Evidence that Georgia Cyberattacks Were "Populist" in Nature

The attacks against websites in Georgia are most likely populist in nature rather than state sponsored says Gary Warner, director of computer forensics research at UAB. In a blog post today, Warner has provided some evidence regarding his speculations including scripts from Russian language websites. He writes: "This script was copied from one of more than forty Russian language sites where I found copies of an 'attack script' that people were being encouraged to run on their own computers..." more»

U.S. Not Vulnerable to Type of Cyberattacks Launched at Georgia

Experts agree that the U.S. is probably more Internet-dependent than any place in the world and hence more vulnerable than any other country. However in a CNN report today, Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute, says that U.S. "can command so much bandwidth that it's hard to overwhelm our servers," in light of last week's, and still ongoing, cyberattacks against Georgia. "We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don't have those capabilities," says Borg. more»

Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident?

It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more»

Georgians Use Spam to Explain Their Situation

Call it outreach, call it propaganda or call it brilliance or even desperate measures, spammers (people) who favour the Georgian side in the recent conflict have been spamming using email, to get their point across. Depending on where in the world you are from, your ideological standpoint on Russia and your beliefs, when it comes to what email should be like, can be different and you may judge the action as you will. I call it spam. An Estonian colleague Viktor Larionov was quoted saying that whether there is a cyber war in Georgia or not, we know there is in fact a media war in play... more»

Did Russian Cyber Attacks Precede Military Action?

The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more»

Lithuania Attacked by Russian Hacktivists, 300 Sites Defaced

Last week's mass defacement of over 300 Lithuanian sites hosted on the same ISP, an upcoming attack that was largely anticipated due to the on purposely escalated online tensions out of Lithuan's accepted legislation banning communist symbols across the country, once again demonstrates information warfare building capabilities in action. Moreover, the attack is again relying on common prerequisites for a successful information warfare campaign, used in the Russia vs. Estonia cyberattack last year. These very same Internet PSYOPS tactics ensure the success of the information warfare as a whole... more»

Comcast Domain Name Hacked, Website Breached for Several Hours

Shortly before 11 p.m. EDT yesterday, Comcast users began noticing that Comcast.net had been hacked. More technically, early indications are that someone hacked Comcast's registrar account at Network Solutions, changing the authoritative DNS servers for Comcast.net -- rerouting portal visitors to IP addresses in Germany or elsewhere. The front page of Comcast.net was replaced with a note saying the hackers had "RoXed" Comcast, according to postings at BroadbandReports.com. more»

CNN.Com, Politically Motivated DDoS, and Asymmetric Warfare

Once again I find myself thinking about the nature of the asymmetric warfare threat posed by politically motivated DDoS (Estonia in 07, Korea in 02, and now China vs. CNN in 08). I keep thinking about it in terms of asymmetric warfare, a class of warfare where one side is a traditional, centrally managed military with superior uniformed numbers, weaponry, and skill. On the other we have smaller numbers, usually untrained fighters with meager weapons, and usually a smaller force. Historical examples include the North Vietnamese in the 20th century and even the American Revolution in the 18th century. Clearly this can be an effective strategy for a band of irregulars... more»

Escalating Attacks on U.S. Military Networks Linked to China

Numerous hacks from the Far East sure look like concerted attacks against U.S. military installations, but nobody's saying for sure... A Wall Street Journal article March 12 described how military networks are increasingly the targets of hackers. The targets are not limited to actual Department of Defense networks, but can also include defense industries and think tanks. more»

Hackers Spreading Malicious Code Using Typosquatted Domains

Finjan Inc., a web security company, has released reports today on hackers and cyber-criminals using typosquatted domain names to infect visitors to legitimate websites and increase the lifecycle of cyber-attacks. Leveraging the similarity to legitimate and frequently used domain names is successfully enabling these attackers to go unnoticed by webmasters and security solution providers. more»

The Case Against DNSSEC

I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more»

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more»

New Report Warns Against "DNS Forgery Pharming" on BIND 9

In a recent report released by Trusteer, security researcher Amit Klein has cracked BIND's random number generator and demonstrated a new attack affecting most Internet users. In this "DNS Forgery Pharming" attack fraudsters can remotely force consumers to visit fraudulent websites without compromising any computer or network device. more»

US Homeland Security Wants Control Over DNS

The US Department of Homeland Security (DHS), which was created after the attacks on September 11, 2001 as a kind of overriding department, wants to have the key to sign the DNS root zone solidly in the hands of the US government... During the current ICANN meeting in Lisbon, Bernard Turcotte, president of the Canadian Internet Registration Authority (CIRA) drew everyone's attention to this proposal as a representative of the national top-level domain registries (ccTLDs). more»

Anycast Technology Effectiveness in Recent DNS Attack

During the attack, which lasted almost eight hours, six of the 13 root servers that form the foundation of the Internet's DNS were targeted, ICANN said. However, only two were noticeably affected. These two did not have Anycast installed because the technology was still being tested, ICANN said.

"With the Anycast technology apparently proven, it is likely that the remaining roots--D, E, G, H and L--will move over soon," ICANN said. The letters refer to the five of the 13 official root DNS servers that do not yet have Anycast installed. more»