Saturday, December 11, 2010
3rd Dec Security Round up the week that was
This week will go down in cyber history as the first cyber war, brought about by the attempt to shut down Wikileaks and arrest Julian Assange unleashed angry protests and retaliatory responses on organizations that denied Wikileaks hosting, funds transfer or domain registration.
Retaliatory responses were in the form of a distributed denial of service (DDOS) attack, in which hundreds of computers sent traffic towards a particular web domain choking bandwidth, exhausting site compute power and preventing access to customers through severely degraded services or site unavailability. For the record, all targeted sites stuttered and eventually went offline for several hours even though many belonged to organizations with massive redundant IT infrastructure.
These DDOS attacks were set-up using over 30,000 computers in a sustained and coordinated attack. Interestingly, while the modus operandi was the same, the attack came in two flavors, a volunteer and a non volunteered initiated attack. The non volunteered attack used a network of malware infected desktops firing traffic bursts without the owner’s knowledge. Technically called a botnet, it is a group of bots which act in a master slave fashion. The master initiates an attack sequence and the bot fires a traffic burst. A bot is a malware downloaded unknowingly while surfing malicious websites, downloading movies, music and documents or using seemingly innocuous programs on social networks and mobile application stores.
What fascinated me most was the volunteer based attack, where over 43,000 volunteers downloaded a modified stress testing program called the low orbit ion cannon (LOIC) and clicked a button to become part of a network that fired traffic bursts at targeted sites. This activity is reminiscent of mob mentality, wherein normally rational individuals engaged in crowd fueled mania, end up committing acts unimaginable in normal circumstances. What is frightfully evident is the success of the volunteer approach, in convincing people to willingly download a malicious program (in this case a modified opensource application) from an unknown underground organization unmindful of the consequences of punishment under cyber laws or disguised malware.
In the real world when right groups or unions rise up in protest, they block roads, sabotage machinery, and prevent employees from entering factory premises. Today’s cyber protest targeting online properties could become a trend or a new reality. Employees who know of vulnerable spots in an organisations online infrastructure can be exceedingly destructive in compromising data and infrastructure assets. The impact may be severe as normally reserved employees, their friends and communities may be encouraged to participate, as in this form of protest there are no victims or physical damages and hence few moral repercussions.
Businesses should evaluate the consequence and risk of online cyber reprisal from citizens or employees in protest of their actions or policies. I believe this may become a reality in the future. Besides the embarrassing consequence such protests bring about, it would be difficult to prosecute protesting citizens and employees.