Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Attack Hits US Government Web Sites

Posted by Soulskill on from the world-war-three-point-oh dept.

angry tapir writes "A botnet composed of about 50,000 infected computers has been waging a war against US government Web sites and causing headaches for businesses in the US and South Korea. The attack started Saturday, and security experts have credited it with knocking the Federal Trade Commission's (FTC's) web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the Department of Transportation."

21 of 199 comments (clear)

  1. Re:blame China by rastilin · · Score: 5, Insightful

    ok let's blame China now for this.

    Let's not. See what offends me about this whole thing is that it's so obivious. If they'd just targeted America, it could have been anyone. But 'whoever' it was had to go and hit South Korea too, at the same time. Who hates both the US and South Korea?

    By the way, don't say "Chinese Plot", they have nothing to gain from upping tensions at this point. They've been trying to bring the North Koreans into negotiations and they too have issued denounciations against NK by this point. Iran's official line is that the UK is mostly responsible for their problems, they have little to gain from doing something to the Americans and the Russians were just recently in negotiations with Obama that appear to have gone well.

    --
    How do you kill that which has no life?
  2. Re:blame China by William+Robinson · · Score: 4, Informative

    No. They are suspecting North Korea

    --
    hilarious
  3. Re:Counter attack by sheehaje · · Score: 5, Insightful

    The reason the U.S. wouldn't attack North Korea in a cyber war is the same reason we wouldn't attack Iran. The internet is a far more powerful tool when it is use to sway opinion than it is to cripple systems.

  4. Internet Sovereignty by andrewd18 · · Score: 3, Interesting

    I'm just curious when or if rules are going to be put up about Internet sovereignty, so that an attack on a website is seen as an act of war.

    I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum.

    Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.

    1. Re:Internet Sovereignty by rastilin · · Score: 3, Interesting

      I'm just curious when or if rules are going to be put up about Internet sovereignty, so that an attack on a website is seen as an act of war. I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum. Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.

      What stops people doing that is the same thing that stops them doing it in the physical world. People have been trying to frame others for military attacks since the dawn of human history and the main deterrant is that if it backfires not only will the government become destabilized from within as people oppose the subterfuge but both involved nations with pile on it simultaneously.

      Not to mention, even if they succeed, it will come back to haunt them at some later point after their intervention is discovered.

      --
      How do you kill that which has no life?
    2. Re:Internet Sovereignty by andrewd18 · · Score: 3, Insightful

      If China gave us clearance to attack North Korea, I would hope that we would start by blowing up the government (using air power). I think the people would get the idea pretty quickly, so I'm not sure a deadly ground war would follow.

      Yes, because that worked so well in Iraq.

  5. Re:Counter attack by Rogerborg · · Score: 4, Funny

    Do you seriously think that North Korea has any significant systems exposed on public networks?

    You could probably deface their Wikipedia entry, though. Go hog wild.

    --
    If you were blocking sigs, you wouldn't have to read this.
  6. Re:blame China by sopssa · · Score: 5, Insightful

    What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.

  7. Who Cares? by VoxMagis · · Score: 4, Insightful

    I'm sorry, but if this has nothing to do with Michael Jackson, apparently no one cares.

    --
    -- I really need to bleed off some of this /. karma.
  8. US Government websites attacked... by Chrisq · · Score: 4, Funny

    US Government websites attacked... but slashdot is OK so what the heck.

  9. Re:blame China by rastilin · · Score: 3, Insightful

    What always bugs me with these "cyberwar" news is that people try to put one country as responsible for them, and its always China or Russia or one of the other "bad guys". Like parent post said, their goverments have no reason to do something like DDOS attacks against US. Who's to say its not just some individual who either is pissed at US/South Korea or has such political views, or does so for whatever reason? Stop blaming countries as a whole if you dont know it.

    But there's two things that are important here..

    1. An individual would have to be VERY motivated to attack two countries at once. Especially if those countries are the US and South Korea. The only thing that makes them unique is that they're at war with North Korea. We also know for a fact that the North Korean citizen does not have internet access from reporters inside the country, in fact posessing a device that can access the outside is punishable by death there so it can't have been a NK citizen acting alone. Assuming it was just one citizen from another country they would have to be very dedicated to perform what is basically a military strike against a foreign power. Prepared to risk death to frame North Korea; that would be a very unique combination and it makes little sense.

    2. North Korea has recently been upping it's cyberwar capability enough for it to show up in overseas media. They only recently sent teams to participate in international hacking challanges and appear to have done well in them. One of the main reasons I instantly suspected NK is because of this.

    So my personal suspicion is based on the fact that they've recently been working hard to build up their capability in this field despite having no internet connectivity for the average citizen and then all of a sudden a cyber strike hits North Korea's enemies at the same time they're conducting missile tests in contravention of UN sanctions.

    --
    How do you kill that which has no life?
  10. How do you know they went down? by 2obvious4u · · Score: 4, Insightful

    Honestly, when was the last time you went to ftc.gov? Nobody goes to those sites...

    Now if google, wiki, or itunes goes down, then PANIC!

  11. Pull the Gdamn plug! by cdn-programmer · · Score: 3, Informative

    All that is required is to pull the damn plug on these bots. Each of these machines has and IP address which it advertises every time it makes an attack. That's right folks: The return IP address is part of the header. You can't route packets without this information.

    These feral packets _ALSO_ come into the ISP's routers. It is easy to identify them. Uninfected machines don't normally sit there and hammer away at port Blah. Some of the worst ports are 80 (html), 25 (mail) and 22 (SSH).

    One really needs to only look at the ports that the botnet tries to exploit.

    A simple solution is to pull the plug. A solution which is slightly more difficult is to block the ports the botnet is trying to attack on and then redirect any web access to a banner page advising the owner their machine is cracked and what to do about it... or a tech could phone the client.

    _any_ ISP can do this. If they don't do it then they don't want to. As for consumer rights - crap! Its the ISP's which write the Terms of Service. They can put pretty much any terms they want providing said terms are considered reasonable. The public will probably not object. Spammers might however but then who cares if they can't find an uplink.

    So the first place to start is at the ISP level.

    Next: I've blocked botnets of more than 50,000 machines. I use OpenBSD on the webservers and on the firewalls. Its not that hard to do. Pf can easily handle this. If the server admins over at the "US Government Web Sites" can't handle this then IMHO they are incompetent. If reference, here is an example of how to block these bots in PF:

      pfctl -t spammers -T add 190.174.220.241
      pfctl -t spammers -T add 67.10.200.220
      pfctl -t spammers -T add 125.161.37.199
      pfctl -t spammers -T add 71.218.209.198
      pfctl -t spammers -T add 202.28.120.19

    This is a shell script BTW. extracting the list of bots can be done by scanning the appropriate logs.

    1. Re:Pull the Gdamn plug! by oneiros27 · · Score: 3, Insightful

      Although this might help against some types of denial of service attempt where they're making your machine work harder by servicing what look to be legitimate requests, it does not help against attempts at network saturation from incoming packets unless you can block it at the upstream router.

      --
      Build it, and they will come^Hplain.
    2. Re:Pull the Gdamn plug! by kybred · · Score: 5, Informative

      Each of these machines has and IP address which it advertises every time it makes an attack. That's right folks: The return IP address is part of the header. You can't route packets without this information.

      Not necessarily. For SYN flood the src address can be spoofed, since the attacker doesn't care if he gets the SYN-ACK.

      What the ISPs could do for this is to filter outbound traffic such that if the src IP is not on their network (i.e., is spoofed) the packet is dropped.

  12. Re:Counter attack by WindowlessView · · Score: 3, Insightful

    Other than Lil Kim's xbox, how much is there to attack?

    Seriously, NK is dirt poor and supremely paranoid. It's not like their economy depends on the internet in any way.

    And if you attack their military computers then you quickly escalate things to a very dangerous level.

    --
    Leave the gun, take the cannolis.
  13. Re:blame China by delt0r · · Score: 3, Insightful

    You think for one second that a bored hacker even thinks that far ahead?

    And lets get some perceptive here. A few website went down for less than a day. Hardly an attack that anyone should care about. And not national security or military level either.

    Really a DDOS attack like this, *is* a small thing.

    --
    If information wants to be free, why does my internet connection cost so much?
  14. Re:blame China by Anonymous Coward · · Score: 3, Informative
    It's IP ADDRESSES, not fucking IP NUMBERS.

    purple monkey dishwasher

  15. Re:blame China by lxs · · Score: 4, Interesting

    I've heard this theory before and my first thought was: "Do they even have internet in North Korea?"

    Well, do they?

  16. Re:Intensifying the conflict much? by ConceptJunkie · · Score: 4, Interesting

    You're right. The real enemy here is Microsoft! If we stopped Windows, we would stop the attacks. I think we should send the military to liberate Redmond.

    --
    You are in a maze of twisty little passages, all alike.
  17. Re:blame China by SnarfQuest · · Score: 3, Funny

    Who hates both the US and South Korea?

    Democrats

    --
    Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.