Re: Denial of Service Attacks & the Nets

From stu <lsi@space.net.au>
Date Fri, 11 Feb 2000 21:15:59 +0800


[: hacktivism :]

my 2c:

news reports cite 50 compromised hosts being used in this wave of 
attacks.  I have to guess, but I'd be surprised if it look less than  
two weeks, on average, to identify, penetrate, and stabilise access 
to a single compromised host.  So, that's 100 weeks, or around 2 
years.

Yet, we have only been hearing about this tech for since July 1999 
(the earliest reference I could find to DDOS tools by CERT), around 
6 months.

This means that more than one person must have worked to 
compromise the number of hosts required to mount this wave of 
attacks.  Indeed, it implies that a team of around 4 people worked 
solidly for six months to compromise the minimum number of 
hosts required.

In six months, it would be reasonable to expect some loss of 
access due to detection, improvements in security, host gone out 
of business, mistakes, etc.  To minimise these problems, the 
project would need to be accelerated - the web has been bustling 
with DDOS since around December, which suggests the project 
has been running around 3 months.

This then requires 8 people.

Did 8 people volunteer 12 full weeks of their lives to take Yahoo 
down for 3 hours?  How did they all come to work together, with all 
the skills required, to deliver in timeframe?

A group of hackers could muster resources to do this, even 
volunteers - ten thousand of them if need be.  But there is little 
return on investment; the impact to the net is relatively minor.  I 
don't see a strong motive for a hacker group to do this.

So, who else has the resources?  The same people Jim so 
brilliantly noticed have a motive.  The 1994 CALEA wiretap 
provisions are worth big bucks - not to hacker groups, but to law 
enforcement agencies... and telcos...

resources .... yes
motive .... yes

what else is there?

evidence of concealment?  Well, the FBI did say that they thought 
"a single teen" could have done it.  This statement implies that this 
lone teenager was able to crack 50 hosts in 3 months, a sustained 
rate of 4 hosts per week.  I am having difficulty believing this... are 
they obscuring the truth, or just being predictably foolish?

more?  well, they did say that "it may be difficult to trace..." and 
that they had launched an investigation in case their own 
computers were used.  Translation: we did it, but you can't catch 
us.  And by the way we might be able to catch somebody, if you'd 
just send us some more cash.

Divergently: the emergence of DDOS in a foreign language 
suggests the proliferation of these weapons.  We can assume that 
the military establishment has long possessed weapons like these, 
in the interests of national security.  The skills and knowledge 
learned by individuals while working on the tech bleeds into their 
environment.  Thus we can infer that foreign military establishments 
also have DDOS weapons, and we can conclude that there is a 
veritable arms race in the field.

That the establishment is now using the resultant weapons against 
its own citizens, for profit, is nothing new.

Stuart

Date sent:      	Wed, 9 Feb 2000 01:25:56 -0500 (EST)
From:           	slacker@lists.tao.ca
To:             	internet@tao.ca
Subject:        	Denial of Service Attacks & the Nets
Send reply to:  	hacktivism@tao.ca

> [: hacktivism :]
> 
> 
>   ->   http://internet.tao.ca   <-
> 
> 
> 
> for more info:
> http://abcnews.go.com/sections/tech/DailyNews/yahoo000208.html
> 
>    
> Message-ID:  <v04020a01b4c63d3e8725@[208.177.135.210]>
> Date:         Tue, 8 Feb 2000 14:43:27 -0800
> Sender:       State and Local Freedom of Information Issues
>               <FOI-L@LISTSERV.SYR.EDU>
> From:         Jim Warren <jwarren@WELL.COM>
> Subject:      who's doing what, with which, to whom, for why?
> 
> 
> Let's see ...
> 
> On January 27th, Clinton said he wants to make electronic "law enforcement"
> a high priority, in his State of the Union speech.
> 
> By January 30th, the *always*-silent National Security Agency suddenly
> *alleges* very publicly, that its main computers -- that process covert
> communications interceptions from around the nation and world -- had
> inexplicably crashed from January 24th to the 28th.
> 
> Escalating the issue, in the first week of February, Clinton's budget
> proposes to spend $240-million to massively expand his undetectable,
> at-a-keystroke, remote wiretapping facilities, to be able to secretly snoop
> on any phone in the nation.
>   And half of the $240-million is Defense Dept loot -- perhaps from secret
> NSA appropriations (after all, wiretapping is what they *do*!).  Note that
> another President thought that wiretapping his political opponents was so
> important that he risked -- and lost -- his presidency, trying to install
> them.
> 
> By February 7th, the world's most prominant online information service --
> Yahoo (I don't count AOL as a service :-) -- suffers a massive attack and
> crashes for hours.
> 
> By February 8th, Missouri and Oklahoma phone systems have crashed.  It
> illustrates the horrors of vile cyber-terrorists, but without bothering
> "important" people in Washington or on the East and West coasts.
> 
> Now, also on the 8th, the normally *very* reliable mail-server at
> Concentric Networks -- a large national ISP -- has been refusing to respond
> for more than an hour.
> 
> What better way to "prove" the need for massively expanded government
> surveillance, and create a fenzy of support for it?!
> 
> Suddenly crackers seem to have become far better than any have ever been
> before.  But then again -- what organization has the best computer and
> phone-system crackers in the world?!  There is "No Such Agency."
> 
> --jim-the-paranoic
> 
> 
> 		~~~~~~~~~
> 	a message from the internet list
> 	http://internet.tao.ca
> 		the internet you say?
> 			qui est-ce?
> 
> 
> [: hacktivism :]
> [: for unsubscribe instructions or list info consult the list FAQ :]
> [: http://hacktivism.tao.ca/ :]
> 


--------------------------------------
. ^                       Stuart Udall
.~X\                 s_udall@yahoo.com
.~ \  http://cyberdelix.net/stuart.htm

          revolution through evolution


[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]