Tag Archives: Internet Relay Chat

Korean Banks

The Washington Post report that it seems the attack on South Korea’s Nonghyup agricultural bank back in April was the work of North Korea. The evidence?

South Korean investigators said they determined that 10 servers used in the bank incident were the same ones used in previous cyberattack operations against South Korea, including one in 2009 and another in March, that they blamed on the North. Investigators say they determined, for instance, that a “command and control” server used in the 2009 operation was registered to a North Korean government agency operating in China.

This is interesting. Command and control servers are compromised computers that are used by bad guys to “run” other computers—zombies—that actually do the grunt work. There’s definitely a common thread between the 2009 and 2011 DDOS attacks, and plenty of circumstan

Did Prolexic Fend Off Anonymous’s Sony Attacks?

Prolexic, a company that defends clients against Distributed Denial of Service (DDoS) attacks, says it has successfully combatted the “Largest Packet-Per-Second DDoS Attack Ever Documented in Asia”:

“Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second volume. Prolexic cautions that global organizations should consider the attack an early warning of the escalating magnitude of similar DDoS threats that are likely to become more prevalent in the next 6 to 8 months.”

Although it describes the customer only as “an Asian company in a high-risk e-commerce industry” it could well be connected to the recent attacks on Sony by Anonymous. A piece by Sebastian Moss – The Worst Is Yet To Come: Anonymous Talks To PlayStation LifeStyle — in April quoted an alleged member of Anonymous called Takai as reacting to unconfirmed reports that Sony had hired Prolexic to defend itself (Sony Enlists DDoS Defense Firm to Combat Hackers):

“It was expected. We knew sooner or later Sony would enlist outside help”. Pressed on whether Anonymous would take out Prolexic, Takai showed confidence in the ‘hacktavist’s’ upcoming retaliation, stating “well, if I had to put money on it … I’d say, Prolexic is going down like a two dollar wh*** in a Nevada chicken ranch  ”. He did admit that the company “is quite formidable” and congratulated “them for doing so well”, but again he warned “We do however have ways for dealing with the ‘Prolexic’ factor”.

The website also quoted Anonymous members expressing frustration at the new defences, but that they appeared to be confident they would eventually prevail. That doesn’t seem to have happened.

Prolexic’s press release says the attacks had been going on for months before the client approached the company. The size of the attack, the company said, was staggering:

According to Paul Sop, chief technology officer at Prolexic, the volume reached levels of approximately 25 million packets per second, a rate that can overwhelm the routers and DDoS mitigation appliances of an ISP or major carrier. In contrast, most high-end border routers can forward 70,000 packets per second in typical deployments. In addition, Prolexic’s security experts found 176,000 remotely controlled PCs, or bots, in the attacker’s botnet (robot network). This represents a significant threat as typically only 5,000-10,000 bots have been employed in the five previous attacks mitigated by Prolexic.

It does not say why it considers the attack over, now gives any timeline for the attack. But if it is Sony, it presumably means that Anonymous has withdrawn for now or is preoccupied with other things. Prolexic, however, is probably right when it warns this is a harbinger of things to come:

“Prolexic sees this massive attack in Asia with millions of packets per second as an early warning beacon of the increasing magnitude of DDoS attacks that may be on the horizon for Europe and North America in the next 6 to 8 months,” Sop said. “High risk clients, such as those extremely large companies in the gaming and gambling industries in Asia, are usually the first targets of these huge botnets just to see how successful they can be.”

Watching TV With The Community

image

Been watching the veep debates on Livestation, which has an interesting feature: a live chat connected to the program with some LiveStation folks guiding the discussion.

It works pretty well: It’s great to be able to watch TV with a bunch of other people, though I had one eye on that chat, and one eye on some Skype, Google Talk, twitter, Facebook and FriendFeed chat windows too.

This makes all sorts of sense, and I commend Livestation for doing this kind of thing. The IRC format is a bit old school; it would be nice to see something beyond the noisy chat format. Or, even better, being able to drag our other communities into the window to watch together.

But that’s down the road. This is a good way to share information—live and visual—and I think this is an exciting way forward.

Update: Livestation points out that the chat is directly connected to Al Jazeera via Russell Merryman, Head of New Media, who was feeding comments through to the studio to guide the post-debate discussion.

Female? In a Chatroom? Get Out While You Can

We probably didn’t need an academic study to tell us this, but the figures are still quite surprising: The University of Maryland’s A. James Clark School of Engineering has, in a study released today, found that chat room participants with female usernames received 25 times more threatening and/or sexually explicit private messages than those with male or ambiguous usernames:

Female usernames, on average, received 163 malicious private messages a day in the study, conducted by Michel Cukier, assistant professor in the Center for Risk and Reliability in the Clark School’s Department of Mechanical Engineering, and an affiliate of the university’s Institute for Systems Research, and sophomore computer engineering student Robert Meyer.

First off, I have several questions. What is a School of Engineering doing in a study like this? Isn’t this more of a sociology, or anthropology type research project? Secondly, what were a couple of fellas doing impersonating females in chatrooms? And, more importantly, what names did they use? Thirdly, 163 sounds a lot. How long were they online for?

The study, the press release says, “focused on internet relay chat or IRC chat rooms, which are among the most popular chat services but offer widely varying levels of user security. The researchers logged into various chatrooms under female, male and ambiguous usernames, counted the number of times they were contacted and tracked the contents of those messages. Their results will be published in the proceedings of the Institute of Electronics and Electrical Engineers International (IEEE) Conference on Dependable Systems and Networks (DSN ’06) in June.” Now I’m really curious. Ambiguous? Sean? Stacey? Bob?

Seriously, though, this kind of thing is pretty awful. But it’s not new. I did my own bit of sleuthing back in 1997 pretending to be a female in some chatroom or other and was approached by more men, or people claiming to be men, than a nun at a bishops’ convention. I can’t imagine it’s gotten any better. And, as the study points out, this kind of thing is by no means reserved for adults. Their advice: use ambiguous or gender-nonspecific names when you register, and be alert. If you need any good pseudonyms for this kind of thing, I’m collecting fake spam names here.

Social Acrobats

You’ve got social bookmark sharing, photo sharing, now you’ve got social Acrobat file sharing: Yummy! Personal PDF Library.

Yeah, I know it doesn’t sound like much, but it might have its uses. I just can’t think of any right now.

Oh, and it’s brought to you by the guys behind Print(fu), which will turn a PDF file into printed book.

The Phisher Commuter

My colleague Lee Gomes writes in WSJ.com in his  Portals column (a few days old, this, sorry; but it is free) about phishers, and what they’re really like, quoting a guy called Christopher Abad, a researcher for Cloudmark:

Mr. Abad himself is just 23 years old, but he has spent much of the past 10 years hanging out in IRC chat rooms, encountering all manner of hackers and other colorful characters. One thing that’s different about phishers, he says, is how little they like to gab.

“Real hackers will engage in conversation,” he says. “With phishers, it’s a job.”

Readers may remember my piece a year or so back (sorry I can’t find the URL for this, and it would be subscription anyway) based on interviews with several people from East European and former Soviet Union countries who worked in various stages of the phishing train, from trojan writers to mule hunters (folk who try to recruit foreignes to move money from stolen accounts to overseas havens).

I found something slightly different to Abad: For sure these guys think it’s just a job, but they also were quite keen to justify what they did, either saying it was the only work around, or else talking in terms of redistributing a little wealth. One guy in some obscure former Soviet bloc town said he trudged several miles each day to an Internet cafe, where he worked sometimes 20 hours a day trying to recruit mules on ICQ and IRC, before walking back to his apartment where his wife and baby waited. She thought he was a stockbroker, he said.

A good piece by Lee; too little light is shed on this submerged industry. But I wonder whether, as phishing gets more popular and focused, it hasn’t moved west?

Spyware? Not My Problem, Says Business

Maybe the problem of Internet security isn’t educating users to be more vigilant, it’s about persuading companies that there is a problem.

A survey (PDF file) released today by California-based Secure Computing Corporation found that that “only 25 percent of businesses recognized spyware as a major problem”. This despite studies that show spyware is a problem: A study by EarthLink, for example, showed that the average PC has 28 spyware programs, while a report by Dell found that spyware accounts for 12 percent of all PC desktop support calls. Today’s survey, meanwhile, reported that 70 percent of respondents saw spyware as either no problem or a minor problem.

The same with file-sharing: 90 percent of businesses saw file-sharing software as not a major problem, and a surprising 40 percent saw it as “no problem.” Same results with instant messaging and personal e-mail accounts 90 percent saw IM as no problem or a minor problem, and 80 percent felt personal e-mail accounts were no problem or a minor problem.

(I tend to see IM and personal email as not so much a security problem as a productivity one, and even then it depends what they’re doing on it. IM can be an excellent way to share information that benefits the user professionally, as can email. But there do need to be security safeguards in place.)

Anyways, it does seem pretty shocking that companies still don’t understand the dangers of spyware. Maybe when more targeted spyware brings a rival company to its knees through massive corporate data loss, espionage or draining its accounts they’ll take more notice.

Heart Embraces File Sharing

Have record companies suddenly changed their minds about file sharing?

A press release from file sharing software company RazorPop and record label Sovereign Artists yesterday trumpeted the release of Heart’s New CD “Jupiter’s Darling” over the TrustyFiles P2P file sharing network as the “first time a major artist has ever released music from a CD to file sharers”.

The release quotes RazorPop CEO Marc Freedman as saying: “When a legendary band like Heart embraces file sharing, you know it’s become mainstream. Don’t be misled by the entertainment terror campaigns designed to instill fear and stunt innovation. The real focus should be on the artists and making music. A wide majority of musicians support P2P file sharing. There’s been an explosion in its use by independent artists.”

So does it mean that big artists and major labels are just going to throw their music out to the unpaying, unwashed masses? Er, no. The press release says the “files are in Windows Media Player format and can be played on most major media player software and portable music player devices.” So far, so good. But while the files look like they’re in the WM format, they are actually what are called Weed files, which as the press release explains, “provide 5 free Heart songs for new users”. So what does that mean, exactly?

A press release from WeedFiles last month explains what actually happens. While Weed files can be freely shared, each user is given three free plays, and then invited to buy the file. If they do, they can then freely share that file with others, each of whom are given three more plays. If they then buy the song, the original buyer will get a 20% commission.

Actually, this is a good idea and it deserves a try. Not least, the original artist makes 50% from the sale of each song, which is a significant step up for most artists. And it turns out that other networks are also releasing the Heart material at the same time, according to p2pnet. It’s just a shame that the original press release is misleading.

 

Behind the Akamai DDoS Attack

A bit late (my apologies) but it’s interesting to look at the recent Distributed Denial of Service attack on Akamai, an Internet infrastructure provider.

The attack blocked nearly all access to Apple Computer, Google, Microsoft and Yahoo’s Web sites for two hours on Tuesday by bringing down Akamai’s domain name system, or DNS, servers. These servers translate domain names — www.microsoft.com — into numerical addresses. The attack was made possible by harnessing a bot net — thousands of compromised Internet-connected computers, or zombies, which are instructed to flood the DNS servers with data at the same time. This is called Distributed Denial of Service, of DDoS.

But there’s still something of a mystery here: How was the attacker able to make the DDoS attack so surgical, taking out just the  main Yahoo, Google, Microsoft and Apple sites? As CXOtoday points outAkamai is an obvious target, since “it has created the world’s largest and most widely used distributed computing platform, with more than 14,000 servers in 1,100 networks in 65 countries.”

Indeed, before Akamai admitted the nature and scale of the attack there was some skepticism that this could have been a DDoS: ComputerWorld quoted security expert Bruce Schneier as saying “My guess is that it’s some kind of an internal failure within Akamai, or maybe a targeted attack against them by someone with insider knowledge and access.”

The Ukrainian Computer Crime Research Center says it believes the attack was a demonstration of capabilities by a Russian hacker network. As evidence they point to an earlier posting by Dmitri Kramarenko, which describes a recent offer by a Russian hacker to “pull any website, say Microsoft” for not less than $80,000. The story appeared four days before the DDoS attack.