(Fwd) [ISN] IRC Attack Linked to DoS Threat

From lsi <lsi@lsi.clara.net>
Date Tue, 16 Jan 2001 14:15:06 -0000


[: hacktivism :]

People have been going on about how lame it is to DOS the IRC
network.  Yes.  Think: in whose interest is it to DOS IRC?

If you were the FBI... would you like to DOS IRC?

If you were NIPC... would you like some evidence to back up your
assertions of last month?

Remember the Yahoo/eBay DDOS attacks happened at the same
time FBI was going for funding.

Remember that weapons such as DOS tools have recently been
made a priority for development within the enforcement community:

http://www.cnn.com/2000/TECH/computing/11/22/cy
berwar.machine.idg/index.ht
ml

>(IDG) -- The U.S. military has a new mission: Be
ready to launch a
>cyberattack against potential adversaries, some of
whom are
>stockpiling cyberweapons.
>
>Such an attack would likely involve launching
massive distributed
>denial-of-service assaults, unleashing crippling
computer viruses or
>Trojans, and jamming the enemy's computer
systems through electronic
>radio-frequency interference.

It doesn't make sense that IRC users would kill IRC.  Therefore, it's
not them that's doing it.  Who has the motive, the means, and the
capability to DOS IRC?  The FBI and NIPC, that's who.

The style of the attack is also consistent with law enforcement's
modus operandi - suppress all opposition.  That is, law
enforcement continues to use prohibition as a method of "keeping
the peace".  Thus they have demonstrated it is not beyond them to
simply take something offline (a jail cell is the real-world
equivalent).  The recent depleted uranium scandal shows how law
enforcement is willing to do anything to win, including irradiating
the lands of children who were not even conceived at the time of
the conflicts concerned.

Enforcers do anything to suppress.  DOSing IRC is likely - what's
the bet IRC is heavily regulated in, say, China?  IRC is powerful -
witness its use during the coup in the USSR and the war in Iraq -
any self-respecting totalitarian regime would seek to curtail it.  The
FBI is no exception to this.

Stuart

------- Forwarded message follows -------
Date sent:      	Mon, 15 Jan 2001 00:54:56 -0600
Send reply to:  	InfoSec News <isn@C4I.ORG>
From:           	InfoSec News <isn@C4I.ORG>
Subject:        	[ISN] IRC Attack Linked to DoS Threat
To:             	ISN@SECURITYFOCUS.COM

http://www.wired.com/news/culture/0,1284,41167,00.html

by Michelle Delio
10:45 a.m. Jan. 12, 2001 PST

Recent vicious cyberattacks on IRC services have now been linked
to a
National Infrastructure Protection Center security warning that
advised systems administrators to protect their systems against a
potential widespread distributed denial of service attack over New
Year's weekend.

According to court documents filed on Thursday by the FBI as well
as
sources involved in the investigation, the agency is now
investigating
a Lynwood, Washington teenager who is believed to have been part
of a
planned widescale attack "to take down the Internet" over the recent
holiday weekend.

The teenager is also under investigation for attacking the servers of
DALNet, an IRC service.

The teenager, whose name is being withheld due to his age,
admits that
he was involved in the creation of "Godswrath," a program that
allows
users to launch distributed denial of service attacks.

But he is denying involvement in any attacks on DALNet, and said
that
the threats to hijack the Internet that appeared on the Godswrath
website were "just blowing off steam."

A spokesman for the FBI's Los Angeles office, which is leading the
investigation, said he could not comment on the case, but said an
official statement will be released Friday or Saturday.

The agency is also investigating the possibility of involvement by
other people, reportedly located in California, Michigan and Israel.

Meanwhile, many IRC services are still under attack.

Undernet appears to be the hardest hit, with its IRC service bots
down
and no projected date for their return.

When an IRC server is attacked, it also impacts the IRC Internet
service provider's ability to carry on normal day-to-day network
operations. The most recent attacks on Undernet have been so
severe
that some providers have terminated their agreements to host the
IRC
servers on the Undernet network.

But according the Undernet administrators, even this has not
stopped
the attacks.

Some of Undernet's service providers continue to be the subject of
extensive DoS attacks, even after disconnecting the IRC servers.

It appears, Undernet administrators said, that "the intent of the
subject(s) orchestrating these DoS attacks is not only to destroy an
IRC network, but also to adversely impact the business enterprise
of
individual ISP's that have hosted Undernet IRC servers."

"I am completely bewildered as to what these attacks are
supposed to
achieve, other than the destruction of a service that has been in
place for nearly 10 years," said Beth Healy, former administrator of
the Undernet User Committee.

"The vast majority of Undernet volunteers, including IRC operators
and
administrators, are people who have real jobs and families and
concerns and yet make the time to help maintain the network and
continue to provide a totally free service to its users. And yet
people are taking this for granted, and that is the real shame here,"
Healy added.

But some say that Undernet should share some of the blame for the
attacks.

Bill Lavalette, who owns and operates the NdrsNet irc Network, said
that Undernet resisted his attempts to aid them in securing their
servers.

"We went to them two years ago and told them how to fix their
network
to help protect their users and provide a more stable form of chat.
They laughed at us," Lavalette said. "As it stands now, it is the
most
out-of-control IRC network on the Internet."

"I feel sorry for the users of that network more so than the owners
and admins. Their lack of attention to the users and their network
has
made it easy for the script kiddies to attack them and as with
anything the more publicity and proof of concept that it can be done
the more it will be done. Undernet for the most part as of now is
under the control of the script kiddies," Lavalette added.

Undernet administrators say there are numerous issues that will
complicate a swift resolution to their current crisis.

Other IRC channels such as DALnet have publicly stated they have
decided to work closely with the FBI and other international law
enforcement agencies to get attackers arrested, rather then trying
to
solve the problem internally.

DALnet's cooperation with law enforcement directly lead to the
investigation of the Seattle-area teenager accused of launching
Godswrath, along with the recent arrest of four hackers in Israel.

"Over the past year, DALnet has lost over a dozen servers due to
attacks of this sort," DALnet CEO David "Taz" Kopstain said.

"These attacks simply underscore the fact that people need to be
continually vigilant about security issues; everyone needs to spend
the time and money necessary to secure machines, servers, and
networks
against being made unwitting participants in someone's nefarious
scheme of revenge or terrorism, DALnet founder Sven "Dalvenjah"
Nielsen said.

"People need to realize that by not keeping their machines secure,
they are costing the rest of the Internet community millions of
dollars in time and lost revenue."

The human cost is also significant. IRC has many devoted users,
who
are saddened by the seemingly irrational attacks on the chat
services.

"I've been an IRC devotee for over 10 years and have never seen this
level of attack," a user named Rico wrote in an e-mail.

"It's such a shame that the very technology that has fostered open
communication and the only really true peer-to-peer sharing will
most
likely suffer an untimely death."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a
message body of
"SIGNOFF ISN".


------- End of forwarded message -------
------------------------------
. ^               Stuart Udall
.~X\     stuart@cyberdelix.net
.~ \    http://cyberdelix.net/

..revolution through evolution


[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]