It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
NY Teens Shakedown MySpace.com...
page: 10
share:
Are these two in for a "world-of-hurt" or what? Many ATS'ers are aware of MySpace.com and it's services, well a couple of NY teens thought they's
serve themselves up $150K USD. I don't think so, maybe "not so much". You folks be the judge... at this
link.
Anyway this trend is growing exponentially... we had to contact the RCMP recently about a couple of Swede IP's that were throwin' all kindza code at our load-balancer... they didn't get in but stepped in a honeypot (greed kills) we have in a DMZ set up for such "cut and paste kiddies" and their "runs". No worries... just hafta keep on top the data...
What does worry me is what's gonna happen when someone really talented "takes a likin' to it and decides to blow us all up real soon".
A zero horizon event is not only possible but IMHO long overdue. Some teams of zombies have been documented at 34000 procs... even a "dash t" ping flood from that many machines could overun any but the very fattest of buffers... now imagine something "less-civil" and better orchestrated. You get the idea.
At some point a great many folks will have to restore from "image" and let's hope none of those boxes are doing anything important like train signals, or controlling ballast on ships, or enviro-controls at chem plants... Nope we're caught short. So much critical infrastructure is run by networked boxes it is ubiquitous. Can't get from A to B without it. I don't care how invasive the NSA is, cuz it won't matter a lick. The future has no warning system for a zero horizon event scenario. Sure US-CERT is good but the "number of fingers in the dyke" has outstripped the octopus' ability to cope.
The "notion" of secured networks is just that, a "notion" used to keep execs placated and with out worry while on the fairways doin' deals. In the trenches it is a trifle more tense, our whiz-kids down on the 3rd floor do an "Ace" job at keepin' fresh but the pace is so frenetic some of these kids look like 5-10 years older than they actually are. Sooner or later...
Is there a solution? Well, no and yes both seem appropriate sorta. No, for the time being we're pretty much networked "sitting ducks" for anything "crisp" in the way of attacks.
More optimisticly, yes in that the ability to securely compute and network is coming along but very slowly. That is, as each new com protocol comes along folks find the "holes" and "patch" them only after a vunerability is discovered.
This must change if we are to be secured. A new generation of hardware and software must develop to take us beyond the limitations of the current paradigm. Something robust and "locked-down" by default is called for.
An obsolete example of such systems (this one a software) are the various BSD's (Berkeley Standard Distros) that are "rock-crushers" but honest you need "a guy with the big tape-ball on his glasses" to open up the locked down aspects configuring "dot conf(s)" and the like.
Current efforts are encouraging but are at least another gen or two out in the future. Look for stuff like OS as firmware on chip and a more seamless blend of hardware and software.
The current MS worldview currently lacks "the vision thing" and has since just after '95 OSR2 IMHO. Apple? Hasn't been right since the II. Nuther' lame-tard control freak - GD genius, still. Not like WOZ tho'... such a shame, this is the guy we owe large, not Gates, not HP, not Jobby either, nope, the WOZ was and is the "one".
The "Russians" (figurative use only, substitute whomever) are coming and Billy-Boy better "get on the stick" and open the "gates" as chief architect cuz if the hackers and crackers don't get him then the open-sorcerer's will... not to mention the DOJ, EU, Symantec, other corp's and then we really all will be in a fine place; ready for the next wave of communication.
Thanx,
Victor K.
[edit on 25-5-2006 by V Kaminski]
Anyway this trend is growing exponentially... we had to contact the RCMP recently about a couple of Swede IP's that were throwin' all kindza code at our load-balancer... they didn't get in but stepped in a honeypot (greed kills) we have in a DMZ set up for such "cut and paste kiddies" and their "runs". No worries... just hafta keep on top the data...
What does worry me is what's gonna happen when someone really talented "takes a likin' to it and decides to blow us all up real soon".
A zero horizon event is not only possible but IMHO long overdue. Some teams of zombies have been documented at 34000 procs... even a "dash t" ping flood from that many machines could overun any but the very fattest of buffers... now imagine something "less-civil" and better orchestrated. You get the idea.
At some point a great many folks will have to restore from "image" and let's hope none of those boxes are doing anything important like train signals, or controlling ballast on ships, or enviro-controls at chem plants... Nope we're caught short. So much critical infrastructure is run by networked boxes it is ubiquitous. Can't get from A to B without it. I don't care how invasive the NSA is, cuz it won't matter a lick. The future has no warning system for a zero horizon event scenario. Sure US-CERT is good but the "number of fingers in the dyke" has outstripped the octopus' ability to cope.
The "notion" of secured networks is just that, a "notion" used to keep execs placated and with out worry while on the fairways doin' deals. In the trenches it is a trifle more tense, our whiz-kids down on the 3rd floor do an "Ace" job at keepin' fresh but the pace is so frenetic some of these kids look like 5-10 years older than they actually are. Sooner or later...
Is there a solution? Well, no and yes both seem appropriate sorta. No, for the time being we're pretty much networked "sitting ducks" for anything "crisp" in the way of attacks.
More optimisticly, yes in that the ability to securely compute and network is coming along but very slowly. That is, as each new com protocol comes along folks find the "holes" and "patch" them only after a vunerability is discovered.
This must change if we are to be secured. A new generation of hardware and software must develop to take us beyond the limitations of the current paradigm. Something robust and "locked-down" by default is called for.
An obsolete example of such systems (this one a software) are the various BSD's (Berkeley Standard Distros) that are "rock-crushers" but honest you need "a guy with the big tape-ball on his glasses" to open up the locked down aspects configuring "dot conf(s)" and the like.
Current efforts are encouraging but are at least another gen or two out in the future. Look for stuff like OS as firmware on chip and a more seamless blend of hardware and software.
The current MS worldview currently lacks "the vision thing" and has since just after '95 OSR2 IMHO. Apple? Hasn't been right since the II. Nuther' lame-tard control freak - GD genius, still. Not like WOZ tho'... such a shame, this is the guy we owe large, not Gates, not HP, not Jobby either, nope, the WOZ was and is the "one".
The "Russians" (figurative use only, substitute whomever) are coming and Billy-Boy better "get on the stick" and open the "gates" as chief architect cuz if the hackers and crackers don't get him then the open-sorcerer's will... not to mention the DOJ, EU, Symantec, other corp's and then we really all will be in a fine place; ready for the next wave of communication.
Thanx,
Victor K.
[edit on 25-5-2006 by V Kaminski]
Uhm... odd...
Youre saying just another site getting hacked or another kiddo getting stuck in your DMZ is a sign or terrible things to come? They happen all the time, always have and always will. As you pointed out, there really isn't a solution. Software and hardware will evolve. There will always be problems to be found. Until the day comes that all computers are programmed by other computers, human error will reign supreme. The only way to make the global network even remotely secure would be to centralize EVERYTHING. Obviously that would be a bad idea.
I do find it halarious that some kids tried to hold up MySpace. That site needs a very heavy trashing.
Youre saying just another site getting hacked or another kiddo getting stuck in your DMZ is a sign or terrible things to come? They happen all the time, always have and always will. As you pointed out, there really isn't a solution. Software and hardware will evolve. There will always be problems to be found. Until the day comes that all computers are programmed by other computers, human error will reign supreme. The only way to make the global network even remotely secure would be to centralize EVERYTHING. Obviously that would be a bad idea.
I do find it halarious that some kids tried to hold up MySpace. That site needs a very heavy trashing.
Interesting post. The link is about stealing personal data on MySpace then holding them hostage with that info. The link actually ends at a pay site
so really we don't know the details from that link. This link has a few
more details and mentions that the pair threatened to release "exploit code". Presumably this code would have crippled MySpace or somehow allowed
it to be exploited? What did they think their code would do?
You speak of a "zero horizon event" which I guess is some kind of exploit that crashes all servers? Forces people to restore from backups? How exactly?
If that happened, and let's say every computer melted, for example, people would just go back to pen and paper (and rifles) for a while but would shortly restore computers via some other software. IMO, viruses and code exploits will never stop the wave of personal computers.
Also, this sort of "hack and then extort" is the oldest trick in the book. Obviously if you can hack anyone powerful (and who has a brand name or reputation of security) you can squeeze them. Not much new there, and I am sure it happens all the time considering that which passes for "security" these days.
[edit on 25-5-2006 by smallpeeps]
You speak of a "zero horizon event" which I guess is some kind of exploit that crashes all servers? Forces people to restore from backups? How exactly?
If that happened, and let's say every computer melted, for example, people would just go back to pen and paper (and rifles) for a while but would shortly restore computers via some other software. IMO, viruses and code exploits will never stop the wave of personal computers.
Also, this sort of "hack and then extort" is the oldest trick in the book. Obviously if you can hack anyone powerful (and who has a brand name or reputation of security) you can squeeze them. Not much new there, and I am sure it happens all the time considering that which passes for "security" these days.
[edit on 25-5-2006 by smallpeeps]
I apologize if I've left anyone with the impression that two idiot doorknobs stepping in a honeypot is "the end of times". That was not my
intention rather I wished to express this as an indicator of the increasing frequency with which these events seem to be occurring, I read our reports
regularly. Uh, attempts are up, way up... and seem to be almost exponential in delta-freq. 1996 we had 2, '97 we had 12, '98 we had 30 or so, last
year 2005 nearly 2 per day, mostly port probes but you get the idea...
We usually ignore most of this impediment to commerce but several times we've pursued the issue and found successful resolutions... mostly our ISP's security guys just call the originating ISP and take care of the problem. Once the originating ISP did not respond within their stated 48 hour time claim... a follow up email from Bell Security and myself with the title "Police Involved" (RCMP) got the Swede's attention... the source IP's no longer "knock on our door".
A "zero horizon event" is a common colloquialism in network circles (sorry I should have explained more thoroughly) for an event that has zero warning and mass distribution capabilities - sort of an attack that you don't have any advanced indication of... Events of this nature are inevitable... all it will take is a relatively smart person(s) with a motive and some off-the-shelf resources... all the tools of the trade are readily available. How bad could such an event be? Anything from minimal impact to something potentially grave indeed. The PC network is ubiquitous.
I agree that the PC platform will survive all (it may need to be improved); there's plenty of stand-alone installs all over... but the great majority are TCP/IP enabled and connected so that means the potential for widespread damage can not be excluded.
Thanx for replying to this thread as it may increase awareness in other folks,
Victor K.
[edit on 26-5-2006 by V Kaminski]
We usually ignore most of this impediment to commerce but several times we've pursued the issue and found successful resolutions... mostly our ISP's security guys just call the originating ISP and take care of the problem. Once the originating ISP did not respond within their stated 48 hour time claim... a follow up email from Bell Security and myself with the title "Police Involved" (RCMP) got the Swede's attention... the source IP's no longer "knock on our door".
A "zero horizon event" is a common colloquialism in network circles (sorry I should have explained more thoroughly) for an event that has zero warning and mass distribution capabilities - sort of an attack that you don't have any advanced indication of... Events of this nature are inevitable... all it will take is a relatively smart person(s) with a motive and some off-the-shelf resources... all the tools of the trade are readily available. How bad could such an event be? Anything from minimal impact to something potentially grave indeed. The PC network is ubiquitous.
I agree that the PC platform will survive all (it may need to be improved); there's plenty of stand-alone installs all over... but the great majority are TCP/IP enabled and connected so that means the potential for widespread damage can not be excluded.
Thanx for replying to this thread as it may increase awareness in other folks,
Victor K.
[edit on 26-5-2006 by V Kaminski]
I think the reason for the escalation is just kids are getting older. I remember when I was 13 or 14, OOB (WinNuke) was all the rage.
My apache server gets slammed daily with IIS exploit requests. It's just because I'm on a DSL network that is constantly scanned by people looking for vulnerable Windows machines.
"Hacking" is no longer confined to the land of geekdom. It's cool now. All the kids are doing it, or think they are atleast.
My apache server gets slammed daily with IIS exploit requests. It's just because I'm on a DSL network that is constantly scanned by people looking for vulnerable Windows machines.
"Hacking" is no longer confined to the land of geekdom. It's cool now. All the kids are doing it, or think they are atleast.
new topics
-
Ditching physical money
History: 1 hours ago -
One Flame Throwing Robot Dog for Christmas Please!
Weaponry: 1 hours ago -
Don't take advantage of people just because it seems easy it will backfire
Rant: 1 hours ago -
VirginOfGrand says hello
Introductions: 2 hours ago -
Should Biden Replace Harris With AOC On the 2024 Democrat Ticket?
2024 Elections: 3 hours ago -
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 5 hours ago -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 6 hours ago -
God lived as a Devil Dog.
Short Stories: 7 hours ago -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 8 hours ago -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 9 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 11 hours ago, 18 flags -
Who guards the guards
US Political Madness: 14 hours ago, 13 flags -
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 5 hours ago, 10 flags -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 8 hours ago, 8 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 9 hours ago, 7 flags -
Should Biden Replace Harris With AOC On the 2024 Democrat Ticket?
2024 Elections: 3 hours ago, 4 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 16 hours ago, 3 flags -
One Flame Throwing Robot Dog for Christmas Please!
Weaponry: 1 hours ago, 2 flags -
Don't take advantage of people just because it seems easy it will backfire
Rant: 1 hours ago, 2 flags -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 6 hours ago, 2 flags
0