Internet attack

[REDWAVE]

This is something which concerns all of us here, since by definition we are all internet users. The recent attack on the internet by a "worm," which greatly slowed traffic and even shut down some ATM systems, raises a number of questions. How vulnerable is the internet to cyberattack? The worm exploited certain known flaws in Microsoft software. Is Microsoft at least partly to blame, for peddling crappy software products with gaping security holes?

A few months ago, p p man raised the very interesting possibility of what could be termed "cybernetic warfare," or cyberwar for short. The basic idea is one nation could disrupt another's computer systems to such an extent as to render it helpless, and then easily move in and occupy it with very little bloodshed. Might the wars of the future be cyberwars? Would this be an improvement, since it could well involve very little actual fighting and hence very few casualties? (Remember that Star Trek episode where two planets fight a war on the computer only. The only catch was, if the computer declared you "dead," you were then expected to turn yourself in to be made dead in reality.)

What do you think?

 

[Byron In Exile]

I liked that episode.

 

[HeavyStick]

The attack you speak of could have been prevented if system administrators had installed the available patch.

 

[Byron In Exile]

The attack you speak of could have been prevented if system administrators had installed the available patch.

The hole has been there since July. But patches generally don't get installed until there's a problem.

 

[HeavyStick]

The hole has been there since July. But patches generally don't get installed until there's a problem.

I agree, the problem was with the sys admin's not doing their job.

 

[p_p_man]

The worm was a news item yesterday on UK TV...

With the emphasis on the disruption such an attack, which goes from mainframe to mainframe and not through the e-mail system, can have on a country's economy and infrastructure.

As RED says I did write a post about this a while back and my thinking hasn't changed. With the correct computer technology and expertise any country, no matter how small, can bring about the downfall of the highest and the mightiest.

The concept we have of war using weapons to kill and destroy is now out-dated.

All it needs is for one country to attack another using cyber space for the global pecking order to be completely turned upside down...

ppman

 

[Ham Murabi]

The answer is so simple I can't believe you didn't offer it yourself, Redrave.
Raise taxes.

 

[Byron In Exile]

I agree, the problem was with the sys admin's not doing their job.

Well, keeping up with Microsoft's security alerts is definitely a job.

 

[Byron In Exile]

Re: The worm was a news item yesterday on UK TV...

With the correct computer technology and expertise any country, no matter how small, can bring about the downfall of the highest and the mightiest.

The concept we have of war using weapons to kill and destroy is now out-dated.

All it needs is for one country to attack another using cyber space for the global pecking order to be completely turned upside down...

What's the worst that could happen? Every hard drive on every machine gets wiped out? Most data that's important is backed up offline, as is the software. The hardware isn't going to be damaged. So the effect will be disruptive, but temporary. It isn't going to reverse any global pecking order, so the return of the British Empire isn't going to happen.

Besides that, the worst isn't very realistic. Unless everyone converted to Microsoft, and Microsoft let loose with the mother of all security holes, and it was found, but nobody installed the patch for it, it isn't going to happen either.

As for the Internet, it's like the Energizer Bunny.

 

[p_p_man]

Re: Re: The worm was a news item yesterday on UK TV...

What's the worst that could happen?

Everything from toasters to traffic lights to stock markets to weapon systems could be affected. Back ups or not, patches or not, it still takes time to get a system back on line. And in that time with a whole country's infrastructure not operational who knows what could happen...

No water, no electricity, no gas, no communications, no food distribution and no Government. The breakdown would be complete.

The worm that affected ATMs over the weekend is only the smallest of examples of what could happen in reality if a country really wanted to destroy another...

ppman

 

[Guest]

i guess i was lucky....i had everything turned off that day

 

[p_p_man]

i guess i was lucky....i had everything turned off that day

ppman

 

[Byron In Exile]

Re: Re: Re: The worm was a news item yesterday on UK TV...

Everything from toasters to traffic lights to stock markets to weapon systems could be affected. Back ups or not, patches or not, it still takes time to get a system back on line. And in that time with a whole country's infrastructure not operational who knows what could happen...

No water, no electricity, no gas, no communications, no food distribution and no Government. The breakdown would be complete.

The worm that affected ATMs over the weekend is only the smallest of examples of what could happen in reality if a country really wanted to destroy another...

For the reasons I outlined in my last post, I don't believe this is a realistic scenario. Not all the systems you mention are connected to the Internet. And perhaps even more importantly, not all run Microsoft software.

The effects of such an attack, if it were possible, wouldn't be of sufficient duration to cause a complete breakdown of society. A few days or a week without computers isn't going to destroy civilization, although certainly it would be very disruptive. To be of use, it would have to be coupled with an actual military invasion, if the country were to actually be destroyed.

 

[Byron In Exile]

i guess i was lucky....i had everything turned off that day

Here's part of the alert from Microsoft on this one:

PSS Security Response Team Alert - New Worm: W32.Slammer
UPDATED: January 27, 2003

SEVERITY: CRITICAL

DATE: January 25, 2003

PRODUCTS AFFECTED: SQL Server 2000 RTM, SQL Server 2000 SP1, SQL Server 2000 SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL Desktop Engine Version (MSDE) 2000 SP1, Microsoft SQL Desktop Engine Version (MSDE) 2000 SP2, and all applications that install Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, SP1 or SP2.

The PSS Security Response Team is issuing this alert to inform customers about the W32.Slammer worm, which is currently spreading in the wild. You are not at risk unless you are running one of the above listed products, including any Microsoft products that include and install MSDE 2000. Customers are advised to review this information and take the appropriate action for their environments.

This alert is primarily focused at business customers.

IMPACT OF ATTACK:

Denial of Service

TECHNICAL DETAILS:

W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server systems and systems with Microsoft SQL Desktop Engine (MSDE) Version 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039. This bulletin was first available on July 24, 2002.

This worm is designed to propagate, but does not appear to contain any additional payload.

 

[Byron In Exile]

Originally posted by REDWAVE
Is Microsoft at least partly to blame, for peddling crappy software products with gaping security holes?

That's a difficult question.  Hm...  Let's see...

           

Sorry, I couldn't resist taking another whack at the Monolith

 

[p_p_man]

Re: Re: Re: Re: The worm was a news item yesterday on UK TV...

For the reasons I outlined in my last post, I don't believe this is a realistic scenario. Not all the systems you mention are connected to the Internet. And perhaps even more importantly, not all run Microsoft software.

The effects of such an attack, if it were possible, wouldn't be of sufficient duration to cause a complete breakdown of society. A few days or a week without computers isn't going to destroy civilization, although certainly it would be very disruptive. To be of use, it would have to be coupled with an actual military invasion, if the country were to actually be destroyed.

It's only as I see warfare developing...

Microsoft didn't really cross my mind as being part of the scenario. I don't know for sure but I don't think traffic lights or electricity supplies are run by Bill Gates' operating system.

Most things nowadays are connected by computer with one another whether it's the internet or a LAN...

It's just that if bright people can send out a worm or a virus or even break into defence computers, just by using a laptop from their bedrooms, think just how much more damage a concerted effort would cause backed up by millions (or even billions - the stakes are high enough) dollars...

ppman

 

[REDWAVE]

Cyberpirates

As more and more things become controlled by computers, the possibilities for cyberattacks of all sorts increase. Sophisticated criminal gangs, for instance, could program ATM's to suddenly start spewing out their cash, and have bagman stationed there to scoop it up and make off with it.

 

[RawHumor]

I believe that China created an Internet Army that would specialize in things like this.

 

[Lancecastor]

South Korea was completely offline, Internet-wise, for a day during the attack...cyberwarfare can take out a country's modern communications infrastructure, including financial networks.

Global terror organizations are known to use the Internet for communications and to transact their financial needs...including stock market transactions as evidenced by the short-selling of 9/11 related companies prior to that event.

On a global basis, Internet Protocol (IP) is increasingly becoming the lingua franca for new voice, data and other transmission mediums.

The United States has been positioning itself for the past number of years at ICANN.org, the Internet Corporation for Assigned Names and Numbers, to dominate the regulation of the Internet and asserts that USA authorities ought to "run" the global network by virtue of its roots in the US based ARPA Net.

The question, though nascent, is very real. Those who poo-poo the notion simply need to start reading more on the issue to get up to speed.

The turf is already in play and has been for several years.

Microsoft is at issue simply because of its market prevalence and low product security/quality assurance characteristics.

As far as the impact on Lit Users:

Lit runs SQL; as I've suggested before, there may have been a relationship between the firewall probes experienced by Lit users over the past several months and the indexing of business servers running SQL by the attackers.

As Freaky Girl noted at one point, the firewall probes stopped to her machine about a month or so ago. As others noted in running traceroutes, most of the points of origination were either obviously false bounced or came from Asian IP addresses. The attack is thought to have been launched from China by Chinese hackers, though this has not been verified at last check by the FBI.

At any rate, interesting stuff and not nearly as far-fetched as some would suggest, in my book.

Lance

 

[Byron In Exile]

South Korea was completely offline, Internet-wise, for a day during the attack

No wonder I got no spam that day!

 

[Byron In Exile]

Re: Re: Re: Re: Re: The worm was a news item yesterday on UK TV...

It's only as I see warfare developing...

But at some point you have to send in infantry, right?

Microsoft didn't really cross my mind as being part of the scenario. I don't know for sure but I don't think traffic lights or electricity supplies are run by Bill Gates' operating system.

I don't think traffic lights are connected to the Internet, either. As far as what is connected to the Internet, some systems run Windows, some run Unix, some run Mac OS, some run AIX, others run any of a long list of operating systems. Security holes open and close constantly. It would be like trying to hit 20 moving targets at the same time.

Most things nowadays are connected by computer with one another whether it's the internet or a LAN...

How do you attack a computer on a LAN that's not connected to the Internet?

It's just that if bright people can send out a worm or a virus or even break into defence computers, just by using a laptop from their bedrooms, think just how much more damage a concerted effort would cause backed up by millions (or even billions - the stakes are high enough) dollars...

Do you remember the denial-of-service attack on the root servers some months ago?

 

[p_p_man]

Re: Re: Re: Re: Re: Re: The worm was a news item yesterday on UK TV...

But at some point you have to send in infantry, right?

Or someone to take over the place...

Much of the technology needed to wage CyberWar probably hasn't been developed yet, I don't know, but so much disruption can be caused at present by a few dedicated hackers that I can quite clearly see a future where conventional weapons as we know them will no longer be needed.

Anything that emits a signal (LAN, Internet, Traffic Lights......can be accessed and therefore attacked.

ppman