Blog

  • Massive Attack - Paradise Circus

    posted by Keito
    2013-09-22 15:23:31
  • Calling U.S. Drone Strikes 'Surgical' Is Orwellian Propaganda

    posted by Keito
    2012-09-29 17:05:05
    'A moment's reflection is enough to understand why intellectually honest people should shun the loaded metaphor.


    The Obama Administration deliberately uses the word "surgical" to describe its drone strikes. Official White House spokesman Jay Carney marshaled the medical metaphor here, saying that "a hallmark of our counterterrorism efforts has been our ability to be exceptionally precise, exceptionally surgical and exceptionally targeted." White House counterterrorism adviser John Brennan attributed "surgical precision" and "laser-like focus" to the drone program. He also spoke of "delivering targeted, surgical pressure to the groups that threaten us." And a "senior administration official" told The Washington Post that "there is still a very firm emphasis on being surgical and targeting only those who have a direct interest in attacking the United States."

    They've successfully transplanted the term into public discourse about drones.

    I've been told American drone strikes are "surgical" while attending Aspen Ideas Festival panels, interviewing delegates at the Democratic National Convention, and perusing reader emails after every time I write about the innocents killed and maimed in Pakistan, Yemen, and elsewhere.

    It is a triumph of propaganda.

    The inaccuracy of the claim fully occurred to me as I played back a recent interview I conducted with Peter W. Singer of the Brookings Institution. (His book Wired for War is a fascinating read.) "You used to measure a surgeon by how still could he hold his hand," Singer told me. "How precise could he make the cut? Well, robotic systems, it isn't a matter of shaking at minute levels. It doesn't shake. You are amazed by a surgeon doing a cut that is millimeters in precision. With robotics it is in nanometers." He was explaining why unmanned systems make sense in a variety of fields, not commenting on the Obama Administration's rhetoric in its ongoing, multi-country drone war.

    But that is how we think of surgeons, isn't it?

    They use a scalpel. Their cuts are precise down to the millimeter. Once in a great while there is a slip of the knife, a catastrophic mistake. In those cases, the surgeon is held accountable and the victim lavishly compensated. Oh, and there's one more thing about surgical procedures: While the person being cut into is occasionally victimized by a mistake, there is never a case where the scalpel is guided so imprecisely that it kills the dozen people standing around the operating table. For that reason, orderlies and family members don't cower in hospital halls terrified that a surgeon is going to arbitrarily kill them. And if he did, he'd be arrested for murder.

    So no, drone strikes aren't like surgery at all.

    "As much as the military has tried to make drone pilots feel as if they are sitting in a cockpit, they are still flying a plane from a screen with a narrow field of vision," Mark Mazzetti reports. "Then there is the fact that the movement shown on a drone pilot's video screen has over the years been seconds behind what the drone sees -- a delay caused by the time it takes to bounce a signal off a satellite in space. This problem, called 'latency,' has long bedeviled drone pilots, making it difficult to hit a moving target." That's one more way drones strikes are unlike surgery.

    Are they "surgical" compared to an H-bomb?

    Er, no, they're less destructive and more precise. To conjure a surgeon with a knife is to lead the listener astray. And it is a downright dishonest metaphor when invoked by an administration that could make their strikes more like surgery but doesn't. For example, the Obama Administration could make certain of the identity of the people it is "operating on." Instead it sometimes uses "signature strikes," wherein the CIA doesn't even know the identity of the people it is killing. It could also attempt autopsies, literal or figurative, when things go wrong. Instead, it presumes sans evidence that all military-aged males killed in drone strikes are "militants."

    Said George Orwell in 1946:

    In our time, political speech and writing are largely the defense of the indefensible. Things like the continuance of British rule in India, the Russian purges and deportations, the dropping of the atom bombs on Japan, can indeed be defended, but only by arguments which are too brutal for most people to face, and which do not square with the professed aims of the political parties. Thus political language has to consist largely of euphemism, question-begging and sheer cloudy vagueness. Defenseless villages are bombarded from the air, the inhabitants driven out into the countryside, the cattle machine-gunned, the huts set on fire with incendiary bullets: this is called pacification. Millions of peasants are robbed of their farms and sent trudging along the roads with no more than they can carry: this is called transfer of population or rectification of frontiers. People are imprisoned for years without trial, or shot in the back of the neck or sent to die of scurvy in Arctic lumber camps: this is called elimination of unreliable elements. Such phraseology is needed if one wants to name things without calling up mental pictures of them.

    The phrase "surgical drone strike" is handy for naming U.S. actions without calling up images of dead, limb-torn innocents with flesh scorched from the missile that destroyed the home where they slept or burned up the car in which they rode. The New America Foundation, which systematically undercounts these innocents, says there have been at least 152 and many as 192 killed since 2004. The Bureau of Investigative Journalism puts the civilian death figure at between 474 and 881 killed. Either way, would "surgical" strikes kill innocents on that scale in a region with just 2 percent of Pakistan's population? Using data that undercounts innocents killed, The New America Foundation reports that 85 percent of Pakistanis killed in drone strikes are "militants," while 15 percent are civilians or unknown. What do you think would happen to a surgeon that accidentally killed 15 in 100 patients? Would colleagues would call him "surgical" in his precision?

    Unlike the Democratic politicians and former Obama Administration officials I heard speak in Aspen, retired Brigadier General Craig Nixon didn't say that American drone strikes were surgical.

    He was asked to explain how a farmer was accidentally killed.

    And he used a different metaphor when recounting his field experience:

    A drone or another intelligence device is sorta like being at a football game sitting on the 50-yard line and looking through a soda straw. I mean you see what you see. But there's a lot of other context that you don't see.

    As technology improves, he said, it's a little better, like looking through multiple straws, but there's still a lot of missing context.

    It's a very different image than a "surgical drone strike," isn't it?
  • Major banks hit with biggest cyberattacks in history

    posted by Keito
    2012-09-29 16:57:00
    'There's a good chance your bank's website was attacked over the past week.

    Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.

    Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers.

    Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.

    "The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."

    To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users' ability to access the website, but he declined to go into more detail.

    Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites.

    To get hold of all the servers necessary to launch such huge attacks, the organizers needed to plan for months, Alperovitch said. The servers had to be compromised and linked together into a network called a "botnet."

    That level of pre-planning is a deviation from the kinds of denial of service attacks launched at banks in the past by so-called "hacktivists." Typically, hacktivists use home PCs infected with malware to amass their botnets. Attacks on this scale would be impossible to carry out with home PCs -- users too frequently turn them off or disconnect them from the Internet.

    The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil", but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.

    Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran.

    "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," he said. "I think this was done by Iran ... and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

    A call requesting comment from the Department of Homeland Security's cybersecurity office was not immediately returned.

    A cybersecurity firm following the attacks also expressed doubt about the connections between the Cyber Fighters and the bank attacks. On social networks and chat forums, the group urged its followers to use a mobile "low orbit ion cannon" -- a software tool typically used by Anonymous and other hacktivist groups to direct a massive flood of traffic at a targeted site.

    That tool was not used in the attack, according to Ronen Kenig, director of security products at network security firm Radware.

    "Supporters of this group didn't join in the attack at all, or they joined in but didn't use that tool," said Kenig. "The attack used a botnet instead." He doesn't think the Cyber Fighters would have access to a botnet as advanced as the one used by the attackers.

    But CrowdStrike's Alperovitch said he is "quite confident" the perpetrator was the Izz ad-Din al-Qassam Cyber Fighters, since they announced each attack well before it was carried out, and the attack wasn't that sophisticated -- it just took significant planning. PNC was the last target on the lists the Cyber Fighters have circulated, but more attacks could still be coming.

    Both researchers agree that the controversial anti-Muslim YouTube video was not the initial impetus for the attacks, as the Cyber Fighters claimed in messages recruiting volunteers to join in. Before the video was even released, the group claimed responsibility for similar attacks.

    "The video is simply an excuse," Alperovitch said. "It's a red herring."'


    http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
  • How to Launch a 65Gbps DDoS, and How to Stop One

    posted by Keito
    2012-09-18 18:52:43
    'Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker. In the process of writing it I mentioned that we'd seen a 65Gbps DDoS earlier on Saturday. I've received several questions since that all go something like: "65Gbps DDoS!? Who launches such an attack and how do you defend yourself against it?!" So I thought I'd give a bit more detail.

    ### What Constitutes a Big DDoS?

    A 65Gbps DDoS is a big attack, easily in the top 5% of the biggest attacks we see. The graph below shows the volume of the attack hitting our EU data centers (the green line represents inbound traffic). When an attack is 65Gbps that means every second 65 Gigabits of data is sent to our network. That's the equivalent data volume of watching 3,400 HD TV channels all at the same time. It's a ton of data. Most network connections are measured in 100Mbps, 1Gbps or 10Gbps so attacks like this would quickly saturate even a large Internet connection.

    At CloudFlare, an attack needs to get over about 5Gbps to set off alarms with our ops team. Even then, our automated network defenses usually stop attacks without the need of any manual intervention. When an attack gets up in the tens of Gigabits of data per second, our ops team starts monitoring the attack: applying filters and shifting traffic to ensure the attacked customer's site stays online and none of the rest of our network is affected.

    ### So You Want to Launch a DDoS

    So how does an attacker generate 65Gbps of traffic? It is highly unlikely that the attacker has a single machine with a big enough Internet connection to generate that much traffic on its own. One way to generate that much traffic is through a botnet. A botnet is a collection of PCs that have been compromised with a virus and can be controlled by what is known as a botnet herder.

    Botnet herders will often rent out access to their botnets, often billing in 15 minute increments (just like lawyers). Rental prices depend on the size of the botnets. Traditionally, email spammers purchased time on botnets in order to send their messages to appear to come from a large number of sources. As email spam has become less profitable with the rise of better spam filters, botnet herders have increasingly turned to renting out their networks of compromised machines to attackers wanting to launch a DDoS attack.

    To launch a 65Gbps attack, you'd need a botnet with at least 65,000 compromised machines each capable of sending 1Mbps of upstream data. Given that many of these compromised computers are in the developing world where connections are slower, and many of the machines that make up part of a botnet may not be online at any given time, the actual size of the botnet necessary to launch that attack would likely need to be at least 10x that size. While by no means unheard of, that's a large botnet and using all its resources to launch a DDoS risks ISPs detecting many of the compromised machines and taking them offline.

    ### Amplifying the Attacks

    Since renting a large botnet can be expensive and unwieldy, attackers typically look for additional ways to amplify the size of their attacks. The attack on Saturday used one such amplification technique called DNS reflection. To understand how these work, you need to understand a bit about how DNS works.

    When you first sign up for an Internet connection, your ISP will provide you with a recursive DNS server, also known as a DNS resolver. When you click on a link, your computer sends a lookup to your ISP's DNS resolver. The lookup is asking a question, like: what is the IP address of the server for cloudflare.com? If the DNS resolver you query knows the answer, because someone has already asked it recently and the answer is cached, it responds. If it doesn't, it passes the request on to the authoritative DNS for the domain.

    Typically, an ISP's DNS resolvers are setup to only answer requests from the ISP's clients. Unfortunately, there are a large number of misconfigured DNS resolvers that will accept queries from anyone on the Internet. These are known as "open resolvers" and they are a sort of latent landmine on the Internet just waiting to explode when misused.

    DNS queries are typically sent via the UDP protocol. UDP is a fire-and-forget protocol, meaning that there is no handshake to establish that where a packet says it is coming from actually is where it is coming from. This means, if you're an attacker, you can forge the header of a UDP packet to say it is coming from a particular IP you want to attack and send that forged packet to an open DNS resolver. The DNS resolver will reply back with a response to the forged IP address with an answer to whatever question was asked.

    To amplify an attack, the attacker asks a question that will result in a very large response. For example, the attacker may request all the DNS records for a particular zone. Or they may request the DNSSEC records which, typically, are extremely large. Since resolvers typically have relatively high bandwidth connections to the Internet, they have no problem pumping out tons of bytes. In other words, the attacker can send a relatively small UDP request and use open resolvers to fire back at an intended target with a crippling amount of traffic.

    ### Mitigating DNS Reflection Attacks

    One of the great ironies when we deal with these attacks is we'll often get an email from the owner of the network where an open resolver is running asking us to shut down the attack our network is launching against them. They're seeing a large number of UDP packets with one of our IPs as the source coming in to their network and assume we're the ones launching it. In fact, it is actually their network which is being used to launch a network against us. What's great is that we can safely respond and ask them to block all DNS requests originating from our network since our IPs should never originate a DNS request to a resolver. Not only does that solve their problem, but it means there's a smaller pool of open resolvers that can be used to target sites on CloudFlare's network.

    There have been a number of efforts to clean up open resolvers that are currently active. Unfortunately, it is slow going and the default installation of many DNS clients still has them open by default. While we actively reach out to the worst offenders to protect our network, to protect the Internet generally there will need to be a concerted effort to clean up open DNS resolvers.

    In terms of stopping these attacks, CloudFlare uses a number of techniques. It starts with our network architecture. We use Anycast which means the response from a resolver, while targeting one particular IP address, will hit whatever data center is closest. This inherently dilutes the impact of an attack, distributing its effects across all 23 of our data centers. Given the hundreds of gigs of capacity we have across our network, even a big attack rarely saturates a connection.

    At each of our facilities we take additional steps to protect ourselves. We know, for example, that we haven't sent any DNS inquiries out from our network. We can therefore safely filter the responses from DNS resolvers: dropping the response packets from the open resolvers at our routers or, in some cases, even upstream at one of our bandwidth providers. The result is that these types of attacks are relatively easily mitigated.

    What was fun to watch was that while the customer under attack was being targeted by 65Gbps of traffic, not a single packet from that attack made it to their network or affected their operations. In fact, CloudFlare stopped the entire attack without the customer even knowing there was a problem. From the network graph you can see after about 30 minutes the attacker gave up. We think that's pretty cool and, as we continue to expand our network, we'll get even more resilient to attacks like this one.

    http://blog.cloudflare.com/65gbps-ddos-no-problem
  • Computer virus hits second energy firm

    posted by Keito
    2012-09-02 16:33:08
    'Computer systems at energy firm RasGas have been taken offline by a computer virus only days after a similar attack on oil giant Aramco.

    The attacks come as security experts warn of efforts by malicious hackers to target the oil and energy industry.

    The attack forced the Qatar-based RasGas firm to shut down its website and email systems.

    RasGas, one of the world's largest producers of liquid petroleum gas, said production was not hit by the attack.

    The company said it spotted the "unknown virus" earlier this week and took desktop computers, email and web servers offline as it cleaned up.

    The report comes only days after Saudi Arabia's Aramco revealed it had completed a clean-up operation after a virus knocked out 30,000 of its computers. The cyber- assault on Aramco also only hit desktop computers rather than operational plant and machinery.

    Both attacks come in the wake of alerts issued by security firms about a virus called "Shamoon" or "Disstrack" that specifically targets companies in the oil and energy sectors.

    Unlike many other contemporary viruses Shamoon/Disstrack does not attempt to steal data but instead tries to delete it irrecoverably. The virus spreads around internal computer networks by exploiting shared hard drives.

    Neither RasGas nor Aramco has released details of which virus penetrated its networks.

    The vast majority of computer viruses are designed to help cyber-thieves steal credit card numbers, online bank account credentials and other valuable digital assets such as login names and passwords.

    However, an increasing number of viruses are customised to take aim at specific industries, nations or companies.

    The best known of these viruses is the Stuxnet worm which was written to disable equipment used in Iran's nuclear enrichment efforts.'

    http://www.bbc.co.uk/news/technology-19434920