We have met the enemy and he is us

By Deborah Radcliff, Computerworld |  Government

For the second time this year, script kiddies using old tactics are bolstering their egos in the name of their countries. While Israeli and Palestinian hackers continue to duke it out in cyberspace, a new war between Chinese and American crackers is now under way.

The score as of last Monday: China, 1,031; America, 750. That's the number of compromised Web sites each side claims to have defaced with its patriotic messages or forced off the Net altogether.

Everyone knows these strikes are fairly inconsequential instances of Web graffiti and minor denial-of-service attacks by a bunch of script kiddies. But this little hacker war could escalate into full-scale distributed denial-of-service (DDOS) attacks against bigger businesses with better security. And it could also draw U.S. law enforcement authorities into international investigations that they want nothing to do with.

Let's start with the downstream effect on U.S. businesses: On May 5, the National Infrastructure Protection Center (NIPC), a global reporting partnership between the U.S. Federal Bureau of Investigation and the private sector, posted a new warning of a sharp increase in scans against Port 80 (an always-open port for Web traffic), through which attackers are installing DDOS agents.

You remember those pesky little DDOS agents secretly planted in small businesses and colleges over the Net that were remotely commanded to attack Amazon.com Inc., Yahoo Inc., eBay Inc. and others last year? As they are now, the agents were installed in organizations with the worst or no information security.

While the NIPC wouldn't connect this to the Chinese/ American cracking, intelligence from the private sector reveals that these DDOS agents are being installed on machines the Chinese crackers claim to have compromised.

"We contacted the victims on the Chinese lists, and we've recovered a few tools placed on the victim machines DDOS tools and a Perl exploit used to break into Windows NT Web servers through Port 80," says Ryan Russell, an incident analyst at SecurityFocus.com, a security intelligence firm in San Mateo, Calif.

Because DDOS attacks are so difficult to prevent, even U.S. businesses with more security protection than most are now at risk of losing online business the way Amazon, ZDNet and others did last year.

Now for the problems facing law enforcement. No way does the FBI want to escalate this script kiddie war into an international cyberconflict, contends Winn Schwartau, a well-known writer and lecturer on information warfare. Which explains why neither the NIPC nor the presidentially directed Critical Infrastructure Assurance Office in Washington would comment on the Chinese/American hacks.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question