Slashdot Mirror
Online Attack Hits US Government Web Sites
angry tapir writes "A botnet composed of about 50,000 infected computers has been waging a war against US government Web sites and causing headaches for businesses in the US and South Korea. The attack started Saturday, and security experts have credited it with knocking the Federal Trade Commission's (FTC's) web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the Department of Transportation."
The best defense is always a good offense. Why not launch an attack on North Korea? We have far more advanced technology and could probably cause more damage to them than they could cause to us. If we are crippling their systems, they won't be able to attack ours. I would love to see our government take off the gloves in the cyber world for a change rather than always invading everyone.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
Or perhaps DPRK? They're annoyed with both of the target countries lately.
ok let's blame China now for this.
Let's not. See what offends me about this whole thing is that it's so obivious. If they'd just targeted America, it could have been anyone. But 'whoever' it was had to go and hit South Korea too, at the same time. Who hates both the US and South Korea?
By the way, don't say "Chinese Plot", they have nothing to gain from upping tensions at this point. They've been trying to bring the North Koreans into negotiations and they too have issued denounciations against NK by this point. Iran's official line is that the UK is mostly responsible for their problems, they have little to gain from doing something to the Americans and the Russians were just recently in negotiations with Obama that appear to have gone well.
How do you kill that which has no life?
No. They are suspecting North Korea
hilarious
4chan has been down also
It's patriotic North Koreans using their home computers! Wait...
Every reaction will result in a counterreaction. And with each itteration, things enhance. Now it is some group of assholes. When you take this cyber asshattery into the realm of militairy warfare, you can nolonger stick it undert the label of web-security, it becomes a... war activity. Who would you attack? The zombied systems? Or just govermental systems of a nation who you PRESUME to be responsible for the attack? And then the counter attack is made officially by the USA militairy, not an anonymous group. Nobody wins... except the asshats behind the original attack.
I'm just curious when or if rules are going to be put up about Internet sovereignty, so that an attack on a website is seen as an act of war.
I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum.
Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.
Whenever some whacko grabs a gun and kills a bunch of people, the hew and cry is for "gun control". When someone takes a computer and attacks government sites, and other important infrastructural servers, where is the cry for "Computer control?"
Why are people who harbor botnets not as guilty as those who harbor criminal and terrorists? If you let someone use your garage to store gasoline/petrol for Molotov Cocktails, you'd be arrested.
What was the OS and browser of the botnetted collaborators? Wouldn't it be fun if the FBI knocked on the doors of those whose machines were "hijacked*" and brought their computers in for questioning?
*I use the phrase 'hijacked' loosely. If a person leaves the car running, the keys in the ignition and the windows down (pun intended), can they say that their car was 'stolen'?
How much connectivity does NK have? How hard would it be to just cut them off for a day and see if all the attacks cease? It's not like NK wants anyone other than the military to have access to any information anyway. I don't think a severed backbone would inconvenience the general population in the slightest.
No, it's the PFUWU-ML (People's Front of Unpatched Windows Users - Microsoft Legacy).
"Hannibal's plans never work right. They just work." Amy/A-Team
What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.
Why does it have to be a country. What about some dirty hacker somewhere with nothing more than an axe to grind. Or perhaps he/she just doesn't like getting teased at school.
Its not fricken national emergency. Its just a botnet attack. Seriously what are the effects? Some website wasn't available all day? Sounds like just another day on the internet...
If information wants to be free, why does my internet connection cost so much?
I'm sorry, but if this has nothing to do with Michael Jackson, apparently no one cares.
-- I really need to bleed off some of this
Splitters!
It's obviously the Unpatched Windows Users People's Front.
US Government websites attacked... but slashdot is OK so what the heck.
What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.
But there's two things that are important here..
1. An individual would have to be VERY motivated to attack two countries at once. Especially if those countries are the US and South Korea. The only thing that makes them unique is that they're at war with North Korea. We also know for a fact that the North Korean citizen does not have internet access from reporters inside the country, in fact posessing a device that can access the outside is punishable by death there so it can't have been a NK citizen acting alone. Assuming it was just one citizen from another country they would have to be very dedicated to perform what is basically a military strike against a foreign power. Prepared to risk death to frame North Korea; that would be a very unique combination and it makes little sense.
2. North Korea has recently been upping it's cyberwar capability enough for it to show up in overseas media. They only recently sent teams to participate in international hacking challanges and appear to have done well in them. One of the main reasons I instantly suspected NK is because of this.
So my personal suspicion is based on the fact that they've recently been working hard to build up their capability in this field despite having no internet connectivity for the average citizen and then all of a sudden a cyber strike hits North Korea's enemies at the same time they're conducting missile tests in contravention of UN sanctions.
How do you kill that which has no life?
dont be naive. Why would China try to bring NK to the table? They have nothing to gain from that! Of course they pretended, seeing how far the US goes.
The NK pressure clearly causes headaches for US, ergo its good for China.
Let's not. See what offends me about this whole thing is that it's so obivious. If they'd just targeted America, it could have been anyone. But 'whoever' it was had to go and hit South Korea too, at the same time. Who hates both the US and South Korea?
It could be the Martians.
As suspicious as North Korea may be, with this incident, there is no proof that they are the culprits. Assuming that North Korea is behind it and acting accordingly could have disastrous results even if they are right. (Also see: Intensifying the conflict much)
Well said. And might i add that we in the past used to blame Canada for all that's wrong. With their beady little eyes and flapping heads so full of lies.
These aren't the bots you are looking for. You can go about your business
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Seriously, if SC2 were out already those Asian tweens would have something else to keep them busy.
mmmm...forbidden donut
It was a communication problem between the botnet control servers. They just didn't get the update.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Honestly, when was the last time you went to ftc.gov? Nobody goes to those sites...
Now if google, wiki, or itunes goes down, then PANIC!
dont be naive. Why would China try to bring NK to the table? They have nothing to gain from that! Of course they pretended, seeing how far the US goes. The NK pressure clearly causes headaches for US, ergo its good for China.
The Chinese fund something like 9/10th of NK's fuel and 8/10th of their consumer goods, they basically keep the country running and the word I've heard is because they want to both bolster communism in the world and because it buffers the incredibly rich incredibly capitalist South Korea from their borders. If the Americans finally snap and burn North Korea to the ground the Chinese are unlikely to go to bat for them, it's not worth it, the Americans owe them money and being seen to start wars is bad for business. The end result would be the ultra capitalist South right up against China's borders plus hundreds of thousands of North Korean refugees rushing into China.
How do you kill that which has no life?
An individual would have to be VERY motivated to attack two countries at once.
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
If information wants to be free, why does my internet connection cost so much?
Its the July 4th weekend. They were probably down for maintenance and it took longer than expected.
What would you tell your PHB?
All that is required is to pull the damn plug on these bots. Each of these machines has and IP address which it advertises every time it makes an attack. That's right folks: The return IP address is part of the header. You can't route packets without this information.
These feral packets _ALSO_ come into the ISP's routers. It is easy to identify them. Uninfected machines don't normally sit there and hammer away at port Blah. Some of the worst ports are 80 (html), 25 (mail) and 22 (SSH).
One really needs to only look at the ports that the botnet tries to exploit.
A simple solution is to pull the plug. A solution which is slightly more difficult is to block the ports the botnet is trying to attack on and then redirect any web access to a banner page advising the owner their machine is cracked and what to do about it... or a tech could phone the client.
_any_ ISP can do this. If they don't do it then they don't want to. As for consumer rights - crap! Its the ISP's which write the Terms of Service. They can put pretty much any terms they want providing said terms are considered reasonable. The public will probably not object. Spammers might however but then who cares if they can't find an uplink.
So the first place to start is at the ISP level.
Next: I've blocked botnets of more than 50,000 machines. I use OpenBSD on the webservers and on the firewalls. Its not that hard to do. Pf can easily handle this. If the server admins over at the "US Government Web Sites" can't handle this then IMHO they are incompetent. If reference, here is an example of how to block these bots in PF:
pfctl -t spammers -T add 190.174.220.241
pfctl -t spammers -T add 67.10.200.220
pfctl -t spammers -T add 125.161.37.199
pfctl -t spammers -T add 71.218.209.198
pfctl -t spammers -T add 202.28.120.19
This is a shell script BTW. extracting the list of bots can be done by scanning the appropriate logs.
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
I mean there's a high probability (50%+) that they will spend the rest of their lives inside a prison. Targeting a foreign country's military infastructure is no small thing and their home country is unlikely to go to defend them from something like this. If they're smart enough to pull this off no doubt this would have occured to them as well. Remember the guy that infiltrated NASA got something like 20+ years and that wasn't even military critical, neither did he do damage.
How do you kill that which has no life?
Government website?
"and nothing of any value was lost"
You think for one second that a bored hacker even thinks that far ahead?
And lets get some perceptive here. A few website went down for less than a day. Hardly an attack that anyone should care about. And not national security or military level either.
Really a DDOS attack like this, *is* a small thing.
If information wants to be free, why does my internet connection cost so much?
purple monkey dishwasher
I am concerned that a sizable government department can't repel attacks from - allegedly - North Korea.
You think for one second that a bored hacker even thinks that far ahead? And lets get some perceptive here. A few website went down for less than a day. Hardly an attack that anyone should care about. And not national security or military level either. Really a DDOS attack like this, *is* a small thing.
I'm not disagreeing, it's entirely possible. I merely think it's unlikely. The scale of the attack does appear small, but the NASA example I used was nothing to care about, intent to attack matters.
How do you kill that which has no life?
Most likely caused by war mongers right there in the USA. Talk about a troll...
Sorry about the attack guys, tripped on a bag of dorrities and hit the wrong button. My bad.
What on Earth gave you the idea that it was North Korea that did it?
As you have so insightfully put it "How much connectivity does NK have?".
Japan on the other hand has a lot more connectivity, and a huge bone to pick with both US and SC.
Or how about China? India? Germany? Vatican?
Even if the botnet CAME from a particular country, with each attack being accompanied by spamming of the mailboxes around the world with the .mp3s of the national anthem of the particular country - that is still NOT EVIDENCE that said country had anything to do with it.
It could all be work of a drunk Australian hacker for all we know.
Mit der Dummheit kämpfen Götter selbst vergebens
The Chicoms are not happy with what North Korea is doing. With North Korea getting nuclear weapons, this means that South Korea - and more importantly to the Chicoms - Japan AND TAIWAN will also do the same.
If hostilities resume, it would mean that China will have to deal with millions of illegal aliens coming from Noth Korea.
Rastillin (my sibling post), South Korea is much more socialistic than China is.
IP addresses used in attacks are usually Chinese or Russian. Furthermore, the malware found on hacked machines often uses Chinese or Russian characters.
It's a pretty good bet that the hackers themselves reside in those countries. We can't conclude that they are hacking at the request of their governments, but it wouldn't be surprising; those governments aren't doing much to stop the hacking (which would be easy to do using national firewalls).
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Skynet is online....
Japan.
Granted, Japan from 60-70 years ago but still...
How would USA feel about someone dropping not one, but two nukes on them AND robbing them of say... Texas (Korea)?
Mit der Dummheit kämpfen Götter selbst vergebens
Yes, it is. What would Slashdot be without some racist troll spam in or near the first post?
I'm surprised no one has mentioned this yet, but to me it seems like a perfect solution. Warn a country with an official statement and 24hrs response required. Deploy autonomous cable cutting vehicles, then (if necessary) press the cut cable button at 24:00.01. If you want your computers to talk to our computers on the network we invented; you get to play by our rules or you don't get to play at all.
"Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck
The thing I don't really get is how 50,000 computers can shut down your site.
I can't imagine the FTC is only hosted by one or two servers. Of course the important number was not mentioned which is how much bandwidth was being put into the DDoS. That would determine if it's just bad website administration not surviving something that all of us experience from time to time. Of course the other matter is why you would attack a public-facing site for the FTC or department of transportation. This isn't going to impact operations and makes no statement about your ability to impact hardened targets. Sounds to me like the firewalls they chose weren't doing their job or they were foolish enough to place web-servers directly on the Internet.
It's amazing the important steps people skip when building a site to save a few bucks. Connectivity gear is never where you want to skimp!
...a WILD GUESS that Korea had anything to do with it.Possibility or even opportunity can not be considered proof.
Heck! It could have been Michael Jackson. In his sleep. Maybe he died from shock when he found out what he (his other self, that is) did?
It IS possible!
Mit der Dummheit kämpfen Götter selbst vergebens
I've heard this theory before and my first thought was: "Do they even have internet in North Korea?"
Well, do they?
So what would motivate an individual or private group to attack two countries at once and create a crisis?
How about money?
Set up the situation in order to profit in the stock markets from the political turmoil.
Comment removed based on user account deletion
Comment removed based on user account deletion
Apparently cyber-warfare isn't an issue, at least according to Slashdot commenters a few weeks ago.
Any /. user could personally swamp North Korea's 56k leased line and their rack full of diesel-powered Pentium II boxes. For the US or China, it's not worth the trouble.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I don't think so. I believe Mr. Kim Jong reserves it for himself, watching the NBA playoffs.
In the beginning, there was null.
An individual would have to be VERY motivated to attack two countries at once. Especially if those countries are the US and South Korea. The only thing that makes them unique is that they're at war with North Korea.
While the US and South Korea have been at war with North Korea in the past, and quite possibly the near future, it's not correct to say we are presently at war with them. Perhaps you meant "they were" instead of "they're" - the contraction for "they are"?
With the limited information available, this could even be the U.S. hitting itself with North Korea as a cover.
Do you need the military to control all networks? Given this new attack, isnt the need obvious?
Only the higher-ups in government from what I understand, but there's also a large population of North Koreans living in Japan as well. See also Chongryon.
So are you saying that if you bring down multiple federal websites, the US government isn't going to think it is a big deal? So will they just send you a polite email asking you to stop, or do you think they would track you down and try to punish you to the full extent of the law? If you truly think they wouldn't do anything, there is an easy way to test your theory...
"But this one goes to 11!"
Which on the face of it is rediculous, since the entire nation has less bandwidth than a single hardcore gamer in South Korea.
While the US and South Korea have been at war with North Korea in the past, and quite possibly the near future, it's not correct to say we are presently at war with them. Perhaps you meant "they were" instead of "they're" - the contraction for "they are"?
For one thing the war never officially ended. America didn't sign anything and South Korea signed a cease fire. North Korea recently stated that the cease fire is no longer valid. Therefore, according to them, North Korea is at war with America and South Korea. Although that doesn't stop them from talking about Imperialist provocation.
How do you kill that which has no life?
Wow that reads like Ghost in the Shell backstory.
Actually, the ADDRESSES are NUMBERS, so technically he is correct.
orange donkey washing machine
Who hates both the US and South Korea?
Democrats
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
We need to establish a day to have all of the non-computer geeks (geek squad included) bring their computers and have them cleaned out.
Essentially, take the hard drive out, make a copy, wipe the sucker, reinstall an OS, copy any precious files and nuke the copy.
Hence the joke. Plus, NK citizens don't own computers, and they barely have electricity.
I thought that the Korean War never really ended. It was just a cease fire that continues until this day? Although there is an armistice agreement.
I saw... its thoughts. I saw what they're planning to do. They're like locusts. They're moving from planet to planet... their whole civilization. After they've consumed every natural resource they move on... and we're next. Nuke 'em. Let's nuke the bastards.
Zing!
china gains by stressing it's enemies. assuming they consider the US an enemy, raising tensiosn with n. korea destabilizes the US because it's already up to it's neck in afghanistan and iraq. i'm not accusing china, jut making an observation.
china gains by stressing it's enemies. assuming they consider the US an enemy, raising tensiosn with n. korea destabilizes the US because it's already up to it's neck in afghanistan and iraq. i'm not accusing china, jut making an observation.
Yes, true. But it doesn't seem worth it. In this case China doesn't actually gain anything, it doensn't do enough damage or strain things to the point where America unbalances. However there is massive potential for backlash. Also, China seems unlikely to frame it's own ally; they would pick someone else to take the fall.
How do you kill that which has no life?
4chan is also down right now. Coincidence? Or is it part of the same attack? Take out the government websites, and the only website full of enough script kiddies to fight back.
Or someone is having some good lulz about now.
it's well known that the US would be in big trouble if it was forced to fight two major conflicts ... i.e., if we engaged n. korea. so yes, forcing the US into that could very well unbalance it. anything that raises tensions between the US and n. korea furthers that end.
if china considers n. korea an ally (do they?), it's only because of proximity and because "the enemy of my enemy is my friend". i seriously doubt that would stop them from using n. korea to further their goals.
as for why n. korea ... 1) they are technologically backwards and probably aren't up to disproving the claim and 2) they are one of a few nations that we could believe would make such an attack.
I'm not disagreeing, it's entirely possible. I merely think it's unlikely. The scale of the attack does appear small, but the NASA example I used was nothing to care about, intent to attack matters.
The NASA attack you speak of was also breach of systems. This is a trivial DDOS on a few Web servers. While annoying, it's not the end of the world.
Bullish Machine Tzar
it's well known that the US would be in big trouble if it was forced to fight two major conflicts ... i.e., if we engaged n. korea. so yes, forcing the US into that could very well unbalance it. anything that raises tensions between the US and n. korea furthers that end. if china considers n. korea an ally (do they?), it's only because of proximity and because "the enemy of my enemy is my friend". i seriously doubt that would stop them from using n. korea to further their goals. as for why n. korea ... 1) they are technologically backwards and probably aren't up to disproving the claim and 2) they are one of a few nations that we could believe would make such an attack.
They're all good points. But in the last Korean war, the American forces faced off against the Korean and Chinese armies and utterly slaughtered them. Despite being vastly outnumbered the American force sustained some obscenely small amount of casualties and proceeded from one end of the country to the other in record time. During the intervening period, the Americans have become far more advanced and the Koreans wouldn't have the Chinese backing them.
The stuff I've read suggests that an attack by the NK army would flood over the demilitarized zone and flatten Seul with artillery (if it's still there), but the American reprisal would mow through NK without even slowing down. I maintain despite your points that it's still not worth it for China.
How do you kill that which has no life?
At the same time though... South Korea could just be thrown in the the mix just to confuse the issue of who is doing it. It is fairly easy to get people to place blame based on who is affected by something. We can not place blame based just on who is affected by something.
You hate China
Already been done. It's called 4chan.
https://www.cia.gov/library/publications/the-world-factbook/geos/KN.html
"Internet users:
NA"
I bet Jung-Il has a connection, though. Also, apparently they have a country code ready for if they ever get connected.
What is this? A "false flag" for geeks?
Any news on which webservers are affected (apache or IIS), and which vulnerability was used in this attack?