nanog mailing list archives
Re: Mastercard problems
From: Marshall Eubanks <tme () americafree tv>
Date: Thu, 9 Dec 2010 11:11:49 -0500
On Dec 9, 2010, at 4:37 AM, Paul Thornton wrote:
On 08/12/2010 20:42, Jack Bates wrote:Of course, it's debatable if use of LOIC is enough to convict. You'd have to first prove the person installed it themselves, and then you'd have to prove that they knew it would be used for illegal purposes.Earlier this morning there were two people interviewed on the BBC radio 4 Today program (this is considered the BBC's flagship morning news/current affairs show on their serious nationwide talk radio station) about this - one was a security consultant and another was a member of/spokesman for the 'operation payback' group. One wonders why the Met Police didn't have someone waiting to have a quiet chat with the latter when he left the studio. Both of them said that people had been voluntarily downloading and installing botnet clients on their PCs in order to take part in these DDoS attacks. Ignoring, for a moment, the stupidity of such action it is hard to see how you'd be able to argue that this was *not* going to be used for illegal purposes. The other amusing part of the interview was when the security consultant started off very well explaining a DDoS in layman's terms, but then veered off using the terms HTTP, UDP and IP in one sentence causing the presenter to intervene as it "was getting a tad too technical there".
There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. My guess is that we will shortly see security folks searching through Facebook and twitter along with IRC for signs of attack coordination. It does seem like these social attacks would lend themselves to obfuscation and steganography (i.e., you don't have to say "let's bombard Ebay with packets using X", you can say "Let's send Elisa lots of poetry using X," or something more clever), so I don't think it will remain as easy as in this case. By the way, I was amused that a Twitter spokesman boasted that "The company is not overly concerned about hackers’ attacking Twitter’s site, he said, explaining that it faces security issues all the time and has technology to deal with the situation." I hope he had his fingers crossed when he said that, as Twitter can barely keep the service functioning on a good day, with frequent outages. Regards Marshall
Paul.
Current thread:
- Re: Mastercard problems, (continued)
- Re: Mastercard problems Jack Bates (Dec 08)
- Re: Mastercard problems William McCall (Dec 08)
- Re: Mastercard problems Jack Bates (Dec 08)
- Re: Mastercard problems Christopher Morrow (Dec 08)
- Re: Mastercard problems Philip Dorr (Dec 08)
- Re: Mastercard problems Olof Johansson (Dec 08)
- Re: Mastercard problems Jack Bates (Dec 08)
- Re: Mastercard problems Paul Thornton (Dec 09)
- Re: Mastercard problems Roland Perry (Dec 09)
- Re: Mastercard problems Joseph Prasad (Dec 09)
- Re: Mastercard problems Marshall Eubanks (Dec 09)
- Re: Mastercard problems Jim Mercer (Dec 09)
- Re: Mastercard problems Joseph Prasad (Dec 09)
- Re: Mastercard problems Roland Perry (Dec 09)
- Re: Mastercard problems Jim Mercer (Dec 09)
- Re: Mastercard problems Roland Perry (Dec 09)
- Re: Mastercard problems Michael Smith (Dec 09)
- Re: Mastercard problems Fearghas McKay (Dec 09)
- Re: Mastercard problems Jack Bates (Dec 08)
- Re: Mastercard problems Scott Brim (Dec 09)
- Re: Mastercard problems Marshall Eubanks (Dec 09)
- Re: Mastercard problems Marshall Eubanks (Dec 09)