Tag Archives: DDOS

Cyber Pearl Harbor or Just Cyber Space…

There has been a lot of news recently about the potential for the coming Cyber Pearl Harbor. A cyber attack that would mirror the devastation that hit the naval base in Pearl Harbor during the beginning of WWII. According to an article in CSO Magazine on October 18, 2012, the United States is concerned of a coming cyber attack. The concept of comparing the attack to Pearl Harbor has been around for several years. It wasn’t until a recent a speech by U.S. Secretary of Defense Leon Penetta in New York that this has become more of a topic.

The article states the following:

The results of cyberttacks by a hostile nation-state on critical infrastructure like transportation, water supply or the electric grid “could be a cyber Pearl Harbor — an attack that would cause physical destruction and the loss of life,” Panetta said. “In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”

Panetta also invoked the image of a cyberattack on the level of 9/11. “Before September 11, 2001, the warning signs were there. We weren’t organized. We weren’t ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment,” he said.

In a follow-up article in CSO Magazine November 7th, the opposing viewpoint was brought forth. Many in the security industry feel that the concept and description of a Cyber Pearl Harbor is nothing more than hot air. Experts including Bruce Schneier have chimed in. Bruce has reduced the extent to which he believes the concept to be exaggerated but according to he article:

Critics argue argue that not only is the threat of a catastrophic cyberattack greatly exaggerated, but that the best way to guard against the multiple risks they agree exist is not with better firewalls or offensive strikes against potential attacks, but to “build security in” to the control systems that run the nation’s critical infrastructure.

Bruce Schneier, author, Chief Technology Security Officer at BT and frequently described as a security “guru,” has not backed off of his contention made at a debate two years ago that the cyber war threat “has been greatly exaggerated.” He said that while a major attack would be disruptive, it would not even be close to an existential threat to the U.S.

“This [damage] is at the margins,” he said, adding that even using the term “war” is just a, “neat way of phrasing it to get people’s attention. The threats and vulnerabilities are real, but they are not war threats.”

The reality is that it is probably somewhere in the middle of the two viewpoints. It can be likened to the Y2K issue a little over a decade ago. The world was going to come to an end and the dark ages would re-emerge. The reality was that preparation help minimize what little impact there may have been. Security is a risk decision, but most risk decisions are defensive in nature. The other decision of a preemptive cyber capability is another aspect of the decision-making that needs to be addressed. Should the U.S. begin cyber strikes on perceived threats? What is the impact of doing this on the long-term? The world has already seen a small view of what can be done with Stuxtnet and will these type of state-sponsored cyber attacks the new nuclear deterrent…that is yet to be seen.

Regardless of the direction that gets taken, business needs to look at potential cyber attacks/hacks as a real potential threat and determine what risk is willing to be accepted and what will need to be mitigated. Whether the issue is the size of a country or your home computer, measure twice, cut once is still the best direction.

Tagged , , , , , , , , , , , , , , ,

This Window is Closed…

According to a CSO Online article, Prolexic Technologies identified the distributed denial of service (DDoS) attacks against several online banking institutions including Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase as a toolkit called itsoknoproblembro. The attackers who identified themselves Izz ad-Din al-Qassam Cyber Fighters, claim to be muslim hacktivists angry over the YouTube video that has recently sparked controversy regarding its portrayal of Muhammad.

According to Prolexic:

The “itsoknoproblembro” toolkit is capable of simultaneously attacking components of a website’s infrastructure and application layers, flooding the targets with sustained traffic peaking at 70 gigabits per second. In addition, Prolexic found that traffic signatures were unusually complex and therefore difficult to reroute away from the targets.

The vendor, which declined to name the banks whose sites it tracked, said the attackers likely spent months probing the sites for the components most susceptible to a DDoS assault. They also were knowledgeable in the technology used to mitigate such attacks.

“From a DDoS perspective, they are on the level of a Stuxnet type of attack,” said Scott Hammack, chief executive of Prolexic.

This recent hack should drive home that attacks against business will become more complex over time and that it is necessary to re-evaluate risk levels and the associated mitigation/defense strategies deployed. Security is a life-cycle that needs to be re-evaluated on a regular basis to adapt to the shifting landscape.

Tagged , , , , , , , ,

When a DDoS is not a DDoS…

The interim CEO of GoDaddy, Scott Wagner, issued a press release stating that the outage was not a result of a DDoS attack, but rather an internal networking issue that corrupted the routing database. It would appear that GoDaddy is trying to play politically correct in its wording. Whether self-imposed or from an external attacker(s), DDoS is DDoS.

In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. – Wikipedia

The fact that they are choosing to down play the event, makes it seem that GoDaddy is trying to recover from the PR created from the outage that affected their customer base.

On the other side of the issue, the purported hacker of the outage, Anonymous Own3r, tweeted his disdain over the press release when he tweeted the following:

whooa @godaddy is denying that it was hacked by me! they don’t wanna show their cybersecurity is bad this way they would lose customers !

Either way this issue lands, the question will become whether or not GoDaddy Customers view this outage as a result of one of the following:

  • Hacker DDoS Attack
  • Random technical issue
  • Internal incompetence

Only time will tell…

Tagged , , , , ,

GoDaddy DNS was a No Go…

– – START UPDATE – –

HackerNews has posted an interview with the purported Anonymous Hacker that attacked GoDaddy. According to the article the hacker known as Anonymous Own3r used an IRC botnet using a script from Pastebin to take the GoDaddy DNS service down. Read the article for more information…

– – STOP UPDATE – –

Yesterday GoDaddy and their customers felt the Internet shut down for them. At around 1725 UTC September 10, GoDaddy experienced what appears to be a DDoS attack that lasted over 4 hours and which GoDaddy states affected all of their 10 million customers. This outage forced GoDaddy to transition their DNS services to their competition – Verisign. In an official statement from GoDaddy below, they do not address the cause of the outage:

At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.

Some GoDaddy customers reported that email as well as the web services were unavailable, but some were able to get email web interfaces but unable to send messages. According to domainincite.com, they this level of access during the outage is probably a result of cached DNS entries for those users and that the fact that GoDaddy transferred DNS services to Verisign all points to a DNS compromise or issue.

Even though no root cause was officially addressed, the hacktivist group Anonymous via Twitter claimed responsibility. It is not completely evident thus far if this is fact or if this is another claim that has no merit.

It will be interesting to get the complete story if  GoDaddy is willing to share more about this embarrassing incident.

References:

http://www.godaddy.com/

http://support.godaddy.com/groups/domains-management-and-services/forum/topic/dns-problems-4/

http://www.wired.com/wiredenterprise/2012/09/godaddy-moves-to-verisign/?utm_source=twitter&utm_medium=socialmedia&utm_campaign=twitterclickthru

http://domainincite.com/10403-what-the-hell-happened-to-go-daddy-last-night

Tagged , , , , ,
%d bloggers like this: