Online Attack Hits US Government Web Sites 199
angry tapir writes "A botnet composed of about 50,000 infected computers has been waging a war against US government Web sites and causing headaches for businesses in the US and South Korea. The attack started Saturday, and security experts have credited it with knocking the Federal Trade Commission's (FTC's) web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the Department of Transportation."
Internet Sovereignty (Score:4, Interesting)
I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum.
Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.
Re:Internet Sovereignty (Score:4, Interesting)
I'm just curious when or if rules are going to be put up about Internet sovereignty, so that an attack on a website is seen as an act of war. I can totally see a situation where a US gov't website or economic hub (e.g. stock exchange servers) would get hit by a series of computers based out of N. Korea, the US declares war on N. Korea for violating US internet sovereignty, and the whole thing was a setup by a third party looking to create and exploit a power vacuum. Maybe I've been reading too many NetForce novels, but the whole idea scares me, and I have the feeling that most people in America wouldn't understand why... particularly the people who make the laws about this kind of thing.
What stops people doing that is the same thing that stops them doing it in the physical world. People have been trying to frame others for military attacks since the dawn of human history and the main deterrant is that if it backfires not only will the government become destabilized from within as people oppose the subterfuge but both involved nations with pile on it simultaneously.
Not to mention, even if they succeed, it will come back to haunt them at some later point after their intervention is discovered.
Re:blame China (Score:3, Interesting)
An individual would have to be VERY motivated to attack two countries at once.
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
Re:blame China (Score:3, Interesting)
The point of a botnet is they don't have to be very motivated at all. Just bored. Having a list of IP numbers or URLs that includes 2 countries is *not* difficult.
I mean there's a high probability (50%+) that they will spend the rest of their lives inside a prison. Targeting a foreign country's military infastructure is no small thing and their home country is unlikely to go to defend them from something like this. If they're smart enough to pull this off no doubt this would have occured to them as well. Remember the guy that infiltrated NASA got something like 20+ years and that wasn't even military critical, neither did he do damage.
Re:Aiding and abetting? (Score:3, Interesting)
So, normally I would agree with you hands down, however, I think the issue is that many people are unaware that their computers are being used for malicious purposes.
Case in point: recently I visited a friend of mine to take a look at his computer. He was complaining it was running slow. A quick check showed multiple viruses on his machine. I asked him how long it had been that way, and his response was, "a few months".
The thing is, by far and large a significant portion of the population is more than likely unaware of what a botnet is, let alone possess the ability to diagnose when their computer has been infected. This is quite different then say, a harboring a bomb maker, as most people (hopefully) would be aware that the guy building bombs in their garage is bad news.
Further, this issue is complicated that the attacks may be motivated politically but carried out by private individuals. If a connection is found, say possibly even a direct link, how is a government supposed to react. Does this qualify as an act of war, espionage, or state sponsored terror attack?
It becomes a sticky issue whenever states are involved, simply due to the politics behind it. If it was soley an attack on a private enterprise, by some general criminal, I would simply recommend getting the cooperation of the government that is harboring / serving as a base of operations for the person / people behind the botnet and having it resolved that way. (Now, I do realize that there are many rogue nations or places that are willing to harbor these types of people, so in reality, a different solution is more than likely needed.)
Re:blame China (Score:2, Interesting)
You think for one second that a bored hacker even thinks that far ahead? And lets get some perceptive here. A few website went down for less than a day. Hardly an attack that anyone should care about. And not national security or military level either. Really a DDOS attack like this, *is* a small thing.
I'm not disagreeing, it's entirely possible. I merely think it's unlikely. The scale of the attack does appear small, but the NASA example I used was nothing to care about, intent to attack matters.
Re:blame China (Score:5, Interesting)
I've heard this theory before and my first thought was: "Do they even have internet in North Korea?"
Well, do they?
Re:Intensifying the conflict much? (Score:5, Interesting)
You're right. The real enemy here is Microsoft! If we stopped Windows, we would stop the attacks. I think we should send the military to liberate Redmond.
Re:Pull the Gdamn plug! (Score:1, Interesting)
What the ISPs could do for this is to filter outbound traffic such that if the src IP is not on their network (i.e., is spoofed) the packet is dropped.
Yes they could do it. But would they? This I'm not able to make up my mind on.
Some ISP's buy and sell their bandwidth per xByte. Others source to a dedicated pipe, and as long as they aren't saturated don't care. If the ISP is charging their client's per xByte, then they're not going to want to filter the client's data. Of course, you'd think all the ISP's jumping on the throttling bandwagon would be all over this already. Does anyone know the answer to that?