Freely subscribe to our NEWSLETTER

Operation payback isn’t « that » new and the idea has been around for some month now but this is the first large scale use of it. It all started with RIAA and other ruling systems that have been considered like being censorship system of the freedom of speech.

We have post an article here about DDOS counter measures for those interested in a more technical aspect of the problem.

Everything is there to get the first real cyber war

The situation here is critical and must not be under estimated.

This issue with Wikileaks and Julian Assange is what the underground black hats were looking for. A reason to launch the first real cyber war. The Russians are even proposing Julian Assange for the Nobel prize, making the situation perhaps funny but also showing that the cold war was not *that* ended. The Time is even considering Julian Assange the person of the year.

A guy willing to disclose everything publicly, an unfair situation and condemnation before even any trial was made and banks willing to stop both the funding of Wikileaks and its disclosure policy… This feel like everything the underground has been waiting for since a long time is there. A reason, a cause, an emblem and a political figure to defend…

Some more ingredients on top of that :

Like a massive retention of the « 0 day » exploits and attack techniques since the DMCA and other specific ruling has been adopted in the US. There is also the fact that the black hats have been stockpiling some new techniques, undisclosed, since some years now. Everything is ready for quite a hell of a mess.

And in the same time, every country out there are trying to strengthen their law against piracy and try to put a tighter control on the online activities. This is quite an important melting pot of idea, being aggregated altogether in a « we will fight for our freedom » movement. True or not, this concept is now leveraging a lot of troops around the world.

The Anon organization is taking the lead on this and is going weapon hot. This community is manifesting for the right of expression and more recently for the full disclosure policy. Their twitter has been cut down and moved to another account.

More to come…

Wikileaks is expected to release soon a massive new scandal around the banks, probably about Bank of America. Now that everyone is following this first Massive cyber disclosure, Wikileaks uses the roots of the Internet to be untouchable. Massive spreading using a mirror system (1300 up to today’s count), and posting their archives on Bittorrent made them fully bulletproof.

My company is doing both Managed servers for E-commerce and security / penetration testing services. We know about both populations, hackers as well as merchants, even banks, and the issue of all this is really not obvious.

Even if you can find some solutions against D.D.O.S attacks, the major companies still haven’t understood that they are weak… The D.D.O.S is still a massive scale attack, very complicated to struggle with and I fear many will feel reality of it within the next weeks.

Usually, while we perform penetration testing, they are barely aware of how the Internet really works and what mechanism they really rely on. This is all magic to them and they could never ever trust you when you explain them that there is no warranty of anything when it comes to « global IP traffic ».

A voluntary movement, even from « simple citizens »

One of the major issue for the governments and cyber cops is that M. everybody now can contribute to theses massive DDDOS attacks. Even if the « large scale providers », called Tier 1, have a huge amount of bandwidth, some 1 000 000 personal DSL connections are still a way more bigger weapon.

People are living one of the most violent crisis our modern economy had to struggle with. After the 9/11 physical attacks, we had a 9/11 on our economies and this situation can lead to a 9/11 of the Internet if this things get amplified.

The standard citizen is willing to « make them pay », to share the pain with the bankers. The movement recently led by Eric Cantona to flush the bank accounts was one example but those initiative are way more stronger on the Internet. When simple tools like « Low Orbit Ion Cannon » (L.O.I.C, LOIC) are made available to anyone, this is easy to feel like you’re part of the movement and make your computer and connection available to « take down the system ». This is perhaps the first cyber riot we are witnessing here.

This is a new concept, the voluntary bot net. This, added with the already existing bot nets turned millions of personal computers into a massive D.D.O.S weapon.

Actually, we know that millions of computers are already compromised by worms and viruses, linking them into bot nets that are usually « for rent« , but could be lend for free by their owner for political reasons. Those zombies computers are a kind of giant dark cloud, ready to answer any command sent to them like « send packets to Mastercard ». I’m not even sure that the commoner sending some packets to a website can be sued for any reasons (beyond the fact that he will probably not be logged).

This is even stronger since the commoner is thinking « If everyone does it, why would I be noticed among millions ? ». This is also true for other real hackers, some script kiddies and some really mighty black hats that will be more at ease to operate silently within this mess than during a normal week.

Far more than just a game or temporary fight

The context makes it dangerous. If everything was going fine, Wikileaks would probably never have risen, Anon and others wouldn’t have helped and all of this would be just fine.

But now, with the revelations, the crisis, the bank profits and bail out, the people getting poorer, everything is there to get a strong, deep and sustained movement in time. Almost every revolution theory is based on those kind of first symptoms. At least we can imagine that the war against Wikileaks will be amplified by the banks not willing to see their secrets disclosed and the governments afraid to be exposed.

And if this war goes on, the voluntary movement to protect Wikileaks will grow stronger and a central policy or even states can’t really fight against a « no name, no address » numerous enemy. Everyone here has to be wise and listen to each other, this seems to be the only way to holster the guns.

Escalation of violence, even electronic one, has never been a solution to any conflict. The population rioting through the Internet, backed by skilled hackers organizing them, can really be dangerous for everyone.

The Internet is really vulnerable

The basic structure of the Internet makes it resilient to a lot of different dangers but on the other hand some key points are still really weak and the underground knows it… Three simple examples among many others.

– DNS

The DNS main architecture can be taken down. This is no easy task but a massive DDOS can make them bow and thus wreak the name resolution and diffusion processes, creating a very uncomfortable situation.

The second point I’d like to underline is that the security flaw found by Dan Kaminsky during summer 2008 is still widely spread. Almost one forth of the DNS servers have not been patched, which make them still vulnerable to this simple but yet very efficient poisoning attack.

– BGP

This part also is quite sensible and fragile. The DFZ (Default Free Zone) members are supposed to trust each others blindly. We take routes from other AS and broadcast our routing systems to the other members… But if some strange packets are sent within the walled garden, they can break everything, like for example when during august 2010, the Ripe made an experiment that went wrong, breaking a lot of routes and disturbing part of the Internet traffic for some minutes.

The Chinese made « a mistake » creating one of the most spectacular Internet trafic Hijacking ever. It’s claimed to be a mistake, it looks like nothing less than the biggest and largest hacking ever done on the Internet, showing once again that the pillars of the Internet are « not that resilient ».

– IPV4

This is the most fundamental protocol of all the Internet. It has been around for decades and attacked on so many points that I can’t even think about a reliable figure to provide here. Some things are sure about IPV4, it’s used everywhere (less than 8% of Internet is IPV6 ready), it’s conceptually flawed on many points and last but not least, it’s a protocol allowing many kind of DDOS, spoofing, sniffing, and everyone is implementing it « it’s own way ».

All of this make IPV4 the most used layer 3 protocol worldwide and, of course, the most well known, tested, reversed and attacked…

– DDOS

This is still the main concern of this post and the main danger. It’s all about basic, massive, packet sending. The methods can differ and some can even be subtle but in a way or another, the Distributed Denial Of Service concept is all about fragmenting a huge traffic toward a single IP or range of IP. You can make some applicative layer DDOS, making a HTTP GET on a Web page for example (that will « kill » the CPUs of the considered servers) or simply bash the main connection of the site by sending a huge amount of packets (TCP/SYN, ICMP or others) to get a network layer DDOS.

Many different ways to proceed, all of them very simple to create and then… The sites/servers/connections are down. Few methods are available to fight against D.D.O.S but we are here talking about very technical ways to proceed and no guaranteed success, just a big slowdown of the rate. So, if an attacker put « more power », in the end, he will still probably crush the targeted site. Other ways to fight are available like, for example, he BGP routing mechanism but they involve a lot of work and skills and are not silver bullet either.

Conclusion

For all above reasons, we would like to issue a strong warning to everyone operating critical facilities on the Internet, like the one related to life critical systems in hospitals or critical security facilities. Double check that you’re are not over-exposed to some Internet temporary disruption since nothing is really sure.

I’m not saying the end of the world is near but some more important disturbances or disruptions may be feared given the previous analysis. We prefer to be seen as overcautious than to underestimate the potential danger. We are not pro or con anything in this matter, except perhaps against the fact that breaking everything is a solution.