Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlueSecurity Fall-Out Reveals Larger Problem

Posted by ryuzaki0 on from the continuing-sagas dept.

mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites. While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."

10 of 366 comments (clear)

  1. interesting question about fragile by yagu · · Score: 5, Insightful

    There have been other outages, major, which have had significant impact. It's a good question: is the internet that fragile?

    In many ways it probably is. At the same time, the infrastructure seems resilient enough. The world so far hasn't laced up life-and-death critical systems to the internet such that a failure could cause loss of life. Well, that is, if you don't include:

    Oh, wait, I guess people have started doing that.

    What mechanisms exist for more than resiliency, i.e., instant self-healing? Could terrorists with a little knowledge and a few well-placed EMP generators disable major segments of the internet?

    Unlike phones and the phone networks which were built with lots of oversight and regulation (Universal Service was a big driver for this (aside: now that everything is profit driven, don't expect phone service at that farm house at the end of that long country road anymore... noone HAS to provide it)), I'm not aware of what safeguards back up the internet. In my entire lifetime, I've not one time experienced a phone outage, not once! Power outages, etc., the phone companies have backups to backups to ensure service (though there is the occasional and hard to manage for ditch digging incident).

    While large pieces of the internet are built upon the phone companies' infrastructure, other pieces aren't, and there are significant additional layers of complexity not in the phone companies' purview (switches, routers, coax cable from cable companies).

    That question, "is the internet that fragile?", is probably the biggest reason I've never opted to switch my phone service to VOIP yet. I'd hate to be the one (tiny chance, I know) who needs to make that one 911 call and not be able to do so because the internet is unavailable (which happens occasionally here, which is also too often).

    1. Re:interesting question about fragile by Sinus0idal · · Score: 4, Insightful

      Yup and with BGP routes would swap over eventually if a link was broken. Unfortunately though, we rely too much on DNS which is a fairly fragile infrastructure to say the least.

  2. weakest link by brenddie · · Score: 5, Insightful

    well the internet is as strong as the weakest link, and guess what OS that link is..
    None of those attacks (DOS) could have been done without the use of thousands of zombie machines.
    I guess the only way of stoping the attakers is by taking their weapons (zombies) from them and thats left as an excersise for the survivors.

    --
    The best test environment is production. - Me
    chrome://browser/content/browser.xul
  3. Re:Terrorism too strong a word by Joe+U · · Score: 5, Insightful

    It's a little strong, but it does fall into the definition.

    The use of force (taking down servers) by a group (spammers) against people/property (blue & others) with the intention of intimidating socieities (blues users) for ideological (financial too) reasons.

  4. Not fragile, just vulnerable by Todd+Knarr · · Score: 5, Insightful

    No, the Internet isn't that fragile. It's suprisingly robust, in fact. About the only thing that can really do any significant damage is sheer volume, enough traffic from enough distinct sources to overwhelm the target server or swamp it's network connections. No matter what, anything is always going to be vulnerable to that. You can only have finite bandwidth and server horsepower, and if an opponent's willing and able to throw enough resources at you he can simply overwhelm you. It's often referred to as "the Slashdot effect".

    The only thing that's happened is that, because of the inherent insecurity of Windows machines and the increasing number of them with broadband connections, the bad guys now have access to orders of magnitude more bandwidth and horsepower than any single server can have. In military terms it's like facing an enemy who outnumbers you by ten thousand to one. Distributing your DNS won't help, redundant pipes won't help, distributing your servers won't help, if you can deal with 99% of his assault he's still got a hundred times what you can absorb left.

    The only thing that can help is cutting off the supply of ownable machines the bad guys can take over and use in their attacks. If they're limited to their own machines they can't do much harm.

  5. Meh ... by Sonic+McTails · · Score: 4, Insightful

    You know, BlueSecurity was working. Had they survived, it might have shutdown the spammers. This is going to become a massive bubble issue. Someone just needs to pick up the torch BlueSecurity dropped, and be willing to fight the fight.

    --
    This signature was left intentionally blank.
  6. Terrurizem by mikiN · · Score: 4, Insightful

    Fanatics flying airplanes into buildings killing thousands : Terrorists.

    Haxors commanding botnets to DDOS servers : Cyber-terrorists.

    Big corporations doing aggressive take-overs : Corporate terrorists.

    Mass producers dumping products below cost overseas : Market terrorists.

    Politicians sketching doom scenarios during campaigns to woo scared voters over to their party : Political (party) terrorists.

    C'mon cut it out will ya, soon they will brand humans multiplying without limits sucking up resources and scaring other animals away and out of existence : Biosphere terrorists?

    You know, according to some theory, black holes will eventually suck up most of the available matter in the universe, leaving it a dark cold desolate place with only some Hawking radiation to warm your soul. Should we call those : Universal Terrorists then?

    --
    The Hacker's Guide To The Kernel: Don't panic()!
  7. Re:motivation by Jah-Wren+Ryel · · Score: 4, Insightful

    As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

    I don't know where you got the idea that NSA's activities have done anything to "impose structure and law" on the Internet.

    If anything, the NSA has been actively participating in the chaos by going ahead and doing their own thing with no regard to the law.

    --
    When information is power, privacy is freedom.
  8. Re:Terrorism too strong a word by DavidTC · · Score: 4, Insightful
    Actually, government are terrorists when they 'make an example' out of a criminal. That's kinda the whole point.

    Terrorism's gotten a rather bad rap these days. It's just a tactic. It's used 'legitimately' against occupying armies, for example.(1) Don't try to wipe them out...just scare people into not supporting them by killing a few people who do. And don't go after the soldiers...go after the policy makers and leaders. They can always get more soldiers, but if you kill every single person who occupies a certain position, soon no one will want to do that.

    1) Depending, of course, on whether or not you think the occupying is legitimate or not.

    --
    If corporations are people, aren't stockholders guilty of slavery?
  9. Re:motivation by ScrewMaster · · Score: 4, Insightful

    You're wrong. Lawmakers impose laws, not government agencies, and when they're doing their job properly they pass laws that keep dangerous organizations like the NSA in check. They've been rather lax in their duties lately ... certainly Congress has largely fallen down on the job. The problem is that too much of our current government has been infected by the disease of unaccountability. They do whatever the Hell they please in the name of "homeland security" or "antiterrorism", and there's nobody left to tell them to stop.

    I would further submit that America was far less chaotic in the good old days when big government wasn't so big, wasn't so invasive and tended to leave its citizens alone. It isn't necessary to have a government that restricts and monitors its citizens to the degree that ours is doing for the purpose of achieving a stable society. In fact, the imposition of excessive control, coupled with erratic enforcement, creates instability! This is variously called "political unrest" or "social protest" or, when carried to the logical extreme, "rebellion". Furthermore, it is the kind of thing Americans do when they're pushed too far. At least, I hope it's still the kind of thing we do. It's about the only hope we have left. The way things are in D.C. nowadays, it's pretty obvious that while the lights are still on there's nobody home.

    The Wild West aspect of the Internet, which seems to disturb you to some degree, is precisely what makes the Internet the greatest advance since the invention of fire, the wheel and air conditioning! The economic, scientific and cultural benefits of the Internet, as it is today, far far outweigh the dark side. Reducing the Internet experienced by ordinary people to a bland, "civilized" mix of email and heavily-filtered browsing would take away the power, freedom and utility so many people have come to expect and enjoy. It would also largely eliminate innovation and the development of new technologies, as no-one would be allowed to do anything not approved by the powers-that-be. Huh ... I think I just described AOL.

    --
    The higher the technology, the sharper that two-edged sword.