If you can't trust FBI-issue software...
Would you like Uncle Sam inside your PC?
Last December, the National Infrastructure Protection Centre -- a joint effort between the FBI and the US Department of Justice -- released a utility for Solaris and Linux computers that it claims will detect and eliminate the software agents which distributed-denial-of-service attack software uses to bombard other computers with a flood of data.
Now, in the aftermath of this week's spate of denial-of-service attacks, that software has drawn renewed attention. And, not surprisingly, some security specialists are not quite convinced that Uncle Sam software is a good thing. "It's from the FBI and I think they should get a certain level of trust," said "Space Rogue," a white-hat hacker and security researcher at @Stake "But I don't know if it is the FBI's job to post software."
Back in December, NIPC Director Michael Vatis said in a statement that the software was "one step further" than its core mission. "A central part of the NIPC's mission is to help protect critical computer networks by alerting private industry and government agencies of potential threats before an attack occurs," Vatis said. "In this case, we have gone one step further by developing a software application that can be used to detect the presence of a significant hacker tool and neutralise it."
Space Rogue pointed out that the software posted by NIPC has no source code attached -- meaning that security specialists cannot check that it works as advertised. Also, because a US agency developed the software, organisations in other countries may not want to use the applications; in fact, it could be illegal for them to do so.
Last week, Yahoo!, Buy.com, Time Warner's CNN.com, eBay, E*Trade, Amazon.com, Microsoft's MSN.com and ZDNet were attacked at different times by Web vandals who flooded each site with a deluge of data, essentially clogging up their Net connections. Service at the sites was either down altogether or severely slowed for several hours.
David Brumley, assistant computer security officer, Stanford University, stressed that the government has good reasons for keeping the source code locked up: Attackers could use such code to create a version that can't be detected.
Brumley has released his own utility called RID for scanning for attack programs. "The NIPC were not keen on releasing a remote scanning tool (like mine), because a hacker could use my tools to look for daemons placed by others and using those to launch their attack," he said.
What do you think? Tell the Mailroom. And read what others have said.
For full coverage see the Denial of Service Roundup.
Take me to the Hackers News Special