, RSA said it has information suggesting the gang plans to unleash a little-known Trojan program to infiltrate computers belonging to U.S. banking customers and to use the hijacked machines to initiate fraudulent wire transfers from their accounts."

Now that's a credible threat.
Trojanized home computers are a dime a dozen & it's only a matter of time before a large organized attack monetize the inventory.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to Snowy

Premium Member

to Snowy
said by Snowy:

That's as self serving a statement as possible & should be viewed in that context.
Of course CloudFlare wants the world to believe that a kid sitting in his mom's basement in Ohio could take down a hardened target, as if it's an easy, common task.

Why would CloudFlare engage in FUD such as that?
Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS."
»www.cloudflare.com/overview

I don't have much respect for proprietary security vendors, but that still doesn't negate this guy's point. We have no idea who did this. Joe Lieberman is the one who floated the "Iran" angle out there, but he has ulterior motives for doing so (i.e. he wants to drum up support for a military attack on Iran).

There are numerous examples of people in the industry crediting Iran or China with cyber-attacks which turned out to be a kid or a group of kids in their basements. The hacks on GoDaddy a few years ago (where certificates were stolen) being one of the most noteworthy. The GoDaddy CEO said it was a highly advanced attack from Iran. Moxie Marlinspike, an independent researcher, proved that it was a single script kiddie who pulled it off using tools downloaded freely from the web (Moxie knows this because the IP address used in the attack downloaded tools he wrote from his website).

There is nothing hard about pulling off DDOS. Script kiddies can do it. There are all sorts of hacker tools written in shiny packages ready to point and click. You don't have to be sophisticated in 2012 to pull off most of these attacks.

Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare.

Website owners are much more likely to face a threat from a script kiddie than from China or Iran.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to KodiacZiller

MVM

to KodiacZiller
Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.

Blake

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

1 recommendation

Snowy

Premium Member

said by Link Logger:

Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.

Claiming the attack was state sponsored is about as grounded as claiming that floods exceeding 60 gigabits per second is a run of the mill DDOS.
State sponsored - no way
Kid working alone in parents basement - no way
Run of the mill - no way
What does that leave?
An organized group with a focused mission & the wherewithal to pull it off, the major point being it wasn't an Ohio kid working alone in his parents garage, which is laughable if you stop & think about it for a second or two.
Snowy

Snowy to KodiacZiller

Premium Member

to KodiacZiller
said by KodiacZiller:

said by Snowy:

Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare.

Website owners are much more likely to face a threat from a script kiddie than from China or Iran.

Yes, I struggled with clarity on that.
The point I tried to make is that CloudFlare tried to make it appear as if a script kiddy working alone in their parents garage 'could' have pulled off the attack when that simply isn't true in Sep-Oct 2012

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

1 recommendation

La Luna to Link Logger

Premium Member

to Link Logger
said by Link Logger:

Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.

Blake

A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.

Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such “denial of service, or DDoS attacks
in which hackers bombard a site with traffic until it falls offline;....


Apparently, the banks say they could defend against simple DDoS attack, but this was something more. That's what I get out of it anyway.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Years ago you would dream of owning a University because they had nice fat juicy pipes, but now just about every Tom, Dick and Jane has a ample pipe connecting them from home such that even if nothing else changed (ie number of systems involved etc), DDOS attacks will only ever get bigger.

I would be very entertaining to track back the systems involved in the attack and see how many are in China for example (only implying that systems are easier to own in China then elsewhere and not that that this is a Chinese state sponsored attacks).

Blake

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller

Premium Member

said by Link Logger:

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Yeah, since many of these higher end servers are running Linux or another Unix variant, sometimes the admins get complacent with security. The truth is, you don't need root access to utilize the box for a DDOS. All you need to do is compromise the server software (Apache) or some other unprivileged process. From there you just put your bot code in userspace and you're good to go.

This is why I think MAC systems should be mandatory on a server, especially a high value server. If you are a Linux server admin and aren't running SELinux or AppArmor you're stupid. These days it is not about getting root, thus you have to secure userspace too.

jcliff
join:2012-10-09

jcliff to Snowy

Member

to Snowy
said by Snowy:

Why would CloudFlare engage in FUD such as that?
Because they sell "Protect your website from a range of online threats from spammers to SQL injection to DDOS."
»www.cloudflare.com/overview

Web site owners are generally not too concerned about having sophisticated/state sponsored attacks pointed at them but the fear, uncertainty & doubt that can come from believing that a single kid working from their parents basement in Ohio could adversely affect their site is a more real scenario, a more profitable scenario, especially if your CloudFlare.

You raise a good point. I've had dedicated web servers on 1GBPS+ connections taken down by "bored teenagers". A lot of web hosts place you on a California style 3 strike warning. If you get DDoSed 3 times they cancel your account.

You're often left wondering how to combat mediocre things like a bored teenager. Not worrying about Iran targeting you!

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by jcliff:

You're often left wondering how to combat mediocre things like a bored teenager. Not worrying about Iran targeting you!

Welcome to the site!
There's no question that there's a legitimate need for the type of services CloudFlare offers.
The exception I took with the CloudFlare's statement is how they took an event focused on a few high visibility targets & tried to attribute it to a bored teenager sitting in his parents Ohio basement when they certainly knew that wasn't the case.
Dumbing it down to make it relevant to the masses is what that was about.

jcliff
join:2012-10-09

3 edits

jcliff

Member

said by Snowy:

Welcome to the site!
There's no question that there's a legitimate need for the type of services CloudFlare offers.
The exception I took with the CloudFlare's statement is how they took an event focused on a few high visibility targets & tried to attribute it to a bored teenager sitting in his parents Ohio basement when they certainly knew that wasn't the case.
Dumbing it down to make it relevant to the masses is what that was about.

Hi and thanks!

Yes it doesn't surprise me web hosting companies will do what you mention to increase customers. I just wanted to say that the kid in the basement in Ohio can certainly do a lot of damage if he controls a botnet. :P A lot of the time though unless you are on some specialized service a kid with just a couple of "fat connections" can mess up a site.

I don't necessarily like cloudfare type services, in the past I have used Amazon EC2 instances as a proxy to the actual site to get around DDoS and DoS.