Cyber Arms Intelligence Report for 12/13/10

The biggest story this week is still Wikileaks. Okay let’s start with the latest DDoS targets. After a flood of DDoS attacks, a 16 year old kid was arrested by Dutch police. So, unbelievably the Dutch police come under attack:

Dennis Janus, a spokesman for the National Police Service confirmed that both the police website, and that of the National Prosector’s Office had been offline for much of the day, with many theorising that the likely reason is a distributed denial-of-service (DDoS) attack similar to that which was launched against Mastercard, PayPal and other firms.

What has been crazy is the DDoS and counter DDoS attacks seem to have no end in sight. One hacking group “Anonymous” is offering its DDoS tool (LOIC) and asking for volunteers to jump in and help. Apparently the 16 year old that was arrested may have been using LOIC and wouldn’t you know; LOIC attacks are not anonymous. They can be tracked back to the attacker.

It does make one wonder though if the government is involved with any of these attacks. Not sure, but one site does claim that the CIA is hosting one of the Wikileaks mirror sites as a honeypot.

We have even seen a casualty of mistaken identity in this DDoS war as a company that was not even involved at all gets taken down. EasyDNS was mistakenly reported by media outlets as the company that knocked Wikileaks offline. When in reality it was a company called EveryDNS. I wonder if the hackers, after recognizing the mistake apologized?

Well, Wikileaks hasn’t come out of this mess unscathed. According to an article on CNN, it looks like there is mutiny in the ranks. A group has broken off of Wikileaks and created a new whistleblower site called “” and will launch today:

“It has weakened the organization,” one of those founders, Daniel Domscheit-Berg says in a documentary airing Sunday night on Swedish television network SVT. He said WikiLeaks has become “too much focused on one person, and one person is always much weaker than an organization.”

But it looks like they are not the only group breaking up with the Wikileaks fiasco. It appears the members of the hacking group “Anonymous” are starting to turn on each other too. A Sydney based Anonymous  member had some colorful comment about fellow members:

He said that, rather than being full-blown hackers, the Anonymous members were “script kiddies” who only knew how to download the LOIC program and run it.”They’re very unprofessional, illogical and irrational and very much their actions are based upon emotions,” he said.

So apparently, LOIC is just a simple DDoS tool and many members have very little technical experience. They are just running the program. Thank goodness they aren’t using the much more efficient layer 7 DDoS attacks(OWASP PDF file).

In other news, even though Iran says they are A-OK after Stuxnet attack, computer security experts beg to differ:

Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.

Okay, they are still infected, what will it take to finally get rid of all traces of Stuxnet? German security expert Ralph Langner had this to say:

“Here is their problem. They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that. Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,“ he explained. “They will just continually re-infect themselves.”

“With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out. It even hides in the back-up systems. But they can’t do it,” he said.

Well, whoever was behind Stuxnet, it looks like they have done an amazing job of tying up and maybe even neutralizing the Iranian Nuclear plants. It also makes one wonder how prepared are other facilities to defend against threats like Stuxnet?

And lastly, a nasty new Botnet has been detected by ShadowServer. The Destination Darkness Outlaw System or “Darkness” is easy to purchase, easy to deploy, and is very effective and efficient in what it does. Darkness works against Windows 95- Windows 7 clients, runs as a Windows service and uses varying levels of bots to shut down target networks.

According to Shadowserver, 30 bots can overwhelm an average site, 300 bots a medium size site, 1000 bots a large site, 5000 a cluster even when using anti-ddos, and 15-20 thousand bots could theoretically bring down the Russian version of Facebook.

Other Top Security Stories from around the Web:

Cybersecurity Must Balance ‘Need to Know’ and ‘Need to Share’ – Robert J. Butler said sharing information within the military, with coalition partners and even with outside agencies will continue, but there will be more controls placed on the information.

NATO Works to Set Right Cyber Balance – “I could envision within the NATO alliance an operational command that focuses on cyber,” he said. “At the moment, that work is imbedded in several of the NATO agencies. But I think we are seeing this as an operational task, so I will be advocating putting more of this on the operational side.”

Army’s plan to modernize intell rides on the cloud – The Army’s efforts to enlist cloud computing to modernize its intelligence capabilities is in step with similar efforts across the military services.

NASA sold computers without properly scrubbing them, IG says – A NASA inspector general’s audit found that the agency had released to the public 10 computers that had not had their memories wiped. Nine of them might have contained highly sensitive data.

NIST Announces SHA-3 Hash Function Finalists – The SHA-3 finalists include Skein, developed by a group including Bruce Schneier and Jon Callas.


One thought on “Cyber Arms Intelligence Report for 12/13/10”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s