Denial of Service Attacks Spread in Web’s First InfoWar

by Steve O'Keefe on December 9, 2010

Secrets of a Super HackerNearly 20 years ago, when promoting a book called Secrets of a Super Hacker by an author named “The Knightmare,” I got a wake-up call about how vulnerable the Internet was. This week, many companies have learned how vulnerable they are after being shut down by hackers related to the WikiLeaks drama.

Yesterday, MasterCard’s website was shut down for hours by a group of hackers angry that the credit card company had ceased processing payments to WikiLeaks. Andy Greenberg has been following this story minute-by-minute on The Firewall, his computer security column for Forbes:

MasterCard, which cut off services to WikiLeaks Tuesday, became the latest victim of a loose group of hackers known as Operation: Payback Wednesday morning, when its website went down under a flood of junk traffic sent by the group’s volunteer army… PayPal has already come under two cyberattacks after its decision to cut off its services to WikiLeaks last Friday night… And now PayPal may be back on its target list, followed by Twitter.

The technique being used in these attacks is a “Distributed Denial of Service” attack, or DDoS. The idea is to temporarily take control of thousands of computers on the Internet and direct them to a single Web address, causing the site to falter and eventually shut down. This technique was used by a hacker named “Jester” to shut down WikiLeaks in November. It’s the same technique being used by “Operation: Payback” and a group of hackers named “Anonymous” (a.k.a. “4Chan”) to retaliate against companies such as Amazon, PayPal, Visa, and others who have severed support services to WikiLeaks.

If you’re wondering what it’s like enduring a DDoS attack, Bill Brenner, the information security expert for CSO Magazine, provides a minute-by-minute account of the July 4, 2009, cyberattack that took out the Federal Trade Commission’s website, along with the Department of Transportation, and many private companies:

In that onslaught, a botnet of some 180,000 hijacked computers hammered U.S. government websites and caused headaches for businesses here and in South Korea.

This is the infamous attack that caused Google to publicly blame Chinese hackers, leading Google to eventually move its servers out of mainland China. By way of comparison, the attack on WikiLeaks last week was estimated at nine times larger than the infamous Fourth of July attack. Ironically, one of the 250,000 diplomatic cables recently released by WikiLeaks implicates the Chinese government in the Fourth of July attacks.

In a tweet on December 3 related to the WikiLeaks hackathon, Electronic Frontier Foundation co-founder John Perry Barlow uttered the syllables many a CIO has feared: “The first serious infowar is now engaged.” Barlow was one of the experts I approached in 1993 to review the book, Secrets of a Super Hacker.

The promotion for that book included a contest offering a prize to the first person who could hack my email account and send an email from my own account claiming the prize. When I first proposed the contest, the publisher’s Internet Service Provider (ISP) immediately notified all their subscribers, resulting in such an outcry that we decided to move the contest. Next, I approached The WELL, the cybercommunity in San Francisco where Barlow and many now famous members of the digerati hung out.

The WELL wanted no part of our contest, either, and threatened to suspend our account if we tried to run it there. I thought they would be pleased to have this benign test of their security systems. Instead, The WELL and several other ISPs I approached wanted no part of our hacking contest. Why?

After discussing the situation with several ISP administrators, I realized that security was not a priority for many of them. Most of them were using whatever weak protection came standard with the software they bought. They did not want their systems tested. If they had any extra money, they spent it on marketing: sprucing up the front door, not patching up the back door.

Our little contest served as a wake-up call for several service providers at the dawn of the Internet era. The infowar between WikiLeaks’ opponents and defenders should act as a loud wake-up call to online organizations everywhere to check their defenses. Cyber warfare has come of age, and the stakes now are higher than anyone imagined.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “MasterCard Taken Down By WikiLeaks Supporters, Twitter Next?,” Forbes, 12/08/10
Source: “What it’s like to get hit with a DDoS attack,” CSO Magazine, 12/08/10
Source: JPBarlow on Twitter
Image: Book cover of Secrets of a Super Hacker is used under Fair Use: Reporting.

Share and Enjoy!
  • Twitter
  • Facebook
  • Digg
  • StumbleUpon
  • del.icio.us
  • Reddit
  • Google Bookmarks
  • Tumblr
  • email
  • Print

Comments

Got something to say?