ATS DDS attack from China. Why?

a reply to: ladyinwaiting

There is no " Point of Origin"

The attackers are using a sophisticated network of botnets, server take overs and other DDOS type programs like LOIC for example to flood certain ports with the traffic.

It bounces all over the world until it reaches it's final destination. Trying to find the actual source is like trying to find a million needles in a trillion stacks of hay if you understand what I mean.

~Tenth

a reply to: tothetenthpower
Thanks for that! I've been shopping around for an answer to that question all morning.

a reply to: ladyinwaiting

Could be a problem. With a wide spread botnet you'd be busy a while. And I don't know, wasn't it an American virus, from the government that invaded the Iranian research plants?
So it's nothing new. Just looks like a lot, there could be more than one nation working together with hackers. They're a high target group for headhunters and maybe someone was hiding this project behind something else? Just saying Russia or China is too easy. Could be Sony, in collaboration with others. America seems in a bit of an unrest lately? The cold fingers of a revolution, the first cyber revolution?

Last week Xbox Live (Xbox 360/Xbox One) and PSN (PS3/PS4) where both taken down for a few hours, I forget the website but they said the bulk of the traffic was coming from China.

I have no idea why China would want to take down a gaming service, it could possibly be compromised servers in China being controlled from elswhere.

The botnet used in this attack was rather expansive..

It can be incredibly difficult to tell actual points of origin. What we can see on sites like ipviking are more origins of attack and honeypots than where the true perpetrators are located. It's a very important distinction.

The attack was one of the largest I have seen, if not the largest. Being able to sustain it so long is another concern.

Personally, I suspect that all of these recent attacks are just tests of all the tools before work begins. Without an actual plan for an endgame though, the only ones who will benefit are mil/gov. So, it is either a misled action by hacktivists, or the beginning of a new type of conflict between nations. I'm not sure which is "better" as both are concerning possibilities.

Edit : just saw tenths thread, he is on the ball. The resources required for an attack like this are pretty extensive. It might be a new exploit, or it might have simply been highly organized with a great number of participants (willing or not).

This isn't magic. The source network of packets can be found. The world just doesn't care.

originally posted by: roadgravel
This isn't magic. The source network of packets can be found. The world just doesn't care.

It's not that easy.

If it were ,they would have shut it down already. A week long DDOS attack targeting US infrastructure would not last that long, if they had the capabilities to stop it outright.

There's politics at play here as well methinks.

~Tenth

They have to be routed. Someone knows they are crossing their routers. Some places don't care since it isn't their problem.

edit:

The US does not have control of the whole internet infrastructure in the world.

a reply to: ladyinwaiting
I had to be out a while so apologies for the late reply. Meanwhile I see other members have already covered the important points and I suspect most of them know way more than I do on this subject anyway.

You mentioned SWAT teams or Special Ops groups. While the traditional ones we know of would not be very effective here, their cyber equivalents might be. I am sure the various Powers That Be have already put some thought into what kinds of "special weapons and tactics" they'd need to employ to counter cyber attacks. Because these attacks can have very serious real-time, real-world effects.

Just consider the knock-on effects if virtually all banking & credit card services were taken down for a few weeks. It might sound far-fetched to some but it's not implausible and if it were to happen we'd be in a world of hurt. "Social unrest" would be a mild way to describe the likely outcome.

If China targeted ATS specifically then it would have been for the whole thing, not for one thread.


a reply to: maluminse

I don't tink CT sites are a direct target but I don't think this is over either.

originally posted by: Hefficide
a reply to: maluminse

It wasn't just ATS. It was a ton of sites - too many to list and many of them randomly changing from target to non-target. I don't know what Tweets you're referring to, but the traffic maps indicated a lot of Chinese and domestic American activity.

PS: DDS is a dentist, DDoS is an attack.

guess they focused ATS after your little thread

Ok let me explain it as easy as possible for the others, websites are hosted on servers, a lot of websites might be even hosted on servers in the same datacenter.
So if people attack the whole datacenter or an acces point, they can even take down sites that they did not actually plan to attack.
What might have happened is just that, colleteral damage done.... but maybe it was not just a coincidence, you never know

The internet isn't just websites. It's literal servers and server farms of information connecting these servers to each other, then to the end-user (you).

When someone finds out that sony buy's server space from "X" company and they want to hack it, they attack the company hosting the servers. Once these servers go down, other people that pay for storage space on servers (websites) experience their pages going 'offline' as well.

a reply to: aLLeKs

lol, beat me to the punch, well put good sir.

a reply to: ttropia

Pfsense is the way to go, but even blacklisting IP ranges, you're still vulnerable. My point was to keep a dummy computer outward facing, and keep the internal network defended against enemies.

DDoS is for skids. I would imagine if there were any large scale DDoS attacks underway it would be a fuzz for more penetrating attempts on critical information storage. Knocking websites off line is easy if you have the botnet... governments like the US, UK, Russia, and China certainly have these capabilities. For example, GCHQ DDoS'd AnonOps servers. A group called JTRIG (Joint Threat Research Intelligence Group) took down the IRC while implanting malware that would backtrace registered users in an attempt to identify them.

In terms of cyber attacks, Denial of Service comes in many forms and are pretty basic. If you understand even basic Python usages, you would be able to achieve a pretty powerful DNS amplification/reflection attack in about 5 minutes of terminal time.

Scenarios? Is it possible that there is an international packet storm happening? Sure. Is it likely? IMO, i doubt that. What does seem more possible is: A) US stress testing the grid... meaning sending packets at different parts of the internet to learn what happens and how people, businesses, web sight owners/admins, and government responds. B) A group of skids sending packets for the lulz... C) North Korea has a stick up their butts about some crappy movie, and decided to enlist some blackhats to jack the web around. D) Testing the abilities of services like Cloudflare.

A real cyber war scenario would probably look more like a firestorm. You would see critical infrastructure targets going down left and right. DOT, LE, and critical government agencies would be at the top of that list... not seemingly random internet web sights over different backbones across the net.