Re: Denial of Service Attacks & the Nets
From
stu <lsi@space.net.au>
Date
Fri, 11 Feb 2000 21:15:59 +0800
[: hacktivism :]
my 2c:
news reports cite 50 compromised hosts being used in this wave of
attacks. I have to guess, but I'd be surprised if it look less than
two weeks, on average, to identify, penetrate, and stabilise access
to a single compromised host. So, that's 100 weeks, or around 2
years.
Yet, we have only been hearing about this tech for since July 1999
(the earliest reference I could find to DDOS tools by CERT), around
6 months.
This means that more than one person must have worked to
compromise the number of hosts required to mount this wave of
attacks. Indeed, it implies that a team of around 4 people worked
solidly for six months to compromise the minimum number of
hosts required.
In six months, it would be reasonable to expect some loss of
access due to detection, improvements in security, host gone out
of business, mistakes, etc. To minimise these problems, the
project would need to be accelerated - the web has been bustling
with DDOS since around December, which suggests the project
has been running around 3 months.
This then requires 8 people.
Did 8 people volunteer 12 full weeks of their lives to take Yahoo
down for 3 hours? How did they all come to work together, with all
the skills required, to deliver in timeframe?
A group of hackers could muster resources to do this, even
volunteers - ten thousand of them if need be. But there is little
return on investment; the impact to the net is relatively minor. I
don't see a strong motive for a hacker group to do this.
So, who else has the resources? The same people Jim so
brilliantly noticed have a motive. The 1994 CALEA wiretap
provisions are worth big bucks - not to hacker groups, but to law
enforcement agencies... and telcos...
resources .... yes
motive .... yes
what else is there?
evidence of concealment? Well, the FBI did say that they thought
"a single teen" could have done it. This statement implies that this
lone teenager was able to crack 50 hosts in 3 months, a sustained
rate of 4 hosts per week. I am having difficulty believing this... are
they obscuring the truth, or just being predictably foolish?
more? well, they did say that "it may be difficult to trace..." and
that they had launched an investigation in case their own
computers were used. Translation: we did it, but you can't catch
us. And by the way we might be able to catch somebody, if you'd
just send us some more cash.
Divergently: the emergence of DDOS in a foreign language
suggests the proliferation of these weapons. We can assume that
the military establishment has long possessed weapons like these,
in the interests of national security. The skills and knowledge
learned by individuals while working on the tech bleeds into their
environment. Thus we can infer that foreign military establishments
also have DDOS weapons, and we can conclude that there is a
veritable arms race in the field.
That the establishment is now using the resultant weapons against
its own citizens, for profit, is nothing new.
Stuart
Date sent: Wed, 9 Feb 2000 01:25:56 -0500 (EST)
From: slacker@lists.tao.ca
To: internet@tao.ca
Subject: Denial of Service Attacks & the Nets
Send reply to: hacktivism@tao.ca
> [: hacktivism :]
>
>
> -> http://internet.tao.ca <-
>
>
>
> for more info:
> http://abcnews.go.com/sections/tech/DailyNews/yahoo000208.html
>
>
> Message-ID: <v04020a01b4c63d3e8725@[208.177.135.210]>
> Date: Tue, 8 Feb 2000 14:43:27 -0800
> Sender: State and Local Freedom of Information Issues
> <FOI-L@LISTSERV.SYR.EDU>
> From: Jim Warren <jwarren@WELL.COM>
> Subject: who's doing what, with which, to whom, for why?
>
>
> Let's see ...
>
> On January 27th, Clinton said he wants to make electronic "law enforcement"
> a high priority, in his State of the Union speech.
>
> By January 30th, the *always*-silent National Security Agency suddenly
> *alleges* very publicly, that its main computers -- that process covert
> communications interceptions from around the nation and world -- had
> inexplicably crashed from January 24th to the 28th.
>
> Escalating the issue, in the first week of February, Clinton's budget
> proposes to spend $240-million to massively expand his undetectable,
> at-a-keystroke, remote wiretapping facilities, to be able to secretly snoop
> on any phone in the nation.
> And half of the $240-million is Defense Dept loot -- perhaps from secret
> NSA appropriations (after all, wiretapping is what they *do*!). Note that
> another President thought that wiretapping his political opponents was so
> important that he risked -- and lost -- his presidency, trying to install
> them.
>
> By February 7th, the world's most prominant online information service --
> Yahoo (I don't count AOL as a service :-) -- suffers a massive attack and
> crashes for hours.
>
> By February 8th, Missouri and Oklahoma phone systems have crashed. It
> illustrates the horrors of vile cyber-terrorists, but without bothering
> "important" people in Washington or on the East and West coasts.
>
> Now, also on the 8th, the normally *very* reliable mail-server at
> Concentric Networks -- a large national ISP -- has been refusing to respond
> for more than an hour.
>
> What better way to "prove" the need for massively expanded government
> surveillance, and create a fenzy of support for it?!
>
> Suddenly crackers seem to have become far better than any have ever been
> before. But then again -- what organization has the best computer and
> phone-system crackers in the world?! There is "No Such Agency."
>
> --jim-the-paranoic
>
>
> ~~~~~~~~~
> a message from the internet list
> http://internet.tao.ca
> the internet you say?
> qui est-ce?
>
>
> [: hacktivism :]
> [: for unsubscribe instructions or list info consult the list FAQ :]
> [: http://hacktivism.tao.ca/ :]
>
--------------------------------------
. ^ Stuart Udall
.~X\ s_udall@yahoo.com
.~ \ http://cyberdelix.net/stuart.htm
revolution through evolution
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]