April 23rd, 2008
Recent CNN Distributed Denial of Service (DDoS) attack explained
According to Netcraft:
“The CNN News website has twice been affected since an earlier distributed denial of service attack last Thursday. CNN fixed Thursday’s attack by limiting the number of users who could access the site from specific geographical areas. Subsequently, an attack was purportedly organised to start on Saturday 19th April, but cancelled. However, our performance monitoring graph shows CNN’s website suffered downtime within a 3 hour period on Sunday morning, followed by other anomalous activity on Monday morning, where response times were greatly inflated. Netcraft is continuing to monitor the CNN News website. Live uptime graphs can be viewed here.”
Dancho Danchev, a noted security researcher, has explained this attack on his blog. It’s an interesting discussion that I think all should read. I’ll leave all the details to his blog, but there are several interesting topics to discuss around this attack. Danchev explains the attack as an example of “Unrestricted Warfare“. This is a new concept to me, but not entirely foreign. If you read his blog, he has an excerpt from a book on the subject:
“To compensate for their weaker military forces, these actors will employ a multitude of means, both military and nonmilitary, to strike out during times of conflict. The first rule of unrestricted warfare is that there are no rules; no measure is forbidden. It involves multidimensional, asymmetric attacks on almost every aspect of the adversary’s social, economic, and political life. Unrestricted warfare employs surprise and deception and uses both civilian technology and military weapons to break the opponent’s will.”
AND…
“Unrestricted warfare is all about bypassing the most fortified engagement points, and achieving asymmetric dominance by excelling where there are no engagement points, in order for the attacker to enjoy the pioneer advantage.”
Hmm… perhaps it’s just the fear taking hold of me, but I’m beginning to want to recant my previous article on the “Red Scare” with Chinese made routers and buy into the idea that we’re being attacked. Consider this, not only does China attack us at will from an Internet perspective, with apparent lack of concern from their government at a minimum possibly even coordination from their government, but they also own so many investments in the US, it poses a real threat to our economy.
Additionally, my good friend Billy Rios mentioned the enormous amount of pro-China supporters at the Olympic rallies in San Francisco. I think that most people would side on the idea of “Free Tibet”, but the screams of “One China!” drowned out all. Am I concerned at the large number of Chinese-Americans in America… no, I’d say I’m not, but am I concerned at the apparently large number of pro-China-Americans? You’re damn right I am.
Danchev mentions on his blog the concept of a “People’s Information Warfare” campaign. He describes the concept as:
The entire concept is relying on the fact that the collective bandwidth of people voluntarily “donating” it, is far more efficient from a “malicious economies of scale” perspective, compared to for instance the botnet masters having to create the botnet by infecting users in one way or another. Moreover, empowering an average Internet user with diversified DoS capabilitiesis directly increasing the nation’s asymmetric warfare capabilities in an event of a hacktivism war.
Are we in danger of this type of attack? Well, Danchev goes on to list several examples of “People’s Information Warfare” campaigns that have been successful:
Other Examples of the “People’s Information Warfare Concept”:
-During the China/U.S hacktivism tensions in 2001 over the death of a Chinese pilot crashing into an AWACS, Chinese hacktivists released mail bombers with pre-defined U.S government and military emails to be attacked, thus taking advantage of the people’s information warfare concept
-The release of the Muhammad cartoons had its old-school hacktivism effect, namely mass defacements of Danish sitescourtesy of Muslim hacktivists to achieve a decent PSYOPS effect online and in real-life
-The Israel vs Palestine Cyberwars is a great example of how DIY web site defacement toolswere released from both sites which resulted in a web vulnerabilities audit of the entire web space they were interested in defacing to spread hacktivism propaganda
-Cyber jihadiststaking advantage of the “people’s information warfare” concept by syndicating a list of sites to be attacked from a central location, and promoting the use of a Arabic themed DoS tool against “infidel” supporting sites
-What exactly happened during Russia’s and Estonia’s hacktivism tensions? The voting pollthat is still available indicates that people believe it was botnet masters with radical nationalism modes of thinking. But judging from the publicly obtainable stats, ICMP often comes in the form of primitive DIY DoS tools compared to the more advanced attacks for instance. Collectivist societies do not need coordination because they know everyone else will do it one way or another.
What are we to do? I say the US begin to mount up for this type of an attack as well. At the risk of entering another Cold War, I for one would volunteer my many computers in the event of an attack.
Power to the People!
Hack the… er I mean, One Planet!
-Nate
Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.
