×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zimbabweans Hit By Cyber Attacks During Election

Soulskill posted about 8 months ago | from the failsafes-failed-safely dept.

Security 63

judgecorp writes "During last week's Zimbabwean election, some huge denial of service attacks took down sites including several reporting on human rights issues and potential irregularities in the election. Those affected suspect government involvement. ... GreenNet is only just recovering today, with some customer websites still down, having reported the strike on Thursday morning, the day after Zimbabweans headed to the polls. It appeared to be a powerful attack – TechWeek understands it was at the 100Gbps level – aimed at GreenNet’s co-location data centre provider Level 3, which subsequently did not let GreenNet move workloads within that facility. ... The DDoS that hit GreenNet was not a crude attack using a botnet to fire traffic straight at a target port, but a DNS reflection attack using UDP packets, which can generate considerable power. DNS reflection sees the attacker spoof their IP address to pretend to be the target, send lines of attack code to a DNS server, which then sends back large amounts of traffic to the victim."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

63 comments

Really? (0)

John Burton (2974729) | about 8 months ago | (#44495191)

"send lines of attack code to a DNS server," really?

Re:Really? (1)

Thanshin (1188877) | about 8 months ago | (#44495259)

"send lines of attack code to a DNS server," really?

Yes. The code was: 41545441434b21

Re:Really? (1)

fritsd (924429) | about 8 months ago | (#44496247)

Yes. The code was: 41545441434b21

Pfff.. wake me when those last 2 nibbles have been changed from 21 to 212131216f6e652121 ...

wait (-1)

Anonymous Coward | about 8 months ago | (#44495205)

zimbabweans have computers?!

Re:wait (1)

Anonymous Coward | about 8 months ago | (#44495291)

Surprisingly, yes they do. Please do not forget that it was the UK that set Mugabe up in 1980, despite his Chinese communist backing. And now we have the fruit of that political idiocy. You can bet your last dollar (Zim dollar or any other) that its the Chinese organizing the DDoS attacks, etc.

Re:wait (1)

inasity_rules (1110095) | about 8 months ago | (#44495335)

Indeed, I doubt the Zim government has the resources or skill to do this, given how often their own websites seem to get hacked.

They seem pretty adept at it, actually (3, Informative)

Camael (1048726) | about 8 months ago | (#44495399)

I shared the same belief as you, until I did some random digging... and wow.

Apparently the Zim government has LOTS of experience with cyber warfare [concerneda...holars.org] .

By the time Russia ‘e-nvaded’ Georgia and paralyzed its security with cyber-weaponry in August-September 2008, Zimbabwe was in its fifth year of cyber-guerrilla warfare. Using interception gadgets, the Zanu (PF) government of Robert Mugabe jammed radio signal and web traffic that sympathized with the opposition. Online newspapers and internet radios had been using the internet to attack the Mugabe dictatorship for the past four years. Government and anti-Mugabe hackers had been trading long-range artillery fire for three decades.

That article, mind you, was written in 2008. Imagine how much more they would have picked up in the last 4 years.

Re:They seem pretty adept at it, actually (1)

inasity_rules (1110095) | about 8 months ago | (#44495433)

Those gadgets? Guess where they come from? I suppose the Chinese could have trained them up in the interim, but for a large part they seemed to be following instructions from their Chinese overlords last time I was there... A couple of ham operators I knew got into fairly serious trouble over the things they were saying back in the mid 2000s, but mainly because they used their own callsigns. To be fair, I did not get my internet through tell-one, who probably did censor things, but instead through Econet, who did not(they had their own satellite link). I never ran across any blocked sites through them, or through the state sponsored university internet. I haven't been back for more than a couple of weeks in 3 years though, so things may have changed, but in the towns you can access pretty much any site you like.

Re:wait (1)

Entropius (188861) | about 8 months ago | (#44495847)

last dollar (Zim dollar or any other)

If they're Zimbabwean dollars, wouldn't you have to bet at least a trillion?

Re:wait (1)

jcr (53032) | about 8 months ago | (#44495349)

Not many since Mugabe ran that country into the ground.

-jcr

Re:wait (3, Interesting)

inasity_rules (1110095) | about 8 months ago | (#44495363)

You might be a little surprised if you visited Zimbabwe. The (one and only) thing Mugabe did right was push education, which means a lot of arbitrary schools in the middle of the rural areas have computer labs and things like that. There is a thriving business in old computers there, and it was almost enough for me to support myself.

Re:wait (1)

Andy Prough (2730467) | about 8 months ago | (#44495409)

@AC 05:12AM -- "zimbabweans have computers?!"

Yes, but most access the internet via internet cafes or mobile devices. The number of Zimbabwean internet users has tripled from 1.5 million to 4.5 million (around 37% of the population) in just the past two years. This number should jump substantially over the next year, as 3G/4G service has grown rapidly - reaching 91% of the population in the past year. A 2010 United Nations survey found the Zimbabwe literacy rate was the highest of all African countries.

Re:wait (-1)

Anonymous Coward | about 8 months ago | (#44495671)

@AC 05:12AM -- "zimbabweans have computers?!" Yes, but most access the internet via internet cafes or mobile devices. The number of Zimbabwean internet users has tripled from 1.5 million to 4.5 million (around 37% of the population) in just the past two years. This number should jump substantially over the next year, as 3G/4G service has grown rapidly - reaching 91% of the population in the past year. A 2010 United Nations survey found the Zimbabwe literacy rate was the highest of all African countries.

Hey for a nigger nation that's pretty good. I notice you did not tell us what this oh-so-high literacy rate was. Embarassed? Niggers are so very equal, their nations are so pleasant to live in dontcha know. Just like Haiti or the nontourist parts of Jamaica, mon.

Elections (5, Funny)

jkflying (2190798) | about 8 months ago | (#44495357)

Obama, Cameron and Mugabe are on a boat, when they realise it is sinking and there is only one lifejacket. They decide, being leaders of ostensibly democratic countries, to vote over who gets the lifejacket, so they each write a name on a piece of paper and put it in a cup.

Once everybody is finished, they counted the pieces of paper, and the results were:
Obama: 1
Cameron: 1
Mugabe: 6

Re:Elections (1)

Anonymous Coward | about 8 months ago | (#44495667)

The tally didn't really matter in the end. By the time they had counted the votes, Mugabe had arrested Cameron and Obama and then convicted them for treason in a show court.

Re:Elections (0)

Anonymous Coward | about 8 months ago | (#44495759)

And just then, a drone that was passing by bombed Mugabe for being on a secret 'these we bomb first' list, and Cameron died as 'acceptable' collateral damage.

Re:Elections (0)

Anonymous Coward | about 8 months ago | (#44495777)

How true. (And incredibly funny!)

Re:Elections (1)

BrokenHalo (565198) | about 8 months ago | (#44496705)

This is largely how he got into power in the first place, thanks to Lord Carrington and Maggie Thatcher.

Of his principal opponents, Joshua Nkomo was the foremost, though he might not have been much better an option (except that he had the grace to die sooner). Bishop Muzorewa never really gained the traction he needed, because he didn't use artillery.

THEY HAVE ELECTIONS THERE ?? (-1)

Anonymous Coward | about 8 months ago | (#44495381)

I am surprised. What is next, running water ?? TWO cricket teams ??

DNS Reflection is a bitch (3, Interesting)

Drakonblayde (871676) | about 8 months ago | (#44495385)

Been on the business end of a DNS reflection attack. Not fun. Not only do you have to figure out how to deal with loads of DNS responses invading your network, the contact that's listed for the allocation that the spoofed IP falls under gets slammed with inquiries from angry operators wanting to know why their network is sending so many damned DNS queries to them. Very disruptive.

We should pause and step back a moment... (1)

tlambert (566799) | about 8 months ago | (#44495417)

We should pause and step back a moment to meditate upon these attacks... hopefully it won't take too long or too many resources to do so...

Re:We should pause and step back a moment... (1)

gmack (197796) | about 8 months ago | (#44495491)

There are multiple ways these attacks could have been prevented but laziness and incompetence rule yet again. ISPs could add egress filtering, or they could limit the amount of open recursive resolvers on their network.

In the end, I suspect the only way to fix this will be the same way we fixed open mail servers: start blacklisting badly behaving ISPs.

Re:We should pause and step back a moment... (4, Informative)

Drakonblayde (871676) | about 8 months ago | (#44495737)

It's not as simple as that. Blacklisting badly behaving mail servers is one thing. That's pretty much an application level fix. You just don't accept the mail from the mailserver.

DNS reflection is more insidious. If I spoof an IP address and send a query to a DNS server that's authoritative for the domain, it's going to send a response back to the IP address in the source of the packet. Now I do that with a shitload of domains and a shitload of DNS servers, and they all start sending responses to the spoofed IP. A good DNS reflection attack will hit so many sources that it's impractical to filter them all, you'll spend a crapload of time just trying to keep the access-lists updated, and it's exponentially worse the bigger your border is. The only thing you can do is null-route the spoofed IP at your border to prevent the responses from getting into your network and bringing down your entire infrastructure.......... assuming you have border routers that won't die under the flood in the first place. The second you do that, the attacker has won.

If they're sending queries to authoritative name servers what are you going to do? Blacklist them? The authoritatives are doing what they're supposed to.

The only real way to stop DNS reflection is to convince every operator to do proper border filtering. If the source address in the packet didn't come from their allocation, they should drop it. Convincing network operators to do so is incredibly difficult.

The one I was on the end of, they did it smart. They started at 5am on Christmas day, which is pretty much about the best time to ensure that any response is sluggish at best. It went on for two weeks and didn't cease until 4 different providers had operators willing to pool their Netflow data in order to track back where the shit was actually coming from, and we found the CnC nodes buried in TWC's network. TWC was kind enough to terminate those nodes with extreme prejudice.

Didn't help though, we still lost the customer.

Re:We should pause and step back a moment... (1)

gmack (197796) | about 8 months ago | (#44495891)

I agree about filtering outbound traffic but keep in mind that these attacks work best with open recursive mail servers and there are few reasons to configure them that way. Need a resolver for your network? Then lock it so only your network can make requests on it. I just did a quick look up of the ISPs with open recursive name servers and found a company my employer does a lot of business with has 31 open recursive name servers. There is just no excuse for that.

My thought is that we need to cause pain for people who are lazy and we could easily start blacklisting name servers because having domains stop resolving would be more painful than fixing the problem.

Make them attack each other ... or best practices (0)

Anonymous Coward | about 8 months ago | (#44517665)

Attacks like this can ripple Tier 1

I've wondered what would happen if someone made these DNS servers (that don't follow best practices) attack each other in this manner. Would they fix them then?

Why don't the operators fix them? Paid off maybe?

Re:We should pause and step back a moment... (0)

Anonymous Coward | about 8 months ago | (#44504029)

Most facility providers have their own caching DNS servers that all internal hosts should be using. If they also had a clue then any DNS traffic crossing the border routers that doesn't source/sink to those caching server addresses should be getting dropped on the floor. At worst the caching DNS servers would be the subject of a DDoS but this wouldn't affect hosted web servers (unless they're stupidly doing reverse lookups for their log files).

My question (1)

korbulon (2792438) | about 8 months ago | (#44495461)

Why the hell is anyone who can still use a computer - or better yet, *own* a computer - still in Zimbabwe? You'd think the strategy for anyone with some means would be: Leave now. Come back when that old stupid fuck is dead.

Re:My question (2)

inasity_rules (1110095) | about 8 months ago | (#44495503)

Many do, but many stay because hope is a triumph of optimism over experience. Also, where do you propose they all go? Given the literacy rates a significant proportion of the population can use a computer. While I love the idea of Mugabe sitting alone in a ghost town, it isn't really practical...

Re:My question (1)

korbulon (2792438) | about 8 months ago | (#44495531)

Oh I know, lord I know - my question was more rhetorical than realistic. It's just so sad to see an entire country succumb to a cancer like Mugabe. Aside from the obvious parties, who else is to blame for the current situation? I mean, how did it come to this? And for so long?

Human history is a long line of relative misery, punctuated by brief epochs of absolute misery.

Re:My question (2)

inasity_rules (1110095) | about 8 months ago | (#44495607)

When Mugabe refused to allow the UN to administer the money the British were sending him to buy farms for the war veterans (because then he would not be able to steal it, and also, pride "Zimbabwe is a sovereign Nation!"), the money stopped and he had nothing to give the war veterans who then revolted. What happened next was highly predictable in hindsight. He printed money to appease them, which they squandered and inflation ate. So they demanded land and took it.

The problem is, when you're riding the tiger, if you get off it will eat you. I could almost pity the man, except for the slaughter of his own people in the 80s... In any case, if Mugabe dies, the Mujurus and so forth of Zimbabwe will drag it into civil war, since they control the police and the army. He clings to power because if he loses it, he is dead. He once stated he'd leave power in a coffin, and that is likely true even if he resigns. He is actually a very intelligent, though very nasty, person. Most blame his wife who is basically evil incarnate.

Zimbabweans are a peaceful people, they don't easily become violent. If that weren't the case, he would be dead by now. In essence, I guess the people get the government they deserve, though this could have gone an entirely different way had we had someone else as leader.

What the solution is, I don't know. Perhaps a free and fair election could transition power, but Tsvangirai isn't actually good leadership material. Essentially, the cancer has spread to the point where the organism that is Zimbabwe basically may die. Zimbabwe had such amazing potential.

Re:My question (1)

korbulon (2792438) | about 8 months ago | (#44495813)

Seems to me that much of Africa has amazing potential, but most of its countries are caught in a vicious cycle of incompetent, patrimonial and ruthless leaders with strong ethnic ties, an endless stream of warlords and strongmen propped up by commodities and foreign aid. Indeed, throwing wealth at the problem seems to do far more harm, like water on an oil fire. Nothing good can take root in such wretched soil. It's just so... fucking depressing.

Re:My question (1)

inasity_rules (1110095) | about 8 months ago | (#44496003)

South Africa isn't too bad. Not too good either, but it passes. The real issue is pretty much nowhere in Africa has a functional democracy. South Africa's does partially work, but not completely. It is really depressing, I know. I lived through the worst of Zimbabwe. If SA goes the same way, I guess I'm leaving Africa. I would be very sad to go though. Africa, despite it's issues is an absolutely amazing place to be.

Re:My question (1)

edanto (1990742) | about 8 months ago | (#44495541)

One thing that I discovered on my visits to Africa is that it can be extremely difficult for Africans to get visas to enter other counties. They don't have the freedom of movement that we enjoy. On top of that, many will have responsibilities to support relatives (social security in Zim is very limited), so leaving ain't as easy as it might first appear.

Re:My question (1)

DNS-and-BIND (461968) | about 8 months ago | (#44495657)

You know why Africans can't get visas? Because when their visa expires, they don't go home. Countries keep track of things like this. Then, they modify their visa laws to match. You know why it's easy for Americans go to anywhere? Because they spend money locally and then leave. A perfect fit, what every country wants. Even America.

Re:My question (1)

edanto (1990742) | about 8 months ago | (#44495703)

If only things were so simple. Hey, I'm sure if Africans had a nice stable democracy, with a ludicrously powerful dollar to return to, then they would go home to. The poster before me had simply asked why people in Zimbabwe didn't leave, and we've both given him part of the answer.

Re:My question (1)

Entropius (188861) | about 8 months ago | (#44495883)

They are leaving, though -- per a friend of mine from Pretoria, there are a great many Zimbabwean refugees heading to northern South Africa, and the SA government doesn't quite know what to do with them.

Re:My question (1)

inasity_rules (1110095) | about 8 months ago | (#44496069)

Yes, they take a lot of the Jobs in SA. Mainly because they're more willing to work and often better educated than their South African counterparts. In any case, since the SA government props up Mugabe, it is sort of a self-created problem. If all the Zimbabweans went home (and former Zimbabweans like myself), the economy here would take quite a hit... Still, you can't empty an entire country...

Re:My question (0)

Anonymous Coward | about 8 months ago | (#44495849)

It's called a family.

sounds like the problem is here.... (0)

Anonymous Coward | about 8 months ago | (#44495529)

, send lines of attack code to a DNS server,which then sends back large amounts of traffic to the victim

1. if the attackers need to spoof their own ip addresses when targeting the dns server, it's obvious they dont run their own.. why is the dns servers allowing the "attack code" are they exploitable or compromised? obviously they are ... so FIX THEM.
2. why are those dns servers sending massive quantity of responses and traffic back to a single ip or network? FIX THEM.

it's bad enough that there's people out there that do attack sites or services with ddos but, come on, really.. do you have to unknowingly help? afaik, those owners and operators of the dns servers allowing the attacks to go through their servers are equally at fault and just as liable (financially and otherwise).

Re:sounds like the problem is here.... (1)

mrbester (200927) | about 8 months ago | (#44495643)

You could ask questions of Level 3 who didn't help in mitigating the attack...

Re:sounds like the problem is here.... (1)

Drakonblayde (871676) | about 8 months ago | (#44495751)

It's not that simple.

A well executed DNS reflection attack is very very broad spectrum, and doesn't have to involve broken or compromised DNS servers.

It's easy to armchair quarterback, try being on the receiving end of one sometime and actually looking at the data you get, you'll be impressed.

Eliminating this kind of attack would take an unprecedented level of cooperation among service providers, and for most of them, there would be absolutely no business reason for them to undertake it.

Improvement (0)

Anonymous Coward | about 8 months ago | (#44495563)

If they were hit by a cyber-attack and not by Robert Mugabe's thugs, that's progress.

Re:Improvement (1)

Opportunist (166417) | about 8 months ago | (#44495615)

Is that like hitting Cuba with economic repressions rather than bombs is progress? If so, I think it's not really much progress.

Re:Improvement (1)

inasity_rules (1110095) | about 8 months ago | (#44495621)

In the recent elections people were hit by both, so it is progress... Just not progress from a non-Zaunu PF point of view...

sensationalist crap (1)

Gothmolly (148874) | about 8 months ago | (#44495821)

A DNS amplification attack is not hacking the Gibson, geesh.

Besides, what's the point of elections in Zimbabwe anyway? To decide whose face goes on the eleventy-billion dollar note?

This just in! (0)

Anonymous Coward | about 8 months ago | (#44495923)

Mandela is a coward, and Mugabe is the greatest African who ever lived. Bob says so himself [codewit.com].

Re:This just in! (1)

BrokenHalo (565198) | about 8 months ago | (#44503385)

Mandela is a coward, and Mugabe is the greatest African who ever lived. Bob says so himself [codewit.com].

Far out. I wonder if he was drunk. I don't think it's possible to come up with a more inflammatory speech than that.

Similarity between Obama and Mugabe (0)

Anonymous Coward | about 8 months ago | (#44497735)

Ni66er who commit election fraud.

simo (1)

coutysd (3011631) | about 8 months ago | (#44497975)

Simon : Wow Kate! That makes it seem much better. You're right, baby steps are the way forward. Starting with my immediate environment.

What was there to attack? (1)

sapped (208174) | about 8 months ago | (#44509301)

I think the thing that blows me away the most about this news is that there is anything of a cyber nature in Zimbabwe to attack in the first place.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...