Information Security News mailing list archives
Who Are These Jerks, Anyway?
From: William Knowles <wk () C4I ORG>
Date: Thu, 10 Feb 2000 19:29:48 -0600
http://upsidetoday.com/Opinion/38a211670.html Who Are These Jerks, Anyway? February 10, 2000 by Richard L. Brandt The real question about the "denial of service" (DoS) attacks on major Web sites this week is: Just who are these jerks, anyway? It could be virtually anyone. Except for non-jerks. You have to be a jerk to pull this kind of stunt. It seems to be nothing but a prank. There is no political ideology, no monetary gain, no anger against the sites being attacked. There is just the thrill of having done it and knowing that all those important newscasters on television are talking about something you did. Gee, aren't you special? If it were political or a protest against particular sites or e-commerce in general, there should be some sort of manifesto, someone claiming credit. The point of a terrorist attack is to let people know why you did it, in an attempt to change something you don't like. But in this case, no one is claiming credit or telling us why it's happening. Further, although there are certainly unscrupulous people who would attack a site in order to make money -- say, short a stock before the attack -- usually such a person would be smart enough to keep a low profile. When a lot of prominent sites are attacked at once, investors realize this is an anomaly and not a problem unique to the company being attacked. The stocks of these companies did not decline as much as some observers thought they might. That's why the main speculation seems to be that this is being done by adolescents (in mind if not in body). "The people who have done this in the last couple days are amateurs," says Alex Samonte, chief engineer at SiteSmith, a company that helps build Web sites. "It appears to be just for the fun of it." Samonte has a lot of experience on this issue, as someone who has been building Web sites for a long time. He did some of the work on the original Yahoo site. We should distinguish between these amateurs (or "jerks") and that underground computer community that calls itself "hackers." The hacker communities are really pissed off right now, because every television news program in the universe is talking about the "hacker attacks." Hackers like to figure out how systems work. They like to find obscure weaknesses that can be exploited. The more difficult, the better. There is status in being able to do something sophisticated. And many of them try to demonstrate their power by showing it off in some relatively harmless way, posting an obscene message, say, rather than shutting down a site. Most hackers do not consider DoS attacks to be true hacking. You can do it automatically, using one of several rogue programs available on the Internet. (One early program, still popular, is called Smurf, although there are a lot more sophisticated programs these days.) Using such a program makes this kind of attack a simple process that we used to call "cookbooking" in chemistry lab. You don't have to know how it works, just follow the directions and you get the reaction you want. The problem in this case is that we don't know what reaction the attackers want. Hacker news sites are complaining. On 2600: The Hacker Quarterly, for example, writers say they're insulted to be linked to these attacks by implication. The site's editors do concede, however, that the attackers have a reasonable knowledge of Internet topology. (Suggestion to the hacker community: Find a new name for yourself. The term "hacker" has been co-opted by the press to mean any computer attacker, malicious or not. The public's definition of the word is different than yours. You can't change that now.) The reason these attacks are so disturbing is that it could be some 14-year-old jerk doing it. And some of the recent attacks could be done by copycats, an even more despicable breed of jerk, because they don't even show any originality. And it's not that I agree with hackers who may be trying to prove a point or make a statement, but the randomness of these attacks is clearly worse. The world is moving toward e-commerce, and it can be halted by some pimply-faced kid who doesn't have a life. Isn't that a pleasant image of the information revolution? When I was in college at a really geeky school called Harvey Mudd College, there were lots of phone phreaks and geeks who liked to show that they could make free calls off the college president's phone line with their homemade blue boxes. I'd hang out with them sometimes and get a giggle out of doing something naughty. But then I grew up. The current attacks demonstrate the double-edged sword of any new technology. The Web empowers the individual to do great things. It can also amplify his or her tendency to be a jerk and hurt a lot of people. With every new privilege comes a new responsibility, and these folks are irresponsible. They don't deserve access to the Web, but we don't know how to deny them service, unless they are caught. Apparently, that will be difficult to do. It is not difficult to disguise yourself, or make it appear that you are operating from a different address. It's called spoofing. According to Samonte of Sitesmith.com, in order to trace the attack back to the origin, you have to do it while the attack is occurring, probably tracing back through several different servers, ISPs and network providers -- with their cooperation. But the people operating the target sites are too busy putting out fires, trying to get their sites back up, to spend time doing the tracing. Here's another difficult problem: DoS attacks use innocent computers to do the attacking. They do not exploit security problems in the target sites, they attack security problems in other computers on the Internet. They get other computers -- and it could be your home computer with a DSL connection -- to send hundreds of messages to the target site. Enlist enough of those computers and you can overwhelm a site with too much traffic. Therefore, companies that can best prevent such attacks are the Network Service Providers or Internet Service Providers, not the target Web sites themselves. The ISPs know all the network addresses that should be routing signals through their services. These spoofed messages would have strange IP addresses on them. So theoretically, the ISPs could block any messages with the wrong address. But they may have thousands of legitimate addresses to keep track of, and those change every day as new clients join up and old ones drop off. It is not that trivial or cheap, and the ISPs themselves have nothing to gain by it. They would only do it to prevent another company from being attacked. In other words, "What's my motivation?" To be nice? Government subsidies might do the trick, but we know how bad government subsidies are. Right? Longer term, there are solutions. Major sites need to distribute their servers and add as much redundancy as possible. That will make it harder for the attackers to find and target all their servers, increasing the odds that the site will keep running. But that's not an overnight job. But in the meantime, this is a perfect example of the difficulty of putting a powerful tool in the hands of the people: Some people are jerks. --------------------------------------------------- "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *=================================================* ISN is sponsored by Security-Focus.COM
Current thread:
- Who Are These Jerks, Anyway? William Knowles (Feb 11)
- Re: Who Are These Jerks, Anyway? Johnathan Meehan (Feb 11)
- Message not available
- Re: Who Are These Jerks, Anyway? Johnathan Meehan (Feb 14)
- Message not available
- Re: Who Are These Jerks, Anyway? Mixter (Feb 14)
- Re: Who Are These Jerks, Anyway? Johnathan Meehan (Feb 14)
- Re: Who Are These Jerks, Anyway? Reverend Jain T. Resin (Feb 16)
- Re: Who Are These Jerks, Anyway? whitvamp (Feb 16)
- Re: Who Are These Jerks, Anyway? Johnathan Meehan (Feb 16)
- Re: Who Are These Jerks, Anyway? Johnathan Meehan (Feb 11)