The cyber-attack that exposed the internet’s security issues

ddos-attack_the-crime-shop

Mafiaboy

I keep seeing headlines pop up that hint at a large scale cyber attack that is inevitable, warnings that cyber criminals are hiding in every nook and cranny on the web, the next DDoS attack will be bigger and better. Recently a hacker attacked the San Francisco Muni Transportation System, Russia’s Central Bank was just hacked for $31 million…

Usually Cyber Criminals have no face. We never know why or who it was that brought down a network, hijacked/spoofed an email address and stole money, or who might have held a network for hostage.

We almost always never figure out who was truly behind a large scale DDoS attacks, like the one a few months back that knocked out half the internet using IoT.

DDoS attacks, have been around for quite some time…but does anyone know who really brought them into the spotlight?

jk08 1009 mafia boy 067

Meet Michael Calce, aka: Mafiaboy, a high school student from West Island, Quebec

Back in February 2000, a 15-year old Canadian boy who went by the name Mafiaboy, liked playing around with botnets, and he happened to program his botnet to attack the highest traffic websites that he could find.

CNN, Yahoo, Amazon, eBay, Dell, Fifa.com and E*TRADE.

That move brought DDoS attacks into a worldwide spotlight.

He also launched a series of failed simultaneous attacks against 9 of the 13 root name servers.

The FBI and the Royal Canadian Mounted Police first noticed Mafiaboy when he bragged in IRC chatrooms that he was in fact, responsible for the attacks.

He became the ideal suspect when he claimed to have brought down Dell’s website, an attack that had not been publicized at that time.

If you look at Mafiaboy’s DDoS attack it pales in comparison to today’s versions, but it serves as a constant reminder that anyone including a 15 year old with an axe to grind and some knowledge about how to hack, can launch a cyber attack using a botnet.

Botnets are what makes DDoS attack’s so successful, they can make DDoS attacks the ultimate smoke screen.

They have been used to punish organizations like Spamhaus, hackers launched an attack on Spamhaus for adding Cyberbunker to it’s spam list. Spamhaus creates blacklists that help email providers such as Google block spam from known ip addresses, servers etc.

Paypal, Visa and Mastercard were also punished back in 2011 for failing to release donations to WikiLeaks.

iot-graphic-the-crime-shop

Government’s have been attacked, as well as attacked each other using DDoS and a botnet, online gaming sites have been attacked, hospitals, businesses, banks etc.

They even have companies that offer DDoS attacks on competitor sites for a pretty decent price.

What’s truly concerning however, is that while some of the DDoS attacks seem sort of inconvenient or funny, even deserving in some cases, they can also be used as a smokescreen to camouflage or draw attention away from other criminal activity, such as stealing data from the victim’s network.

DDoS attacks went from simply bogging down an entire network, to becoming the newest way to mask the real score taking or stealing things to an all new level.

internet-of-things-the-crime-shop

And while you are thinking of all of the bad things, sometimes the attacks have been used for the common good, by exposing truths about our governments.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop

Security – is the Internet of Things ready for the next big one?

internet-of-things-the-crime-shop

IoT

The big question this week is whether or not the world can secure its Internet of Things devices in time for the next attack, after last Friday’s attack, which left many in the tech industry reeling.

I know a lot of talk has gone around about who might have been responsible for it as well but that is truly the wrong question at this point because it is the least important right now.

ddos-crime-shop

The attack that disabled websites across much of the continental US and Europe last week was what is known as a DDoS attack.

DYN-crimeshop.jpg

Dyn, who happens to be a very a major provider of internet infrastructure, was swarmed by data requests from a network of hijacked devices. Normally it’s machines but, in this case it turned out to be connected devices.

It has been reported that last Friday’s attack appears to have been caused by hijacked DVRs and web-enabled cameras. As it turned out many of the DVR’s and web-enabled cameras contained circuit boards and software manufactured by the Chinese tech firm Hangzhou Xiongmai.

The firm is well known for selling completely insecure cameras and DVR’s, not to mention as we now know, many have been hacked and placed into botnets such as the Mirai botnet where they participate in DDoS attacks.

Many of the used devices are in fact infected by Mirai.

Hangzhou Xiongmia initially shot out that it was the fault of end users who failed to change passwords…Hangzhou Xiongmia did end up recalling something like 4.3 million circuit boards used in cameras.

mirai-botnet-crimeshop.jpg

Mirai botnet…

By the way, it is rumored that over half a million IoT devices are already infected Mirai IoT malware.

Mirai was built for 2 core purposes:

  1. Locate and compromise IoT devices to further grow the botnet.
  2. Launch DDoS attacks based on instructions received from a remote C&C.

What’s really interesting about Mirai was that it was hardcoded with an avoid list. That’s right, a list of IP’s it is to avoid infecting. The list includes the USPS, the Department of Defense, HP, GE, The Internet Assigned Numbers Authority…

That list is pretty intriguing to say the least. I can see some of the groups to avoid on the list but the USPS? No offense to the USPS, but why?

It’s left some speculating that the code’s author (s) were concerned with being exposed while others have speculated that list indicates the author (s) learned the art of coding from a Wiki page or from popular media which makes some think the author (s) are not pros.

Which is irrelevant at this stage because Mirai is doing it’s job quite nicely.

Mirai also comes equipped with an added bonus which leaves users who are trying to remove it pretty frustrated.

  1. Help Mirai maximize the attack potential of the botnet devices.
  2. Prevent similar removal attempts from other malware.

If you have had a chance to look at any of the code for Mirai you might have noticed that part of the code appears to be in Russian which leads many to believe that the author or some of the authors are in fact Russian hackers or hackers who are originally from Russia.

Still the question at the end of the day is pretty simple:

The real issue we face here is, with so many IoT devices that are already in homes and offices how can we secure them now?

People don’t normally think about securing a coffee maker when they buy it. The expectation is more or less that it is sold already secured, but what if it wasn’t?

The answer is, most don’t know and they don’t know how to begin testing for it.

I like ShieldsUP!

Before doing that I would make sure to Disable all remote (WAN) access to your devices. To verify that your device is not open to remote access.

Then you need to to scan the following ports: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).

https://www.grc.com/x/portprobe=22

https://www.grc.com/x/portprobe=23

You will want to look for a status of “Stealth” which means that your port is secure.

You will also need to test your router which is no easy task for most. You can read information on that at routersecurity.org.

To be honest however, for most average everyday consumers, this can be very overwhelming so moving forward we need to be thinking of answers that fall in line with how consumers think.

They don’t think like tech experts or tech laymen, they think like consumers.

Some are calling for the Government to regulate IoT security, which is a fine idea but in the meantime…

With so many devices already exposed or at risk.

Some thought to the idea or notion that a fix that is pushed out to devices might be in order.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop

Internet of things now helping cybercriminals 

IoT-Graphic-the crime shop.jpg

Is your networked device secure?

 

Cybercriminals just strolled past 2016 and took us right into the future.

So what is the internet of things?

internet-of-things-the-crime-shop

Small, networked devices, everyday objects that have network connectivity, allowing them to send and receive data.

They also happen to be wide open to intrusion which makes them so easy for cybercriminals to access, unleash malware on and lay in wait.

And we’ve been warned about this for quite some time.

We are used to seeing large scale DDoS attacks where one pc controls several pc’s worldwide, creating a botnet and releasing DDoS attacks.

ddos-grapic-the-crime-shop

They are very effective and very difficult to trace back to the original source no doubt.

Very recently however it was discovered that a rather large scale DDoS attack was utilizing well, the internet of things in an effort to attack a victim.

That victim as it turned out happened to be one of the world’s most respected and knowledgeable investigators of cybercrime.

ddos-attack_the-crime-shop

Brian Krebs, former Washington Post reporter turned cybercrime investigator recently encountered a DDoS attack unlike any other ever seen before.

Last Tuesday, his site was attacked using DDoS, what made the attack so unusual was that the size of the attack was so big that Akamia Technologies, a cloud based content delivery network, actually told Brian that they could no longer carry his blog because the attack was affecting many other customers.

Akamia for the record handles it’s been said something like 20%-30% of all internet traffic by the way.

The other reason that the attack was so unusual and this is important, is because it was later discovered that many of the devices that were used to attack Brian’s site and bring it down were coming from hijacked camera’s, networked TV’s, routers etc.

Not just PC’s like we’ve seen in the past.

Brian actually had to have Akamia redirect any tratffic for krebsonsecurity.com into the equivalent of a virtual black hole and that meant that his site vanished into thin air. Not to worry however because his site is back up and running.

This does however teach a powerful lesson in terms of giving more thought to the internet of things and how we manage security on devices that are networked outside of phones and PC’s.

So many devices are now networked these days…

So, when was the last time any of you checked to make sure that your networked TV, router, coffee maker, refrigerator, etc was secure and malware free?

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop

Someone is testing ways to take down the internet – Worldwide

internet is down today-crime-shop.jpg

The question is who?

Last month Bruce Schneier noticed that someone is testing way to bring down the entire internet.

Bruce Schneier is a very well known and trusted security expert, the CTO of IBM’s Resilient and a fellow at Harvard’s Berkman Center, learned that companies who are responsible for the basic infrastructure of the internet were experiencing large scale attacks that were designed to test for each company’s defenses.

Bruce said that based off of the size of the attacks and the fact that they were considered such large scale attacks that only a state who has a large cyber-warfare unit could be responsible.

That put China and Russia are at the top of some lists but the reality is that other states are far equal if not more advanced than China and Russia. Israel has reportedly been growing more and more powerful in terms of having cyber brawn,  Iran is up and growing as well…

The biggest issue is that it is not truly possible to really tell what everyone else is doing at this juncture let alone, who really does have the largest cyber force or cyber forces in the world.

DDoS-Attack_the crime shop.jpg

The attacks were large DDoS attacks, which are such large amounts of data that they bring servers down because they overwhelm the server.

They were noticed because they escalated and were described as coming in slowly mounting waves, which then forced the companies to “demonstrate their defense capabilities for the attacker.”

Basically, once the attacker saw the defense capabilities it could potentially then allow for the attacker to find ways around those defenses.

life-without-internet_the_crime_shop

The growing concern is that whoever is responsible for the attacks may be planning an attack that could bring down the entire internet, email servers, top domains, governments and the like.

internet-on-off-switch-crime-shop

But, the internet as a whole does not have an actual on and off switch so it is a debate as to whether or not someone could actually shut the entire thing down worldwide.

Bruce reported that based off of the data he saw, it suggested China as behind the attacks, but again that has yet to truly be determined.

Other states should be considered because it’s usually those that you least suspect. The guys you aren’t really noticing because they were able to fly right under the radar.

The one’s everyone thinks is out of the running game in terms of a cyber force.

More than likely, the attacks were a very clear message to the world that someone is building a very powerful cyber force and it’s one that we need to pay attention to.

The problem is, we don’t know who it is at this stage, much less why.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop