The news today is full of the unprecedented attack on DoD computer systems by a hybrid worm that’s infected thousands of defense computers. Sources like Defense Tech speculate that the infection entered the network through some type of external device, triggering the U.S. Strategic Command’s order banning use of detachable drives, floppies and DVDs. I can only wonder why it took an attack to ban such devices.
Cyber investigators have not pinpointed the entry point for the worm/virus, but insider sources point to removable storage devices as the most likely point of infection. This seems to be supported by the fact that U.S. Strategic Command has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately. This incident has been deemed so severe that unprecedented defensive measures have been instituted to protect the military systems.
Oddly enough, all Internet users are being warned to stay vigilant by security experts who believe that Monday, Nov. 24 is poised to be the worst day of the year for computer attacks.
I don’t know whether the November 24 warning is real or simply latrine rumor. I guess we’ll find out on Monday.
Clearly, if someone or something can successfully mount an attack on DoD computers, then how vulnerable are the rest of us? Consider another story from the recent past that didn’t receive much publicity:
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.
The 17-count indictment alleges that Ancheta wrote malicious computer code, spread that code to assemble armies of infected computers, and sold access to the infected computers for the purpose of launching distributed denial of service (DDOS) attacks and sending spam. Ancheta also allegedly used the botnets to generate income from the surreptitious installation of adware on the infected computers.
Ancheta created a network of 400,000 compromised computers across the Internet that he would rent out to hackers and ad companies:
The first conspiracy alleged in the indictment accuses Ancheta of modifying and disseminating the Trojan horse program “rxbot,” which allowed him to create botnets, each with thousands of Internet-connected computers reporting to an Internet Relay Chat (IRC) channel that Ancheta controlled. In a separate IRC channel, Ancheta advertised the sale of his botnets to those interested in launching DDOS attacks or distributing spam without detection.
After receiving payment from customers, according to the indictment, Ancheta would give customers control of enough botnets to accomplish their specified task. Ancheta would also provide an instructional manual that included the commands needed to instruct the botnets to launch DDOS attacks or send spam. The manual would also include the malicious code that would allow the botnets to spread or propagate. As part of his fee, Ancheta allegedly set up and tested the purchased botnet to ensure that the DDOS attacks or spamming could be successfully carried out.
The second conspiracy outlined in the indictment alleges that Ancheta caused adware to be downloaded onto the infected computers that were part of his bot net armies. To do this, Ancheta alleged directed the compromised computers to other computer servers he controlled where adware he had modified would surreptitiously install onto the infected computers.
Ancheta even managed to compromise computers at China Lake Naval Weapons Station and the Defense Information Systems Agency. He later copped a plea and got five years. It seems like a light sentence and it probably is. He could have gotten 50 years. I suspect that the government needed the information he possessed more than it needed a longer prison sentence.
But the current intrusion and Ancheta’s story illustrate the subterranean world of ‘dark’ networks and those who traffic through them. Generally called ‘Darknets’, these networks are constantly mutating and adapting to threats. The term was coined by several Microsoft engineers who described in a 1990s paper how illegal content moves through the Internet.
As described by Wretchard at the Belmont Club, such networks should be understood first and foremost as networks of people – often very evil people – who unite with one another in pursuit of similar depraved appetites or a nefarious objective – like compromising our computers for their own ends.
In a techno sort of way, it’s a metaphor for the visible and invisible world that surrounds all of us. What we see and what exists may well be two different things.
And it will be interesting to see what - if anything – happens on Monday.
No related posts.
Twitter
Facebook
RSS
LinkedIn