« Breaking** Possible Assassination Squad Ran by Cheney** | DonDi's Blog | Is American health care a right? »
Report on the recent Cyber Attack. Re-edited
The Cyber Attack started on July 4 and continued for several days,you may have noticed a slowdown on the web depending on whether or not your traffic had to share the same trunk line as the attack squads, the zombies.
Zombies and Botnets what are they? Zombies are computers that have been infected with codes from a hacker that allows them to manipulate the computer. Several zombies are called a herd, and herds joined together make up a botnet.
The attackers set forth an army of zombies, their job was to all try to sign on to these sites at once,this overloads the server and paralyzes it, the site goes down in overload, and sometimes the ISP. At this point they have estimated 30,000 zombies were used, I suspect more. One botnet in Canada was found to have 1.5 million zombies before it was broken up by law enforcenment. Good net security apparatus has spike warnings that alert watch operators to sudden rushes of traffic so they can respond quickly to attacks.Some of the government sites responded well and some went down.
Was it the North Korean Army Lab 110?
However this new command unit is only concerned with military networks, not the electrical grid ,communications grid ,or airtraffic control grid, or many other vital networks which seem pretty important to me. An attack that shuts down part of the power grid for weeks would be an economic disaster of the epic proportions. So what about those systems?
The protection of these networks then is solely the responsibility of Dept of Homeland Security
This is the gang of 100....they need more help and soon, for as of today they are the only ones who watch over our vital civilian networks. As for us, there are some things each one of us can do to keep our computers from becoming zombies. Having a firewall is critical for protection, along with a virus checker with up to date definitions.Dont leave your computer on 24/7 unattended, shut it down or unplug the net cable when not in use, if it isnt on the web it cant be attacked.Open no email from anyone you dont know, download no programs from unsecure sites.Dont let your computer become a zombie recruit.
Sources :
[ 1 ] Yahoo news on cyber attacks
[ 2 ] The Zombie Hunters
[ 3 ] huffington post on cyber attack
[ 4 ] wsj on new cyber command
Jul 9, 12:40 am ET WASHINGTON - U.S. authorities on Wednesday eyed North Korea as the origin of the widespread cyber attack that overwhelmed government Web sites in the United States and South Korea, although they warned it would be difficult to definitively identify the attackers quickly.The powerful attack that targeted dozens of government and private sites underscored how unevenly prepared the U.S. government is to block such multipronged assaults.While Treasury Department and Federal Trade Commission Web sites were shut down by the software attack, which lasted for days over the holiday weekend, others such as the Pentagon and the White House were able to fend it off with little disruption.The North Korea link, described by three officials, more firmly connected the U.S. attacks to another wave of cyber assaults that hit government agencies Tuesday in South Korea. The officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved the Pyongyang government.
The wave of cyber assaults are known as "denial of service" attacks. Such attacks against Web sites are not uncommon and are caused when sites are so deluged with Internet traffic that they are effectively taken off-line. Mounting such an attack can be relatively easy and inexpensive, using widely available hacking programs, and they become far more serious if hackers infect and tie thousands of computers together into "botnets."
In an Associated Press interview, Philip Reitinger, deputy under secretary at the Homeland Security Department, said the far-reaching attacks demonstrate the importance of cybersecurity as a critical national security issue.The fact that a series of computers were involved in an attack, Reitinger said, "doesn't say anything about the ultimate source of the attack.""What it says is that those computers were as much a target of the attack as the eventual Web sites that are targets," said Reitinger, who heads DHS cybersecurity operations. "They're just zombies that are being used by some unseen third party to launch attacks against government and non government Web sites." [ 1 ]
Zombies and Botnets what are they? Zombies are computers that have been infected with codes from a hacker that allows them to manipulate the computer. Several zombies are called a herd, and herds joined together make up a botnet.
The most potent weapon for Web gangsters is the botnet. A bot, broadly speaking, is a remote-controlled software program that is installed on a computer without the owner's knowledge. Hackers use viruses, worms, or automated programs to scan the Internet in search of potential zombies. One recent study found that a new P.C., attached to the Internet without protective software, will on average be infected in about twenty minutes.
***
In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called "herding," and a herd of zombies is called a botnet. The herder then issues orders to the zombies, telling them to send unsolicited e-mail, steal personal information, or launch attacks. Herders also trade, rent, and sell their zombies. "The botnet is the little engine that makes the evil of the Internet work," Chris Morrow, a senior network-security engineer at M.C.I., said. "It makes spam work. It makes identity fraud work. (and it makes the cyber warfare now under discussion work) [ 2 ]
***
Less than five years ago, experts considered a several-thousand-zombie botnet extraordinary. Lyon now regularly faces botnets of fifty thousand zombies or more [ 2 ].
Read the above link [ 2 ] for a fascinating inside look at Zombie hunters.
The attackers set forth an army of zombies, their job was to all try to sign on to these sites at once,this overloads the server and paralyzes it, the site goes down in overload, and sometimes the ISP. At this point they have estimated 30,000 zombies were used, I suspect more. One botnet in Canada was found to have 1.5 million zombies before it was broken up by law enforcenment. Good net security apparatus has spike warnings that alert watch operators to sudden rushes of traffic so they can respond quickly to attacks.Some of the government sites responded well and some went down.
James Lewis, a senior fellow at the Center for Strategic and International Studies, said that the fact that both the White House and Defense Department were attacked but didn't go down points to the need for coordinated government network defenses.
"It says that they were ready and the other guys weren't ready," he said. "We are disorganized. In the event of an attack, some places aren't going to be able to defend themselves. [ 1 ]
Was it the North Korean Army Lab 110?
The state-run Korea Communications Commission said Friday that it had identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of Web site outages, which began in the U.S. on July 4.The addresses point to the computers that distributed the virus that triggered so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server.They were in Austria, Georgia, Germany, South Korea and the U.S., a commission official said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.So it cant be proven that North Korea was the attacker at this time, but that is expected, they would have been poor hackers indeed if they had left traces back to them with computer addresses. Regardless of the source, there may be a positive gleaned from this attack, it may show the U.S. its weaknesses and vulnerabilities in its networks, and provided a free real time vigorous attack training episode. It may also reveal some of the attackers own weaknesses, methods and even strong points. The data may show us new strategies that we can use to defend from future attacks.
Speculation over who was responsible for the attacks that targeted high-profile Web sites, including those of the White House and South Korea's presidential Blue House, has centered on North Korea.And though such finger-pointing has been trickling out since the attacks began, the identity of the IP addresses themselves provides little in the way of clarity.That's because it is likely the hackers, whoever they are, used the addresses to disguise themselves _ for instance, by accessing the computers from a remote location. IP addresses can also be faked or masked, hiding their true location.
South Korean media reported in May that North Korea was running an Internet warfare unit that tries to hack into American and South Korean military networks to gather confidential information and disrupt service. The Chosun Ilbo newspaper reported Friday that the North has between 500-1,000 hacking specialists. [ 3 ]
June 24,2009 WASHINGTON -- Defense Secretary Robert Gates created a new military command dedicated to cyber security on Tuesday, reflecting the Obama administration's plans to centralize and elevate computer security as a major national-security issue.
The decision follows President Barack Obama's announcement last month that he will establish a new cyber-security office at the White House, whose chief will coordinate all government efforts to protect computer networks. The Pentagon initiative will reshape the military's efforts to protect networks from attacks by hackers, especially those from China and Russia. It also consolidates the largest concentration of cyber warriors and investigators in the government under one military command, exacerbating concerns of some experts who worry about military control of civilian computer systems.[ 4 ]
However this new command unit is only concerned with military networks, not the electrical grid ,communications grid ,or airtraffic control grid, or many other vital networks which seem pretty important to me. An attack that shuts down part of the power grid for weeks would be an economic disaster of the epic proportions. So what about those systems?
Ms. Leed, a Pentagon special assistant on cyber operations from 2005 to 2008, said the narrow focus could leave vital national networks still vulnerable to outside attacks and intrusions. "The question is whether the DoD protecting its own networks is sufficient to protect our national-security imperatives, and I would say no," she said. "The overwhelming majority of cyber traffic isn't on government networks." [ 4 ]
The protection of these networks then is solely the responsibility of Dept of Homeland Security
Rod Beckstrom, former chief of the National Cyber Security Center, which is charged with coordinating cyber-security activities across the U.S. government, quit in March, warning in his resignation letter that the growing reliance on the NSA was a "bad strategy" that poses "threats to our democratic processes." Homeland Security officials said they are still responsible for protecting all civilian networks, though a department spokeswoman declined to speak specifically about the Cyber Command."It is the view in the White House that the Department of Homeland Security will continue to play an absolutely essential role in the protection of America's cyber infrastructure," said Rand Beers, who was nominated to be Homeland Security's undersecretary overseeing cybersecurity, at his confirmation hearing this month.[ 4 ]
By comparison, the Department of Homeland Security has 100 employees dedicated to civilian cyber security, with plans to reach 260 next year.
This is the gang of 100....they need more help and soon, for as of today they are the only ones who watch over our vital civilian networks. As for us, there are some things each one of us can do to keep our computers from becoming zombies. Having a firewall is critical for protection, along with a virus checker with up to date definitions.Dont leave your computer on 24/7 unattended, shut it down or unplug the net cable when not in use, if it isnt on the web it cant be attacked.Open no email from anyone you dont know, download no programs from unsecure sites.Dont let your computer become a zombie recruit.
Sources :
[ 1 ] Yahoo news on cyber attacks
[ 2 ] The Zombie Hunters
[ 3 ] huffington post on cyber attack
[ 4 ] wsj on new cyber command
Advertisement
I agree this is a matter of national and world security. With the 'open' nature of the web, security seems to be something that will necessarily be part of the 'nexus' points where information bottlenecks as well as each end point such as the computer I'm typing on. Not an easy task to secure all these points in an 'ad hoc' system that has been evolving with the original intent of open file sharing. At some point, we may be asking ourselves at what point cyber security becomes censorship. As in, who watches the watchdogs? A question that crossed my mind reading your report: What is the probability of the hackers attacking US and S. Korean govt. computers directing these attacks from N. Korea remotely, from some other nation, ("And though such finger-pointing has been trickling out since the attacks began, the identity of the IP addresses themselves provides little in the way of clarity"), for political reasons?
July 12, 2009 12:38 PM | Reply | Permalink
That's why there has been a lot of talk about having a secondary Internet for "secure" things. It certainly makes sense as there is nothing more secure than not having a computer connected physically. I believe the only big problem here is the expense of carrying out such a special infrastructure. However, that infrastructure would carry key government sites, power grid, banking etc.
Perhaps the banks, flush with cash, can contribute.
Security in key areas of the government is getting very physical: secondary hard drives to be used only when necessary, etc. While this has been the SOP for a while, it's now reaching down into the lowest levels of the bureaucracy.
July 12, 2009 12:56 PM | Reply | Permalink
Clearthinker, good point and statement, the only safe computer is one that is not on the web.Let me make some suggestions for when we are connected. We should not leave our computers on for hours unattended, we should have a good firewall and up to date virus software, there are good free ones so there is no excuse not to have one. The virus program has to be kept up to date with current definitions. Dont download programs from the web from unsecure sites and dont open emails from people you dont know epecially with attachments or that have been chain forwarded because this is the way spiderbots work,they find a computer they can infect,then nab the mail contact list and mail out to all your friends in your name,trusting its you they open it and are also infected. Watch out for ecards even if it says its from a friend, contact the friend first and ask if they sent one. Most may already know all this but it didnt hurt to mention them, and if we all followed safe practices there would be no more zombies recruited.
July 12, 2009 3:59 PM | Reply | Permalink
Miguelitoh2o, sounds like there are three types of internet problems to face.One the governments, all of which have a stake in this since all becoming more reliant on computers (ooo Skynet)for espionage,cyber warfare and monitoring citizens.Two the web gangsters who are only interested in cyberextortion and usually pick the big guys with lots of cash,casinos,porn, sales houses and such. Three the cybertheives who steal and trade in identity theft, this is the one that you and I have to worry about. All of them depend on zombies and bots. The cyberextortionists usually cant break the firewall so their threat is to cripple the web page with denial of service when they release 50,000 zombies to all sign on at the same time,unless the owner pays the demanded price,the old insurance racket gone hi-tech.One group in Canada was busted that had 1.5 million zombies.That many can shut down a site as we have just seen, and shut down the hosting ISP and even clog a portion of the web backbone.Some of us may have noticed a slowdown on the net around July 4 and the following 3 days as these attacks were underway.What did it hurt? Nothing yet they are just probing, testing their zombie troops and recruiting more and looking for systems they can damage.
July 12, 2009 3:40 PM | Reply | Permalink
You guys be sure to read the Zombie Hunter story
Zombie Hunters
July 12, 2009 5:08 PM | Reply | Permalink
The private sector is responsible for the cyber security of its own networks. That includes all public utility companies of any type, the financial system, health care etc. It has been the policy of the U.S. government to not intrude in the public space. States and municipalities manage and are responsible for their own as well.
This is like this for good reason. The breadth of systems and the variable nature of all of it doesn't lend itself to centralized control or administration. Government is fully aware of the sensitive nature of all of this and rightly wants no part of it. Lastly this is technology that is widely known, fully deployed and maintained by a skilled workforce. Each is intimate with their own network infrastructure, management and internal practices.
As a practical matter it would be exceedingly difficult to unify such a diverse network. It might be prudent to have government do a thorough private review of critical systems such as the electical grid but to try and change it in any way would be almost impossible.
July 12, 2009 6:01 PM | Reply | Permalink
Thanks thepeoplechoose, I am now informed better.
July 12, 2009 6:25 PM | Reply | Permalink
DonDi, your're welcome. Here is a bit you might be interested in. It's about managing the grid and the things that are of importance. I do this stuff for a living BTW.
http://news.cnet.com/8301-11128_3-10283295-54.html
July 12, 2009 8:36 PM | Reply | Permalink
thepeoplechoose, Thanks for the link and info.The Y2k scare just goes to show how much we rely on computers now.From stocking the store shelves to getting our paychecks.That worries me a little, being so reliant on technology.When a transformer blew up we had no electricity in our home for a while and were in the dark,ironicly I had to use a bic lighter to find the one candle we had,one candle power is not much light.The TV and all the electric appliances were dead nothing but useless metal and plastic. No little blue or red l.e.d. lights anywhere. It was eery and quiet and felt kind of miserable, like an electricity junkie having withdrawals.I thought, this is the way it was for people 100 years ago.I dont desire to give up electricity but I do desire to give up oil as a means of making it.Petroleum is the core of so many of the worlds problems.We have to find some renewable sources of energy.
July 12, 2009 11:01 PM | Reply | Permalink
Just coincidence, but this is the third time I have recommended this. Maybe this takes.
We are now slaves to the computer networks. I mean slaves.
Telephone, tv, internet, power grid, military operations..........
This is the future.
July 12, 2009 9:05 PM | Reply | Permalink
dickday, I sure feel like a slave sometimes to this box,maybe Im a zombie bot? Thanks for reply friend.
July 12, 2009 10:18 PM | Reply | Permalink
Not so. We are slaves to the freedoms we enjoy, and quite properly, won't give up without a fight. Technolgy is coincidental to freedom. Not the other way around. I would dearly miss the expansion of freedom this technology affords us but if it went away tomorrow our freedoms would remain.
July 13, 2009 4:34 AM | Reply | Permalink