Page 2 of 7
Let’s take a scenario that could quite
easily occur in the near future:
Meet Team Blue. Team Blue is not a single,
testosterone filled 18-year-old trying to make
a name for himself in the hacker (more correctly,
cracker) community or trying to get the attention
of the FBI and hoping to be employed for $75,000
a year at the young age of 18. Team Blue doesn’t
brag on IRC
about what they can do or are trying to do,
with “oh yeah, watch this” stuff
that can be traced to an ISP, then to an IP,
and eventually to the MAC address of the NIC
in the PC used to write or distribute the virus.
Nor is Team Blue a group of hackers trying to
take down the “anti-christ
of the internet” known as Microsoft
(opinion at large, not just my own). Team Blue
is a group of three to five 27 to 35-year-old
programmers. The know C, Java, and the TCP/IP
stack. The know ActiveX, VB, VBScript, and JavaScript.
They know what RFCs
are and how to get information out of them.
They know what ports are usually open on all
firewalls (inbound and outbound) and even how
to get around a proxy server. We won’t
speculate about Team Blue’s motivations
anymore than we will about the motivations behind
September 11th, 2001. Team Blue is sworn to
secrecy and share a common goal. They are the
initiators of the new world of cyber-terrorism.
They are the reason the Department
of Homeland Security exists. Team Blue doesn’t
talk to anyone about their plans. They don’t
chat on IRC
or post questions to newsgroups. They don’t
subscribe to 2600
Magazine, though they probably buy it Barnes
and Noble. They don’t have internet
“handles”. They don’t email
code around, even with PGP.
They use public wi-fi hotspots to communicate
and leave, at worst, only a MAC address in any
logs. They use laptops and PCMCIA wi-fi network
cards so that their MAC address can change as
often as they want it to.
Team Blue has a written a nice virus; at least
nice in the sense of how well it is coded. They
are waiting on only one thing: the next Microsoft
software vulnerability to be published to
the internet. Their virus does many things:
1) It is written to take advantage of ALL
known Microsoft software exploits. It doesn’t
just use one or two. It uses ALL of them. Why?
Because new systems are often installed, but
not patched right away, if at all, leaving even
a "fresh system" vulnerable.
2) It does a DDoS attack to more than one site.
Its intent is not to take the Microsoft
site down, or Yahoo!,
or anyone else. Its intent is maximum infection
with no resolution. So, windowsupdate.microsoft.com
is DDoS’d by the virus. So is the Akamai
network since Microsoft
moved to them for a distributed network to get
around recent DDoS attacks. Also DDoS’d
are the websites, update sites, and software
download sites for Symantec/Norton,
McAfee,
AVG,
etc. To further ensure the spread of the virus,
a DDoS attack is done against the remaining
anti-spam sites, ruling out spam filters as
a cure to stop the spread. And, lastly, a DDoS
is done against the ISPs used by Microsoft,
Symantec/Norton, McAfee, AVG, etc.
3) It DDoS’s the routers controlling the
Class A, B, & C networks assigned to large
corporations and entities such as Microsoft,
IBM,
the FBI,
the Department
of Homeland Security, etc. Why? Because
these are the networks that will be used to
track the source of the virus and anything that
can be done to slow them down will give the
virus more time to spread.
<previous><next>
1
- 3
- 4
- 5
- 6
- 7
