×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BlueSecurity Fall-Out Reveals Larger Problem

CowboyNeal posted more than 7 years ago | from the continuing-sagas dept.

366

mdrebelx writes "For anyone following the BlueSecurity story, sadly the anti-spam crusader has raised the white flag. Brian Krebs with the Washington Post is reporting that after BlueSecurity's announcement, Prolexic and UltraDNS, which were both linked with BlueSecurity through business relations came under a DNS amplification attack that brought down thousands of sites. While much of the focus about the BlueSecurity story has been centered on the question of what can be done about spam, I think a bigger question has been raised - is the Internet really that fragile? What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist clearly have the upper hand."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

366 comments

interesting question about fragile (5, Insightful)

yagu (721525) | more than 7 years ago | (#15361765)

There have been other outages, major, which have had significant impact. It's a good question: is the internet that fragile?

In many ways it probably is. At the same time, the infrastructure seems resilient enough. The world so far hasn't laced up life-and-death critical systems to the internet such that a failure could cause loss of life. Well, that is, if you don't include:

Oh, wait, I guess people have started doing that.

What mechanisms exist for more than resiliency, i.e., instant self-healing? Could terrorists with a little knowledge and a few well-placed EMP generators disable major segments of the internet?

Unlike phones and the phone networks which were built with lots of oversight and regulation (Universal Service was a big driver for this (aside: now that everything is profit driven, don't expect phone service at that farm house at the end of that long country road anymore... noone HAS to provide it)), I'm not aware of what safeguards back up the internet. In my entire lifetime, I've not one time experienced a phone outage, not once! Power outages, etc., the phone companies have backups to backups to ensure service (though there is the occasional and hard to manage for ditch digging incident).

While large pieces of the internet are built upon the phone companies' infrastructure, other pieces aren't, and there are significant additional layers of complexity not in the phone companies' purview (switches, routers, coax cable from cable companies).

That question, "is the internet that fragile?", is probably the biggest reason I've never opted to switch my phone service to VOIP yet. I'd hate to be the one (tiny chance, I know) who needs to make that one 911 call and not be able to do so because the internet is unavailable (which happens occasionally here, which is also too often).

Re:interesting question about fragile (1)

FLEB (312391) | more than 7 years ago | (#15361806)

Meh, don't make too much of it. I got a fast-busy the last time I tried to call 911... on a landline.

Re:interesting question about fragile (3, Insightful)

DarkHelmet (120004) | more than 7 years ago | (#15361840)

Doesn't being a terrorist imply terrorizing people?

The only kind of people a terrorist would terrorize by taking down the internet temporarily are people on slashdot.

Terrorists are interested in killing people to get their message across, not inconveniencing them.

Re:interesting question about fragile (1, Funny)

stfvon007 (632997) | more than 7 years ago | (#15361915)

I would think being dead would be a major inconvienence. Anyway with lives actually on the line if the internet goes out ( Such as a failure of a 911 call to go through when its needed via VOIP, or a doctor unable to access a patients medical information at another hospital to know a person has an allergy to a certain medication. People can die due to a DoS attack.

Re:interesting question about fragile (4, Informative)

Original Replica (908688) | more than 7 years ago | (#15362197)

Doesn't being a terrorist imply terrorizing people?
Traditionally yes, this might be "economic terrorism"(tm) according to the Dept. of Defense terroism is "the unlawful use of -- or threatened use of -- force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives." This would seem to apply here.

Re:interesting question about fragile (3, Insightful)

PatTheGreat (956344) | more than 7 years ago | (#15361910)

Isn't the whole point of the internet that if one node goes down, you can still communicate through other nodes? Isn't that what made the internet useful?

Re:interesting question about fragile (4, Insightful)

Sinus0idal (546109) | more than 7 years ago | (#15362090)

Yup and with BGP routes would swap over eventually if a link was broken. Unfortunately though, we rely too much on DNS which is a fairly fragile infrastructure to say the least.

Interesting how things change (4, Interesting)

Steeltoe (98226) | more than 7 years ago | (#15362013)

A few years back we would have laughed that someone is calling this terrorism, and just saying it's just a few scriptkiddies having fun with DDOS and whatnot. Computers are just a fun box, nothing serious about it. Relax. Nothing of value is lost, and if you don't have a backup, you deserve it. Darwinism at work.

It's also interesting how questions change. We question: Is the internet really that fragile?

What happened to the baser question: Do we really depend so much on the internet?

Of course, now that we do, maybe we should look into making the internet even more resilient than the original creators envisioned. After all, it was made to endure nuclear war, but a few scriptkiddies can still take down any site with a little DDOSing and DNS-tweaks..

Just always remember where we came from.

Re:Interesting how things change (0)

Anonymous Coward | more than 7 years ago | (#15362153)

What happened to the baser question: Do we really depend so much on the internet?

Do we really depend on so much on radio? Trucks? Telephones? Railroads? Postal mail? Paved roads? Ships? Messengers? Yes, we depend on all those things, and everyone seems to accept it. Why should the internet be so different? How primitive must a means of communications be before we are allowed to depend on it, in your esteemed opinion?

Phone outages (2, Insightful)

mangu (126918) | more than 7 years ago | (#15362138)

In my entire lifetime, I've not one time experienced a phone outage, not once!


You are lucky! I've had several phone outages. I had a few outages caused by water in the cable ducts in my street after heavy rains. I had one in the old days (~25 years ago) of analog hardware that took them several days to fix. I've had an outage caused by a truck hitting a utility pole, in a neighborhood where the cables were overhead.


Although telephone stations are more robust than the internet, because they are very specialized and have lots of redundancy, the last mile is susceptibel to outages. Of course, internet connections use the same last mile, so they are also vulnerable. I agree, the phone service is more reliable than the internet, but this does not mean it cannot fail.

Yes, the internet is that fragile (3, Interesting)

drinkypoo (153816) | more than 7 years ago | (#15361771)

It seems like every week there's a new issue with DNS. Why can't DNS be secured? Is it just inertia? Is BIND really that pathetic, or are they just not using it correctly?

Re:Yes, the internet is that fragile (5, Funny)

creimer (824291) | more than 7 years ago | (#15361794)

Like everything else in the computer world, you have to wait for the next great upgrade of the Internet called Web 2.0! Of course, I'm going to wait for SP1 to come out before jumping on the bandwagon.

Re:Yes, the internet is that fragile (4, Informative)

Anonymous Coward | more than 7 years ago | (#15361902)

BIND when used correctly can foil/hamper these DNS attacks from occuring.
Any tool improperly used can possibly cause problems.
This a proper way to secure a Bind nameserver.
An example would be in your bind named.conf adding an acl section and adding to section options.

//add your trusted networks
acl "trusted_queries" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
acl "trusted_recursion" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };

options {
allow-query ( "trusted_queries" };
allow-recursion { "trusted_recursion" };
version "no version"; //protect your nameserver version
};
//and for your zones just add allow-query any
zone "some.zone.com" IN {
type master;
file "pri/some.zone.com.zone";
allow-query { any; }; //allow legitimate nameservers to get host info
};

what internet? (2, Interesting)

cez (539085) | more than 7 years ago | (#15362037)

dns has always had inherrent weaknesses due to its universal standards and how the interenet relies on it as it does. scary how the internet is only the internet that you can view through whatever controls your DNS...

Nuclear Warheads are not Internet Appliances (1)

loose electron (699583) | more than 7 years ago | (#15361780)

It is with deep hope that the federal government does not control our defense strategies over the internet.

Of course, with the open sourse strategy and all of its strengths, that might be an improvement.

Enough said...

motivation (2, Insightful)

OffTheLip (636691) | more than 7 years ago | (#15361790)

As much as Slashdot and other white hat leaning movements fight the good fight the motivation of the 'ememy', perceived as terrorists, spammers, greedy bastards or script kiddies test driving internet mayhem will continue to have the upper hand. The wild west metaphor often describing the lawlessness of the internet is real. As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

Re:motivation (5, Funny)

vertinox (846076) | more than 7 years ago | (#15361919)

As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

Emperor Palpatine, is that you?

White Hat (1)

l0ungeb0y (442022) | more than 7 years ago | (#15361975)

I've always thought of /. as rather BROWN hat myself.
And considering the color scheme in this here section, the only way /. could more readily agree is by adding images of corn chunks scattered here and there... all willy nilly in a fashion.

*ahem*

Re:motivation (1)

Rob T Firefly (844560) | more than 7 years ago | (#15361991)

As much as we hate the NSA and other invasive orginizations they impose structure and laws.

No, they don't, because they can't. The world's governments can't control anything except what those under their own jurisdiction can and can't access of the real Internet outside, the extreme of which we see developing in China. If what you want is a nationwide Intranet under Government control with only superficial resemblance to the real thing and the appearance of "structure and laws," there's your business model.

Re:motivation (4, Insightful)

Jah-Wren Ryel (80510) | more than 7 years ago | (#15362099)

As much as we hate the NSA and other invasive orginizations they impose structure and laws. Chaos is the alternative.

I don't know where you got the idea that NSA's activities have done anything to "impose structure and law" on the Internet.

If anything, the NSA has been actively participating in the chaos by going ahead and doing their own thing with no regard to the law.

Question (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15361801)

I thought "cybersecurity" was a really big deal lately, right? Why isn't anything being done about this? Isn't this predicament the exact sort of thing that all these restrictive "cybersecurity" laws and enforcement groups are supposed to be dealing with?

Maybe I'm just cynical but somehow, I get the feeling that if this entire situation were a warez group punitively DOSing the MPAA offline, instead of a spam group punitively DOSing an anti-spam group offline, the federal government would have "dealt with" the problem already...

not terrorism (0)

Anonymous Coward | more than 7 years ago | (#15361803)

you're mixing up something here. this has nothing do to with terrorism, this is ordinary crime.

Of Course (2, Insightful)

Shadow Wrought (586631) | more than 7 years ago | (#15361804)

It is far easier to tear something down than it is to build something up. Regardless of the Internet, that's just the way things work.

Terrorism too strong a word (3, Insightful)

muhgcee (188154) | more than 7 years ago | (#15361811)

I don't think this quite falls into terrorism:
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons. (http://dictionary.reference.com/search?q=terroris m [reference.com] )

Re:Terrorism too strong a word (5, Insightful)

Joe U (443617) | more than 7 years ago | (#15361842)

It's a little strong, but it does fall into the definition.

The use of force (taking down servers) by a group (spammers) against people/property (blue & others) with the intention of intimidating socieities (blues users) for ideological (financial too) reasons.

Re:Terrorism too strong a word (3, Insightful)

MightyYar (622222) | more than 7 years ago | (#15362148)

Whether or not it could fall into that definition, there is a better word to use: extortion. This is just an electronic version of what the mafia does. Most people don't watch "The Godfather" and think, "Terrorists!".

Re:Terrorism too strong a word (1)

Ant P. (974313) | more than 7 years ago | (#15361861)

Um, that definition looks like a completely accurate description of it to me.

Re:Terrorism too strong a word (1)

Cheapy (809643) | more than 7 years ago | (#15361871)

How does that not?

It's a specific group against another specific group to intimidate the first group into not doing something they believe in.

Re:Terrorism too strong a word (3, Insightful)

vux984 (928602) | more than 7 years ago | (#15362005)

It's a specific group against another specific group to intimidate the first group into not doing something they believe in.

Gotcha - of course by that definition:

al quaeda = terrorists
pro-life protestors = terrorists
school bullies = terrorists
NSA = terrorists
George W. Bush = terrorist
FBI = terrorists
PETA = terrorists
Greenpeace = terrorists
Patent trolls = terrorists
China = terrorists
Microsoft = terrorists
UN = terrorists
MPAA/RIAA = terrorists

Re:Terrorism too strong a word (1)

IamTheRealMike (537420) | more than 7 years ago | (#15361901)

You're right. This is just plain old organized crime. And like all criminals, the "free ride" only goes on so long.

Re:Terrorism too strong a word (0)

Anonymous Coward | more than 7 years ago | (#15361946)

I think that a slightly better deffinition of it would be

"The use of any extranormally violent act, by a group, designed to induce fear in a group which is larger than the immediate victims for the purpose of influencing that group to bring about political goals"
 
... I recently wrote 5000 words on this for my degree so I thought I might as well use it for something useful (it does take into account all the main theories matter)

Yes this was cyberterrorism (3, Funny)

jmorris42 (1458) | more than 7 years ago | (#15361816)

> What has been going on is essentially cyber-terrorism and from what has been reported so far the terrorist
> clearly have the upper hand.

Yup, and I'd have loved to have seen the US gov use this as a perfect 'live fire' exercise. After all, if they can't stop a few punk spammers how can we have any confidence they could stop a determined attack by the usual terrorist suspects?

Perfect opportunity to test all the phases of response, from tracking the responsible parties all the way to eliminating them. Ok, in this case a SEAL team would probably have to be tasked to capture em instead of just dropping a few bombs on their sorry asses. Or if, as I suspect, the ringleaders are in the US or other western representive nations, just have em all arrested.

Re:Yes this was cyberterrorism (1)

ScentCone (795499) | more than 7 years ago | (#15361985)

Yup, and I'd have loved to have seen the US gov use this as a perfect 'live fire' exercise. After all, if they can't stop a few punk spammers how can we have any confidence they could stop a determined attack by the usual terrorist suspects?

My first reaction is to agree with you, partly just because I'd like to see the full might of our larger teams of spookier cyber-folks brought to bear on the spammers... but I'm thinking that this might be one of those things that would squander the public debut of some of those capabilities. I'd rather that we save such visible displays for when it matters (more). This matters, but perhaps not as much as deliberate attack on larger or more public pieces of the infrastructure.

Re:Yes this was cyberterrorism (1)

jmorris42 (1458) | more than 7 years ago | (#15362106)

> I'd rather that we save such visible displays for when it matters (more). This matters, but perhaps not as much as
> deliberate attack on larger or more public pieces of the infrastructure.

No reason to reveal sources & methods just that we DO have the ability to track the asshats back to their mansion/lair/cave/etc. Announce afterwards that while we aren't promising that level of protection to everyone everywhere, that we do intend to pick a few out for future tests AND to make some examples. Be right up front on the making examples angle. Put some fear into em up front and we might not ever have to endure a deliberate attack on major infrastructure. Remember that the best defense is often a good offense.

weakest link (5, Insightful)

brenddie (897982) | more than 7 years ago | (#15361820)

well the internet is as strong as the weakest link, and guess what OS that link is..
None of those attacks (DOS) could have been done without the use of thousands of zombie machines.
I guess the only way of stoping the attakers is by taking their weapons (zombies) from them and thats left as an excersise for the survivors.

Re:weakest link (1)

CashCarSTAR (548853) | more than 7 years ago | (#15361873)

Any non-Read Only OS is vulnurable to malicious software. Each OS has enough "security holes" (Otherwise known as features), to allow auto-running of malicious software without the knowledge of the average user.

Re:weakest link (2, Informative)

rmallico (831443) | more than 7 years ago | (#15361893)

I think you missed the part where they mention the attackers take over poorly configured DNS servers on the internet to send bogus requests to/through...

Re:weakest link (1)

lpret (570480) | more than 7 years ago | (#15362098)

Actually, the beauty of the internet is that it _isn't_ as strong as it's weakest link. The idea is that there are many links that create a...web, so if the weakest one fails another link can be established.


The problem is not that there is a weakest link, it is that none of the links are terribly strong and are vulnerable in their current state.

Maybe they pay more for a tiered solution.... (5, Funny)

colinbg (757240) | more than 7 years ago | (#15361822)

Seems to me maybe the solution is a tiered internet where spammers pay more to use the bandwidth... oh wait, sorry wrong discussion.

Re:Maybe they pay more for a tiered solution.... (3, Interesting)

Biff Stu (654099) | more than 7 years ago | (#15361854)

The spammers don't pay for their bandwidth, the zombie owners do. Of course, if they noticed their internet bill go up, they might do something about it. However, with a large enough network of zombies, the individual computers could be used sparingly enough that the owners would never notics.

Re:Maybe they pay more for a tiered solution.... (1)

colinbg (757240) | more than 7 years ago | (#15361952)

Of course zombie owners are the ones paying for it (in more ways than one). The question really is, is there a solution to the spam delima that doesnt require some retailitory response? I dont beleive at the moment one has presented itself due to the limitations of OS and deleviry methods. Of course our ISP have a solution such as a tax or something where we pay more and they promise that they can fix it. I beleive that has worked well in the past with the same companies that provide cell service... "just pay us more and we will provide better service" I remeber that one, that worked out great!

Hesitant to out source (2, Funny)

dave562 (969951) | more than 7 years ago | (#15361825)

It sort of makes one hesitant to out source IT operations to a place like India. Hmmmm... maybe it's time to DDoS India and bring those jobs back to the US. If the Indian's are such technology mavens, maybe they'll find it in their best interests to resolve the DDoS / DNS Amplification issue and then we can all welcome our new, outsourced Indian overlords. =)

Fragile Internet? No... (4, Interesting)

fbg111 (529550) | more than 7 years ago | (#15361829)

I think a bigger question has been raised - is the Internet really that fragile?

No, the Internet is robust and redundant. What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.

Re:Fragile Internet? No... (5, Interesting)

AnotherBlackHat (265897) | more than 7 years ago | (#15361881)

... the tens of thousands of pwn3d Windows PC's ...


More like "hundreds of thousands".

My spam traps have been hit by over 1.5 million unique IPs this year alone,
with an additional 30,000 never before seen IPs every day.
I estimate there are currently 3-4 million compromised machines world wide.

-- Should you believe authority without question?

Re:Fragile Internet? No... (1)

Vancorps (746090) | more than 7 years ago | (#15362141)

That's it? Of the hundreds of million machines out there that's pretty good! If thats the case then its all about the last little bit with not even 1% of Windows machines being infected and used for such tasks things don't look so bad. Can't forget the broad scope that is Windows.

Seems to me like ISPs should just ban port 25 everywhere. If you are a business hosting your own email then pass abuse.net certification and then the ISP will turn it on for you. Same could go for home users. Can't really do this with DNS for obvious reasons though.

Re:Fragile Internet? No... (1)

ByteGuerrilla (918383) | more than 7 years ago | (#15361924)

Recently I'd say MS have been anything but negligent towards security. People refusing to patch up, or using out of date Windows (i.e. 95/98) are a bigger problem.

Re:Fragile Internet? No... (1)

matthewcraig (68187) | more than 7 years ago | (#15362044)

Why not sue each individual user? Even if the box is operating without their knowledge or consent, they are the physical owners of the machine. When your empty, parked car rolls down a hill and damages a house, aren't you still liable?

I imagine that it would not take many publicized lawsuits before Joe Sixpack also considered security and system vulnerability when choosing an operating system.

Might also consider suing some or all of the ISPs who allowed blatantly malicious traffic to pass through their wires after letters of concern were written from your office.

You might say "don't legislate the Internet!" But this isn't new legislation. The fact is, spammers and cyber-criminals are using intimidation tactics and destructive forces to scare off organizations trying to suppress their activities.

Want to find out how bad it is? Start writing "admin@.com" and complaining about the spam coming from their domain. Do this for a couple of your spam emails and you'll be on their "bulk spray spam" hit-list faster than you can say Denial Of Service ten times fast ...Thousands of spam messages per day.

It seems like the Internet is getting owned by zombie computers and their masters, and businesses are more willing to accept denial of service attacks than take punitive action.

DNS is still a mess (1, Redundant)

Joe U (443617) | more than 7 years ago | (#15361831)

It's time we started thinking up an alternative to the current DNS setup.

DNS in its current state is:
Easy to break.
Easy to use to break other systems.
Tied too tightly into SMTP. (Think about it)
Tied in to the whims of ICANN and whoever tells them what to do.
Tied in to the whims of Verisign.

DNS is the Achilies Heel of the Internet. (One of several apparently, but that's another article)

To get in front.. (2, Insightful)

CashCarSTAR (548853) | more than 7 years ago | (#15361847)

Of all the common comments...

#1. Don't blame Windows. Most botnets spread through software downloaded installs. 99.999% of computer installs today are vulnurable. The exception, of course, is the LiveCD type OS run directly from a CD in a read-only format. Your choice of OS is no protection. If you run malicious software, your computer is a zombie. Period.

#2. The problem is E-mail. Don't want spam? Don't use e-mail. That seems harsh, but it's true. E-mail is an open protocol, and as such, is ripe for such abuses. It's about time to come up with a new type of server based messaging. I'm not saying let the spammers win. What I'm saying is remove their audience.

Re:To get in front.. (3, Informative)

PDXNerd (654900) | more than 7 years ago | (#15361916)

Your choice of OS is no protection. If you run malicious software, your computer is a zombie. Period.

Really? I looked around and can find no links through google for malicious zombie downloads on linux that will run on all flavors. Please post the link to one or a link to an article that disects one.

I'm not making the argument that linux can't be hacked - it can and I've seen the results of root kits. How many linux zombies are there? Is it proporational to the number of linux vs. windows machines? (Assuming Linux desktops and servers total 2% of desktops, 2% of spam zombies should be Linux, right? Where are the 4% of OSX zombies?)

It's about time to come up with a new type of server based messaging.

For every lock, there is a new way to pick it. For every type of security, there is a new way to hack it. This is a band-aid. The real problem is the fact that there is money to be made from this.

Re:To get in front.. (2, Insightful)

Vancorps (746090) | more than 7 years ago | (#15362195)

The answer is Yes [zdnet.com] Linux machines are often turned into zombies.

As the parent poster stated "if you run malicious software, then your computer is a zombie." I won't hazard to state the proportions but last I checked the number of Apache servers hacked in a given year outnumber IIS hacks. Of course there are far more Apache servers out there so that's really not saying that much.

As for email, I don't think it is near as broken as people seem to think. It's amazing how people just want to throw the whole thing out when something as simple as DKIM and SPF can stop it all pretty much cold. Of course both are depending on DNS so that will need to be secured before the email issue can be put to rest. A further move towards secure updates needs to be pushed for DNS and amplifications attacks need to be stopped. It seems as though we need a DNS server registration process much like that of domain names with the exception that you actually do need to verify your identity before your server it declared a valid DNS server. That seems a lot more likely than replacing DNS with something completely new.

Re:To get in front.. (3, Insightful)

AuMatar (183847) | more than 7 years ago | (#15361953)

To do #2, you lose one or more of the things that makes email valuable

1)Its free- you only pay for bandwidth

2)Its universal, anyone can get an account

3)Its open, no company can block a user from email

4)Its possible to send email to anyone, even someone you don't know, if you have their email address.

All of these are extremely important and make email the useful tool it is today. Take any away, and the usefulness plummets. Spam is annoying, but the benefits of the four above points far outweigh it.

Re:To get in front.. (2, Insightful)

Musteval (817324) | more than 7 years ago | (#15361956)

With regard to #1, Windows is partially at fault, for two reasons:

1) The incredibly nondiverse OS environment environment at the moment means that only Windows executables are distributed, by and large, and affect something like 95% of computers. If the OS market were split evenly between, let's say, OSX, Linux, Windows, and, um, BeOS, any given executable would only run on one platform, so people would be vulnerable to only 1/4 as many attacks (assuming that 1/4 of attacks are targeted at Windows, 1/4 at OSX, etc). The lack of diversity is Microsoft's fault to a degree - although they aren't to blame for being dominant per se, their unethical techniques with regard to OEMs and leveraging their monopoly to make it as hard as possible to switch away from Windows (not to mention the whole stabbing-IBM-in-the-back thing) have contributed greatly to the current state of affairs.

2) Windows' security, as of right now, works under the "the user wouldn't run anything they didn't want ot have full admin privileges" model, as opposed to the far more secure "make sure the user wants to install a rootkit and delete all their files" model that other OSes do. Under Vista, it seems that it will be replaced by a "pester them with popups often enough that they are ignored and it ends up the same as doing anything the executable wants" model.

Re:To get in front.. (0)

Anonymous Coward | more than 7 years ago | (#15362039)

are you freakin serious? Don't blame Windows????? You need a belting with the clue stick... M$ puts profits before all else & this is the result.
 
fuxing Winblows apologist

Be wary with the label "terrorism" (3, Insightful)

Opportunist (166417) | more than 7 years ago | (#15361852)

It's the direct link to more governmental control over something under the premise that it "has to be" so the "terrorists" can be stopped.

While I do agree that this definitly shows the threat spammers really pose to the internet, I fear at least as much handing government the card blanche to monitoring all and any internet traffic for the sake of "saving us from spam".

No, I'm aware that this won't help a single bit in an attempt to quench spam. But did any anti-terror activity actually work against the alleged threat?

So bring this problem to the attention of your senators, your governors, your congressmen or whoever has some power in your country. This is a very, very serious problem, the criminals are getting the upper hand in this turf, and the internet is a resource I don't want to see depending on the goodwill of the spam mafia.

But for all that we hold dear, avoid the word terrorism. Legislators have been using that word before as the excuse for every kind of restrictive laws that did JACK to solve the problem and only created more. Try to find a word that makes them actually realize the problem and realize that this problem is serious. Not only to the worthless humans using it, but also to precious commerce.

Fragile (1)

Vexorian (959249) | more than 7 years ago | (#15361855)

is the Internet really that fragile?

A system is as weak as the weakest of its elements. And the internet is a system with way a lot of different elements, there are many things involved and many different ways to go wrong. The internet is that fragile and even more

Not fragile, just vulnerable (5, Insightful)

Todd Knarr (15451) | more than 7 years ago | (#15361860)

No, the Internet isn't that fragile. It's suprisingly robust, in fact. About the only thing that can really do any significant damage is sheer volume, enough traffic from enough distinct sources to overwhelm the target server or swamp it's network connections. No matter what, anything is always going to be vulnerable to that. You can only have finite bandwidth and server horsepower, and if an opponent's willing and able to throw enough resources at you he can simply overwhelm you. It's often referred to as "the Slashdot effect".

The only thing that's happened is that, because of the inherent insecurity of Windows machines and the increasing number of them with broadband connections, the bad guys now have access to orders of magnitude more bandwidth and horsepower than any single server can have. In military terms it's like facing an enemy who outnumbers you by ten thousand to one. Distributing your DNS won't help, redundant pipes won't help, distributing your servers won't help, if you can deal with 99% of his assault he's still got a hundred times what you can absorb left.

The only thing that can help is cutting off the supply of ownable machines the bad guys can take over and use in their attacks. If they're limited to their own machines they can't do much harm.

What isn't prohibited, is required. (2, Interesting)

sakusha (441986) | more than 7 years ago | (#15361875)

One of these days, some asshole is going to take down the entire net, just to prove that it can be done.

I keep thinking about the old saying, "what isn't prohibited, is required." Because the net doesn't prohibit these massive DDoS attacks, someone WILL do them, over and over, either because they are into extortion, or just because they're evil fucks and like creating mayhem. I almost believe that someone ought to just do it and break the net permanently so everyone will have to come to grips with this. So maybe the solution will mean that nobody with an insecure OS will be allowed back on the net. Maybe we need a catastrophic failure to force a total revamp of network protocols, and an excuse to exile all the lusers like people still using Win98. I dunno, it would probably be faster, cheaper, and ultimately more satisfying if we could just assassinate spamming assholes like PharmaMaster/Eran Reshef. [wired.com]

Re:What isn't prohibited, is required. (1)

CashCarSTAR (548853) | more than 7 years ago | (#15361882)

If you want to eliminate zombies, we need to replace PCs with web-surfing applicances. You don't have that appliance (which is massively encrypted, and lacks ANY local saving options), you can't get on the Internet.

But that just sucks. So we live with the status quo. Such is life.

Re:What isn't prohibited, is required. (1)

EvanED (569694) | more than 7 years ago | (#15361923)

So maybe the solution will mean that nobody with an insecure OS will be allowed back on the net.

What OSs are secure?

This is not a facetious question. Define "insecure".

Re:What isn't prohibited, is required. (0)

Anonymous Coward | more than 7 years ago | (#15362012)

what could be done is the government could make an open-source free product which could be used to wipe out zombies by directly removing malware on people's computers - if they put resources into it it could really work out well... although that would make it a government IT project (so ultimately doomed to failure)

Re:What isn't prohibited, is required. (1, Insightful)

Anonymous Coward | more than 7 years ago | (#15362034)

I dunno, it would probably be faster, cheaper, and ultimately more satisfying if we could just assassinate spamming assholes like PharmaMaster/Eran Reshef.

According to the Wired article you linked, Eran Reshef is Blue Security's CEO. I guess you could argue he was spamming PharmaMaster. ;-)

Re:What isn't prohibited, is required. (0)

Anonymous Coward | more than 7 years ago | (#15362104)

"...and an excuse to exile all the lusers like people still using Win98"

Or an excuse to exile all the lusers who don't know how to secure 98, like you perhaps?

The steps: install 98se, install the Unofficial Patch, install ZoneAlarm, install AVGFree. Don't use major Microsoft apps like IE, Office, Outlook. Use OSS like Firefox, OOffice, Thunderbird instead. Do not run any official Microsoft patches, and if you install any new media player for a codec update, read through their preferences for obvious phone-homes. ZoneAlarm will alter you if you miss anyways.

It's trivial to set w98 right. It'd still be worth using but for things like some Google features that require XP.

Maybe you've got an idea there, but you picked a poor example. But because you didn't know that much, you should reconsider your line of thought.

Re:What isn't prohibited, is required. (1)

deesine (722173) | more than 7 years ago | (#15362198)

"Or an excuse to exile all the lusers who don't know how to secure 98, like you perhaps?"

The fact that he knows about Windows variants means he's not part of the problem. The problem with zombie pc's (which are primarily responsible for internet extortion) are the people who don't even know what version of Windows they're running.

You list over a dozen steps necessary to secure win98. Do you really think Joe-pc is going to do that? Try to narrow down your list, say to one step. If you could only tell internet/pc noobies one step to follow, what would it be?

My answer is to buy a Mac, if they're not the tinkering type.

Dear Homeland Security (4, Funny)

subl33t (739983) | more than 7 years ago | (#15361876)

Dear Homeland Security: please look closer at Redmond.

This is terrorism. Everyone with a trojaned Microsoft box is aiding and abetting.

Thank you, Linus and Steve.

Re:Dear Homeland Security (1)

CashCarSTAR (548853) | more than 7 years ago | (#15361896)

There are OS X botnets, and although I've never heard of any, I'd be there's probably a few proof of concept Linux botnets hanging out in hacker circles. Any OS that allows user installation of software is equally suspect to a zombie takeover.

Re:Dear Homeland Security (0)

Anonymous Coward | more than 7 years ago | (#15362151)

There are OS X botnets

Proof, please? And don't link to any bullshit articles on CNet or ZDNet, we know whose pocket those pricks are in.

Re:Dear Homeland Security (1)

BrynM (217883) | more than 7 years ago | (#15362169)

There are OS X botnets, and although I've never heard of any, I'd be there's probably a few proof of concept Linux botnets hanging out in hacker circles.
There are plenty of *nix botnets in the wild. Here's [washingtonpost.com] one source, but I've heard about them for a long time now. Almost all are running a service that gets it hacked (such as PHP on httpd in that example). Back when I was willig to help people with their PHP-Nuke installs, I saw a lot of compromised machines with interesting bits of software on them. My old website was once hacked (before being kind of abandoned) with a simple SQL injection exploit in Nuke.

Re:Dear Homeland Security (1)

wnknisely (51017) | more than 7 years ago | (#15362187)

Really?

Got any data to back that statement up? Seriously - I've never heard of OS X bot networks.

Re:Dear Homeland Security (2, Interesting)

RedToad (972413) | more than 7 years ago | (#15362050)

When in doubt, blame Microsoft. Screw intelligent research. Maybe somebody somewhere has done some tracking down to see who are the most likely suspects.

The bigger picture on people identified as suspects in the spam and DDOS attacks on Blue Security is painted by Spamhaus / ROKSO. They maintain a global Top 10 list [spamhaus.org] and a global Top 200 list [spamhaus.org] of spammers.

A quick search on "bluesecurity" digs out

ROK6138 - Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov - Main Info [spamhaus.org]

ROK5514 - Christopher J. Brown / Swank AKA Dollar - Main Info [spamhaus.org]

ROK6643 - Joshua Burch - Interactive Adult Solutions / BulkEmailSchool.com - Main Info [spamhaus.org]

ROK4932 - Leo Kuvayev / BadCow - Main Info [spamhaus.org]

ROK5125 - Leo Kuvayev / BadCow - Partner-In-Spam: Vladislav "Vlad" Khokholkov / Apex Systems Ltd. [spamhaus.org]

What's the betting that Spamhaus, who dare to mount the evidence, won't be the next DDOS target? I doubt that the pharmamasters would have any success destroying that evidence. But they will be sure to try. Put your money on it.

Yes! (1)

Newer Guy (520108) | more than 7 years ago | (#15361906)

The Internet is terribly fragile...It's been crippled by greed. Greed of corporations, and governments, and hackers, and criminals, all looking to stake their claim and increase their power there.

Microsoft is a major trasher of the Internet, by the fact that they have designed and sold operating systems THEY KNOW can easily be compromised. The DSoS attacks of late are all being done with machines using Windows.

I'm not sure if anything can be done at this point, short of trashing half a billion computers, surely an impossible thing to do.....

Meh ... (4, Insightful)

Sonic McTails (700139) | more than 7 years ago | (#15361909)

You know, BlueSecurity was working. Had they survived, it might have shutdown the spammers. This is going to become a massive bubble issue. Someone just needs to pick up the torch BlueSecurity dropped, and be willing to fight the fight.

reincarnation? (4, Informative)

jefu (53450) | more than 7 years ago | (#15362004)

Accorging to this [castlecops.com] the blue frog model will be open sourced as a peer-to-peer model available through sourceforge.net.

DON'T WORRY GUYS! (5, Funny)

Anonymous Coward | more than 7 years ago | (#15361921)

I backup the internet every night at 10 pm (PST).

More Laws to Control the Internet (1)

PineHall (206441) | more than 7 years ago | (#15361932)

Unfortunately this abuse of the internet by criminals will mean more laws to control the internet. And there will be more monitoring of the internet. Hopefully there will not be monster firewalls to restrict access, but I could see it happening to prevent this undesirable activity (think China). It is sad, but humans have a tendency to mess up a good thing.

The internet is not fragile, its abused (4, Interesting)

burnin1965 (535071) | more than 7 years ago | (#15361937)

From TFA "These massive assaults harness the power of thousands of hacked PCs to swamp sites with so much bogus traffic that they can no longer accommodate legitimate visitors."

The problem is the thousands of hacked PCs that are used in these attacks. The internet is working exactly the way it was designed and the bot nets take advantage of bottlenecks in the system.

What is being done to take out these bot nets? I've perused a few of these bot squads on IRC and while there are many zombied Windows machines there are also many *nix boxes which succumbed to the brute force ssh password attacks because they had user accounts with stupid passwords.

Aside from locating and neutralizing the individual boxes in the squads shouldn't we be creating and deploying self immunizing tools in our infrastructure that detects these boxes and quarantines them?

Shouldn't we also be holding people accountable for having vulnerable boxes connected to the net? Perhaps a bandwidth restriction will help for repeat offenders.

Re:The internet is not fragile, its abused (1)

Omnifarious (11933) | more than 7 years ago | (#15362164)

I haven't succumbed to any of those attacks yet, and I'm not likely to. But I would like to know what to do to reduce their frequency.

What laws were broken, anyway? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#15361938)

1) someone needs to list state or federal laws that were broken.

2) If there were laws broken, a spokesperson for the appropriate government agency (agencies) needs to explain why not prompt action was taken. ISP's whose clients were part of the attacks should have been warned to shut down their clients who are participating, or be shut down.

If no laws were broken, smile!

Perhaps the Federal government should have the power to permanently shut down an ISP that doesn't respond to a demand to block clients until they demonstrate their computers are clean and free of "zombie" software. This would include permanently blocking all traffic to or from an overseas ISP.

Sounds fishy to me (1)

Dilber (937093) | more than 7 years ago | (#15361955)

This sound awefully fishy to me that a security company would give up and go out of business over this. Sounds like someone was cooking the books and needed an excuse to fold. Just my 2 Dilber

Re:Sounds fishy to me (0)

Anonymous Coward | more than 7 years ago | (#15362162)

If your business plan has completely failed, you're ethically obliged to stop wasting any more of other peoples' money. If you want to create another service from scratch, that's riskier than what your current investors signed on for, so start a new business and find investors (maybe the same ones) willing to give you another shot.

Terrurizem (4, Insightful)

mikiN (75494) | more than 7 years ago | (#15361976)

Fanatics flying airplanes into buildings killing thousands : Terrorists.

Haxors commanding botnets to DDOS servers : Cyber-terrorists.

Big corporations doing aggressive take-overs : Corporate terrorists.

Mass producers dumping products below cost overseas : Market terrorists.

Politicians sketching doom scenarios during campaigns to woo scared voters over to their party : Political (party) terrorists.

C'mon cut it out will ya, soon they will brand humans multiplying without limits sucking up resources and scaring other animals away and out of existence : Biosphere terrorists?

You know, according to some theory, black holes will eventually suck up most of the available matter in the universe, leaving it a dark cold desolate place with only some Hawking radiation to warm your soul. Should we call those : Universal Terrorists then?

world works on cooperation and goodwill (1)

sloth jr (88200) | more than 7 years ago | (#15361977)

Minus these, I can see many systems that could fail with a little effort. One of the problems I see with our current infrastructure is the notion of machine-to-machine communication - when really, what we want to know is in effect, remove anonymity from the equation (there will be discussion this point, I realize). Machines talk to each other as machines. We ultimately want to know WHO did X, or Y, so we can find them and hurt them in some fashion (bullets to the temple, fines, whatever...). (okay, substitute we for I if it makes you feel better).

This is a really nasty point. Privacy versus safety. Or, in this case, utility. The internet does no one any good if denial of services render it unusable - and of course, a good DDoS exploits the behavior of its regular users, so that effective rebuttal becomes increasingly difficult.

I find myself disillusioned by the human race. There are no sacred cows so holy that someone won't shit all over it.

Sloth Jr

Here's the problem. (0)

Anonymous Coward | more than 7 years ago | (#15361982)

There isn't an efficient, effective, and regularly-applied means of shutting down machines that emit Internet-harmful traffic.

In the past, for example, spammer-friendly ISPs found themselves cut off entirely from USENET until they'd pay attention to cleaning up their part of the neighborhood.

This sort of approach is quite undesireable because it affects everybody else at the ISP, but it was also effective (usually within a week things were resolved).

Tell me that it isn't possible for ISPs to check their outbound traffic for clearly exploitative content. You know, triggering a flag after the first fifty thousand messages sent not even a day after an account was created for example, or spotting signs of security compromises on customer machines (certain IRC traffic patterns, for example).

Although if we go down this road it does open up an argument that ISPs should monitor filesharing traffic as well...

There's DOD's Network And then... (1)

mpapet (761907) | more than 7 years ago | (#15361998)

there's the Interweb you and I use.

I don't know that anyone in gov't really cares half as much about the consumer's network versus their own systems.

Ah, the perils of the "ownership society."

Just to give you an idea... (5, Informative)

sorphin (14046) | more than 7 years ago | (#15362002)

I work for an unnamed backbone provider, and have currently been involved in blocking said DNS Amplification attack.. to give you a general idea of the size of the attack and the number of zombies involved.. When I left work... The attack was 14,768% of 9.8MBps... or.. over 13GBit/sec... Our infrastructure is holding up just fine, however.. Personally, I'd like to find the 'owner' of these zombies, and castrate him. I guess the guy doesn't have anything better to do with his life than trash the net...

Re:Just to give you an idea... (2, Funny)

6ULDV8 (226100) | more than 7 years ago | (#15362165)

"I work for an unnamed backbone provider"

Makes it kinda hard to cash the checks, huh?

Trusted Platform (1)

eMbry00s (952989) | more than 7 years ago | (#15362019)

To all of you asking for "validiation" and such to prevent trojan infected computers entry onto the internet:

What you are asking for is a trusted/treacherous computing platform. I hardly believe that is what we want, but that is the only solution if you want to ban computers that run non-whitelist-programs.
I'm guessing that the possible abuses of such a system are a lot worse than spam mail. I hope users will become more aware of what spam is, and I can see this happening in the next 10 years; especially considering that the older people are dying and all the youngsters are growing up with computing as a daily activity.

Introduce the world to a global TC platform, and it will not go away. You say it'd go away if it would be abused too much, but guess what? The people who are at the top know how much is too much, and would not go that far.

Parts of the Internet are Indeed that Fragile (1)

36+6_42 (877181) | more than 7 years ago | (#15362023)

I work for a small ISP (100 subscribers currently). We recently had a customer plug in a DCHP server to our service. The DCHP server interferred with our router and ker-bang! A nasty lesson for my bosses.

warning: botnet operators 0wn the interweb! (5, Informative)

mpcooke3 (306161) | more than 7 years ago | (#15362045)

Sadly the internet is already compromised since the bot networks are already too large for most organisations to take on.

I hope someone does something to deal with the botnet threats. Being able to suck multiple gigabits of bandwidth means 'they' can kill any small to medium sized internet operation if they want to via a range of attacks from the simple to the rather sophisticated.

Tier1 ISPs usually don't care other than possibly to try and filter all your traffic to prevent their other customers from suffering.

Some medium/larger sized companies use services like Akamai siteshield that are capable of sustaining a reasonable DDOS-ing but the botnet operators will eventually realise that the attacks are not just about knocking a site offline. Akamai will charge you for that traffic which will send the companies bankrupt anyway (and possibly quicker than going offline). In fact i was wondering how on earth bluesecurity were going to pay their bandwidth bill.

The defences we have against such attacks are pathetic. I was amused in an episode of 24 when they came under an online attack from terrorists and their new "CISCO FIREWALL" protects them, i mean seriously the firewalls are the least of your problems these days. If you come under attack from one of these serious russian dudes - you'd be looking at trying to filter the traffic well before it reaches the firewalls since your line and network would be saturated.

Re:warning: botnet operators 0wn the interweb! (1)

mikiN (75494) | more than 7 years ago | (#15362144)

My very sketchy idea (shoot it down if you like):
- Setup a (seperate from the internet) inter-router network
- Monitor traffic density and send status reports over the inter-router network
- As soon as certain areas (IPs, IP blocks) reach a traffic density threshold, throttle!
- ???
- Profit!

Is the nonstop 24/7 Internet fragile? (3, Insightful)

Mattness (636060) | more than 7 years ago | (#15362055)

The internet is so not fragile it isn't even funny. Can people make it hickup and sneeze along minor portions of it? Yes. Is it fragile? Hell no! It's been running for 20 years across the globe. It has been hammered by viruses, trojans, organized DDOS attacks and world-wide calamities and their corresponding data-storms and still the internet as a whole has functioned. It may simply be that the internet is not enough of a singular entity to be susceptible to a singular vulnerability. Computers are fragile, software can be fragile, but the aggregation of those two into an organism made up of millions perhaps even billions of machines is not fragile. The DDOS attack on Blue Security, when compared to the totality of the internet is practically meaningless. The only thing that might make the entirety of the internet fragile would be a universal vulnerability which has no workaround and cripples the main traffic routes of the internet itself. Maybe this will happen, but I think even then, the internet will continue to function but perhaps just along it's backroads and private secure networks.

Cyber-Vigilantism (1)

Sentri (910293) | more than 7 years ago | (#15362062)

So cyberterrorism is running rampant huh?
Lets find some geeks with enough redneck in them to set up some cyber-vigilante gangs to go recruiting, shooting, and looting. And maybe look for these nasty russians aswell.

Seriously though, what do we need to stop spam?
I think we need some sort of grassroots effort. The antivirus/antispam companies wont 'stop' spam in the same way that pharmaceutical companies wont 'cure' diseases. It is in their best interests to make the problem bearable, and charge alot of money for the privelege of having bearable spam/disease/virus's

We need to do this ourselves.

Having said all that, vigilantism may not be the best way, we all know it doesnt work to well in the real world.

It doesn't make sense (1)

gnurb (632580) | more than 7 years ago | (#15362088)

Why would the spammers be 'hellbent' on taking down bluesecuritie's site, *after* blue posted the message saying they were going out of business. Just for fun?

Fighting fire with fire (1)

nephridium (928664) | more than 7 years ago | (#15362113)

That was the concept of Blue Frog. And it seemed to piss off certain spammers so much that they got out a weapon at their disposal DDOS which works perfectly against centralized systems like the Bluefrog system.

Consequently they logical way to would be to use the same means, i.e. attacking them from distributed sources as well. Not in the form of zombies like Pharmamaster did, but in the form of distributed database software. The 'other' blue frog (Azureus and its DHT) comes to mind - a similar distribute database software could be written that (instead of distributing seeding nodes and data packets) 'spams' the spammers. Now we just need someone who will do it (Bluefrog?)..

Re:Fighting fire with fire (1)

nephridium (928664) | more than 7 years ago | (#15362129)

Argh sorry for the typos and incoherence, dudes - I'm quite tired. But what do you think about this idea of a decentralized network spamming the spammers? Possible? Effective?

Re:Fighting fire with fire (1)

mikiN (75494) | more than 7 years ago | (#15362190)

Quite workable methinks.

It could be implemented as an Azureus plugin

Sketchy scenario

- Monitor RSS feed(s) for antispam torrents
- Verify seeds for authenticity (apply crypto to taste)
- Share the torrents containing target IPs
- Blast the spammers!

selfhealing networks have been available for years (0)

Anonymous Coward | more than 7 years ago | (#15362174)

I get sick of this stuff.

completely automated, fully self-healing technology for networks and the internet
has been available for YEARS!

yes even 5-10 YEARS now! it's out there.
nobody wants it.

Yet you keep whining about not having it. well it's around.

just check out one, called "L2R". it works. try it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...