US, S. Korean websites under attack; N. Korea blamed
Summary: So it's cyberwar.In a July 4 attack that is believed to come from North Korea or its sympathizers, the websites of a number of U.
So it's cyberwar.
In a July 4 attack that is believed to come from North Korea or its sympathizers, the websites of a number of U.S. and South Korean government agencies were knocked out and experienced continuing problems since the holiday, the Associated Press is reporting today.
U.S. agencies having problems: the Treasury Department, the Secret Service, the Federal Trade Commission and the Transportation Department. The Washington Post and other private-sector sites were hit as well.
South Korea's National Intelligence Service told Korean lawmakers that North Korea is behind the distributed denial of service attacks.
Stateside, the U.S. Computer Emergency Readiness Team issued a notice "advised (agencies) of steps to take to help mitigate against such attacks," a Homeland Security spokesperson said.
The Transportation site was down Saturday through Monday; FTC was down Sunday and Monday. Ben Rushlo, director of Internet technologies at Keynote Systems, said the Transportation Web site was "100 percent down" for two days, AP reports. FTC was coming back online Sunday but by Tuesday was 70 percent unavailable.
Web sites of major South Korean government agencies, including the presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
attacks from Windows machines
attacking the government sites. Will we ever learn?
Funny how it was omitted from the story.
story but they aren't including the most important part of the story. This
has to do with an old active x tech from Microsoft. 18 months and
Microsoft is still sitting on it's laurels. Funny how everyone was up in
arms when Apple took six months to fix java, but on the Microsoft side,
all this is being swept under the rug. Anyone remember the .ani exploit
in the wild? How long did it take Microsoft to fix that issue?
Active X
Attacks from Linux machines
Some sources are pointing to Linux machines as the culprit.
Linux avoids ActiveX
Military/Govt Servers
They should have mentioned in the story that South Korea has top notch broadband Internet, so there are probably lots of computers there to turn into zombies. I have no idea what the preferred operating system is in South Korea. Being an Asian country it is hard to say. It could be that a lot of the operating system are either Linux or pirated copies of Windows. I have not been in Korea in 20 years or so but when I was there pirated music tapes were quite common. China also is nearby and in China they also have a problem with pirated songs and software. This them of not paying for licensing is a common theme in Asia.
meh
Can't use Linux
Linux Of Couse
Windows, LInux, Unix, Lindows, Minux, et al
In a way, I like it in that it might wake up a lot of security people who are asleep at the switches and operate purely in reactive versus proactive modes. As a corporate country, we are pathetically behind the times and lax in security in all walks of life.
OTOH, the alleged source of a lot of this trouble, which I actually agree is likely retaliation, China is so ridiculously un-secure that it should be a simple job to shut them down by simply honeypotting and shipping the tripe right bact at them. A few well addressed spews like that to well thought out addresses would topple the gvt for a short peiod of time and might make a point. That's as opposed to the currently unsophisticated and rumor-run attacks some here are pushing into China.
Cyberwars are silly in the sense that any company that wants to can simply ban the entire country from its sites and never see a thing from them. Only our greedy, dollar sucking bass-turds NEED communications from China. All it takes to keep them off your site is a .htaccess file and to know what you're doing with it. How-to is posted all over the 'net. I blocked them long ago so I'm not even seeing the current rash of chinese spam going to everyone and their brother. I'd rather they wasted their time sending to me whre it gets dropped on the floor than to some innocent party who doesn't need/want it. And if you don't like .htaccess, a proxy and a 3rd party app can achieve it just as easily, maybe even easier.
So it's not which OS is doing the work; it's the work itself that matters. Any current OS could accomplish the same thing so - there's nothing to argue about that way.
IMO at least<g>.
If it was easy just to unplug China...
unplugging China, this would have been done.
But most of the problem really comes from
within our own networks, because they will
always find a way to connect to them: they
absolutely don't need a huge bandwidth to
compromize some large enough server in USA,
Europe, Japan, South Korea. There are already
tons of vectors that allow them to run any
security attack againt some western server that
they have found to be open to some security
hole.
They will harvest it very secretly, only to use
them later as the gun (signal of attack) that
will deliver the bullet to the zombies already
deployed worldwide. This kind of gun can be an
order to download a new specific program, sent
to a few preselected hosts (preferably those
running on broadband fiber accesses on home
computers, because they can act very rapidly
and reach very fast a lot of targets).
Launching a new attack has never been so fast,
it can now take a few seconds for an attack to
reach almost all major backbones in the world
and most ISPs, but the best security monitoring
companies will not be able to react before
minutes just to detect the attack (and there's
still no emergency system that can delay or
slow down some critical service for minimum
investigation.
Yes it's true that Linux servers can be
harvested as intermediate relays for secretly
lauching the bullet, but it's also true that
today, most of the internet bandwidth and CPU
force is now located in billions of homes,
running Windows and connected to the Internet
with broadband services: these billions of
homes contain hundred of millions PCs infected
by all sorts of worms (there are now thousands
of new worms every day specifically for
Windows, and they don't always need to harvest
a security hole in Windows to install
themselves: they can simply harvest the many
security holes or open doors left open within
one of the many existing old worms remaining on
the network; in that case, these new programs
do not perform actions that are easily
trackable before their installation, but they
get immediately an access to the full system,
including with the possibility of running
secretly despite there's apparently an
antivirus installed: they control the antivirus
and hide themselves from it, just to expose
them the information they want.)
Where is now the problem? it's no more in China
or Korea, but directly on the PCs running at
home at your immediate neighbours, friends, or
in a company. Every ISP is now affected but
none of them will take action to shut down
preventively their customers from their
network. The best they will do is to inform
their customers, often indirectly. But users
are still left without good security
investigation tools, most of them don't pay for
it (and most of them feel that the protection
offered by the "box" provided by their ISP is
enough to protect them from inbound connection,
ignoring that the problem is still on their PC
that can open inbound ports on the router at
any time with a very small worm program running
on their PC and performing outgoing requests to
the Internet once they have been infected.
In other words, internal or external firewalls
are now completely useless, unless they could
be also dynamically updated to regulate the
*outgoing* traffic. Almost all users don't even
know the number of legit programs running on
their PC that are still regularly performing
outgoing requests to the internet or that are
left running permanently with open listening
ports.
Windows still does not help users by clearly
displaying every such program or identifying
clearly with each host on the Internet these
programs are communicating (in fact Windows
offers NO tool to monitor the open sockets and
get the list of programs or identifying the
service running in some thread of "svchost.exe"
that is causing such communication, because
service threads are not identifiable and can't
be unloaded selectively: you can just kill some
process without knowing precisely if it will
just crash Windows completely.)
Microsoft should never have invented the
infamous "rundll.exe" or "svchost.exe"
processes. It was really a bad idea to allow
separate services to run in the same process
without being precisely identifiable and
selectively killable. The problem is
architectural, and the best that MS can do is
to run those critical system services sharing
the same process within a virtual machine like
.NET, that allows fine-grained control and
identification on the running thread. Win32
threads have never been designed for that.
There are similar problems with most device
drivers that shouls no longer run as processes,
but only as plugins running in a protected VM
controled by the kernel, so that their
isolation and identification becomes effective.
To be honest, you will find Linux in this
category, now that it can also run or emulate
Windows; you'll find also servers (runnigng any
OS) running hypervisors with virtualized OSes.
With the increased level of interoperability
between distinct OSes, and a lot of softwares
or libraries whose source has been written
identically to be portable from one OS to
another, there now exists exactly the same
problems on almost all OSes (including now,
sometimes, the OS running within dedicated
devices on which users do not even know that
they run a generic OS, like NASes, broadband
routers, set top boxes... and that they can't
even update themselves because these boxes are
closed, or maintained by their operator, or are
no longer maintained by their manufacturer).
These "boxes" are supposed to be secured, but
we start to see now that they can become the
targets of attacks, and I think that this will
be even more frequent in a very near future
(and the users, or the antivirus or security
suite running on their PC or Mac will never
notice it, despite these boxes can now become
the best zombies of the world, without having
to harvest any PC or data directly on the home
or organization's local network: they will just
monitor your traffic and will insert in it
every content they want !)
All that can be done now is to promote the full
securization of the WHOLE internet, using
encryption and/or end-to-end authentification
and signature.
The PKI infrastructures must now be deployed
more massively, not just on Internet servers
for their commerce platform, but for each
customer on all their Internet accesses (but
there will be solutions to find to help protect
the privacy, including those using the security
systems to help protect against their
dissemination and reuse by unauthorized
parties). It's high time for ISPs and
governments to give free personal numerical
secure certificates as part of their regular
services. And to make their use much simpler to
interpret that what they are today (or provide
better interfaces to use them securely with
terms that can be understood by average
customers, plus provide education about them;
it will be very hard to provide the second
part, given that most customers have still not
understood how to protect their ID card or
green card, or credit cards!).
Actually its not
Of course, it can't be Windows
because Windows in known to be secure and never part of a botnet. All
these systems are doing it in concert.
Dimwit it is the Windows ecco system causing the problems.
http://www.computerworld.com/s/article/9135259/Microsoft_may_have_known_about_critical_IE_bug_for_months
& here
http://www.computerworld.com/s/article/9135279/Updated_MyDoom_responsible_for_DDOS_attacks_says_AhnLab
& here
http://www.computerworld.com/s/article/9135273/Newest_IE_bug_could_be_next_Conficker_says_researcher
Could things get any worse than this at the moment?
"In a world without walls & fences, who needs windows & gates?"
So, what you're saying is...
Huh?
Will we ever learn what?
Malware authors target OSs with 90%+ marketshare?
What exactly are you thinking we are supposed to learn from this?
Your time is coming
WE?
Win machines