DDoS for Fun and Profit

First there's the Microsoft worm, reported earlier, which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet, perhaps not the way we expected it to go. And Canada discovers a risk of online voting.

Fastest day of the internet all year

[leprkan]

I would put money on it that tommorow will be the generally fastest day of the internet all year (not saying much it's january). Everything important will be patched, and all the home pc owners that don't know jack about computers will say, "I don't want to catch that virus I heard about on the news, I better wait a day untill it dies down". Thus more bandwidth for everyone else.

i don't get it

[pummer]

microsoft can't even secure their own servers? How can we expect their OS's to run securely on our servers?

Re:i don't get it

[anubi]

I think the psychology is kinda simple:

You know how it is if you hire somebody *else* to paint your house? There is usually a heckuva lotta stuff you would have done differently because its *your* house.

But if you paint the house yourself, it takes a heck of a lot longer than you dreamed, but it's done right - to your exact satisfaction. You know everything about it - and if anything goes wrong, you know exactly how to fix it.

There's a big different between *yours* and *someone-else's*.

I feel the same about OS.

If its really not all that important, I will go with whatever gets the job done quickest.

But, if my life or reputation depend upon it, I need to be secure in my knowledge that I know exactly what I am doing - for it is I and I alone which must take responsibility for the outcome.

I think a lot of it is like choosing rope - if you are a shopkeeper, you may choose a rope based on its markup and profit potential, but if you are a mountain climber, you probably choose rope based on a completely different criteria.

Activation servers off the net?

This is from HardOCP.com:

It's 2:20 CST and I'm trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can't logon without activation.

Except, I CAN'T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)

** Routine maintenance **. I mean, I asked: I said

"You don't have some little stand-alone machine that reads a DVD database so you could stand in line and do it?"

"You don't have a couple hundred "last resort" number ranges? You can call me back tomorrow!!!"

"There's not some guy you can go ask? Ya can't call Bill at home?"

So, I gotta stop my project for some unknown length of time. Good thing I'm not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can't find and order Volvo cars on Monday. Life will continue.

But, I'm still seriously pissed. Call 'em at 888-571-2048 and try for activation.

And let's think about the true meaning of the fact you can't release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about "routine maintenance" on the 24.7.365 activation promise...

Well, on to the next job...

Re:Activation servers off the net?

[handsomepete]

I've been given the 'routine maintenance' runaround on non-mssql bombing days twice. About 8 months ago they told me I wouldn't be able to activate for at least 24 hours because of 'routine maintenance and a database upgrade'. Activated two days after. 2 months later I called about 3am CST and was told that during that time is when they do their 'routine maintenance'. When I got them during a good time after that, the operator (poor guy) hassled me about my re-activating. Even after I told him that I just changed out some hardware on the same computer, he insisted on telling me that I couldn't install XP on a second computer (as in he didn't believe me). After a 10 minute conversation he finally gave up and gave me activation, but with a stern warning ("Well, just remember that this is the third time you've activated this copy in 6 months").

2 months after that I left Windows for good and latched on to Linux. So far I haven't had to call my distros for product activation, so I'm happy.

(Disclaimer: Linux isn't for everyone, not preaching, just my experience, yadda yadda yadda...)

Dilemma

So torn...should I damn Microsoft for providing easy replicative means to fuck up the net all day, or thank them for providing the means to disable the XP activiation servers?

When your enemy is their own worst enemy, does that make them your friend?

Head...aching...

Re:For Fun and Profit?

I believe the news clipping was labeld in such a way to make a play off Aleph1's famous phrack magazine article describing buffer overflows, which was titled "Smashing the Stack for Fun and Profit".

za

Bank ATM's knocked out

[Maditude]

Heh, looks like it took out a big portion of Bank of America's ATM (cash) machines!
Link

I can't believe that BoA has their ATM's on the internet -- anyone know more about how it got to their ATM network?

Power.

[Second_Derivative]

Feeling of power basically. They want to be "ph33r3d" and to run DalNET (or whatever else) into the ground would make them the most powerful people on DalNET because they have power over everyone else and the network is completely at their mercy.

That this is just an inherent problem in the internet's sociology and architecture isn't really a term in the equation but there you go.

Self-destructive

[mu51c10rd]

I do not believe the people responsible for such attacks realize they are being self-destructive. The only end goal of such actions is not to increase security-mindedness in the computer world, but rather scare the normal users, the public, from ever touching the Net. Without the users, companies will be stretched to find the cash to keep up the backbone structure and I am sure it would fall apart. The media hypes anything that is detrimental to the public, including viruses, DDoS attacks, etc. This does nothing but a) scare users off the net 2) make the Net look bad to the public. So are all these kids out there pulling stunts going ahead with the goal of destroying the Net in mind? Even though that seems to be all they know? Interesting, work to destroy the only thing you know. Perhaps I should start a crusade to physically destroy computers too? My actions would teach people they do not *require* their computers to survive right? Just like taking down sites will serve to show people security vulnerabilities?

Re:hope the ddos'ers enjoy jail

[DarkKnightRadick]

You know, since 9/11/2001 it seems that every attack of any kind has been labled an act of terrorism.

Those who start these DDoS attacks are seen less like your standard fare and labled TERRORISTs. I don't see them creating terror. Perhaps we should all take a look at this definition of terrorist from Merriam Webster:

One entry found for terrorism.
Main Entry: terrorism
Pronunciation: 'ter-&r-"i-z&m
Function: noun
Date: 1795
: the systematic use of terror especially as a means of coercion
- terrorist /-&r-ist/ adjective or noun
- terroristic /"ter-&r-'is-tik/ adjective

Usama and his bunch are terrorists.

The people responsible for this attack are more akin to electronic warriors. Whether or not they are right in their methodology OR targets makes them no more and no less. Yes, they are criminals, but I really don't think any such attack against any company that experiences so many can be called a "random act of terror". It's more like a concerted effort to destroy said company.

Had they issued some sort of demand with a threat of physical violence, I'd change my opinion, but as it stands the people responsible are criminals/warriors.

Re:hope the ddos'ers enjoy jail

[GigsVT]

I hope the people who are responsible for this attack (which is technically terrorism) are thrown in jail. It will likely be a long sentence.

I seriously doubt Bill Gates and other Microsoft programmers will spend any time in jail at all over this.

Backend?

[new-black-hand]

From http://www.msnbc.com/news/864184.asp

Within a few hours, 25,000 back-end database servers had been infected, said Oliver Friedrichs, senior manager with Symantec Corp.'s security response team.

If they where truly 'backend', they wouldnt of been infected. This is because of all those open and live MS SQL servers.

Attacks and... freedom?

[jabex]

I guess it's good that Kevin Mitnick has started his own consulting firm. Hmmmm.

http://interviews.slashdot.org/article.pl?sid=03 /0 1/20/1254218&mode=thread

Let me try my first profit post:
1) Free Kevin

2) Start Consulting Firm

3) (cough... cough)

4) Profit!

Seriously - I'd hate to be Kevin Mitnick right now... There's probably 20 different gov't agencies all getting the warrants right now. "This much havoc can only come from ONE man!" Mwuwuwuwahahhahaha.

DALnet

[lvdrproject]

This is the first i've heard about the other two stories-within-the-story here, but DALnet has been the constant bane of people wanting to get things done (and/or chat) for quite some time now. The DDoS attacks have been going on for a long time, but they really came to a peak a few months ago, where it became extremely difficult to stay connected to DALnet for more than a few hours at a time (at which point you would have to reconnect, usually to a different server, since the servers seemed to just take turns dying).

There have been at least two, possibly three or four, occasions where DALnet just shut down completely for a period of at least a few days (this latest one being in the range of like a week). After the first "big" DALnet shut-down, it seems a lot of channels moved to other networks; most of these channels have even gained numbers. Seems even if DALnet does return, a lot of the channels that left it will stay on their new-found networks. The few anime channels that came back to DALnet are very slowly gaining back their numbers, but they're nowhere near the levels they used to be. As of right now, the highest count is 51 users, which is really low for a DALnet anime channel. Highest warez channel count is 68, which is also really low for a DALnet warez channel. And even the MP3 channels, which probably were some of the biggest channels on DALnet, have lost major numbers. I seem to remember them being in the area of like 600+; current count is 166. So yeah, DALnet has really been taking it in the ass.

General consensus around the parts i hang out seems to be that losing DALnet wouldn't be such a bad thing. We'd all move our channels to other networks, and be done with it. Chat channels would really love EsperNet or IRCnet, and warez/MP3/ISO/PlayStation/etc. channels have a half-dozen networks to choose from, most notably EFnet (though i despise it). Anime channels would thrive on Aniverse. DALnet was great, but, unless things see a really dramatic improvement, i think there are many that would agree that it needs to be put out of its misery as soon as possible.

What has made this all really lame has been the fact that DALnet hasn't really said anything about this. Their eZine (the DALnetizen) has truly been the opposite of helpful throughout this whole ordeal. It seemed as though DAL was almost oblivious to what was happening. There would be a paragraph about Christmas, a paragraph about the benefits of PHP, a paragraph about poems, a paragraph about some new op or something, and then tucked away in a little corner would be a little sentence or two along the lines of "ps dalnet si getitng ddosed pls bare w/ us thx". After this most recent attack, however, they've started to get their act together a bit, and have posted a lot more information regarding the situation. Information can really be helpful to their users, if they want to keep them.

Also not helping the situation are rumours(?) to the effect that the DALnet administration has resorted to childish finger-pointing, and have pretty much detached themselves from each other. DALnet isn't really doing a very good job of assuring its user base that it'll be alright. :/ Hopefully, if DALnet is to survive, this will be remedied.

And, finally, the biggest blow to DALnet has been the de-linking of several of its (best) servers. Almost all of the "good" servers, the ones that everyone had as their first picks, have disappeared. Even the "fall-back" servers seem to be gone. Evidently DALnet is picking up a few new (or renamed, maybe, i can't be sure myself) servers, even in light of the attacks, however.

So DALnet's fate is really unknown. No one can be sure, but for now it's functioning, at least in the sense that it has the ability to carry users. Who knows, though, it could be down again tomorrow.

I just drank an entire pot of cold coffee

[MrRudeDude]

and in addition to needing to piss and shit like crazy, I just became too paranoid to go to the bathroom.

That set me thinking -- windows XP activation is 30 days, right ? If you don't activate, what happens in 30 days ? It demands you activate or it locks up.

How many people when installing or starting up a new computer for the first time ignore the activation because they've got to try it out right now ? A lot. What day was 30 days ago ? December 25th. What day probably features more people opening up new computers than any other ?

Perhaps they didn't try to attack the activation servers specifically, but simply thought of bringing down the net to stop the wave of Jan 25th activations, and got the activation servers as a lucky bonus.