Twitter plays key role in DoS attacks in Iran
The unrest in Iran is serving as a warning on how easy it is for individuals and groups to use a social networking tool like Twitter to mobilize a cyber-army against a political or commercial target anywhere in the world.
Over the past few days, news media reports have described how Twitter is being used by ordinary Iranians to receive and broadcast real-time information on the political unrest in the country after recent elections.
But a still developing and less benign use of Twitter in Iran has been its application in denial-of-service attacks against key government officials, including those affiliated with President Mahmoud Ahmedinejad.
Initially, the tweets directed users to online locations with links that users could click on to participate in a DoS attack against a particular Iranian Web site, said Richard Stiennon, founder of IT-Harvest, a Birmingham, Mich.-based consultancy.
A Google Doc circulating on the Web, for instance, lists several URLs pointing to Iranian Web sites listed by categories such as "Governmental and HARDLINE NEWS," "Police, Ministry of Interior," "Central Bank," "Commerce Banks" and "Office of Ahmadijenad and Khameneie." When a user clicks on any of the links, it initiates a continuous stream of page refresh requests to the targeted Web site that will eventually overcome the site if enough people click on the link.
More recently, tweets have begun circulating that allows users to achieve the same result by simply clicking on the embedded URL in the message. As soon as a user hits the page, as many as 24 frames open up simultaneously and refresh continuously, causing a DoS attack against the 24 separate Web sites Stiennon said.
"Once you click on what you see in Twitter, you immediately become part of the cyber-army," in Iran, he said.
Another tool that is available via Twitter is called bandwidth raep (bwraep), which is also a sort of DoS attack. This attack works by bombarding a Web server with fake requests to serve up content-heavy images.
Tweets are also circulating that offer information on where to find malware capable of initiating so-called Ping and Syn flood attacks, which are designed to overwhelm servers with an incessant flood of useless requests, Stiennon said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
