Slashdot Mirror
Online Attack Hits US Government Web Sites
angry tapir writes "A botnet composed of about 50,000 infected computers has been waging a war against US government Web sites and causing headaches for businesses in the US and South Korea. The attack started Saturday, and security experts have credited it with knocking the Federal Trade Commission's (FTC's) web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the Department of Transportation."
ok let's blame China now for this.
Let's not. See what offends me about this whole thing is that it's so obivious. If they'd just targeted America, it could have been anyone. But 'whoever' it was had to go and hit South Korea too, at the same time. Who hates both the US and South Korea?
By the way, don't say "Chinese Plot", they have nothing to gain from upping tensions at this point. They've been trying to bring the North Koreans into negotiations and they too have issued denounciations against NK by this point. Iran's official line is that the UK is mostly responsible for their problems, they have little to gain from doing something to the Americans and the Russians were just recently in negotiations with Obama that appear to have gone well.
How do you kill that which has no life?
No. They are suspecting North Korea
hilarious
The best defense is always a good offense. Why not launch an attack on North Korea? We have far more advanced technology and could probably cause more damage to them than they could cause to us. If we are crippling their systems, they won't be able to attack ours. I would love to see our government take off the gloves in the cyber world for a change rather than always invading everyone.
Since they started it, it would only be fair. However, there would definitely be some line about imperialist agression. Still, there's almost no chance they would escalate it to physical conflict. A shot above the bows would be nice for once. It might save us from having to drop the hammer when they finally go too far.
However, do they have enough internet connected infastructure to be worth hitting?
How do you kill that which has no life?
The reason the U.S. wouldn't attack North Korea in a cyber war is the same reason we wouldn't attack Iran. The internet is a far more powerful tool when it is use to sway opinion than it is to cripple systems.
I'm just curious when or if rules are going to be put up about Internet sovereignty, so that an attack on a website is seen as an act of war.
I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum.
Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.
Do you seriously think that North Korea has any significant systems exposed on public networks?
You could probably deface their Wikipedia entry, though. Go hog wild.
If you were blocking sigs, you wouldn't have to read this.
No, it's the PFUWU-ML (People's Front of Unpatched Windows Users - Microsoft Legacy).
"Hannibal's plans never work right. They just work." Amy/A-Team
What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.
"Cyberwar" is a minor inconvenience, unless they DoS GPS and Satellite communications.
It's propaganda, PsyOp distraction from things that matter. If a bunch of government shovelware is unavailable for a few hours, really the folks who benefit are you and me. And the folks who thrive on theses "scares" by setting "Threat Levels".
You want to know what you should REALLY be worried about? Stuff like this:
http://colonelsabow.com/home.html
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
I'm sorry, but if this has nothing to do with Michael Jackson, apparently no one cares.
-- I really need to bleed off some of this
US Government websites attacked... but slashdot is OK so what the heck.
What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.
But there's two things that are important here..
1. An individual would have to be VERY motivated to attack two countries at once. Especially if those countries are the US and South Korea. The only thing that makes them unique is that they're at war with North Korea. We also know for a fact that the North Korean citizen does not have internet access from reporters inside the country, in fact posessing a device that can access the outside is punishable by death there so it can't have been a NK citizen acting alone. Assuming it was just one citizen from another country they would have to be very dedicated to perform what is basically a military strike against a foreign power. Prepared to risk death to frame North Korea; that would be a very unique combination and it makes little sense.
2. North Korea has recently been upping it's cyberwar capability enough for it to show up in overseas media. They only recently sent teams to participate in international hacking challanges and appear to have done well in them. One of the main reasons I instantly suspected NK is because of this.
So my personal suspicion is based on the fact that they've recently been working hard to build up their capability in this field despite having no internet connectivity for the average citizen and then all of a sudden a cyber strike hits North Korea's enemies at the same time they're conducting missile tests in contravention of UN sanctions.
How do you kill that which has no life?
Seriously, if SC2 were out already those Asian tweens would have something else to keep them busy.
mmmm...forbidden donut
Honestly, when was the last time you went to ftc.gov? Nobody goes to those sites...
Now if google, wiki, or itunes goes down, then PANIC!
An individual would have to be VERY motivated to attack two countries at once.
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
If information wants to be free, why does my internet connection cost so much?
All that is required is to pull the damn plug on these bots. Each of these machines has and IP address which it advertises every time it makes an attack. That's right folks: The return IP address is part of the header. You can't route packets without this information.
These feral packets _ALSO_ come into the ISP's routers. It is easy to identify them. Uninfected machines don't normally sit there and hammer away at port Blah. Some of the worst ports are 80 (html), 25 (mail) and 22 (SSH).
One really needs to only look at the ports that the botnet tries to exploit.
A simple solution is to pull the plug. A solution which is slightly more difficult is to block the ports the botnet is trying to attack on and then redirect any web access to a banner page advising the owner their machine is cracked and what to do about it... or a tech could phone the client.
_any_ ISP can do this. If they don't do it then they don't want to. As for consumer rights - crap! Its the ISP's which write the Terms of Service. They can put pretty much any terms they want providing said terms are considered reasonable. The public will probably not object. Spammers might however but then who cares if they can't find an uplink.
So the first place to start is at the ISP level.
Next: I've blocked botnets of more than 50,000 machines. I use OpenBSD on the webservers and on the firewalls. Its not that hard to do. Pf can easily handle this. If the server admins over at the "US Government Web Sites" can't handle this then IMHO they are incompetent. If reference, here is an example of how to block these bots in PF:
pfctl -t spammers -T add 190.174.220.241
pfctl -t spammers -T add 67.10.200.220
pfctl -t spammers -T add 125.161.37.199
pfctl -t spammers -T add 71.218.209.198
pfctl -t spammers -T add 202.28.120.19
This is a shell script BTW. extracting the list of bots can be done by scanning the appropriate logs.
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
I mean there's a high probability (50%+) that they will spend the rest of their lives inside a prison. Targeting a foreign country's military infastructure is no small thing and their home country is unlikely to go to defend them from something like this. If they're smart enough to pull this off no doubt this would have occured to them as well. Remember the guy that infiltrated NASA got something like 20+ years and that wasn't even military critical, neither did he do damage.
How do you kill that which has no life?
So, normally I would agree with you hands down, however, I think the issue is that many people are unaware that their computers are being used for malicious purposes.
Case in point: recently I visited a friend of mine to take a look at his computer. He was complaining it was running slow. A quick check showed multiple viruses on his machine. I asked him how long it had been that way, and his response was, "a few months".
The thing is, by far and large a significant portion of the population is more than likely unaware of what a botnet is, let alone possess the ability to diagnose when their computer has been infected. This is quite different then say, a harboring a bomb maker, as most people (hopefully) would be aware that the guy building bombs in their garage is bad news.
Further, this issue is complicated that the attacks may be motivated politically but carried out by private individuals. If a connection is found, say possibly even a direct link, how is a government supposed to react. Does this qualify as an act of war, espionage, or state sponsored terror attack?
It becomes a sticky issue whenever states are involved, simply due to the politics behind it. If it was soley an attack on a private enterprise, by some general criminal, I would simply recommend getting the cooperation of the government that is harboring / serving as a base of operations for the person / people behind the botnet and having it resolved that way. (Now, I do realize that there are many rogue nations or places that are willing to harbor these types of people, so in reality, a different solution is more than likely needed.)
There is always a frontier where there is an open and willing mind
Other than Lil Kim's xbox, how much is there to attack?
Seriously, NK is dirt poor and supremely paranoid. It's not like their economy depends on the internet in any way.
And if you attack their military computers then you quickly escalate things to a very dangerous level.
Leave the gun, take the cannolis.
You think for one second that a bored hacker even thinks that far ahead?
And lets get some perceptive here. A few website went down for less than a day. Hardly an attack that anyone should care about. And not national security or military level either.
Really a DDOS attack like this, *is* a small thing.
If information wants to be free, why does my internet connection cost so much?
purple monkey dishwasher
Yes you can say the car was stolen. There are parts of the country that don't lock their doors and leave keys in there ignition. Thats a good thing, it says people are relatively honest in those parts. Should you suddenly be an accomplis a theft if someone steals your car. I think not unless you hand them the key and say steal it. And no leaving your keys in the ignition is Not handing to them, its showing some amount of trust. That justification is a spin done by theives to justify their actions. Well they left the door open so they were handing my their silverware, or she did not have a chastity belt on so its her fault. All that is spin and should be avoided. Computers that come off the shelf in stores should not be hijacked. Consumers should not be responsible for someone coming into their home and stealing use of their computers. Its a crime, and should be thought of as such and systems should be strengthened for protection and investigation and prosecutions done to find and punish this type of crime.
> As you have so insightfully put it "How much connectivity does NK have?"
That's irrelevant. The bots are not in North Korea and the goverment behind the attack could communicate with the controllers (who could be anywhwere) via short-wave radio. The attacker may not even have created the botnet: they may have purchased it on the open market.
I agree that there is no direct evidence of North Korean involvement, though.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I've heard this theory before and my first thought was: "Do they even have internet in North Korea?"
Well, do they?
You're right. The real enemy here is Microsoft! If we stopped Windows, we would stop the attacks. I think we should send the military to liberate Redmond.
You are in a maze of twisty little passages, all alike.
Who hates both the US and South Korea?
Democrats
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.