Forgot your password?
typodupeerror

BlueSecurity Fall-Out Reveals Larger Problem 366

Posted by CowboyNeal
from the continuing-sagas dept.
mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites. While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."
This discussion has been archived. No new comments can be posted.

BlueSecurity Fall-Out Reveals Larger Problem

Comments Filter:
  • by yagu (721525) * <yayagu@@@gmail...com> on Thursday May 18, 2006 @07:16PM (#15361765) Journal

    There have been other outages, major, which have had significant impact. It's a good question: is the internet that fragile?

    In many ways it probably is. At the same time, the infrastructure seems resilient enough. The world so far hasn't laced up life-and-death critical systems to the internet such that a failure could cause loss of life. Well, that is, if you don't include:

    Oh, wait, I guess people have started doing that.

    What mechanisms exist for more than resiliency, i.e., instant self-healing? Could terrorists with a little knowledge and a few well-placed EMP generators disable major segments of the internet?

    Unlike phones and the phone networks which were built with lots of oversight and regulation (Universal Service was a big driver for this (aside: now that everything is profit driven, don't expect phone service at that farm house at the end of that long country road anymore... noone HAS to provide it)), I'm not aware of what safeguards back up the internet. In my entire lifetime, I've not one time experienced a phone outage, not once! Power outages, etc., the phone companies have backups to backups to ensure service (though there is the occasional and hard to manage for ditch digging incident).

    While large pieces of the internet are built upon the phone companies' infrastructure, other pieces aren't, and there are significant additional layers of complexity not in the phone companies' purview (switches, routers, coax cable from cable companies).

    That question, "is the internet that fragile?", is probably the biggest reason I've never opted to switch my phone service to VOIP yet. I'd hate to be the one (tiny chance, I know) who needs to make that one 911 call and not be able to do so because the internet is unavailable (which happens occasionally here, which is also too often).

    • Doesn't being a terrorist imply terrorizing people?

      The only kind of people a terrorist would terrorize by taking down the internet temporarily are people on slashdot.

      Terrorists are interested in killing people to get their message across, not inconveniencing them.

      • by Original Replica (908688) on Thursday May 18, 2006 @08:37PM (#15362197) Journal
        Doesn't being a terrorist imply terrorizing people?
        Traditionally yes, this might be "economic terrorism"(tm) according to the Dept. of Defense terroism is "the unlawful use of -- or threatened use of -- force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives." This would seem to apply here.
      • by 0xC2 (896799) on Thursday May 18, 2006 @09:00PM (#15362306) Homepage
        "Terrorists are interested in killing people to get their message across, not inconveniencing them." Totally wrong. Why do you think the most secure facilities in the world are the oil refineries? Terrorists absolutely love to take out pipelines, interrupt utilities, railroads, etc.. Look at the attacks on the Christian stores in Bagdad selling liquor. The affected people are also much more likely to blame the government for failing to protect services taken out by these attacks. For the money we have spent so far fighting "terrorists" we could have saved tens of thousands of lives, just by building safer, more expensive cars. from http://www.scienceservingsociety.com/p/141.htm [scienceser...ociety.com] : More than a million people are killed on the world's roads each year, the victims overwhelmingly young. In the United States more people die in a typical month in traffic crashes than died in the September 11 terrorist attacks. And for every fatality in a traffic crash, about 40 injuries occur, many of them severe. These traffic deaths and injuries include those among pedestrians and cyclists, as long as a motorized vehicle was involved. The number of traffic deaths worldwide continues to increase as more nations motorize. In the United States the number of traffic deaths has remained relatively constant at about 41,000 per year for the last decade. The economic impact of terrorism is much larger than its mortal impact.
      • Imagine the economic impact if you "broke the internet". Even just cutting off some vulnerable bits for a while could do a lot of monetary damage.

        I wouldn't be so concerned with the 'Net as a primary target of terrorism or deliberate hostile acts, but I think it could be a viable secondary target. Coupled with attacks on physical bottlenecks (Panama or Suez canal, the straits of Gilbraltar, the Malacca Straits, the Bosporus, any of the top 5 major ports in the world) a small nation-state or well-funded te
      • No, they are interested in terrorising people, that's why they're called terrorists not killorists.
    • Isn't the whole point of the internet that if one node goes down, you can still communicate through other nodes? Isn't that what made the internet useful?
    • by Steeltoe (98226) on Thursday May 18, 2006 @07:57PM (#15362013) Homepage
      A few years back we would have laughed that someone is calling this terrorism, and just saying it's just a few scriptkiddies having fun with DDOS and whatnot. Computers are just a fun box, nothing serious about it. Relax. Nothing of value is lost, and if you don't have a backup, you deserve it. Darwinism at work.

      It's also interesting how questions change. We question: Is the internet really that fragile?

      What happened to the baser question: Do we really depend so much on the internet?

      Of course, now that we do, maybe we should look into making the internet even more resilient than the original creators envisioned. After all, it was made to endure nuclear war, but a few scriptkiddies can still take down any site with a little DDOSing and DNS-tweaks..

      Just always remember where we came from.
      • After all, it was made to endure nuclear war,

        Myth. See the entry on Paul Baran here [ibiblio.org]
        • Myth. See the entry on Paul Baran here

          I did, and you're sort of wrong. Here's the relevant bit from your link:

          This design, which included a high level of redundancy, would make the network more robust in the case of a nuclear attack. This is probably where the myth that the Internet was created as a communications network for the event of a nuclear war comes from. As a distributed network the ARPANET definitely was robust, and possibly could have withstood a nuclear attack, but the chief goal of its

      • by MarkRose (820682) on Thursday May 18, 2006 @11:17PM (#15362968) Homepage

        Do we really depend so much on the internet?

        Yes! Last holiday season, over 10% of purchases made using Visa were online (Source [visa.com] - PDF). If you are familiar with trends, 10% is critical mass, the point at which a concept takes off. The Internet is very much an entrenched part of the first-world economy.

    • Phone outages (Score:3, Insightful)

      by mangu (126918)
      In my entire lifetime, I've not one time experienced a phone outage, not once!

      You are lucky! I've had several phone outages. I had a few outages caused by water in the cable ducts in my street after heavy rains. I had one in the old days (~25 years ago) of analog hardware that took them several days to fix. I've had an outage caused by a truck hitting a utility pole, in a neighborhood where the cables were overhead.

      Although telephone stations are more robust than the internet, because they are very special

    • I think it's a question of standards. There are standards for TCP/IP, DNS and all these other protocols and utilities we use on the internet. The problem is, the standards are built to the lowest common denominator, not the most secure. If we required all DNS servers, top-level domain providers and ISPs to adhere to a standard of security (to the point that, if your servers are insecure, no other server will accept requests from you), while it would not get rid of problems, it would significantly reduce
  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday May 18, 2006 @07:16PM (#15361771) Homepage Journal
    It seems like every week there's a new issue with DNS. Why can't DNS be secured? Is it just inertia? Is BIND really that pathetic, or are they just not using it correctly?
    • by creimer (824291) on Thursday May 18, 2006 @07:21PM (#15361794) Homepage
      Like everything else in the computer world, you have to wait for the next great upgrade of the Internet called Web 2.0! Of course, I'm going to wait for SP1 to come out before jumping on the bandwagon.
    • by Anonymous Coward on Thursday May 18, 2006 @07:39PM (#15361902)
      BIND when used correctly can foil/hamper these DNS attacks from occuring.
      Any tool improperly used can possibly cause problems.
      This a proper way to secure a Bind nameserver.
      An example would be in your bind named.conf adding an acl section and adding to section options.

      //add your trusted networks
      acl "trusted_queries" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
      acl "trusted_recursion" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };

      options {
      allow-query ( "trusted_queries" };
      allow-recursion { "trusted_recursion" };
      version "no version"; //protect your nameserver version
      };
      //and for your zones just add allow-query any
      zone "some.zone.com" IN {
      type master;
      file "pri/some.zone.com.zone";
      allow-query { any; }; //allow legitimate nameservers to get host info
      };
    • what internet? (Score:2, Interesting)

      by cez (539085)
      dns has always had inherrent weaknesses due to its universal standards and how the interenet relies on it as it does. scary how the internet is only the internet that you can view through whatever controls your DNS...
    • > Is BIND really that pathetic, or are they just not using it correctly?

      Here's a performance comparison [www.sics.se] of the ubiquitous Apache web server with Yaws [hyber.org], an Erlang-based web server. (Erlang is a programming language and virtual machine designed for distributed processing.) To summarize, "Apache dies at about 4,000 parallel sessions. Yaws is still functioning at over 80,000 parallel connections." The author goes on to speculate that the reason Apache dies so quickly is due to limitations in the host op

  • motivation (Score:2, Insightful)

    by OffTheLip (636691)
    As much as Slashdot and other white hat leaning movements fight the good fight the motivation of the 'ememy', perceived as terrorists, spammers, greedy bastards or script kiddies test driving internet mayhem will continue to have the upper hand. The wild west metaphor often describing the lawlessness of the internet is real. As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.
    • by vertinox (846076) on Thursday May 18, 2006 @07:41PM (#15361919)
      As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

      Emperor Palpatine, is that you?
    • I've always thought of /. as rather BROWN hat myself.
      And considering the color scheme in this here section, the only way /. could more readily agree is by adding images of corn chunks scattered here and there... all willy nilly in a fashion.

      *ahem*
    • As much as we hate the NSA and other invasive orginizations they impose structure and laws.

      No, they don't, because they can't. The world's governments can't control anything except what those under their own jurisdiction can and can't access of the real Internet outside, the extreme of which we see developing in China. If what you want is a nationwide Intranet under Government control with only superficial resemblance to the real thing and the appearance of "structure and laws," there's your business mod

    • Re:motivation (Score:5, Insightful)

      by Jah-Wren Ryel (80510) on Thursday May 18, 2006 @08:13PM (#15362099)
      As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

      I don't know where you got the idea that NSA's activities have done anything to "impose structure and law" on the Internet.

      If anything, the NSA has been actively participating in the chaos by going ahead and doing their own thing with no regard to the law.
    • Re:motivation (Score:5, Insightful)

      by ScrewMaster (602015) on Thursday May 18, 2006 @10:55PM (#15362841)
      You're wrong. Lawmakers impose laws, not government agencies, and when they're doing their job properly they pass laws that keep dangerous organizations like the NSA in check. They've been rather lax in their duties lately ... certainly Congress has largely fallen down on the job. The problem is that too much of our current government has been infected by the disease of unaccountability. They do whatever the Hell they please in the name of "homeland security" or "antiterrorism", and there's nobody left to tell them to stop.

      I would further submit that America was far less chaotic in the good old days when big government wasn't so big, wasn't so invasive and tended to leave its citizens alone. It isn't necessary to have a government that restricts and monitors its citizens to the degree that ours is doing for the purpose of achieving a stable society. In fact, the imposition of excessive control, coupled with erratic enforcement, creates instability! This is variously called "political unrest" or "social protest" or, when carried to the logical extreme, "rebellion". Furthermore, it is the kind of thing Americans do when they're pushed too far. At least, I hope it's still the kind of thing we do. It's about the only hope we have left. The way things are in D.C. nowadays, it's pretty obvious that while the lights are still on there's nobody home.

      The Wild West aspect of the Internet, which seems to disturb you to some degree, is precisely what makes the Internet the greatest advance since the invention of fire, the wheel and air conditioning! The economic, scientific and cultural benefits of the Internet, as it is today, far far outweigh the dark side. Reducing the Internet experienced by ordinary people to a bland, "civilized" mix of email and heavily-filtered browsing would take away the power, freedom and utility so many people have come to expect and enjoy. It would also largely eliminate innovation and the development of new technologies, as no-one would be allowed to do anything not approved by the powers-that-be. Huh ... I think I just described AOL.
    • Re:motivation (Score:3, Insightful)

      by IAmTheDave (746256)
      The wild west metaphor often describing the lawlessness of the internet is real.

      Not entirely. Back in the "lawlessness of the wild west" anyone caught doing anything like this would be strung up by the neck. Now when someone tries to do something about these sorts of attacks (like Lyco's screensaver) there is an uproar about stooping to the same low and "maybe" breaking some laws while doing so.

      If years and years and years of war have taught us nothing, it is that nothing is free and fire must be fou

  • Of Course (Score:3, Insightful)

    It is far easier to tear something down than it is to build something up. Regardless of the Internet, that's just the way things work.
  • by muhgcee (188154) * <stu@fourmajor.com> on Thursday May 18, 2006 @07:23PM (#15361811) Homepage
    I don't think this quite falls into terrorism:
    The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons. (http://dictionary.reference.com/search?q=terroris m [reference.com])

  • by jmorris42 (1458) * <jmorris@[ ]u.org ['bea' in gap]> on Thursday May 18, 2006 @07:24PM (#15361816)
    > What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist
    > clearly have the upper hand.

    Yup, and I'd have loved to have seen the US gov use this as a perfect 'live fire' exercise. After all, if they can't stop a few punk spammers how can we have any confidence they could stop a determined attack by the usual terrorist suspects?

    Perfect opportunity to test all the phases of response, from tracking the responsible parties all the way to eliminating them. Ok, in this case a SEAL team would probably have to be tasked to capture em instead of just dropping a few bombs on their sorry asses. Or if, as I suspect, the ringleaders are in the US or other western representive nations, just have em all arrested.
    • Yup, and I'd have loved to have seen the US gov use this as a perfect 'live fire' exercise. After all, if they can't stop a few punk spammers how can we have any confidence they could stop a determined attack by the usual terrorist suspects?

      My first reaction is to agree with you, partly just because I'd like to see the full might of our larger teams of spookier cyber-folks brought to bear on the spammers... but I'm thinking that this might be one of those things that would squander the public debut of so
      • > I'd rather that we save such visible displays for when it matters (more). This matters, but perhaps not as much as
        > deliberate attack on larger or more public pieces of the infrastructure.

        No reason to reveal sources & methods just that we DO have the ability to track the asshats back to their mansion/lair/cave/etc. Announce afterwards that while we aren't promising that level of protection to everyone everywhere, that we do intend to pick a few out for future tests AND to make some examples. B
  • weakest link (Score:5, Insightful)

    by brenddie (897982) on Thursday May 18, 2006 @07:24PM (#15361820)
    well the internet is as strong as the weakest link, and guess what OS that link is..
    None of those attacks (DOS) could have been done without the use of thousands of zombie machines.
    I guess the only way of stoping the attakers is by taking their weapons (zombies) from them and thats left as an excersise for the survivors.
    • Any non-Read Only OS is vulnurable to malicious software. Each OS has enough "security holes" (Otherwise known as features), to allow auto-running of malicious software without the knowledge of the average user.
    • Re:weakest link (Score:2, Informative)

      by rmallico (831443)
      I think you missed the part where they mention the attackers take over poorly configured DNS servers on the internet to send bogus requests to/through...
    • Actually, the beauty of the internet is that it _isn't_ as strong as it's weakest link. The idea is that there are many links that create a...web, so if the weakest one fails another link can be established.


      The problem is not that there is a weakest link, it is that none of the links are terribly strong and are vulnerable in their current state.

    • Re:weakest link (Score:4, Insightful)

      by saleenS281 (859657) on Thursday May 18, 2006 @09:03PM (#15362321) Homepage
      that would be your favorite flavor of *nix then. The attack was carried out by misconfigured BIND servers. Last time I checked, BIND isn't the primary nameserver used by Windows, which is what I assume you were insinuating. These weren't windows zombies, this was drdos via *nix machines. Back to the drawing board on that one my good man.
      • Re:weakest link (Score:3, Informative)

        by everflow (635196)
        The attack was carried out by misconfigured BIND servers.

        i didnt read that in the article so how do you know? besides, last time i checked UltraDNS uses non-BIND name server software.
    • by jd (1658)
      With the move away from US Government-funded infrastructure towards a purely profit-making attitude, virtually any redundancy in the Internet has been eroded at best, eliminated at worst. Redundancy costs hard cash and earns nothing extra. The days of the backbone being able to survive a full-scale nuclear attack are over. These kinds of attacks will persist - and worsen - because an individual is quite capable of summoning a cyber-army of zombies that can easily take out any one of a number of single point
  • by colinbg (757240) on Thursday May 18, 2006 @07:25PM (#15361822)
    Seems to me maybe the solution is a tiered internet where spammers pay more to use the bandwidth... oh wait, sorry wrong discussion.
  • It sort of makes one hesitant to out source IT operations to a place like India. Hmmmm... maybe it's time to DDoS India and bring those jobs back to the US. If the Indian's are such technology mavens, maybe they'll find it in their best interests to resolve the DDoS / DNS Amplification issue and then we can all welcome our new, outsourced Indian overlords. =)
  • by fbg111 (529550) on Thursday May 18, 2006 @07:26PM (#15361829)
    I think a bigger question has been raised - is the Internet really that fragile?

    No, the Internet is robust and redundant. What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.
    • by AnotherBlackHat (265897) on Thursday May 18, 2006 @07:35PM (#15361881) Homepage
      ... the tens of thousands of pwn3d Windows PC's ...


      More like "hundreds of thousands".

      My spam traps have been hit by over 1.5 million unique IPs this year alone,
      with an additional 30,000 never before seen IPs every day.
      I estimate there are currently 3-4 million compromised machines world wide.

      -- Should you believe authority without question?
      • That's it? Of the hundreds of million machines out there that's pretty good! If thats the case then its all about the last little bit with not even 1% of Windows machines being infected and used for such tasks things don't look so bad. Can't forget the broad scope that is Windows.

        Seems to me like ISPs should just ban port 25 everywhere. If you are a business hosting your own email then pass abuse.net certification and then the ISP will turn it on for you. Same could go for home users. Can't really do this

    • Why not sue each individual user? Even if the box is operating without their knowledge or consent, they are the physical owners of the machine. When your empty, parked car rolls down a hill and damages a house, aren't you still liable?

      I imagine that it would not take many publicized lawsuits before Joe Sixpack also considered security and system vulnerability when choosing an operating system.

      Might also consider suing some or all of the ISPs who allowed blatantly malicious traffic to pass through their wi
      • Start writing "admin@.com" and complaining about the spam coming from their domain.
        What about suing said .com ? I'm not a big fan of litigation, but this would seem appropriate here. The owners of the domain are in another country, ok sue to have that domain cut off from the DNS system. Anything coming from that domain will go nowhere, they lose the priviledge of being part of the internet. That could go for domains, or certain servers or whole countries, play nice or get out.
      • When your empty, parked car rolls down a hill and damages a house, aren't you still liable?

        Ahh.. but this is not the same....
        this is more like; you park your car on the street and leave the keys in it. Someone comes up, hops in and drives off with your car, then uses it to smash into a bank.

        you are not responsible for their commiting a crime, whether they did it with your car or not.

        Yes, you're an idiot for leaving your keys in it, but you are not commiting the crime. the person that stole your car is.

        Ahh..
    • What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.

      You're right on the first part, wrong on the second.

      It's true that if there weren't zombie machines out there to take part in botnets, that DDoSing would b
  • by Joe U (443617)
    It's time we started thinking up an alternative to the current DNS setup.

    DNS in its current state is:
    Easy to break.
    Easy to use to break other systems.
    Tied too tightly into SMTP. (Think about it)
    Tied in to the whims of ICANN and whoever tells them what to do.
    Tied in to the whims of Verisign.

    DNS is the Achilies Heel of the Internet. (One of several apparently, but that's another article)
  • To get in front.. (Score:3, Insightful)

    by CashCarSTAR (548853) on Thursday May 18, 2006 @07:30PM (#15361847)
    Of all the common comments...

    #1. Don't blame Windows. Most botnets spread through software downloaded installs. 99.999% of computer installs today are vulnurable. The exception, of course, is the LiveCD type OS run directly from a CD in a read-only format. Your choice of OS is no protection. If you run malicious software, your computer is a zombie. Period.

    #2. The problem is E-mail. Don't want spam? Don't use e-mail. That seems harsh, but it's true. E-mail is an open protocol, and as such, is ripe for such abuses. It's about time to come up with a new type of server based messaging. I'm not saying let the spammers win. What I'm saying is remove their audience.
    • Re:To get in front.. (Score:4, Informative)

      by PDXNerd (654900) on Thursday May 18, 2006 @07:41PM (#15361916)
      Your choice of OS is no protection. If you run malicious software, your computer is a zombie. Period.

      Really? I looked around and can find no links through google for malicious zombie downloads on linux that will run on all flavors. Please post the link to one or a link to an article that disects one.

      I'm not making the argument that linux can't be hacked - it can and I've seen the results of root kits. How many linux zombies are there? Is it proporational to the number of linux vs. windows machines? (Assuming Linux desktops and servers total 2% of desktops, 2% of spam zombies should be Linux, right? Where are the 4% of OSX zombies?)

      It's about time to come up with a new type of server based messaging.

      For every lock, there is a new way to pick it. For every type of security, there is a new way to hack it. This is a band-aid. The real problem is the fact that there is money to be made from this.
      • by Vancorps (746090)
        The answer is Yes [zdnet.com] Linux machines are often turned into zombies.

        As the parent poster stated "if you run malicious software, then your computer is a zombie." I won't hazard to state the proportions but last I checked the number of Apache servers hacked in a given year outnumber IIS hacks. Of course there are far more Apache servers out there so that's really not saying that much.

        As for email, I don't think it is near as broken as people seem to think. It's amazing how people just want to throw the whole th

      • I couldn't find any either. But I don't see a special technical reason why you couldn't install one on Linux. I know that you can get things such as various types of security and scanning software that will run in the background...how is this any different from an invisible IRC client? It's not.

        While it's true that Windows machines are overwhelmingly the ones affected, this is simply a factor of marketshare.

        Once OS X gets a good marketshare, you'll see a ton of little aps that have zombie clients attached t
    • by AuMatar (183847) on Thursday May 18, 2006 @07:47PM (#15361953)
      To do #2, you lose one or more of the things that makes email valuable

      1)Its free- you only pay for bandwidth

      2)Its universal, anyone can get an account

      3)Its open, no company can block a user from email

      4)Its possible to send email to anyone, even someone you don't know, if you have their email address.

      All of these are extremely important and make email the useful tool it is today. Take any away, and the usefulness plummets. Spam is annoying, but the benefits of the four above points far outweigh it.
      • The usefulness of email is already plummeting. Sooner or later those 4 points are going to be outweighed by sheer volume. Is 50% spam too much? How about 95%? When your line is saturated for several minutes at a time downloading useless email? When a good percentage of your own messages are counted as false positives by aggressive automated spamblockers and never reach their destination?
  • by Opportunist (166417) on Thursday May 18, 2006 @07:30PM (#15361852)
    It's the direct link to more governmental control over something under the premise that it "has to be" so the "terrorists" can be stopped.

    While I do agree that this definitly shows the threat spammers really pose to the internet, I fear at least as much handing government the card blanche to monitoring all and any internet traffic for the sake of "saving us from spam".

    No, I'm aware that this won't help a single bit in an attempt to quench spam. But did any anti-terror activity actually work against the alleged threat?

    So bring this problem to the attention of your senators, your governors, your congressmen or whoever has some power in your country. This is a very, very serious problem, the criminals are getting the upper hand in this turf, and the internet is a resource I don't want to see depending on the goodwill of the spam mafia.

    But for all that we hold dear, avoid the word terrorism. Legislators have been using that word before as the excuse for every kind of restrictive laws that did JACK to solve the problem and only created more. Try to find a word that makes them actually realize the problem and realize that this problem is serious. Not only to the worthless humans using it, but also to precious commerce.
  • by Todd Knarr (15451) on Thursday May 18, 2006 @07:32PM (#15361860) Homepage

    No, the Internet isn't that fragile. It's suprisingly robust, in fact. About the only thing that can really do any significant damage is sheer volume, enough traffic from enough distinct sources to overwhelm the target server or swamp it's network connections. No matter what, anything is always going to be vulnerable to that. You can only have finite bandwidth and server horsepower, and if an opponent's willing and able to throw enough resources at you he can simply overwhelm you. It's often referred to as "the Slashdot effect".

    The only thing that's happened is that, because of the inherent insecurity of Windows machines and the increasing number of them with broadband connections, the bad guys now have access to orders of magnitude more bandwidth and horsepower than any single server can have. In military terms it's like facing an enemy who outnumbers you by ten thousand to one. Distributing your DNS won't help, redundant pipes won't help, distributing your servers won't help, if you can deal with 99% of his assault he's still got a hundred times what you can absorb left.

    The only thing that can help is cutting off the supply of ownable machines the bad guys can take over and use in their attacks. If they're limited to their own machines they can't do much harm.

    • The only thing that's happened is that, because of the inherent insecurity of Windows machines and the increasing number of them with broadband connections, the bad guys now have access to orders of magnitude more bandwidth and horsepower than any single server can have.

      Tell me about it.

      rant
      So I have a catch-all email on my domain name (say 'example.com'). A couple of weeks ago, I started to receive bounced email which had a return address like 'wert@example.com' and 'nrtp@example.com'. Great, this is the s
  • by sakusha (441986) on Thursday May 18, 2006 @07:34PM (#15361875)
    One of these days, some asshole is going to take down the entire net, just to prove that it can be done.

    I keep thinking about the old saying, "what isn't prohibited, is required." Because the net doesn't prohibit these massive DDoS attacks, someone WILL do them, over and over, either because they are into extortion, or just because they're evil fucks and like creating mayhem. I almost believe that someone ought to just do it and break the net permanently so everyone will have to come to grips with this. So maybe the solution will mean that nobody with an insecure OS will be allowed back on the net. Maybe we need a catastrophic failure to force a total revamp of network protocols, and an excuse to exile all the lusers like people still using Win98. I dunno, it would probably be faster, cheaper, and ultimately more satisfying if we could just assassinate spamming assholes like PharmaMaster/Eran Reshef. [wired.com]
  • by subl33t (739983) on Thursday May 18, 2006 @07:34PM (#15361876)
    Dear Homeland Security: please look closer at Redmond.

    This is terrorism. Everyone with a trojaned Microsoft box is aiding and abetting.

    Thank you, Linus and Steve.
    • There are OS X botnets, and although I've never heard of any, I'd be there's probably a few proof of concept Linux botnets hanging out in hacker circles. Any OS that allows user installation of software is equally suspect to a zombie takeover.
      • There are OS X botnets, and although I've never heard of any, I'd be there's probably a few proof of concept Linux botnets hanging out in hacker circles.

        There are plenty of *nix botnets in the wild. Here's [washingtonpost.com] one source, but I've heard about them for a long time now. Almost all are running a service that gets it hacked (such as PHP on httpd in that example). Back when I was willig to help people with their PHP-Nuke installs, I saw a lot of compromised machines with interesting bits of software on them. My o

      • Really?

        Got any data to back that statement up? Seriously - I've never heard of OS X bot networks.
    • When in doubt, blame Microsoft. Screw intelligent research. Maybe somebody somewhere has done some tracking down to see who are the most likely suspects.

      The bigger picture on people identified as suspects in the spam and DDOS attacks on Blue Security is painted by Spamhaus / ROKSO. They maintain a global Top 10 list [spamhaus.org] and a global Top 200 list [spamhaus.org] of spammers.

      A quick search on "bluesecurity" digs out

      ROK6138 - Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov - Main Info [spamhaus.org]

      ROK5514 - Christopher J. [spamhaus.org]
  • Meh ... (Score:4, Insightful)

    by Sonic McTails (700139) on Thursday May 18, 2006 @07:39PM (#15361909)
    You know, BlueSecurity was working. Had they survived, it might have shutdown the spammers. This is going to become a massive bubble issue. Someone just needs to pick up the torch BlueSecurity dropped, and be willing to fight the fight.
  • by Anonymous Coward on Thursday May 18, 2006 @07:42PM (#15361921)
    I backup the internet every night at 10 pm (PST).
  • Unfortunately this abuse of the internet by criminals will mean more laws to control the internet. And there will be more monitoring of the internet. Hopefully there will not be monster firewalls to restrict access, but I could see it happening to prevent this undesirable activity (think China). It is sad, but humans have a tendency to mess up a good thing.
  • by burnin1965 (535071) on Thursday May 18, 2006 @07:45PM (#15361937) Homepage
    From TFA "These massive assaults harness the power of thousands of hacked PCs to swamp sites with so much bogus traffic that they can no longer accommodate legitimate visitors."

    The problem is the thousands of hacked PCs that are used in these attacks. The internet is working exactly the way it was designed and the bot nets take advantage of bottlenecks in the system.

    What is being done to take out these bot nets? I've perused a few of these bot squads on IRC and while there are many zombied Windows machines there are also many *nix boxes which succumbed to the brute force ssh password attacks because they had user accounts with stupid passwords.

    Aside from locating and neutralizing the individual boxes in the squads shouldn't we be creating and deploying self immunizing tools in our infrastructure that detects these boxes and quarantines them?

    Shouldn't we also be holding people accountable for having vulnerable boxes connected to the net? Perhaps a bandwidth restriction will help for repeat offenders.
  • by Anonymous Coward
    1) someone needs to list state or federal laws that were broken.

    2) If there were laws broken, a spokesperson for the appropriate government agency (agencies) needs to explain why not prompt action was taken. ISP's whose clients were part of the attacks should have been warned to shut down their clients who are participating, or be shut down.

    If no laws were broken, smile!

    Perhaps the Federal government should have the power to permanently shut down an ISP that doesn't respond to a demand to block clients unt
  • Terrurizem (Score:4, Insightful)

    by mikiN (75494) on Thursday May 18, 2006 @07:51PM (#15361976)
    Fanatics flying airplanes into buildings killing thousands : Terrorists.

    Haxors commanding botnets to DDOS servers : Cyber-terrorists.

    Big corporations doing aggressive take-overs : Corporate terrorists.

    Mass producers dumping products below cost overseas : Market terrorists.

    Politicians sketching doom scenarios during campaigns to woo scared voters over to their party : Political (party) terrorists.

    C'mon cut it out will ya, soon they will brand humans multiplying without limits sucking up resources and scaring other animals away and out of existence : Biosphere terrorists?

    You know, according to some theory, black holes will eventually suck up most of the available matter in the universe, leaving it a dark cold desolate place with only some Hawking radiation to warm your soul. Should we call those : Universal Terrorists then?
  • Minus these, I can see many systems that could fail with a little effort. One of the problems I see with our current infrastructure is the notion of machine-to-machine communication - when really, what we want to know is in effect, remove anonymity from the equation (there will be discussion this point, I realize). Machines talk to each other as machines. We ultimately want to know WHO did X, or Y, so we can find them and hurt them in some fashion (bullets to the temple, fines, whatever...). (okay, substitu
  • there's the Interweb you and I use.

    I don't know that anyone in gov't really cares half as much about the consumer's network versus their own systems.

    Ah, the perils of the "ownership society."
  • by sorphin (14046) on Thursday May 18, 2006 @07:55PM (#15362002)
    I work for an unnamed backbone provider, and have currently been involved in blocking said DNS Amplification attack.. to give you a general idea of the size of the attack and the number of zombies involved.. When I left work... The attack was 14,768% of 9.8MBps... or.. over 13GBit/sec... Our infrastructure is holding up just fine, however.. Personally, I'd like to find the 'owner' of these zombies, and castrate him. I guess the guy doesn't have anything better to do with his life than trash the net...
  • by mpcooke3 (306161) * on Thursday May 18, 2006 @08:03PM (#15362045) Homepage
    Sadly the internet is already compromised since the bot networks are already too large for most organisations to take on.

    I hope someone does something to deal with the botnet threats. Being able to suck multiple gigabits of bandwidth means 'they' can kill any small to medium sized internet operation if they want to via a range of attacks from the simple to the rather sophisticated.

    Tier1 ISPs usually don't care other than possibly to try and filter all your traffic to prevent their other customers from suffering.

    Some medium/larger sized companies use services like Akamai siteshield that are capable of sustaining a reasonable DDOS-ing but the botnet operators will eventually realise that the attacks are not just about knocking a site offline. Akamai will charge you for that traffic which will send the companies bankrupt anyway (and possibly quicker than going offline). In fact i was wondering how on earth bluesecurity were going to pay their bandwidth bill.

    The defences we have against such attacks are pathetic. I was amused in an episode of 24 when they came under an online attack from terrorists and their new "CISCO FIREWALL" protects them, i mean seriously the firewalls are the least of your problems these days. If you come under attack from one of these serious russian dudes - you'd be looking at trying to filter the traffic well before it reaches the firewalls since your line and network would be saturated.
  • by Mattness (636060) on Thursday May 18, 2006 @08:05PM (#15362055) Homepage
    The internet is so not fragile it isn't even funny. Can people make it hickup and sneeze along minor portions of it? Yes. Is it fragile? Hell no! It's been running for 20 years across the globe. It has been hammered by viruses, trojans, organized DDOS attacks and world-wide calamities and their corresponding data-storms and still the internet as a whole has functioned. It may simply be that the internet is not enough of a singular entity to be susceptible to a singular vulnerability. Computers are fragile, software can be fragile, but the aggregation of those two into an organism made up of millions perhaps even billions of machines is not fragile. The DDOS attack on Blue Security, when compared to the totality of the internet is practically meaningless. The only thing that might make the entirety of the internet fragile would be a universal vulnerability which has no workaround and cripples the main traffic routes of the internet itself. Maybe this will happen, but I think even then, the internet will continue to function but perhaps just along it's backroads and private secure networks.
  • by Animats (122034) on Thursday May 18, 2006 @09:19PM (#15362384) Homepage
    OK, now we have to fix the DNS problem.

    The basic requirement here is that DNS servers shouldn't be accepting queries from clients outside their local organizations. This is like the old "open relay" problem with SMTP. Obviously, such DNS servers have to be fixed. To force the issue, DNS servers queried by other DNS servers should find out if the querying server incorrectly accepts queries from the outside. If it does, that server is marked as a loser, and its queries get processed only after any other queries, and maybe with a deliberate delay. That should deal with the problem in the near term.

    The stronger form of this protection is that many queries from loser servers are answered with an address that returns a page saying something like "Your DNS server at [xxx.xxx.xxx.xxx] has a problem and must be upgraded." The screaming users will get the problem fixed.

  • by nomad63 (686331) on Thursday May 18, 2006 @10:41PM (#15362748)
    The #%^^@$! spammer jerk has thousands of computers in his bot network and leashed them on BlueSecurity. So far so good. These zombies are mostly on broadband connections, served by a cable or DSL provider.

    Isn't it in the TOS of the ISPs to require the end user to keep his/her computer safe from viruses and malware, crippling the provider's network ? If so, why the ISPs shut those zombie machines' network connectivity down ? Yeah, there will be few bystanders who may get nabbed but most of these bystanders will be the geeks who are pushing their broadband connections to the limit and they will contact the ISP and get their connections re-instated. The clueless users, whoch have been own3d by the hacker will have to find someone to clean up their pc's caoghing up some dough which will make them a little more carefull about listening to people when they were told not to open attachments to see the cute dog pictures or accept free product offers from inscrupulous websites.

    If you do not hold the ignorant users' feet to the fire, this zombie issue will not come to an end. Yes, we al know that, Redmond's finest operating system is no more than a joke when it comes to security, but if one is buying this crap, they should be ready to keep it safe and secure or find some other platform, let it be mac or linux or what have you.

    I for one, am sick and tired of seeing the spammers to go unnoticed while the solution, regardless how brutal it is to the end user, goes unnoticed. Enough is enough !

The sooner you fall behind, the more time you have to catch up.

Working...