Wednesday, February 07, 2007

Hack Attack!!!!!!

From US-CERT, Homeland Security.

US-CERT was made aware of anomalous Domain Name Server (DNS) traffic that began on 6 Feb 2007. It is not confirmed whether this is a DDOS attempt, or an incidental effect of something else, however it is likely that the traffic is Distributed Denial of Service (DDOS) related.

At approximately 0001 GMT on 6 Feb 2007, several root-level DNS servers began receiving a large volume of malformed DNS queries. This initial attack appears to have been a warm-up for a much larger attack that began at 1000 GMT.

DNS servers G (U.S. DOD Network Information Center), L (Internet Corporation for Assigned Names and Numbers), and M (WIDE Project) appear to have been the most severely impacted although none were ever unreachable. The servers were operational and reachable even with the high volume of traffic.

US-CERT has been in contact with the various groups affected to ensure that appropriate actions are being taken.

US-CERT will continue to investigate and provide additional information as needed.

Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002. The attack lasted approximately 12 hours.

At this point it was a battle of computer geeks... as long as our geeks are smarter than their geeks, all is well...lol

Back in December it was repored that a jihadist website was calling for an attack on U.S. Internet-based stock market and banking sites.

Today news comes that "Hackers Attack Heart of Net" on BBC.

Hackers have attempted to topple key parts of the internet's backbone, in one of the most significant attacks of recent years.

The target was servers that help to direct global internet traffic.

In the early hours of Tuesday three key servers were hit by a barrage of data in what is known as a distributed denial-of-service attack.

There is no evidence so far of damage, which experts are saying is testament to the robust nature of the internet.

Websites unreachable

The so-called root servers involved in the attack act as a kind of global address book for the internet by translating website name information into IP addresses to enable computers to visit particular sites.

The servers involved were each operated by a separate body - the US Defense Department, the net's oversight body ICANN (Internet Corporation for Assigned Names and Numbers) and UltraDNS, which manages traffic for websites ending in "org" and some other suffixes.

"Last night we were seeing attacks which lasted for a couple of hours. There were probably hundreds of root server operators co-operating around the globe to make sure that the average user wouldn't notice," said Paul Levins, executive officer of Icann.

The fact that the attack remained invisible to users is being hailed as a success.

"The most interesting element of this concerted attack is that the system demonstrated the benefits of being dispersed and interoperable. There was no one point of failure," said Mr Levins.

The type of attack favoured in this case involves floods of data being sent to a machine in an effort to knock it over.

"A denial-of-service attack is a bit like fourteen fat men trying to get into an elevator - nothing can move," explained Graham Cluley, senior consultant at security firm Sophos.

If a part of the DNS system went down it would mean websites could be unreachable and e-mail undeliverable.

Research last year suggested that holes in the net's addressing system could leave 85% of the net vulnerable to take over if hackers combined simple attacks with denial-of-service attacks.

Mischief or money?

The fact that the attack remained invisible to users will be seen as evidence that the heart of the net can be kept healthy.

It was, said Mr Levin, too early to analyse exactly what happened or why; although there is speculation that zombie computers - the machines of innocent users which are recruited by hackers - were involved in the attack.

Whether the motive was mischief or money - in the form of blackmail - remains to be seen but Mr Cluley believes it is more likely to be the former.

"If money is involved there is a trail for investigators to follow. Attacking a target like this is just asking for trouble - like letting a huge bomb off in a building," he said.

I have always said that a sophisticated internet attack could do more damage to our economy and our very lives than a physical attack could.

During the big panic about internet going down in 2000, where everyone was up in arms about the possibility, I always said that the chances of that happening were slim to none.

A deliberate attack on the other hand, if successful, would change our lives in a manner that could very well do the US a massive amount of damage.

Think about it... our phones, our electric, almost everything in todays world is run by computers.

Now, do not get me wrong, I am not about to panic over something that has not happened, but there is the potential and it is something we need to keep our eyes on.

More from ZDNet, Guardian and NewsFactor on this story today.

I will update this as more news comes in.

.