Internet Anthropologist Think Tank: Two new hacker paradigms.

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, November 20, 2010

    Two new hacker paradigms.

    This blog set to diaplay 20 days of posts. Sorry Blogspot only shows 3 days, waiting for a Google fix, G




    Two new hacker paradigms.



    Both very interesting, and amazing.

    One is a thru the cracks hacker making good money.
    The other is a old method updated, with new serious potential.

    The first is the Koobface Gang.
    Appearing to be a minor theft threat,
    hiding the potential of a major crippling strike.
    Based in St. Petersburg, Russia.
    The people behind the Koobface gang are known.
    But there have been no arrests in Russia.
    Large infrastructure, 500,000 fraudulent Google
    blogger and Gmail accounts, and 20,000 Facebook accounts.

    Our estimates put their take around $20 mil a year, and
    we think thats accurate. 
    Not bad for victim-less crime.
    The director of KG lets call him Ivan.
    Ivan rules with an iron hand, and isn't adverse
    to murder or a few broken legs.

    His paradigm is to steal pennies, 
    its like going into your local bank
    and stealing a nickel from your account.

    Jeeze its hardly worth the effort to make
    a phone call, my time is worth more than
    a nickel. Hundreds of thousand accounts
    every hour.

    They make use of their botnets in some
    very interesting ways, click campaigns,
    where they make 1/10 of cent for each 
    click their botnets make on some advertising
    sites. Millions of clicks.

    The frighting this is they could be pulling
    down Billions from crime, but they might
    loose their heads then. Our paradigm 
    intel indicates they are paying bribes 
    in the millions now.

    But by only taking a nickel instead of 
    thousands of dollars, they avoid creating
    victims who would file complaints,
    and hoped to avoid investigations into
    their activities.

    Ivan has been unmasked, FBS knows
    who he is and won't like it they aren't 
    getting their share.

    The risk is "someone" leaning on him
    pressuring him for the Billion dollar
    take. He has the back doors to really
    hurt his victims, maybe even cripple
    the Canadian sector.
    SOURCED From:

    His restraint paradigm can't be relied
    on, he could turn Greedy any time.

    We have BSU's probing for weaknesses.

    xxxxxxxxxxxxxxxxx

    The Second Dangerous paradigm is 
    the new/old BGP hijack.
    You might have read about it,

    This exploit was know about 12 yrs ago.
    And described this to intelligence agencies and to the National Security Council, in detail.
    The TTL adjustment was new.

    Nearly 15 percent of the world's Internet traffic, including that of many U.S. government and military sites, was briefly redirected through computer servers in China in April, according to a congressional commission report due out this week.

    It is not clear whether the incident was deliberate, but the capability could enable severe malicious activities including the diversion of data and the interception of supposedly secure encrypted Internet traffic, the U.S.-China Economic and Security Review Commission states in a report to Congress.

    ...18-minute-long April 8 redirection, including those for the Senate, all four military services, the office of the secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration "and many others," as well as commercial websites including those of Dell, Yahoo, Microsoft and IBM.





    The important Military and Government data was encrypted to NSA standards.
    It was an 18 min snatch, Was it a test? was that 18 min period on April 8 significant ?
    Looks to approximate WWW traffic for a previous Cyber break in 2007.
    Stealing over 12 terabytes from State Dept, DOD, Dept of Commerce, Dept of Energy, NSA , Google and 34 other big Corps were also hacked. China was the suspect then also.

    Vice president of threat research at McAfee: Alperovitch: “This is one of the biggest — if not the biggest hijacks — we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows.”

    The telephone giants of the world work on a system based on trust, he explained. Machine-to-machine interfaces send out messages to the Internet informing other service providers that they are the fastest and most efficient way for data packets to travel. For 18 minutes April 8, China Telecom Corp. told many ISPs of the world that its routes were the best paths to send traffic. 

    An interesting point: China Telecom could manage to absorb this large amount of data and send it back out again without anyone noticing a disruption in service. In previous incidents, the data would have reached a dead end, and users would not have been able to connect.
    This points to a very resilient China system or somebody planed it.

    It could also mean 18 min of data was maximum amount of data they could absorb. 

    The TTL adjustment was new.
    The rest is old very OLD.

    BGP4 was always capable of directing traffic that is what it was designed to do.

    Path-prepending is a technique that's equally well known.
     
    This is no easy to attack this as you need to be trusted by your upstream ISPs. Since those ISPs have neither the interest nor the need
    to trust their customers to announce only their own BGP information many ISPs filter what customers can announce to them.

    Large ISPs are in a position to do it as they are trusted but have even less motivation in performing BGP hijacking. A successful BGP hijack by a large ISP would result in peers publicly mocking them and front page headlines that would not be good for business.
     
    Attracting a substantial amount of traffic and sending it out again is going to get noticed. Both on your bandwidth usage with the potential for a self inflicted fill the pipe ddos and by people watching traffic patterns/announcements in BGP.

    Here is one of the early bgp hijacks it was an accident but in 1997 this accident caused major outages and traffic to be redirected when as7007 hijacked a large portion of the internet.
    http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html

    A good collection of BGP security papers is available here:
    SOURCED HERE.
    XXXXXXXXXXXXXXXXXX


    It appears this is fixable,
    but the other element is was it intentional?
    And to what end?
    Going to China makes it problematic.
    The ability of China to absorb that volume
    of traffic speaks to their capability or
    to their intentional espionage.

    US and China need to work this out.
    Neither is going to attack the other.
    With the advent of Globalization and the amount of
    US Bonds China holds, a heavy cyber attack by China
    on USA would bleed them to death.
    One of the huge benefits to Globalization is
    the understanding you don't kill your best
    customers.
    Nor do you involve yourself in an attack
    that would significantly drop the value of your
    investment portfolio, US bonds.
    So China may have a huge cyber threat/
    weapon but its a big stick they can't use.
    Now espionage is a different animal.
    Its equivalent to listening in on 
    a spouses phone.
    On the other hand its quid pro quo,
    If US launched a crippling cyber attack
    on China it would be killing its biggest
    lender, and would cripple the US economy.

    USA and China are bed fellows,
    very nervous bed fellows, 
    but bed follows never the less.
    Wedded in Economic Globalization.
    Divorce for either resulting in economic
    disaster.

    Gerald
    Internet Anthropologist
    Tactical Internet Systems analyst.
    .BGP could bring down part of the WWW? Could this be used as Cyber weapon.
    other: CYBERWARS's Pearl Harbour.


    .

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home