TechMan: 'Cyberwar' advances seen as threat to Internet

Share with others:


Print Email Read Later

The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops."

So tweeted John Perry Barlow, one of the founders of the Electronic Frontier Foundation and cyberlibertarian activist, as attacks began on the websites of businesses that had spurned Wikileaks after it published cables of American diplomacy.

Websites of MasterCard and Visa, which had withdrawn services allowing donations to Wikileaks; the Swedish government, which charged Wikileaks founder Julian Assange with sex-related crimes; and a Swiss bank that froze Mr. Assange's account were among those attacked. None of the commercial sites was seriously prevented from conducting business. The attacks ended up being more like painting slogans on a wall than war.

But cyberwar actually has begun, and it has nothing to do with Wikileaks.

The Jerusalem Post reported recently that the Stuxnet computer virus may have caused the decommissioning of as many as 1,000 centrifuges at Iran's Natanz uranium enrichment facility. The virus caused the speed of the motors in the centrifuges to vary, creating vibrations that damaged the machines, the Post deduced from interviews with experts on the attack.

The Post cited speculation that Israel's military defense unit was behind the attack, possibly aided by the United States.

Taking out a tenth of the centrifuges at the Iranian facility is comparable to an air strike. Now that is war.

But even if the Wikileaks version of cyberwar was underwhelming, there are some lessons to be learned from it.

The attacks launched by a loose confederation of Web activists calling themselves Anonoymous aren't new or uncommon or even especially sophisticated.

The attacks on perceived enemies of Wikileaks and of Mr. Assange were of a type called Distributed Denial of Service attacks, in which computers controlled by the assailants flood a website with so many requests that the servers seize up under the onslaught.

Often DDoS attacks are launched by criminals using botnets, networks of compromised computers assembled by a worm. The owners of the computers in the botnet are unaware that their machines are being used to send spam or bring down a website.

But the implementation by Anonymous had an interesting twist not used by spammers or run-of-the-mill malware spreaders.

Riva Richmond, blogging for the New York Times, explained it this way:

The tool of choice is a new open-source software program named Low Orbit Ion Cannon, or L.O.I.C. Once a hacktivist downloads the tool, he can operate it manually or connect to "Hivemind," a control system that makes their computers part of a "voluntary botnet" that Anonymous commands.

L.O.I.C. in its various forms was downloaded more than 100,000 times during period of the Wikileaks attacks Some people believe that manual launches of the attacks were coordinated by Twitter messages such as "fire, fire, fire." That is presumably why Twitter canceled the account of Anonymous.

The new wrinkle is that users volunteer their computers to be part of the attacks, rather than having them taken over without their knowledge.

Craig Labovitz, posting on the site of the security firm Arbor Networks, said the attacks orchestrated by Anonymous were small and low-level.

"Despite the thousands of tweets, press articles and endless hype, most of the attacks ... were both relatively small and unsophisticated. In short, other than intense media scrutiny, the attacks were unremarkable," Mr. Labovitz wrote.

Although the attacks by Anonymous amounted to little more than cybervandalism, Mr. Labovitz warned that the trend of using DDoS attacks for protest is troubling.

"Overall, DDoS fueled by the growth of professional adversaries, massive botnets and increasingly sophisticated attack tools poses a real danger to the network and our increasing dependence on the Internet," he wrote. So 2011 may be a year that sees cyberwar between nations and protest attacks by citizens.

Security tip: If you are still using Microsoft's Internet Explorer 6, you should upgrade as soon as possible. IE6 is outdated and rife with security holes. To find out which version you are using, have IE running and click on the toolbar menu "Help" at the top. Then click on "about Internet Explorer," and a screen will pop up with your version number.

You should be running version 7 or higher. If not, go to microsoft.com and upgrade.


Read TechMan's blog at post-gazette.com/techman . Watch TechTalk at post-gazette.com/multimedia or listen to the audio version at post-gazette.com/podcast . Follow PGTechman on Twitter.


Advertisement
Advertisement
Advertisement

You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here