Thursday, June 14, 2007

DDOSing And Spammers: More Than Just An Annoyance, A Terrorist Threat

I posted this today to Castlecops, who graciously approved it as a story. I'm reposting it here for posterity (and to spread the word.)

We consistently hear about DDOS attacks, but only as a byline story, or only within the tech media. There is a lot of evidence to suggest that these attacks are much more than merely an annoyance or a purely technical threat.

Yesterday, a forum which discussed the methods employed by illegal spammers of every stripe came under attack via what is known as a "Distributed Denial of Service", or DDOS, attack. The forum ( wasn't nearly as popular as some of those attended by the technical community. It had a membership of only several hundreds of users. Yet someone out there felt that it was enough of a threat to demand that someone attack it. As I write this, the site is still down. Nobody can be sure when it will return to active service.

A few weeks ago, several very public anti-spam organizations were similarly targeted for a number of days: Spamhaus was targeted, as were several of the routinely used blocklists SURIBL and URIBL.

Spamhaus reported the attack on the usenet newsgroup

The other attacks were reported by a relatively small sector of the tech media.

This makes it appear as though these types of attacks are not "big news", and has the effect of making them appear to be purely technical in nature, and therefore not of any concern to traditional news media, or ordinary citizens.

Contrast this with the very large-scale attacks against several sites fundamental to the government and other infrastructure of Estonia which commenced on April 27th, reported in The New York Times and CNet News, two very large media entities.

Those attacks were very large scale, and relentless, and had the effect of taking out pretty much any online functionality for any citizens within the country of Estonia. They attacked everything, essentially rendering the entire country helpless to do everyday things like banking, or taking trains (banking and rail services were suspended since all of their infrastructure relies on network services.)

This also never made front-page news, although it did get quite a bit of international attention.

Clearly: criminal groups who choose to attack a site, currently do so with relative impugnity. Attacking a little spam forum like they chose to do yesterday, or spamhaus as they did a few weeks ago, may not look like that big a deal. But how long will it be before they choose to target, say, New York City's JFK airport and their network infrastructure? Or the White House? Or CNN? They appear to want to limit any speech that doesn't meet with their personal view of how things should be. This is obviously unacceptable, but it's not seen as a large enough issue on its own.

The general public still has a long way to go in terms of understanding the implications of their own lack of technical knowledge. The FBI reported yesterday that they have identified one million compromised PC's, all of which could be used for any illicit purpose these criminals desire.

Most of those PC's are in homes of people who bought the computer, and never properly secured it, and probably have no idea that they're being used in these arguably illegal acts. Something has to change regarding this, and it will probably be quite some time before significant change takes place.

Today, it's merely sites that these spammers dislike due to the exposition of their identities or operating procedures. Tomorrow it could be your bank, or your local transit system, or your television stations which are targeted. And it can go on from there. What is it going to take for law enforcement to really seriously investigate and act on these attacks? Merely stating that there are one million PC zombies is nice to know, but it's not solving the problem of what these zombies are doing, and the effect it is having on free speech and other fundamental rights. We as citizens who wish to maintain the existing uses of the Internet and other networks should work more diligently to make sure our governments and law enforcement representatives take this issue seriously, and treat this type of terrorism no differently than they would that of Al Qaeda, Islamic Jihad, or Hezbollah, all of whom could easily make use of these resources.

At the moment the only barrier to taking action against these organizations seems to be the lack of will to do so. I and many others are hoping it won't take the cyber equivalent of a 9/11 to make someone take notice.

SiL / IKS / concerned citizen

1 comment:

markus said...

Spammers are indeed morons.

Mounting a DDoS attack is likely to rally more spam haters to the cause.

Here is an oxymoron for you -

The attack that shut down Blue Security was successful

Yeah, right.