The cyber-attack that exposed the internet’s security issues
I keep seeing headlines pop up that hint at a large scale cyber attack that is inevitable, warnings that cyber criminals are hiding in every nook and cranny on the web, the next DDoS attack will be bigger and better. Recently a hacker attacked the San Francisco Muni Transportation System, Russia’s Central Bank was just hacked for $31 million…
Usually Cyber Criminals have no face. We never know why or who it was that brought down a network, hijacked/spoofed an email address and stole money, or who might have held a network for hostage.
We almost always never figure out who was truly behind a large scale DDoS attacks, like the one a few months back that knocked out half the internet using IoT.
DDoS attacks, have been around for quite some time…but does anyone know who really brought them into the spotlight?
Meet Michael Calce, aka: Mafiaboy, a high school student from West Island, Quebec
Back in February 2000, a 15-year old Canadian boy who went by the name Mafiaboy, liked playing around with botnets, and he happened to program his botnet to attack the highest traffic websites that he could find.
CNN, Yahoo, Amazon, eBay, Dell, Fifa.com and E*TRADE.
That move brought DDoS attacks into a worldwide spotlight.
He also launched a series of failed simultaneous attacks against 9 of the 13 root name servers.
The FBI and the Royal Canadian Mounted Police first noticed Mafiaboy when he bragged in IRC chatrooms that he was in fact, responsible for the attacks.
He became the ideal suspect when he claimed to have brought down Dell’s website, an attack that had not been publicized at that time.
If you look at Mafiaboy’s DDoS attack it pales in comparison to today’s versions, but it serves as a constant reminder that anyone including a 15 year old with an axe to grind and some knowledge about how to hack, can launch a cyber attack using a botnet.
Botnets are what makes DDoS attack’s so successful, they can make DDoS attacks the ultimate smoke screen.
They have been used to punish organizations like Spamhaus, hackers launched an attack on Spamhaus for adding Cyberbunker to it’s spam list. Spamhaus creates blacklists that help email providers such as Google block spam from known ip addresses, servers etc.
Paypal, Visa and Mastercard were also punished back in 2011 for failing to release donations to WikiLeaks.
Government’s have been attacked, as well as attacked each other using DDoS and a botnet, online gaming sites have been attacked, hospitals, businesses, banks etc.
They even have companies that offer DDoS attacks on competitor sites for a pretty decent price.
What’s truly concerning however, is that while some of the DDoS attacks seem sort of inconvenient or funny, even deserving in some cases, they can also be used as a smokescreen to camouflage or draw attention away from other criminal activity, such as stealing data from the victim’s network.
DDoS attacks went from simply bogging down an entire network, to becoming the newest way to mask the real score taking or stealing things to an all new level.
And while you are thinking of all of the bad things, sometimes the attacks have been used for the common good, by exposing truths about our governments.
Cristal M Clark