Cyberwars: The Biggest Cyber Attack in History?

cyber_virusIt’s been declared: the largest cyber attack in the history of the internet is happening right now. But you can forget about the US and China, this one is going on between private organizations, both of whom . In short, the fight comes down to Cyberbunker – a decommissioned NATO bunker located just outside of Kloetinge in the Netherlands – and a non-profit anti-spam organization named Spamhaus.

But first, a little background information is required for those of us not well-versed in the comings and goings of cyberwarfare (I include myself in this mix). Cyberbunker, as its name suggests, is an internet service provider and data haven that hosts websites and data stores for various companies. Founded in 1998, it began with the mission of hosting companies and protecting their data-assets from intrusion and attack.

cyberbunkerSpamhaus, on the other hand, is a non-profit that tracks internet addresses that are sources of email spam, and adds their addresses to a blacklist. Companies that use this blacklist—which include pretty much every email provider and most internet service providers on the planet—automatically block those addresses. Hence, to be blacklisted by this organization is to have your bottom line seriously effected.

The conflict between these two belligerents began in 2011, when Spamhaus began targeting Cyberbunker through one of its clients – and internet service provider named A2B. At the time, Spamhaus was trying to convince said provider that Cyberbunker was a haven for spam email, which led A2B to drop them as a client. Shortly thereafter, Cyberbunker moved onto a new internet service provider, leaving Spamhaus free to blacklist them directly.

Spamhaus attack … did it affect you?When they did, Cyberbunker responded in a way that seemed to suggest they wanted to live up to the reputation Spamhaus was bestowing on them. This involved massive retaliation by launching a cyberattack of some 300 billion bits of data per second, designed to clog Spamhaus’s connection to the internet and shut down their infrastructure.

Might sound like a tiff between two internet companies and nothing more. But in truth, this attack was so big that it began affecting service for regular people like you and me who happen to rely on some of the internet connections the attack is commandeering. In short, millions were effected by this “largest attack in internet history”, as their internet slowed down and even shorted out. Some even went as far as to say that it “almost broke the internet”.

internetBut for many others, this attack went unnoticed. In fact, according to an article by Gizmodo, most people were relatively unaffected. While some companies, like Netlix, reported sluggish streaming, they did not go down, mega net-enterprises such as Amazon reported nothing unusual, and organizations that monitor the health of the web “showed zero evidence of this Dutch conflict spilling over into our online backyards”.

In short, the attack was a major one and it had a profound impact on those sites it was directed at, and the collateral damage was noticeable. But aside from that, nothing major happened and this tiff remains a war between an organization known for spamming and one known for targeting them. And it shows no signs of slowing down or stopping anytime soon.

computer-virus.istockAccording to Patrick Gilmore, chief architect at the internet hosting service Akamai who was interviewed by the New York Times, the bottom line for CyberBunker is that “they think they should be allowed to spam.” CyberBunker is explicit on its homepage that it will host anything but child pornography and “anything related to terrorism.”

So while this latest incident did not cause “Infopocalype”, it does raise some interest questions. For one, how hard is it to wage a full-scale cyberwarfare in this day and age? Apparently, it is rather easy to create massive networks of “zombie PCs and use them to carry out related attacks, not to mention cheap since the hardware and software is hardly sophisticated.

cyber-war-1024x843And as it stands, numerous groups, including military hackers, are engaged in a back and forth with government and industrial giants that involves stealing information and spying on their activities. If things were to escalate, would it not be very easy for hackers or national cyberwarfare rings – especially ones operating out of China, Israel, Iran, Russia or the US – to try and shut down their enemies infrastructure by launching terabytes of useless data at them?

Oh, I shudder to think! An entire nation brought to its heels by adds for Russian brides, discount watches and cheap Viagra! But for the moment, it seems this latest apocalyptic prediction has proven to be just as flaccid as the others. Oh well, another day, another dollar…

Sources: qz.com, gaurdian.co.uk, gizmodo.com

Hacker Wars: The Invasion Continues!

cyber-war-1024x843State-sponsored hacking has been a major concern lately. From Russia’s “Red October” virus, which spied on embassies and diplomats in multiple countries, to China’s ongoing intrusion into government and corporate databases in the US, it seems as though private hackers are no longer the only ones we need to worry about.

The latest incident in this invasion of privacy and airing of personal information comes again from Russia, where a mysterious website has been posting personal information about some rather high-profile American figures. These include First Lady Michelle Obama, Vice-President Joe Biden, Jay-Z, Britney Spears, U.S. Attorney General Eric Holder, Sarah Palin, Arnold Schwarzenegger, and the head of the FBI.

michelle-obama_fullIn addition to taunting messages and unflattering pictures, the site includes Social Security numbers, credit reports, addresses and phone numbers. No reasons are listed on the site as to why these particular people were selected, but it seems clear at this point that they were chosen due to their high-profile nature and/or positions of importance within the US government. As of last Tuesday, both the FBI and Secret Service announced that they were investigating the website.

Though it is not definitively clear where the hackers are operating from, all indications point to Russia. The first clue came when it was revealed that site bore the internet suffix originally assigned to the Soviet Union (.su), a practice which is not uncommon with Russian hackers these days. In addition, it is also connected to a Twitter account, which carried an an anti-police message posted in Russian.

hackers_securityAt the moment, neither the White House or the Secret Service is offering assessments or comments on the matter. But some thoughts have been offered by Los Angeles Police Commander Andrew Smith, who spoke on behalf of Chief Charlie Beck, who’s information was also posted. According to Beck, this is not the first time that top police officials have had their private information posted online:

“People get mad at us, go on the Internet and try to find information about us, and post it all on one site. The best word I can use to describe it is creepy. It’s a creepy thing to do.”

Frank Preciado, assistant officer in charge of the LAPDs online division, added that the information on the police chief was likely taken from what is supposed to be a secure database of city employees. And it might just offer some insight into this latest, sweeping act of inforpiracy. When all is said and done, it appears that this may simply be a case of a small but qualified group of misfits engaging in public mischief.

internetHowever, of greater concern is the fact that with this latest act of high-profile hacking, a trend that citizens were forewarned might be coming true. In December of 2012, internet security company McAfee warned of an impending attack by Russian hackers against American banks. Dubbed “Project Blitzkrieg”, the threat of the attack surfaced on a Russian hacking forum in the previous September, and McAfee was quick to advised that it was a credible one.

As of December 2012, Russian hackers had effectively infected 500 databases in the US with the promise of more to come. The cybercriminal known as vorVzakone – whose name means ‘thief in law’ – was identified as the head of the operation, whose plans called for the release of a Trojan horse virus that would allow him and his accomplices to seize control of banks’ computers to steal information and money.

cold_war

Clearly, all of these incidents amount to a major public concern. But of greater concern to me is the fact the lines being drawn in this new era of cyber-warfare are eerily familiar. Not long ago, China and Russia were locked in an ongoing feud with the US and its allies, a war fueled by ideology but based on the cultivation of technology and espionage networks.

Granted, only China’s case of cyberwarfare against the US appears to be government-backed. But between the “Red October” virus,  “Project Blitzkrieg”, and the fact that Russian hackers are in the habit of using a Soviet-era suffix to designate their activities, it seems that Russia is fertile ground for a renewed standoff with the West as well. And given that the targets have been western governments and financial institutions, would it be so farfetched to assume the government might be marginally involved?

The means may have changed, but the overall purpose remains the same. Infiltrate, destabilize, and steal information from the enemy. Are we looking at a renewed Cold War, or just the last gasps of an ideological confrontation that was supposed to have died years ago? Only time will tell…

Sources: cbc.ca, dailymail.co.uk

Cyberwarfare: Not Just for Anarchists Anymore!

Hack the Planet by von Shin Kurohoshi
Hack the Planet by von Shin Kurohoshi

For those deeply concerned about internet security and privacy, the year of 2013 certainly opened with a bang. First, there was the news that a cyberspy ring – apparently operating out of Russia – had been spying on embassies, governments and research institutions around the world for the past five years using a virus dubbed “Red October”. This was back in January, when the Moscow-based antivirus firm known as Kaspersky Lab announced the discovery of the international intrigue.

Then, on Jan. 30th, the New York Times announced that they too have been the target of hackers, this time from China. In a statement released by the newspaper, the company claimed that Chinese hackers have been persistently attacking their publication for the last four months, infiltrating its computer systems and getting passwords for its reporters and other employees.

Jin_jiaboaThe timing of the attacks coincided with a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them.

With the help of  Mandiant, the internet security company hired by The Times, they were able track the intruders, study their movements and help erect better defenses to block them. In the end, The Times reported that they had successfully expelled the attackers and kept them from breaking back in. However, the fact these hackers were able to infiltrate the network of a private news organization in the first place was much cause for worry.

Cyber-WarFor one, this is not the first time that hackers, originating in China, have used these sort of subterfuge tactics to hack US databases. According to experts at Mandiant, their company has tracked many such intrusions back to the Chinese mainland, all of which used the same approach of cloaking their efforts using US servers. In addition, this incident, which smacked of state-involvement, did not occurr in a vacuum.

Back in 2008, internet security experts indicated that Chinese hackers had begun targeting Western journalists as part of a wider campaign to identify and intimidate their sources and contacts, and to anticipate stories that might damage the reputations of Chinese leaders. The purpose behind this far-reaching and growing spy campaign aimed at corporations, government agencies, activist groups and media organizations inside the US seemed to be for the purpose of controlling China’s public image, domestically and abroad, as well as stealing trade secrets.

cyber-war-1024x843But of course, China is hardly alone in these sorts of covert cyber-warfare. As already mentioned, Russia has already shown signs of developing cyber weapons to assist in spying abroad, and there’s mounting evidence that Israel, Iran and the US are on board too. Starting in 2008, Iran’s main nuclear enrichment plant was hit by a sophisticated computer worm that caused damage to it, thus putting a crink in their efforts to become a nuclear power.

While no one took responsibility for this incident, the evidence seemed to indicate that the worm originated from sources within Israel and the US. Attacks which took place later on American banks and oil companies within the US were believed to have been caused by Iran, in retaliation for the worm that hurt their main source of enriched uranium and a key component in their nuclear program.

anonymous_flagFor some time now, hacking federal databases has become something of a sport for various groups and causes who are seeking to reveal government secrets and expose their inner workings to public scrutiny. The “Hacktivist” group known as Anonymous is a perfect example, a group closely linked to Assange (of Wikileaks) who’s most recent infiltration of the Federal Reserve Bank made the news earlier this month as well.

But as I’m sure all will agree, it’s one thing when private citizen attack domestic and foreign databases, and quite another when nations attack each others. While cyber criminals may constitute a vague and slippery enemy, one which is much harder to identify and prosecute, nation-states constitute a far more frightening one. Not only are their resources far more vast, the consequences of battling them are far greater.

Knowing who your enemy is, and that they have nuclear capabilities and the ability to strike at you physically… Yes, I think that’s a much scarier prospect! While the old ways of plausible deniability and covert action may apply, no one likes the idea of subtle attacks which could escalate into a full-scale conflict. Even if it is waged entirely by computer, the effects are still likely to be felt!

Source: NYTimes.com, money.cnn.com