Interesting People mailing list archives
more on cybersecurity neglected
From: David Farber <dave () farber net>
Date: Mon, 18 Oct 2004 12:59:16 -0400
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: October 18, 2004 10:53:52 AM EDT To: Suzanne Johnson <sjohnson () pobox com> Cc: David Farber <dave () farber net> Subject: Re: [IP] cybersecurity neglected
As the third anniversary of Sept. 11 passes, the next threat could be a Net threat:Solid evidence shows that al Qaeda agents and other terrorists are trying to attain the online skills needed to wage cyberwar.
They don't have to: so many people have made it so easy for them that even a half-hearted effort could be wildly successful. As just one example, consider what's need to conduct a good -- a really good -- DDoS attack: - lots of bandwidth - lots of CPU - lots of network diversity (so that simple countermeasures like blocking a handful of networks are ineffective) - autonomous attack agents (so that once they're unleashed, they can operate on their own, i.e. independent of any centralized control and thus independent of any single point-of-failure) - multiple attack engines (so that simple countermeasures like a blocking one kind of attack are ineffective) - staggered/rotating deployment (so that as attack agents are blocked or shut down, others take their place) - attack agents whose "owners" don't know they're attack agents (not really necessary, but certainly useful) Now consider that in light of developments such as:Investigative Report: How Hackers Infect PCs To Spread Spam and Steal Money http://www.usatoday.com/money/industries/technology/2004-09-08- zombieuser_x.htm
and: New Worm Installs Network Traffic Snifferhttp://news.netcraft.com/archives/2004/09/13/ new_worm_installs_network_traffic_sniffer.html
and: Is Organized Crime Controlling Your PC? Symantec report says Internet attacks for financial gain on the rise. http://www.pcworld.com/news/article/0,aid,117946,00.asp and: "A couple of weeks ago studies released suggested numbers of new systems being zombied / taken over range at a minimum estimate of 30,000 and a high estimate of 70,000 every day. We are starting to see troubling signs of PCs we maintain that are locked down and updated as tight as possible managing to get infected, we suspect either by web browser or by email, since the holes there and the vulnerabilities are now coming faster than we can respond to." (Ronald Edge, on NANAE) and:"I've seen CBL identify 300,000 _new_ compromised machines in a single day."
(Chris Lewis, on NANAE) along with all the other articles about spyware, adware, viruses, worms, spam, zombies (completely hijacked Windows systems) and so on. So far, the primary uses we've seen from all these compromised/hijacked systems have been: - sending spam - hosting spamvertized web content - probing for more systems to compromise/hijack - probing for security holes - probing for open proxies to send spam - harvesting email addresses for subsequent spamming - occasional DDoS attacks Nobody knows how many there are, but "tens of millions" is a minimal estimate and I wouldn't even blink if it turned out the number is wellabove 100 million. Nobody knows who's controlling them, although I think it's safe to speculate that it's not any single individual or group. We do know that access to them is being sold (i.e. so many systems for so many $$ for so many hours/days) as a commodity. We also know (via OS fingerprinting and other detection techniques) that they account for something around 80% of
all SMTP spam at the moment Putting this all together, it would be very easy for anyone with some money to spend to simply *buy* access to enough systems to launcha very effective DDoS attack. (And I doubt that those selling such access
would refuse to sell to anyone with cash in hand.) Imagine trying tolocate and stop a DDoS attack coming from, say, 20 million systems located
all over the world. Nothing especially clever is needed for this: the tools are already there, and the resources already available. I think it's just a matter of time until it happens -- and I wonder if some of the DDoS attacks we've seen recently have been experiments: after all, I don't think anyone has ever built a distributed computing cluster this large and diverse, so some tinkering may be necessary to figure out how to make it "work".And the chilling part is that it's only going to get worse: I find myself
wondering if there is an upper bound on the number of systems that will be compromised/hijacked other than the number of systems that *can* be compromised/hijacked.The fix? There is no fix, at least not one that most people will accept.
---Rsk ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on cybersecurity neglected David Farber (Oct 18)