Information Warfare: January 30, 2003


Last Saturday, a little after midnight, someone, apparently the semi-official Chinese "Honkers Union", unleashed the Slammer worm. Similar to the 2001 Chinese Code Red worm, Slammer spread faster and did more damage. Like Code Red, Slammer took advantage of known flaws in Internet software (in this case, Microsoft's widely used SQL Sever.) A British Internet security firm discovered the software flaw six months ago and described how something like Slammer would work. A few months later, Honkers Union members published a more complete example of a worm, giving credit to the earlier work. Microsoft quickly created a patch for their SQL Server software. But, as is common, not everyone using SQL Server applied the patch (including some people at Microsoft itself). Taking apart the code Slammer installs indicates that this was probably a Honkers Union attack. Slammer was faster and generated much more network traffic than Code Red. Within an hour of being released, Slammer infected 50,000 servers, and eventually got 200,000 servers. But what made Slammer so damaging was the enormous amount of additional data it put onto the net, clogging communications and servers. Because Slammer was attacking the "back office" parts of the Internet, and not user PCs directly, the damage was greater. Many ISPs had to cut service until they could block the Slammer flood and patch SQL Servers. Fortunately, in the last two years, Internet managers and technicians have developed more effective procedures to respond to something like Slammer, and this limited the damage. However, our main ISP (Qwest) had Strategypage cut off from most of the world for nearly 24 hours because of Slammer. It was also revealed that some large financial organizations run Internet and non-Internet stuff through the same lines, which is why in some cases, ATM systems were shut down by Slammer. China has been encouraging local organizations like the Honkers Union to operate agressively. This may change as many foreign governments (especially South Korea, a major Chinese trading partner and worst hit victim of Slammer) complain to the Chinese about their semi-official Information War activities.

For more information on how all this works, in plain language, see my new book; "The Next War Zone.") Jim Dunnigan




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close