Terrorism: February 11, 2000

Archives

Internet giant Yahoo was shut down for three hours on 7 Feb after a "coordinated outside attack" overloaded its servers. Millions of dummy traffic connections were hitting the site, apparently generated by automatic tools implanted in several different servers. At the height of the attack, requests were hitting the server at a rate of over a gigabyte per second. Security was never compromised, but some functions were shut down until the company could reboot the computers. This type of attack was the subject of a Dec 99 FBI warning, noting that the tools to trick servers into generating millions of phony messages had been found on several web sites. Yahoo had installed filters to detect this type of saturation bombardment, but they never envisioned the massive volume of traffic.--Stephen V Cole


February 10, 2000; Recent attacks on major internet sites reminds military commanders of the dark side of their increasing use of the net. The denial of service (DOS) attacks in early February were seen as vandalism, for none of the attacked sites were penetrated, they were merely overloaded, and shut down, by a flood of bogus "visitors." Yet for many military sites, DOS attacks can have serious implications. The military is becoming increasingly dependent, and increasingly efficient, by using the internet for communications. In the civilian world, this is also happening. In fact, B2B (Business to Business) net operations are larger than the more visible internet shopping by consumers. If there were another war like the 1991 Persian Gulf conflict, the enemy could cripple logistics and maintenance operations (crucial to air operations and getting the troops to the battlefield) by making heavy and repeated DOS attacks on military and defense web sites used to deal with supplying and moving the troops. 

But it gets worse. The February, 2000 DOS attacks were made possible by two different hacking tools. The more obvious one was the sending of millions of bogus requests to the target site. This is done using programs like Trinoo, which was created (by Russian hackers) and released on the net in the Fall of 1999. Since then, Trinoo (and similar programs) have resulted in over 300 DOS attacks a day. None of these were at major sites, where they would attract mass media attention. The big sites are designed to handle a large number of requests, so one computer using Trinoo to shut down another site would not work. This brings us to the second, and more ominous, aspect of the major attacks. Whoever launched these attacks did so by taking over dozens of other net computers. This is done by cracking into those machines and installing the DOS software, and a timer so that all the penetrated computers will begin the attack at the same time. 

How does one break into so many computers? It's not easy, but it's possible with the right tools, a little skill and the fact that a large percentage of the net computers (the "servers" that hold the web sites) are not properly maintained. This is the internet's biggest weakness, and vulnerability. The internet was designed to be flexible, so that it could survive a nuclear war, and with this flexibility came a lot of ways for a malicious user to get into other servers and do whatever they want. The engineers who work on the net software constantly look for these loopholes and plug them. But the people who take care of the servers, the sysadmins (system administrators) vary greatly in capability, competence and time available for their sysadmin duties. As a result, at any given time, many of the net servers are not equipped with the latest software. Hackers have long had tools (freely available on the net) to automatically search for vulnerable servers. Using these tools to invade servers has become an avid pastime among some teenagers. The "script kiddies" (who take the tools and follow the simple instructions for their use) are a nuisance. But some of these kids get older, more skilled, and more malicious. 

Some of these malicious hackers also acquire radical political ideas. This is a dangerous combination. While more common in Europe, politically motivated hackers exist wherever there is a large community of web users. As far back as the 1980s, the KAOS computer club in West Germany were hired by the KGB to carry out espionage for the Soviet Union. The KAOS members were caught and prosecuted. But the Russians, especially after the Soviet Union disintegrated, realized that they had a lot of computer savvy people, and many of them took to the internet enthusiastically. Same thing in the other Eastern European nations, as well as China and places like Iraq and Iran. When the internet became a major factor in the industrialized nations, and the U.S. military, potential enemies of the United States realized that they might have an equalizer in the form of internet warfare.
But to wage this kind of war, you need troops. Currently, there are about 50,000 "script kiddies" (of all ages) out there. Any nation with net users can turn many of their users into script kiddies without too much trouble. But these folks are not capable of doing serious damage. There are about a thousand really capable net engineers out there who can penetrate most vulnerable systems. Not many of these are malicious, and about ten percent of them work for outfits like the CIA and FBI. 

There are also some 5,000-10,000 experienced net users and administrators who could be drafted into offensive, or defensive, net efforts. There is a larger pool of over 100,000 net enthusiasts and people in the software business would could also be recruited and trained for net warfare. Most of these net savvy people are Americans, but thousands reside in nations that might some day be at war with the United States . And a few percent, the ones we have to worry about right now, have some real or imagined grudge that leads them to go to war on the net all by themselves. It is members of this group that probably launched the recent attacks. And they have done a public service by doing so. For internet users not have a little more incentive to beef up their defenses. But as with any war, no matter how strong your defenses, there are always vulnerabilities. 

Fortunately, unlike conventional warfare, the netwar troops get to practice their skills even when the bullets aren't flying. If you tried to get into Yahoo, Amazon.com or E-Trade recently and were unable to, you were caught in an infowar skirmish. But some time in the future, such attacks

 

Article Archive

Terrorism: Current 2007 2006 2005 2004 2003 2002 2001 2000 1999

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close