More on The Man Behind the Curtain

Bill's forum was the first! All subjects are welcome. Participation by all encouraged.

Moderator: Available

Post Reply
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

More on The Man Behind the Curtain

Post by Bill Glasheen »

By now most of you know what little I think about the "excuse" of a movie trailer to attack US sovereign soil and kill a diplomat. It not-so-coincidentally came on as a sudden, coordinated attack on the 11th anniversary of 9-11, and this "video" was a fig leaf cover for it all. I don't think so.

Here is parts of the video. I have to keep searching for new versions as the older ones get yanked. But there's no problem getting an updated version.

Innocence of Muslims - Muhammad Movie - FULL HD

Pretty pathetic, isn't it?

Yes, the Muslim prophet was disrespected. And Christians were disrespected when an artist chose to put a crucifix in a pan of urine and call it art. Both were works of art designed to elicit an emotional hijacking. The response to these "works of art" says little about the quality of the art, as both are really pretty bad. However both successfully show a lot about their targets. In engineering we might call this an impulse function. You send such a thing into a system to measure system response to it so you can characterize these systems. Both the crucifix-in-urine and "The Innocence of Muslims" achieved their goals. They show good AND unflattering things about practitioners of these religions by the responses to them.

But again... the movie is a distraction. Something else is going on.

- Bill
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

THIS is big. Why it can only be found on one news source is a mystery to me.

QUESTION: What do 9-11 and a distributed denial-of-service (a.k.a. DDoS) attack on major US banks have in common?

ANSWER: They are both attacks on symbols of US economic power.

If you bank with any of the banks noted in the article below (I have accounts with 3 of them), you may have noticed you can't get online with them in the past few days. Here's why.

- Bill
Cyber Attacks on U.S. Banks Expose Computer Vulnerability

Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.

The attack, which a U.S. official yesterday said was waged by a still-unidentified group outside the country, flooded bank websites with traffic, rendering them unavailable to consumers and disrupting transactions for hours at a time.

Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn’t authorized to speak publicly. The extent of the damage may not be known for weeks or months, said the official, who has access to classified information.

“The nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against,” Rodney Joffe, senior vice president at Sterling, Virginia-based security firm Neustar Inc. (NSR), said in a phone interview.

While the group is using a method known as distributed denial-of-service, or DDoS, to overwhelm financial-industry websites with traffic from hijacked computers, the attacks have taken control of commercial servers that have much more power, according to the specialists.

“The notable thing is the volume and the scale of the traffic that’s been directed at these sites, and that’s very rare,” Dmitri Alperovitch, co-founder and chief technology officer of Palo Alto, California-based security firm CrowdStrike Inc., said in a phone interview.


White House

The assault, which escalated this week, was the subject of closed-door White House meetings in the past few days, according to a private-security specialist who asked not to be identified because he’s helping to trace the attacks.

President Barack Obama’s administration is circulating a draft executive order that would create a program to shield vital computer networks from cyber attacks, two former U.S. officials with knowledge of the effort said earlier this month.

The U.S. Senate last month failed to advance comprehensive cybersecurity legislation and the administration is contemplating using the executive order because it’s not certain that Congress can pass a cybersecurity bill, the officials said.


Bank Attacks

The group started almost two weeks ago with test attacks that triggered multiple alerts. The assault on financial firms began last week, starting with JPMorgan, Citigroup Inc. (C) and Charlotte, North Carolina-based Bank of America Corp., moving successively this week to Wells Fargo, U.S. Bancorp (USB) and yesterday, PNC Financial Services Group Inc. (PNC)

The industry’s Financial Services Information Sharing and Analysis Center posted a warning on its website dated Sept. 19 that cited “recent credible intelligence regarding” potential cyber attacks.

U.S. Bancorp is working with federal law enforcement officials after the attacks caused delays for customers, Nicole Garrison-Sprenger, a spokeswoman for the Minneapolis-based company, said in an e-mailed statement. Customer data and funds are secure, she said.

PNC was experiencing a high volume of Internet traffic, causing disruptions for some clients, Fred Solomon, a spokesman for the Pittsburgh-based bank, said in an e-mailed statement.

Bridget Braxton at San Francisco-based Wells Fargo, Bank of America’s Mark Pipitone, Andrew Bernt of New York-based Citigroup and Kristin Lemkau at JPMorgan declined to comment.


Responsibility Claim

A group calling itself Izz ad-Din al-Quassam Cyber Fighters claimed responsibility for the assault in a statement posted to the website pastebin.com, saying it was in response to a video uploaded to Google Inc.’s YouTube, depicting the Prophet Muhammad in ways that offended some Muslims.

The initial planning for the assault pre-dated the video controversy, making it less likely that it inspired the attacks, according to Alperovitch and Joffe, both of whom have been tracking the incidents. A significant amount of planning and preparation went into the attacks, they said.

“The ground work was done to infect systems and produce an infrastructure capable of launching an attack when it was needed,” Joffe said.

Jenny Shearer, a spokeswoman for the Federal Bureau of Investigation, and Peter Boogaard at the U.S. Department of Homeland Security, declined to comment.


Premature Attribution

Senator Joe Lieberman, a Connecticut independent who heads the Senate Homeland Security and Governmental Affairs Committee, said last week he thought Iran was behind the attacks.

Alperovitch and Joffe said that while they think one group is behind the attacks, they didn’t have enough information to prove or disprove Lieberman’s assertion that Iran is responsible. The U.S. official with access to classified information said it’s premature to attribute the attacks to Iran’s government.

The attacks flooded the bank websites with 10 to 20 times more Internet traffic than the typical denial-of-service attack, Alperovitch said. He said that no data were stolen and no networks infiltrated by hackers.

The group claiming responsibility named the days it planned to attack and identified the banks it would target in a separate posting on pastebin.com.
Inadequate Defenses

That hackers telegraphed their intentions and targets shows the difficulty industries and governments face in keeping up with fast-moving network threats, said Atif Mushtaq, senior staff scientist with FireEye Inc., a Milipitas, California-based security firm.

“They had already declared they would hit these banks at these times, and still we are seeing that these banks are not able to handle these DDoS attacks,” Mushtaq said. “It’s clear that the current infrastructure under the control of these banks is not good enough.”

There’s no sign the attacks are going to stop, Alperovitch and Joffe said.

“I would not be surprised to see another pastebin posting that provides a new set of targets for this weekend and next week,” Joffe said.

A broader or more sustained denial of service attack could shake consumer confidence in the banking industry, Joffe said.


Bad Timing

“If banking infrastructure was affected in this way for an extended period of time, the natural outcome of that is a loss of faith,” he said. “If you can’t get to your banking site for three or four hours on a day when you have to do things, you start thinking about what are my alternatives because this might happen again.”

The banking industry worries about an organization with more resources launching attacks, said Ed Powers, head of security and private issues for U.S. financial firms at Deloitte & Touche LLP.

“This is coming toward the end of the month; it’s badly timed,” Joffe said. “People have to pay bills today and tomorrow.”

Previous denial-of-service attacks proved to have been cover for looting bank accounts and stealing customers’ or employees’ personal information, said another private cybersecurity analyst, who asked not to be identified to maintain client confidentiality. There’s no evidence so far that the latest attack has included theft.

If the financial industry, which spends more on Internet security than any other industry and has its largest and most extensive defenses, can’t handle this, it’s not clear whether any critical-infrastructure industry can, the analysts said.

To contact the reporters on this story: Chris Strohm in Washington at cstrohm1@bloomberg.net; Eric Engleman in Washington at eengleman1@bloomberg.net

To contact the editor responsible for this story: John Walcott at jwalcott9@bloomberg.net
- Bloomberg
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

Just a hunch...

It wouldn't surprise me that Iran was behind the DDoS attacks on banks - one of which kept me from getting to my bank online yesterday. (Phone still works though...) As you may know, it has been the policy of Obama, the EU, and others to thwart Iran's attempt to build a nuclear capability via severe economic sanctions. They've had their effect. Sadly it is my opinion that it will only delay the inevitable. And when a certain critical point is reached, pay attention to Israel's response.

The reason I mention Iran is because Israel allegedly was involved previously in a Stuxnet worm attack on Iranian computer systems that controlled their nuclear research facilities. Word is that the atttack set them back a year or more in their work. And the US may have been involved.

If this is what it purports to be, then IMO it should be a topic of discussion in the presidential debates this week. The US once again is being attacked. Little is being done to stop it.

- Bill
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

This just in, and reported today in the Wall Street Journal.
WSJ wrote:The revised assessment by the Director of National Intelligence, the office that heads up the various U.S. spy agencies including the Central Intelligence Agency, is the most declarative U.S. statement yet that the Sept. 11 assault on U.S. diplomatic sites in Benghazi, Libya—which left four Americans dead, including U.S. Ambassador Christopher Stevens—was a coordinated terrorist attack. It contrasts with some early administration statements that the siege grew out of a spontaneous protest over an anti-Islam video.
How did it take 18 days for our government to admit this? Oh yea... it's an election year!

No longer can our commander in chief blame an attack on US sovereign soil and the murder of a US diplomat on a B-rate movie trailer. But nice try!

- Bill
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

More on the recent cyber warfare.

Given that these botnets are now sophisticated enough to get at and enslave servers to do their dirty deeds, I'm wondering about the nature of such servers. Are they Windows-based? I'm thinking probably. If that's the case, then such attacks may spur a growth of unix- and Linux-based systems. Just a hunch.

- Bill
SAN FRANCISCO — The hackers behind the cyber attacks on major U.S. banks have repeatedly disrupted online banking by using sophisticated and diverse tools that point to a carefully coordinated campaign, according to security researchers.

The hackers, believed to be activists in the Middle East, were highly knowledgeable about the defensive equipment used by the banks and likely spent months on reconnaissance, said several researchers interviewed by Reuters, who viewed the assaults as among the strongest and most complex the world has seen to date.

In the past two weeks, customers of top U.S. banks including Bank of America, JPMorgan Chase & Co, Wells Fargo & Co, U.S. Bancorp and PNC Financial Services have reported having trouble accessing their websites, as unusually high traffic volumes appeared to crash or slow down the systems.

No thefts have been tied to hacked sites, but an untold number of customers were not able to pay bills or transfer money from their computers, leaving banks with remediation expenses and customer irritation as the biggest costs.

Researchers said the hackers used groups of compromised computers, known as botnets, which are inexpensive to rent for short periods. What made these botnets much more powerful was that they were made up of Web servers that had been taken over, instead of mere personal computers.

"Tens of thousands" of servers are involved, said Tom Kellermann, vice president of major security vendor Trend Micro.

The FBI declined to comment on its investigation of the attacks. The banks either declined to comment or noted that most customers have been able to log into their accounts.

"It's fairly large, but it's something financial institutions are accustomed to dealing with," said Doug Johnson, vice president of the American Bankers Association trade group.

Sources familiar with the bank attacks have previously told Reuters that they could be part of a year-long cyber campaign waged by Iranian hackers against major U.S. financial institutions and other corporate entities.

Sen. Joseph Lieberman, chairman of the Senate's Homeland Security and Governmental Affairs Committee, has also blamed Iran's much-improved cyber forces on the bank website outages.
- U.S. bank website hackers used advanced botnets, diverse tools
Valkenar
Posts: 1316
Joined: Mon Aug 21, 2000 6:01 am
Location: Somerville, ma.

Re: More on The Man Behind the Curtain

Post by Valkenar »

Linux currently has a small majority of web server OS market share. After looking it up, it seems like it's a 60/40 linux/windows split.

Anyhow, the real issue isn't the power of the machine being compromised, it's the connection. The big difference is that most home computers don't have much uploading ability, which is (kinda - it's complicated) how a DDoS works. So while a server isn't that much more powerful than a home computer, it typically does have a whole lot more bandwidth.
User avatar
Glenn
Posts: 2186
Joined: Thu Dec 20, 2001 6:01 am
Location: Lincoln, Nebraska

Re: More on The Man Behind the Curtain

Post by Glenn »

Unix, Linux, and Mac OS are just as vulnerable to malware as Windows, some analysts argue the former are even more vulnerable because of the common mis-perception that malware is only a Windows issue. It really does not matter what the OS is, malware coders will find a way to attack it. As long as the machine is networked it is vulnerable to malware and being used for DDOS attacks. The main reason Windows has received the brunt of these issues is because of its market dominance, making it more popular with the malware coders so that they can have the greatest effect. However the growth of Linux in the server OS market has already attracted the attention of malware coders, as this 2006 report warns:
Linux Malware On The Rise

By Andy Patrizio | April 27, 2006

Assuming you're safe from viruses and other malware just because you are on a non-Windows platform is a big mistake, as the number of Linux-based malware doubled in 2005, and Mac OS X is next to get hit, according to a report from Kaspersky Labs.

In a report titled "2005: *nix Malware Evolution," the Russian antivirus software developer pointed out that the number of Linux-based malicious programs -- viruses, Trojans, back-doors, exploits, and whatnot -- doubled from 422 to 863.

Numerically, that pales compared to the 11,000 Kaspersky found for Windows in the second half of 2005 alone.

However, it could be more devastating because many non-Windows users assume malware is only a Windows problem and don't take any precautions. Kaspersky said Linux users are careful, but one security expert disagrees.

"With Linux users, there's a very vigilant effort to make sure the system is as secure as possible, mostly because Linux people are very aware of security dangers and the security that needs to be put in place," said Shane Coursen, senior technical consultant with Kaspersky's U.S. office in Woburn, Mass.

"The other thing is that there are people who have transitioned from Windows to Linux, thinking Linux would provide them more security, and they make sure their new Linux system is secured," he added.

But Tom Ferris, researcher with Security Protocols, a computer security research firm in Mission Viejo, Calif., said the opposite.

"In people's minds, if it's non-Windows, it's secure, and that's not the case," he said. "They think nobody writes malware for Linux or OS X. But that's not necessarily true, as that report showed."

The growth in Linux malware is simply due to its increasing popularity, particularly as a desktop operating system, said Coursen.

"The use of an operating system is directly correlated to the interest by the malware writers to develop malware for that OS," he added.

The Kaspersky report said that the Unix picture mirrors that on the Win32 front. The biggest problems are exploits and back doors designed to steal information.

There are also sniffers, flooders and other hack tools. While rootkits get all the headlines, Coursen said the biggest problems will still be exploits and Trojans.

"Backdoors and Trojans are the most common as the major malware across all platforms because they give a hacker greater access to the system," said Coursen. "That's why they invest the most time in creating those. The reasons for wanting to get in aren't different between Windows and Linux. They want to copy keystrokes for login information, passwords, credit-card transactions, and so on."

Kaspersky thinks the Mac OS X platform is next to get hit. It's growing in popularity, is based on FreeBSD, which has a few existing viruses, and there are more than a few holes in the operating system and in the Safari Web browser.

Ferris has been digging into OS X and posting numerous bugs to the Security Protocols Web site in recent weeks.
So the servers that are being used for the DDOS attack could very be ones with Linux OS, although I suspect that they include a mix of both Windows and Linux.
Glenn
User avatar
Glenn
Posts: 2186
Joined: Thu Dec 20, 2001 6:01 am
Location: Lincoln, Nebraska

Re: More on The Man Behind the Curtain

Post by Glenn »

From the "Cyber Attacks on U.S. Banks Expose Computer Vulnerability" article Bill posted above
“This is coming toward the end of the month; it’s badly timed,” Joffe said. “People have to pay bills today and tomorrow.”
I think that was the idea! "Badly timed" versus "perfectly timed" would depend on which side of the attack you are on.
If the financial industry, which spends more on Internet security than any other industry and has its largest and most extensive defenses, can’t handle this, it’s not clear whether any critical-infrastructure industry can, the analysts said.
Did anyone watch the re-imaged Battlestar Galactica TV show that started its run in 2004, and how the 12 Colonies fell...?
Glenn
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

Valkenar wrote: Anyhow, the real issue isn't the power of the machine being compromised, it's the connection. The big difference is that most home computers don't have much uploading ability, which is (kinda - it's complicated) how a DDoS works. So while a server isn't that much more powerful than a home computer, it typically does have a whole lot more bandwidth.
First... Your servers must really suk. All the servers I use put a desktop to shame. It isn't just the speed of the processor; for some servers it's the number of processors in them. God knows I couldn't do the kind of computations on my desktop that I regularly do on our SAS servers.

That said, your point about bandwidth is well taken.

- Bill
Valkenar
Posts: 1316
Joined: Mon Aug 21, 2000 6:01 am
Location: Somerville, ma.

Re: More on The Man Behind the Curtain

Post by Valkenar »

Bill Glasheen wrote:
Valkenar wrote: First... Your servers must really suk. All the servers I use put a desktop to shame. It isn't just the speed of the processor; for some servers it's the number of processors in them. God knows I couldn't do the kind of computations on my desktop that I regularly do on our SAS servers.

That said, your point about bandwidth is well taken.

- Bill
Or maybe your desktop sücks. :) Anyway, I didn't say desktops are equally powerful, just that they aren't all that much weaker than your typical server machine. Nowadays what you see is racks in a server farm. No one machine is all that powerful, though they will have higher specs than a desktop typically. Are you sure you SAS server isn't actually a cluster? There are still big superomputer/mainframe style setups out there, but especially in web servers, which I though is what we were discussing they're the exception more than the rule.
User avatar
Bill Glasheen
Posts: 17299
Joined: Thu Mar 11, 1999 6:01 am
Location: Richmond, VA --- Louisville, KY

Re: More on The Man Behind the Curtain

Post by Bill Glasheen »

No cluster. Multiprocessor unix server.

Sometimes when looking at the stats for a run, I see that the wall clock time is shorter than the processor time. My work gets nicely multithreaded.

Bill
Post Reply

Return to “Bill Glasheen's Dojo Roundtable”