Information Warfare: The Badlands Of Legend Are Real

Archives

November 22, 2012: China and especially Russia are taking a lot of low key diplomatic heat over the continued existence of online markets for Internet mercenaries within their borders. These two countries will rarely prosecute whoever is providing hosting services (the actual PCs or “servers” that the stores and message boards run on) to hackers selling goods (programs for hacking) or services (botnets, hacking attacks, and so on). In return for this sanctuary, the hackers refrain from attacks within the host country and provide (usually for a fee) advice and services on Cyber War issues. The biggest problem with this is not espionage but the availability to crooks (and misbehaving people in general) of powerful, and inexpensive, hacking tools and services via these protected (by the Chinese and Russian governments) web sites. While both these countries still have plenty of problems with Internet based crime, they will vigorously prosecute those they catch doing it locally. China has executed cyber-criminals caught operating in China and Russia has a lot of very unpleasant prison camps for hackers who insist on operating against fellow Russians. But if you just go after foreigners, no problem.

One of the most disruptive tools cyber criminals used is DDOS (distributed denial of service) attacks. These are carried out by first using a computer virus (often delivered as an email attachment or, in this case, via a game) that installs a secret Trojan horse type program that allows someone else to take over that computer remotely and turn it into a "zombie" for spamming, stealing, monitoring, or DDOS attacks to shut down another site. There are millions of zombie PCs out there and these can be rented, either for spamming or launching DDOS attacks. Anyone with about $100,000 in cash, including North Korea, could carry out large scale attacks. You can equip a web site to resist, or even brush off, a DDOS attack. But most web sites are not prepared for this. Meanwhile the bad guys have access to a huge array of hacker tools and services on Chinese and Russian web sites. This malware is provided no-questions-asked. If you can pay you can play. The only restriction is that the providers will not knowingly help carry out mischief in the country they are based in.

Sometimes this freelance Cyber War gets out of hand. There was an example of this three years ago in southern China. There, Internet service over wide areas of the region was unavailable, or severely interrupted, for hours. China has a pretty robust Internet culture. But an angry (at a competitor who had DDOSed his servers) game provider named Bing (no relation to the Microsoft search service), spent $40,000 to hire lots of botnets to shut down their rivals and gain a bit of revenge.

Renting botnets for DDOS attacks means buying access to hundreds, or thousands, of home and business PCs that have had special software secretly (and illegally) installed. This allows whoever installed the software that turned these PCs into zombies to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, to send as many emails, or other electronic messages, as it can. When a lot of administrative messages are sent to a specified website, the site can be shut down. Using a lot of zombies (a botnet) for this, the flood of messages becomes a DDOS (Distributed Denial of Service) attack. This happens because so much junk is coming in from the botnet that no one else can use the web site. In effect, the site is unavailable to the outside world.

But Mr. Bing decided to use a slightly different tactic. He had his botnets DDOS the DNS servers that belonged to the DNSPod company, which provided Internet services for Bing's rivals. DNS (Domain Name Server) servers around the world are a key element of the net. These DNS servers contain the master list of registered domain names and their numerical addresses that all other DNS databases consult. Take enough of them down and people either cannot, or have to wait a long time, to reach anything on the Internet. And that's what happened here.

By the time Mr. Bing and his three partners turned off their DDOS assault, it was too late. The Internet community in southern China was in an uproar. Usually the police ignore people, or companies, DDOSing each other. It's a common event in China, especially between business rivals. But bringing down the entire net is not allowed. The Internet service companies were quick to use their technical expertise to track down who was behind it, and soon Bing and his three buddies were under arrest. China let it be known that there would be no sanctuary for anyone who aided any effort that caused widespread disruption to the Internet.

The Russian marketplace is older and more mature than the Chinese one (even though China has about five times as many Internet users as Russia). If you want some high-end dirty deeds done on the Internet, Russia is where to start shopping. If you’re looking for some basic mischief, at the lowest price, surf on over to China. In both countries there are also a growing number of tools available to attack smart phones, tablets, and the like.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close