Archive for the ‘Hacktivism’ Category

If you have been following #iranelection like I have, you might have heard about the distributed denial of service (DDoS) attacks that the opposition has used against government web sites.  On the SANS Internet Storm Center, Bojan Zdrnja includes some details of the attacks.

In last couple of days we posted two diaries (http://isc.sans.org/diary.html?storyid=6601 and http://isc.sans.org/diary.html?storyid=6613)  with information about Slowloris, a tool that was released last week that performs a resource exhaustion DoS attack on Apache web servers.

There has been a lot of chat about the tool on the web, so it was just a matter of time when we would see it using in real DoS attacks. Last week I posted a diary about two groups launching DDoS attacks on Iranian web sites (http://isc.sans.org/diary.html?storyid=6583). Both of these attacks were relatively simple and used existing, old tools for performing DoS attacks.

However, over the weekend some forums and web sites asking people to run DDoS attacks “expanded” their selection of tools by including Slowloris – nothing we didn’t really expect to see.

If you follow the links in the post, there is a lucid explication of the tools and methods behind the attacks. Even if you are not a technophile, the “nuts and bolts” of a DDoS is pretty interesting stuff.

Read Full Post »

This is from Jose Nazario of Arbor Networks:

The Democratic Voice of Burma is once again under DDoS. This one has been seen before, and it’s unfortunate that it’s happening again. I’ve been digging for information and hope to have some to share soon. At present I don’t have anything I can share.

The second bit of political hacking are reports that defacements have shut down Iranian clerics’ Web sites. I don’t see any DDoS activity around this yet but we are seeing some defacements, some apparently on sites that run buggy OSS codebases, so it’s not surprising that they got owned.

Read Full Post »

There have been a number of excellent pieces on the cyberwarfare dimension in the ongoing conflict between Georgia, the separatist regions of South Ossetia and Abkhazia, and Russia.  Here is a partial list:

After looking through photos of charred bodies among the detritus of war (via Danger Room), it might be easy to dismiss the significance of cyberwarfare.  However, one should remember the question is not whether an unavailable service or defaced website outweighs the human cost of war but rather how cyberwar fits into its larger scope.

On a tactical level, there are a number of questions we can ask.  Can cyberwarfare play a role in psychological warfare? Will it disrupt “network-centric warfare” and battlefield communication? How does it serve intelligence gathering?  Certainly, cyberwarfare has had an impact in the propaganda battle (for example, see John Little’s post “South Ossetian Separatist Propaganda On the Web”).  Moreover, cyberwar’s ability to capture the public imagination–as well as that of the military establishment–is itself a force multiplier whether cyberwarfare is media-generated hype or not.  Even if its threat has been overestimated, perceptions within the US, Russia, China, and elsewhere have led to resources being devoted to this mode of warfare that might have been devoted to conventional weapons. This fact alone illustrates that the cultural impact of a particular weapons system can exceed its destructive capacity.

What if culture–the “human terrain”–is the primary battlefield of cyberwar, not cyberspace?  This could explain the failures the U. S. military’s attempts “dominate” cyberspace, a notion more in line with Revolution in Military Affairs (RMA) doctrine than the more “culturally-orientated” Counterinsurgency (COIN) theory.  This brings me to John Robb’s post in which he discusses the advantages of cyberwarfare:

  • Deniability. Offensive operations by government computers/personnel against a target nation is an act of war. Actions by civilian vigilantes is not and can be disowned. An inability to point to a an offending organization can make blame difficult to affix: note the speed at which the US tech press was willing to deny a Russian cyberwar against Estonia.
  • A huge talent pool. Rather than spend money on training a limited number of uniformed personnel (likely poorly), it’s possible to draw on a talent pool of hundreds of thousands of participants (from hackers to IT professionals to cybercriminals). Given the rapid decay/turnover in skills, high rates of innovation, high compensation, and the value of real-world expertise, the best people for cyberwarfare don’t work (nor will they ever) in the government. The best you can do is rent/entice them for a while.
  • Access to the best Resources/Weaponry. The best tools for cyberwarfare are developed in the cybercriminal community. They have vast and rapidly growing capabilities: a plethora of botnets, worms, compromised computers within target networks, identity information, etc. Further, these capabilities are cheap to rent.

With these three advantages in mind, a DDoS attack may have more in common with insurgency/counterinsurgency tactics than “shock and awe.”  First, cyberwarfare has more in common with covert action–or perhaps “overt covert” action–rather than relying on the spectacle of rapid dominance.  Combatants are difficult to combat, and attacks are hard to recognize.  A website slowed with regular usage or down for maintenance could trigger fears of cyber attacks, analogous to the power outages in the United States that stimulated worries about terrorism.  Secondly, this “huge talent pool” is not an organized, hierarchical army but rather an insurgency.  Actors are as much unconnected as they are interconnected, defying the grasp of “full-spectrum dominance.”  Lastly, the best resources and weapons are not the product of the most advanced military-industrial establishment but a criminal underground–and they are cheap, easy to use, and available to anyone.

Robb goes onto make great points on why the United States fails at cyberwarfare and what should be done to establish a cyberwarfare capability:

  • Engage, co-opt, and protect cybercriminals. Essentially, use this influence to deter domestic commercial attacks and encourage an external focus. This keeps the skills sharp and the powder dry.
  • Seed the movement. Once the decision to launch a cyberattack is made, start it off right. Purchase botnets covertly from criminal networks to launch attacks, feed ‘patriotic’ blogs to incite attacks and list targets, etc.
  • Get out of the way. Don’t interfere. Don’t prosecute participants. Take notes.

For these reasons, cyberwarfare should be something left to the intelligence community, equipped with an Internet connection and a cultural awareness of hackers and the intended target, rather than the Air Force with its outmoded RMA high-technology fetish.

Read Full Post »

While protesters continue to disrupt the Olympic torch ceremonies in Greece, many of China’s supporters plan to launch their own protests against those who they believe to be misrepresenting the country’s intervention in Tibet. Western media outlets have been a frequent target. Recently, CNN drew the ire of Chinese officials when a commentator referred to China’s leaders as “goons” in reference to China’s crackdown on unrest in the region. Today, The Dark Visitor reports that the Chinese hacker community may join in these protests:

To coincide with the European protests, several Chinese hacker groups are calling for a DDOS attack on the CNN website to begin at 8:00pm on 19 April 2008. While only three websites have openly posted about this attack, my guess is that many more calls are going on behind closed doors.

During a distributed denial-of-service (DDoS) attack, hackers controlling thousands of compromised computers overwhelm their target with traffic in an attempt to render a computer resource–typically a web site–unavailable to its users. One of the most notable examples is the 2007 Estonian cyberattacks, which arose from a dispute between Russia and Estonia following the removal of Soviet war memorials. Many cite this attack as an example of the growing threat of cyberwarfare.

This is not the first time China’s involvement in Tibet has attracted the attention of hackers. Recently, pro-Tibet websites have been targeted in order to attack the sites’ visitors. These events continue to demonstrate the increasing weaponization of the Internet, and its role in creating a weaponized culture.

Update (4/18/08): The Dark Visitor is now reporting that the protest is gathering support–even outside of the hacker community. Among the sites calling for a DDoS attack on CNN.com are Guilin University of Electronic Technology. Check back at The Dark Visitor for breaking details.

Read Full Post »