Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zimbabweans Hit By Cyber Attacks During Election

Posted by Soulskill on from the failsafes-failed-safely dept.

judgecorp writes "During last week's Zimbabwean election, some huge denial of service attacks took down sites including several reporting on human rights issues and potential irregularities in the election. Those affected suspect government involvement. ... GreenNet is only just recovering today, with some customer websites still down, having reported the strike on Thursday morning, the day after Zimbabweans headed to the polls. It appeared to be a powerful attack – TechWeek understands it was at the 100Gbps level – aimed at GreenNet’s co-location data centre provider Level 3, which subsequently did not let GreenNet move workloads within that facility. ... The DDoS that hit GreenNet was not a crude attack using a botnet to fire traffic straight at a target port, but a DNS reflection attack using UDP packets, which can generate considerable power. DNS reflection sees the attacker spoof their IP address to pretend to be the target, send lines of attack code to a DNS server, which then sends back large amounts of traffic to the victim."

10 of 63 comments (clear)

  1. Re:wait by Thanshin · · Score: 2

    Admit it. You couldn't have pointed at Zimbabwe, with a fat finger, on a map of the Solar System.

  2. Re:Really? by Black+Parrot · · Score: 2

    Yes, and it generates considerable power. I'm going to start using it to power my computer from my network connection..

    --
    Sheesh, evil *and* a jerk. -- Jade
  3. Elections by jkflying · · Score: 5, Funny

    Obama, Cameron and Mugabe are on a boat, when they realise it is sinking and there is only one lifejacket. They decide, being leaders of ostensibly democratic countries, to vote over who gets the lifejacket, so they each write a name on a piece of paper and put it in a cup.

    Once everybody is finished, they counted the pieces of paper, and the results were:
    Obama: 1
    Cameron: 1
    Mugabe: 6

    --
    Help I am stuck in a signature factory!
  4. Re:wait by inasity_rules · · Score: 3, Interesting

    You might be a little surprised if you visited Zimbabwe. The (one and only) thing Mugabe did right was push education, which means a lot of arbitrary schools in the middle of the rural areas have computer labs and things like that. There is a thriving business in old computers there, and it was almost enough for me to support myself.

    --
    I have determined that my sig is indeterminate.
  5. DNS Reflection is a bitch by Drakonblayde · · Score: 3, Interesting

    Been on the business end of a DNS reflection attack. Not fun. Not only do you have to figure out how to deal with loads of DNS responses invading your network, the contact that's listed for the allocation that the spoofed IP falls under gets slammed with inquiries from angry operators wanting to know why their network is sending so many damned DNS queries to them. Very disruptive.

  6. They seem pretty adept at it, actually by Camael · · Score: 3, Informative

    I shared the same belief as you, until I did some random digging... and wow.

    Apparently the Zim government has LOTS of experience with cyber warfare .

    By the time Russia ‘e-nvaded’ Georgia and paralyzed its security with cyber-weaponry in August-September 2008, Zimbabwe was in its fifth year of cyber-guerrilla warfare. Using interception gadgets, the Zanu (PF) government of Robert Mugabe jammed radio signal and web traffic that sympathized with the opposition. Online newspapers and internet radios had been using the internet to attack the Mugabe dictatorship for the past four years. Government and anti-Mugabe hackers had been trading long-range artillery fire for three decades.

    That article, mind you, was written in 2008. Imagine how much more they would have picked up in the last 4 years.

  7. Re:My question by inasity_rules · · Score: 2

    Many do, but many stay because hope is a triumph of optimism over experience. Also, where do you propose they all go? Given the literacy rates a significant proportion of the population can use a computer. While I love the idea of Mugabe sitting alone in a ghost town, it isn't really practical...

    --
    I have determined that my sig is indeterminate.
  8. Re:My question by inasity_rules · · Score: 2

    When Mugabe refused to allow the UN to administer the money the British were sending him to buy farms for the war veterans (because then he would not be able to steal it, and also, pride "Zimbabwe is a sovereign Nation!"), the money stopped and he had nothing to give the war veterans who then revolted. What happened next was highly predictable in hindsight. He printed money to appease them, which they squandered and inflation ate. So they demanded land and took it.

    The problem is, when you're riding the tiger, if you get off it will eat you. I could almost pity the man, except for the slaughter of his own people in the 80s... In any case, if Mugabe dies, the Mujurus and so forth of Zimbabwe will drag it into civil war, since they control the police and the army. He clings to power because if he loses it, he is dead. He once stated he'd leave power in a coffin, and that is likely true even if he resigns. He is actually a very intelligent, though very nasty, person. Most blame his wife who is basically evil incarnate.

    Zimbabweans are a peaceful people, they don't easily become violent. If that weren't the case, he would be dead by now. In essence, I guess the people get the government they deserve, though this could have gone an entirely different way had we had someone else as leader.

    What the solution is, I don't know. Perhaps a free and fair election could transition power, but Tsvangirai isn't actually good leadership material. Essentially, the cancer has spread to the point where the organism that is Zimbabwe basically may die. Zimbabwe had such amazing potential.

    --
    I have determined that my sig is indeterminate.
  9. Re:We should pause and step back a moment... by Drakonblayde · · Score: 4, Informative

    It's not as simple as that. Blacklisting badly behaving mail servers is one thing. That's pretty much an application level fix. You just don't accept the mail from the mailserver.

    DNS reflection is more insidious. If I spoof an IP address and send a query to a DNS server that's authoritative for the domain, it's going to send a response back to the IP address in the source of the packet. Now I do that with a shitload of domains and a shitload of DNS servers, and they all start sending responses to the spoofed IP. A good DNS reflection attack will hit so many sources that it's impractical to filter them all, you'll spend a crapload of time just trying to keep the access-lists updated, and it's exponentially worse the bigger your border is. The only thing you can do is null-route the spoofed IP at your border to prevent the responses from getting into your network and bringing down your entire infrastructure.......... assuming you have border routers that won't die under the flood in the first place. The second you do that, the attacker has won.

    If they're sending queries to authoritative name servers what are you going to do? Blacklist them? The authoritatives are doing what they're supposed to.

    The only real way to stop DNS reflection is to convince every operator to do proper border filtering. If the source address in the packet didn't come from their allocation, they should drop it. Convincing network operators to do so is incredibly difficult.

    The one I was on the end of, they did it smart. They started at 5am on Christmas day, which is pretty much about the best time to ensure that any response is sluggish at best. It went on for two weeks and didn't cease until 4 different providers had operators willing to pool their Netflow data in order to track back where the shit was actually coming from, and we found the CnC nodes buried in TWC's network. TWC was kind enough to terminate those nodes with extreme prejudice.

    Didn't help though, we still lost the customer.

  10. Re:wait by inasity_rules · · Score: 2

    We could not afford chairs, so we had to sit on piles of money instead...

    --
    I have determined that my sig is indeterminate.