On Botnets. Bot Networks (Botnets) are networks of computers that are enslaved by the botmasters, this is done my infecting the computers with malicious codes, such that they can be controlled remotely. Users of the machines that are part of the botnets doesn't necessarily know that their computers are infected. Botnets could consists of hundreds or thousands of computers which is more that enough to be utilized to disrupt a targeted internet service.
This brings us to the significance of botnets in this report. Botnets are one of the most dangerous weapon to cause a Distributed Denial-Of-Service (DDoS) attack. This attack causes unavailability of a particular network service that was targeted. The worst part is the first D, because of its distributed nature it is hard to determine where the primary attacker machine is. As a result, it will be harder to solve the problem causing lengthened disruption.
An example of a DDoS was describe in the report, which was the 2007 attack on the Estonia government computer systems. It quickly became a major interest to US, obvious by the sending of a team of experts to investigate the incident and help bring services back up (NATO also sent computer security experts). An interesting finding I'd like to point out is that the attack was not conducted by a group, but was a result of posting the malicious code on a online forum. I could imagine, who could resist trying to "hack" a government site? So, all the Curious George with access to the post, plus the ones with the political reasons, followed the instructions and tried out the code. Walla! A DDoS.
Good news to them, bad news to US. And Estonia, of course, but we'll leave them for now, last I checked their OK now, except for over-due maintenance [click 2]. Why does this "little" incident
interest US so much? The answer must be Cybercrime and Cyberterrorism.
On Cybercrime and Cyberterrorism. The Estonian DDoS is an example of a cybercrime where it is hard to pinpoint the culprit. Even though there have been arrests relating to the attack, I do not believe that next time around such attack would not happen. This goes down to vulnerabilities and policy. While creating policies will certainly help in exercising justice, a solution that could bring the most effect must be finding and fixing vulnerabilities. While politicians should be aware of the issues with the help of experts, computer system administrators must be more vigilant in securing systems.
Back to the issue of US, these cybercrime could easily be turned into cyberterrorism. At the moment, it could be said that US is the leader in computer system research and implementation. Many services crucial to the mass is dependant on computer systems. The concern is a DDoS attack on American computer infrastructures, especially if it has terrorism motives. Would it be possible to perform such an attack? What could be the most devastating effect? What should be done in case of a successful attempt? How to trace the "actual" attacker? These questions are the ones that I think should be answered after the report.
I am particularly interested in the different attack methods that are mentioned in the report, which are:
- Physical attack,
- Electronic attack, and
- Computer network attack.
In developing computer systems, we need to pay attention to these attacks. In my opinion, physical attacks could be limited by policies or security procedures, electronic attacks should be anticipated by back-ups (EMP is hard to anticipate though), and computer network attacks is where the battle becomes interesting. Although there are cautions about secure coding and safe practices in system administration, most of the time the "good guys" still has to play catch with the black hat hackers.
REFERENCES:
1. C. Wilson: Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress (Updated 29 January 2008).
2. Estonian state: Main Page [http://www.eesti.ee/eng/] (Last accessed 4 July 2010).
No comments:
Post a Comment