Slashdot Mirror
DDoS for Fun and Profit
First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.
from the conspiracy theory dept.:
Just a conjecture, but it wouldn't seem out of step with **AA tactics to take down DALnet in order to curb illegal file sharing.
~Chaltek
This is from HardOCP.com:
It's 2:20 CST and I'm trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can't logon without activation.
Except, I CAN'T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)
** Routine maintenance **. I mean, I asked: I said
"You don't have some little stand-alone machine that reads a DVD database so you could stand in line and do it?"
"You don't have a couple hundred "last resort" number ranges? You can call me back tomorrow!!!"
"There's not some guy you can go ask? Ya can't call Bill at home?"
So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.
But, I'm still seriously pissed. Call 'em at 888-571-2048 and try for activation.
And let's think about the true meaning of the fact you can't release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about "routine maintenance" on the 24.7.365 activation promise...
Well, on to the next job...
Right. I've had enough f this crap.
/.?
But all this rage can go nowhere - you can't do anything about other people's stupidity - it's just so frustrating.
Are there any SK's reading
Reply to this, anonymously if you must, and please give me some insight into what is so amusing about destroying the hard work/livelihood of others for 0 gain on your part? I just cannot understand the motivation to do so. It's like tagging - pointless destruction of property that achieves nothing.
I guess if I thought for one second people might think about how junky most MS product offerings are, and replace them with high quality Open Source or Free software, I might see a point - but no one ever seems to.
Sigh. So. Very. Depressed.
Prisoner #655321
Maybe companies like apple and other competing operating systems and computer companies profited because when joe schmoe turned on his computer that he bought at 2am saterday night he couldnt activate his new improved windows ex pee advanced super wonderful edition release 5, he went back to the store and got a mac, or a mandrake box, or a lindows box.
The goal of computer science is to build something that will last at least until we've finished building it.
Heh, looks like it took out a big portion of Bank of America's ATM (cash) machines!
Link
I can't believe that BoA has their ATM's on the internet -- anyone know more about how it got to their ATM network?
Not script kiddies. Content Providers. Just think about all those movies and music being traded for free without a single dime going to the big conglomerates.
Must be driving them nuts.
Wouldn't surprise me in the least if they've moved beyond rhetoric to action.
Maybe this was started by a security company. Then people come to them looking for the patch. Then the security company charges for the path == profit.
http://phreakinb.com
You know how it is if you hire somebody *else* to paint your house? There is usually a heckuva lotta stuff you would have done differently because its *your* house.
But if you paint the house yourself, it takes a heck of a lot longer than you dreamed, but it's done right - to your exact satisfaction. You know everything about it - and if anything goes wrong, you know exactly how to fix it.
There's a big different between *yours* and *someone-else's*.
I feel the same about OS.
If its really not all that important, I will go with whatever gets the job done quickest.
But, if my life or reputation depend upon it, I need to be secure in my knowledge that I know exactly what I am doing - for it is I and I alone which must take responsibility for the outcome.
I think a lot of it is like choosing rope - if you are a shopkeeper, you may choose a rope based on its markup and profit potential, but if you are a mountain climber, you probably choose rope based on a completely different criteria.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
Extortion; Blackmail.
--
There is no hatred more pure and true than that expressed by children.
Seems the US military managed to leave an unpatched SQL server open to the world...
Whoever might be thinking that this is just your typical round of script kiddies attacking dalnet is dead wrong. DALnet is in more that serious trouble -- for the most part it's already dead.
As a DALnet vetran and an op of one of the top 20 channels (#80s-cartoons), I can tell you that almost all of the major channels have now moved to other networks for good. Ever since the begining of december we had outages that would last anywhere from 4 days to a WHOLE WEEK where no one could connect to a single server in the network.
The gaul of some people is pretty amazing. Apparently, these current DDos attacks have been orchestrated by some one (or group of people) that are holding the DALnet network ransom and are demanding that dalnet pays them X amount of money to stop the attacks. Mind you, these attacks have been going on for about 2 months now, and these people still aren't in custody of law enforcement. It just goes to show you that the only thing that seems to get the FBI involoved in computer crimes is corporate cash. I guantee you if such an attack was launched against a commercial website, the feds would snag these fools within one day; But since this is a non-profit organization, they seemingly don't give a shit.
A lot of the big channels from DALnet have gone to EFnet. The irony in this is quite painful (Since DALnet was initaly formed by disgruntled people from EFnet trying to escape shitty service in the first place.)
One plus about leaving DALnet on to greener pastures has been zero PM spam on the new networks at least. Well, for now.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
So you gotta be a capitalist before the FBI will help find out who is attacking them ? That doesn't sound right. The FBI helped ETG back in August. Before this issue, I didn't realize ETG was a cash cow capitalist.
What if the FBI is letting the Entertainment Industry do this on purpose, to one by one destroy all the warez swapping networks/mediums. As all the people migrate to the other networks, it is very easy for both the FBI & the Entertainment Industry to join in (pose as swappers) and start keeping track of who is swapping what, and eventually bust the bigger fishes.
Of course, I did eat green eggs and ham this morning, so my view of the real world is slightly distorted today.
No. It's a parasite.
Its rate of infection is so high that the DoS is caused, which in turn uses all available bandwidth, just like when a biological parasite kills the host; the parasite dies off..
As you put it, the payload doesn't do anything but try to infect other hosts -- no syn floods, no ICMP, nothing except sending packets that could infect other servers. That's why I think the DoS was unintentional.
S
"The Super Bowl will be on."
don't underestimate that one! I worked in technical support for an ISP for a while.. when the superbowl hit we did not get a single call in to the cue for over an hour, (I think between all the techs on shift we totalled less then 3 calls durring the game) we could tell when the game was over because the phone lines lit up, one of the techs answered the phone with "thankyou for calling, can I get your userid and the final score to the game please?"... and the client wondered how we knew that he was watching the game...
and in addition to needing to piss and shit like crazy, I just became too paranoid to go to the bathroom.
That set me thinking -- windows XP activation is 30 days, right ? If you don't activate, what happens in 30 days ? It demands you activate or it locks up.
How many people when installing or starting up a new computer for the first time ignore the activation because they've got to try it out right now ? A lot. What day was 30 days ago ? December 25th. What day probably features more people opening up new computers than any other ?
Perhaps they didn't try to attack the activation servers specifically, but simply thought of bringing down the net to stop the wave of Jan 25th activations, and got the activation servers as a lucky bonus.
This morning, I burned my last two CDROMs into coasters and needed to get more...so I headed over to the bookstore on the college campus near my apartment, figuring that even if I had to pay a little more for one or two CDROMs there, it would be less bother than driving across town to Best Buy. I arrived at opening time...to find the bookstore completely dark. I knocked on the door, and one of the student workers came out and explained that the university had taken all its computers off-line today because of a "big computer virus attack" that hit last night. "You might see something about it in the news," said worker said sagely. "It was world-wide." And so the bookstore was closed. And they couldn't sell me a single CD-ROM.
I ended up going up the street to Walgreen's and getting a 10-pack there...for probably what 2 or 3 blank CDROMs would have run me at the campus bookstore, so I suppose I can't really complain too much that university stupidity saved me some money. It was extremely annoying at the time, though.
Editor Emeritus and Senior Writer, TeleRead.org
I doubt very seriously that we have to look any further than OverPeer for the origins of this attack; according to RedTeam, this has been going on in very localized spurts since Jan 5th.
It would make sense to me this is a RIAA sponsered thing gone wrong.
Why, yes, I AM a Pagan Libertarian.
Remember that the attack only affected MS servers, and MS has plenty of enemies. If the attack had wiped out the transaction, inventory and employee records of thousands of companies, people might actually think twice about using MS products in the future.
Interesting comment, especially because of M$'s next OS platform being based on Yucon - which is, by incident, SQL driven.
Maybe these guys are running some preliminary tests. Imagine what can happen if 70% of the internet-connected desktops would flood the network with this kind of traffic.
The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.