Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:
Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
By Kim Zetter
Wired, July 8, 2009
That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.
Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.
...
Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.
...
In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
Sam, any thoughts on this one?
They mostly come at night. Mostly.
- university webpage: McGill University
- conflict simulations webpage: PaxSims
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
to be of Sam's caliber and a bit hesitant when it comes to using "attack" for a DDoS. But, when the system is down, I'd call that a successful WHATEVER. If they managed to shut down Foggy Bottom, I would assume they done good (and may have done us a slight favor in the process
If you want to blend in, take the bus
The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.
The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.
In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.
As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.
That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
http://in.news.yahoo.com/biggest-eve...041202195.html
Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza
http://www.vanityfair.com/culture/fe...ady-rat-201109
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
AdamG:
I figure it this way. The nation of China is doing this. They will not stop no matter how often they are asked to or how politely they are asked. So, will it eventually come to cyber-counterattacks to disable/destroy the control computers in China? Would that result in a free for all? Or will we eventually have de-internationalize the internet and physically cut connections with China (if that is even possible)?
I don't know much about this kind of thing which is why I ask.
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.
I pity the poor schmuck who has to read the take from the UN.
Noted this in the Vanity Fair piece:
What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.
“The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary”
H.L. Mencken
The above VF article is actually a web exclusive to a longer article for the print edition. The hacking of the UN and International Olympic Committee -which the web exclusive and media dwell upon- are marginal-issues next to what is revealed in the longer article.
Enter the Cyber-dragon, by Michael Joseph Gross. Vanity Fair, September 2011.
Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back.
Perhaps McAfee (and Intel) should immediately cease all business with China and shut down their operations there until all cyber-espionage ceases. That might be an appropriate first move considering the seriousness of this. People might also consider a boycott of Intel and McAfee until this is settled.
Intel looks for security in $7.7 billion McAfee deal - CNN Money - August 19, 2010.Intel looks for security in $7.7 billion McAfee deal
NEW YORK (CNNMoney.com) -- Intel Corp., the world's largest chipmaker, said Thursday it has agreed to acquire security software maker McAfee for $7.68 billion.
...
Intel chips in with Chinese investment - China Daily - August 4, 2011Intel chips in with Chinese investment
BEIJING - Intel Capital, the global investment arm of the chipmaker Intel Corp, announced on Wednesday that it has invested $22 million in three Chinese technology companies this year. It will also invest in least six more in the coming five months.
The three companies are the Shanghai-based online e-commerce outfit, 6DX Change Inc, which operates the online fashion and lifestyle e-retailer website YaoDian100.com; high-definition smart TV and cable smart set top box provider Beijing JoySee Technology Co Ltd, a subsidiary of the US-listed China Digital TV holding Co Ltd; and a second Shanghai-based outfit, BOCOM Intelligent Network Technologies Co Ltd, a provider of intelligent sensing and networking technologies for digital security and surveillance
...
McAfee Inc. to Establish New Wholly-Owned Subsidiary in China - McAfee Newsroom - December 15, 2009.McAfee Inc. to Establish New Wholly-Owned Subsidiary in China
Forming New Chinese Subsidiary Part of Expanded McAfee Investment in China, Company Aims To Boost China Business
BEIJING & SANTA CLARA, Calif., December 15, 2009 - McAfee, Inc. (NYSE:MFE) today announced it is establishing a new wholly-owned subsidiary in China. The new subsidiary forms part of a new investment McAfee is making in China and the Chinese market.
“China offers compelling opportunities for McAfee,” said Dave DeWalt, McAfee president and chief executive officer, at a press event in Beijing today. “China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”
[...]
Current McAfee operations in China include sales, manufacturing of the McAfee Unified Threat Management Firewall and an R&D team focused on mobile security, localization and security research. With the establishment of a new local subsidiary and the planned increased investment, McAfee intends to significantly grow its China business over the next few years.
McAfee China Website
Last edited by Backwards Observer; 08-04-2011 at 07:42 AM. Reason: add link
http://www.washingtonpost.com/blogs/...TZYN_blog.htmlForeign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.
Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
Carl,
I think the rules of the road for cyberwarfare are being written as we speak; but generally speaking, just as every weapon needs to be tested before it can see the battlefield – so too will every cyberwarfare capability.
The difference being there really isn’t cyberwar proving grounds. This means that enemy infrastructure networks need to be regularly penetrated and I imagine occasionally fooked with – just to ensure you still have the capability.
Why does a water utility need to be connected to the internet? Remote access brings efficiency and cost savings -- one group of SCADA engineers can control multiple sites remotely, instead of having to have SCADA engineers at every site 24/7.
“[S]omething in his tone now reminded her of his explanations of asymmetric warfare, a topic in which he had a keen and abiding interest. She remembered him telling her how terrorism was almost exclusively about branding, but only slightly less so about the psychology of lotteries…” - Zero History, William Gibson
http://www.geek.com/articles/geek-pi...utes-20111119/Hacking is becoming a growing problem on Earth. It may seem strange to mention Earth, as there’s not much to hack outside of our planet’s atmosphere unless you count satellites. Even then, how feasible would it be to gain access to the systems running such devices?
Well, China not only has people working on such things, it has been discovered they actually managed to take control of two NASA satellites for more than 11 minutes.
The successful attacks occurred in 2007 and 2008. The more serious of the two happened in ’08 when NASA had control of the Terra EOS earth observation system satellite disrupted for 2 minutes in June, and then a further 9 minutes in October. During that time, whoever took control had full access to the satellites’ systems, but chose to do nothing with it.
A scrimmage in a Border Station
A canter down some dark defile
Two thousand pounds of education
Drops to a ten-rupee jezail
http://i.imgur.com/IPT1uLH.jpg
US Commander cannot pin down satellite anomaly - Reuters - Nov 16, 2011.UPDATE1-US commander cannot pin down satellite anomaly
The command responsible for U.S. military space operations lacks enough data to determine who interfered with two U.S. government satellites, anomalies behind perhaps the most explosive charge in a report on China sent to the U.S. Congress on Wednesday.
"What I have seen is inconclusive," General Robert Kehler, commander of the U.S. Strategic Command, said in a teleconference from Omaha, Nebraska, home to the military outfit that conducts U.S. space and cyberspace operations.
[...]
China's military is a prime suspect, the bipartisan, 12-member commission made clear, though it added that the events in question had not actually been traced to China.
How does the excerpt in bold translate to the geek.com headline of "Chinese hackers took control of NASA satellite for 11 minutes"? Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying? Or is geek.com part of the re-activated Grill Flame program?
I did enjoy this comment on the geek.com article, however:
You have obviously never been to china...they will eat each other before they become a "super power"
Not my field, but I think some clues and understanding is found here:http://www.schneier.com/blog/archive....html#comments
davidbfpo
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
When you think about it, you would expect politically correct, incompetent and dishonest to all run together.
"We fight, get beat, rise, and fight again." Gen. Nathanael Greene
Yeah, but in China it's the other way round. (applause)
quote
John Kenneth Galbraith - Wikipedia
Bookmarks