statism watch

And another massively hyped botnet attack comes along, right in the midst of all these recent stories announcing an international cybersecurity apparatus. Gosh, gee, maybe we need a cyber Patriot Act and a good frisking every time we log on. Wired is right to suggest this is being used as a pretext, let’s not fall for it this time.

Flashback: Psiphon braintrust: Ottawa needs a strategy for cyberwar | US ‘concerned’ over cyber threat | UK to found new ‘cyber-security’ units attached to national eavesdropping centre | ISPs must help police snoop on internet under new bill | UK plans to integrate ‘cybersecurity’ centre with US, Canada | Cybersecurity Is Framework For Total Government Regulation & Control Of Our Lives | Obama Set to Create A Cybersecurity Czar With Broad Mandate | Put NSA in Charge of Cyber Security, Or the Power Grid Gets It | Electricity Grid in U.S. Penetrated By Spies | Pentagon spending millions to fix cyberattacks | Should Obama Control the Internet? | Cybersecurity law would give feds unprecedented net control | Munk Centre researchers discover botnet, call for international cyberspace ‘legal regime’

Kim Zetter, Wired.com
July 8, 2009

Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames – with one sworn enemy blaming another for the aggression.

Welcome to the New World Order of cybersecurity.

As reported by numerous media outlets this week, websites belonging to the White House, Department of Homeland Security, U.S. Secret Service, National Security Agency, Federal Trade Commission, Department of Defense and the State Department, as well as sites for the New York Stock Exchange and Nasdaq were hit by denial-of-service attacks over the July 4th holiday weekend. The Washington Post website was also reportedly affected by the attacks, launched by a botnet of more than 50,000 computers in several countries (mostly China, South Korea and Japan, according to Whois records) controlled by the hacker.

Then on Tuesday, at least 11 sites in South Korea, including sites for the Ministry of Defense and the presidential Blue House, were also targeted, leading the Associated Press to publish a story prominently quoting anonymous South Korean intelligence officials blaming the attacks on North Korea.

Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.

Both programs infect PCs running various versions of the Windows operating system. MyDoom was delivered through an infected e-mail attachment as well as through the Kazaa file-sharing network when it first came out. Once a user clicked on the attachment, the worm rooted through the victim’s e-mail contact list and mailed itself to everyone on the list. The initial malware in 2004 was programmed to launch a denial-of-service attack against a site for the SCO Group, which had filed an intellectual property suit against IBM over its alleged use of Linux code. The attack was programmed to launch February 1, 2004 and end February 12, sending a request to the website every millisecond. MyDoom was considered the fastest-spreading worm at the time.

In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.

“The fact that it’s using older threats isn’t a terribly stealthy attack,” says Dean Turner, director of Symantec’s Global Intelligence Network. “And the fact that it’s re-using code could indicate that somebody put it together in a hurry or that, as with most DDoS attacks, their purpose is mostly nuisance. It didn’t require a degree in rocket science to pull that stuff together.”

Although he acknowledges that, given the length of time this attack has continued, it’s “pretty significant.”

Joe Stewart, director of malware research at SecureWorks says the code he examined, which was written in Visual C++, was compiled on July 3, two days before the first attacks. Although Stewart says analysis of the attack is still in its early stages, he concurs that the attacker’s motivation was fairly routine.

“Usually you see a DDoS attack against one or two sites and it will be for one of two reasons – they have some beef with those sites or they’re trying to extort money from those sites,” he says. “To just attack a wide array of government sites like this, especially high-profile, just suggests that maybe the entire point is just to get attention to make some headlines rather than to actually do any kind of damage.”

Denial-of-service attacks are one of the least sophisticated kinds of attacks a hacker can launch and have been around for nearly as long as e-commerce. But their strength and reach has increased since the advent of botnets – where hackers take control of thousands of machines by getting users to inadvertently click on files containing malware that allows them to remotely control the machines. The hackers then use the machines to launch attacks on websites. The only reason this one seems to have caught the public eye is because so many government sites were targeted at once.

“The breadth of the attack is unusual,” Stewart says.

The malware is designed to contact various servers to obtain new lists of targets. The first list had only five targets – all U.S. government sites. A second list used by the malware on July 6 had 21 targets, all U.S. government and commercial sector sites, including e-commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in South Korea. The total number of sites known to be targeted so far is 39, Stewart says, although the list could be augmented as the days pass.

Not all the sites were crippled by the attack. Most of the U.S. sites recovered quickly, but a site for the Federal Trade Commission, Department of Transportation and Secret Service continued to have problems for a day or more.

The Department of Homeland Security, which oversees the U.S. Computer Emergency Response Team, said in a statement that as of last night, all federal websites were back up and running. Spokeswoman Amy Kudwa also said that US-CERT had issued a notice to federal departments and agencies advising them of steps to take to help mitigate against such attacks.

“We see attacks on federal networks every single day, and measures in place have minimized the impact to federal websites,” she said. “US-CERT will continue to work with its federal partners and the private sector to address this activity.”

Source | See also under Internet: Net Neutrality hearings begin with conflicting claims | Internet speed control faces scrutiny at CRTC hearings | Murdoch CEO Labels Bloggers “Political Extremists” | Should linking be illegal? | Psiphon braintrust: Ottawa needs a strategy for cyberwar | US ‘concerned’ over cyber threat | Pirate Bay Retrial Denied | UK to found new ‘cyber-security’ units attached to national eavesdropping centre | US Cyber Security Czar Front-Runner No Friend of Privacy | ISPs must help police snoop on internet under new bill | The dawn of Internet censorship in Germany | Twitter emerges as news source during Iran media crackdown | UK plans to integrate ‘cybersecurity’ centre with US, Canada | Prepare to be boarded! Pirate Party wins entry to European Parliament | Stockholm Court: Pirate Bay Judge ‘Unbiased’ | Time to slay Canadian file-sharing myths | CRTC keeps new media exempt from broadcasting regulation | Canadian copyright lobbyists leaned on “independent” researchers to change report on file-sharing | China begins internet ‘blackout’ ahead of Tiananmen anniversary | UK chases Obama on cybersecurity | Cybersecurity Is Framework For Total Government Regulation & Control Of Our Lives | Think tank plagiarizes, pulls report on Canadian piracy | Obama Set to Create A Cybersecurity Czar With Broad Mandate | Next up for France: police keyloggers and Web censorship | France passes ‘three strikes’ Internet surveillance law | Canadian Parliament Threatens People For Posting Video Of Proceedings Online | EU wants ‘Internet G12′ to govern cyberspace | UK Home Secretary has secret plan to surveil, ‘Master the Internet’ | UK wants industry to track Internet users as plans scrapped for state database | Fredericton police arrest well-known N.B. blogger on legislature grounds | Pirate Bay lawyer calls for retrial after judge confirms ties to copyright groups | Jail terms for Pirate Bay founders, appeal in works | French legislators reject internet piracy bill | Put NSA in Charge of Cyber Security, Or the Power Grid Gets It | Electricity Grid in U.S. Penetrated By Spies | Pentagon spending millions to fix cyberattacks | Aussies Announce $31B National Broadband Network | Britons block Google Street View van | Should Obama Control the Internet? | Cybersecurity law would give feds unprecedented net control | Munk Centre researchers discover botnet, call for international cyberspace ‘legal regime’ | Google Street View comes to Canada | In Australia, censored hyperlinks could cost you | ISOHunt points out Google, Yahoo torrent engines too | Obama Administration Claims Copyright Treaty Involves State Secrets | Internet ad tracking system will put a ’spy camera’ in the homes of millions, warns founder of the web | French government accused of ‘Big Brother’ tactics over internet piracy | Australian web censorship plan to begin trial despite house opposition | Time to regulate online content, cultural groups tell CRTC | Facebook’s Users Ask Who Owns Information | Do We Need a New Internet? | New law to give police access to online exchanges | Chinese Learn Limits of Online Freedom as the Filter Tightens | Britain unveils plans for nationalized internet service | Google plans to make PCs history | EU Police set to step up warrantless hacking of home PCs | Defense Contractors See $$$ in Cyber Security | UK Culture secretary wants international age restrictions for web | Protests in Australia over proposal to block Web sites | Latest Round of Closed-Door ACTA Copyright Negotiations Wrap Up | China restarts online crackdown | CRTC Internet regulation proposals take shape | Cyberbullying verdict turns rule-breakers into criminals | Felony hacking precedent not set in case of Myspace cyberbully | Myspace terms of use could become fulcrum for destruction of online anonymity in precedent setting case | Bell can squeeze downloads, CRTC rules | Australia to Implement Mandatory Internet Censorship | Microsoft patents web moderator robots, forbidden phrases to be memory-holed | CRTC to consider Internet regulation, invites public comment | RCMP to helm a Canadian “cyber-security strategy” | Is an Internet tax coming? | Italian Judge: Blogs are Illegal | Digital rights groups sue for access to secret ACTA treaty | Berners-Lee W3C Consortium to ‘Authorize’ Website Content? | Digital issues deserve spot in election campaign | Critics waging a cyber offensive to fight copyright changes | Law Professor tells tech conference: plans to shut down Internet already on deck | Bell continues throttling Internet, proposes bandwidth caps for resellers | Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups | MySpace signs up to OpenID scheme | Vint Cerf blasts ISPs for choking off internet infrastructure | Bell’s internet throttling illegal, Google says | Canadian Industry Minister lies about Canadian DMCA on national radio, then hangs up | The Canadian DMCA: Check the Fine Print | Government ready to drop copyright bomb | Transparency needed on ACTA | Net neutrality bill hits House of Commons | Revamped copyright law targets electronic devices | New Attempt to Align Canada’s Copyright Act with USA Coming Soon | CRTC revisits Internet oversight | Bell accused of privacy invasion | Canada Considering “Three Strikes and You’re Out” ISP Policy | Canadian DMCA To Be Introduced Tomorrow Morning?

This entry was posted on Wednesday, July 8th, 2009 at 11:06 pm and is filed under media, propaganda, provocation. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.