Internet Anthropologist Think Tank: Confliker defense paradigm flawed

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Monday, May 25, 2009

    Confliker defense paradigm flawed

    Confliker defense paradigm flawed.
    By Gerald: Internet Anthropologist Think Tank.
    05.25.09

    The anti-confliker team is loosing the Battle.
    They have been beat at every turn.

    There are 10 million zombies in this botnet.
    And the anti-confliker group knows they are
    out there and have not been able to penetrate
    the C2 structure.

    The best Internet security minds in the world
    FBI, Kaspersky, Symantec, Microsoft, 
    the Internet Corporation for Assigned 
    Names and Numbers (ICANN), and others,
    are unable to take confliker off line, or
    take control of the bot net.

    "The application layer has typically been 
    used as the attack vector, but we are 
    beginning to see the DNS resolution used 
    as the command and control," said Twomey
    of ICANN.
     
    The White Hats are not as good as the 
    Black hats.

    Our paradigm intel indicates conflicker
    is an inside job, the joint operation of 
    a well placed White hat working with 
    a genius Black hat.

    And Micro Soft is the enabler for
    conflicker bots.

    Micro Soft's profit paradigm denys 
    security updates to illegal copys of the 
    OS. 
    Micro Softs policy of denying security 
    updates to illegal copys of its OS allows 
    confliker to survive and live.

    ICANN's Twomey insisted the group's efforts 
    against Conficker proved that key internet 
    players, such as Top Level Domain registrants, 
    are capable of coordinating a response to 
    such threats.

    Yes, they have managed to coordinate a 
    response, they can work together,
    but they have been slow, and confliker
    has always been one step ahead of them.

    In an real emergency the anti-conflicker
    group would be sluggish and unresponsive
    in a real time basis.

    So far conflicker's motives has been remarkably
    non-violent. This provides a very lucky opportunity
    for the security community to work out a formal
    response method and group.

    So far their efforts have been on an ad hoc basis.

    The WWW is vurenable to a cyber Pearl Harbor
    attack that could turn the WWW off, for days or weeks,
    maybe much longer.

    I hope this ad hoc committee leads to a formalized
    group to protect the WWW.

    The committee had broke part of the confliker algorithm 
    and get a listing of a few thousand URLs it was going to 
    check for instructions, and block them.
    Then confliker changed its algorithm to check several
    hundred thousand URLs.

    And it found several 'go arounds' for the committee's 
    efforts to stop it.

    Now the bot net and other cyber criminals are joining
    forces to combat the committee and expanding 
    methods of its criminal enterprise.

    And the committee seems powerless to stop them.

    There are solutions, way outside the box.
    But the Internet Security Vendors continue to play
    second place to these Internet Black hats, with
    ineffective security programs and lack of a unified
    response to hacking, security problems and Internet
    safety.


    It wasn't the first time a botnet operator has attempted to compromise DNS servers to magnify its capacity to add to its army.

    At an ICANN conference held in Mexico in March this year, Rod Rasmussen, chief technology officer of phishing take-down firm Internet Identity, showed evidence of a recent nine-hour attack on CheckFree, an online bill payment provider to 22 US financial institutions, which resulted in a two-day shut down of affected online services and an estimated 10,000 infections over 48 hours.

    "Somebody came in and took over the CheckFree's domain name portfolio at their registrar. They changed the DNS servers for those domains and pointed [...] basically every host name that would resolve under their domain names to a malware server that was in the Ukraine. Anybody who tried to go to CheckFree.com or any of their other domain names were redirected, instead, to a malware server and were exposed to getting malware download on their computer," Rasmussen said.

    In a similar vein to the attack on CheckFree, hackers targeted MelbourneIT's New Zealand subsidiary, Domainz. The hackers, who appeared to be politically motivated, defaced Coca-Cola, Microsoft, Xerox and F-Secure's websites by injecting name server records for the domains in question by compromising Domainz' infrastructure. It didn't knock out critical national infrastructure, but it was able to take down several large companies' websites for a few days.

    Kaspersky says, "It's a major example of their internet weapon, because the bad guys can use a botnet this size, not just for commercial interests, but other interest also."

    Quotes: excerpted from SOURCE: 

    Its just a matter of time, and the committee needs to use

    this time to obtain funding, organize and formalize a response

    method, and fundamentally change its paradigm, before the 

    WWW is held ransom.


    Gerald

    Tactical InternetSystems analyst.



    Could the attack on FBI computers

    be related to conflicker?

    NSA not on confliker team:

    Internet Anthropologist Think Tank: NSA director: Securing U.S. ...

    .

    Labels:

    1 Comments:

    Anonymous Anonymous said...

    losing is spelled "losing", not loosing.

    11:26 PM  

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home