Massive Internet Attack Predicted for 8/26/04

This is not a prediction of mine. I found this today and was suprised because I belong to bugtraq, full disclosure and a few others I won't name. I have heard nothing about this -- has anyone else in the field?

URL
www.mosnews.com...

Article
Terrorists will paralyze the Internet on August 26, a Russian expert in antivirus programs said on Tuesday.

Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate.

First of all, the United States and Western Europe will suffer from the attack, Gostev was quoted by the agency as saying. The head of the labs, Yevgeny Kaspersky, reminded the audience that similar attacks had earlier paralyzed the Internet in South Korea. He added that it would be �impossible� to stop terrorist organizations if they �get down to business�.

The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. �I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time.�

I havent heard anything about the prediction but activity as of right now is pretty nominal. You can check it here to see the full exposure list. I don't have a login though so I couldnt give you more than the information on the front page.

Edit: That post seemed way too much like an advertisement.

[edit on 25-8-2004 by build319]

That site's ok but it relies on member organizations to upload attack data. It also requires a paid membership. Does it follow DOS attacks?

I like Internet Storm Center and Internet Health Report to gauge DOS attacks and other traffic issues that can be more symptomatic of an infrastructure attack.

FWIW, ISC picked up on the Russian prediction of e-jihad (their term) as well. Nowhere else in the news however. No govt warnings have been received.

Its basically using the current IDS's (Intrusion Detection System) that are inplace they just upload the info automatically and they can log pretty much anything depending on how tight they have them configured. I just like the info cause it uses alot of people to give an accurate account on whats happening around the world.

Build319, do you have to pay to join or is there a free level of service?

Nah, I was looking into it I'm trying to get a test account through my company but we'll see. I'll look for some other network threats that are out there. I will let you know. As far as my opinion goes though, I'm not too worried about an internet attack. I think I'm gonna post a new thread on that topic here shortly.

titian,
Just an update from Oz. It's 6:06 am and my connection is ok.
Thanks, i'll keep an eye on this. It could be a diversion.

Sanc'.

What terrorist are going to do overload the internet to cause disruption.?

And who they are going to target, they just can no go in a computer they need more than that.

The only change in activity my IDS services has reported is a slight increase in 'Sasser' and 'Dabber' scanning over the last 12 hours. As always, I'll keep an eye out for anything interesting.

'Internet Storm Center' has an amusing commentary on the subject.

Hi marg,
I think they would target financial servers.

Sanc'.

Well I looked around and snooped a little bit and I think your recommendation of checking out the Internet Storm Center is the best place. If you go to the links page you have a great resource of almost any Global Network Security information/trends/whatever through there.

sanctum,

Thanks, I though they were going to target the goverment comunications.

That ISC posting is rich.

If there was a massive attack due to be triggered on 8/26, wouldn't there be some preliminary activity pointing to it? How can you stage a DoS attack without first hacking and controlling a multitude of machines to do your bidding? As for financial servers, most of the biggies have to be set up as mission critical systems with automatic mirror machines, switches, and routers coming on line as the initial systems go down.

Sanctum, It could be a diversion or just something someone picked up in the many hacker chat rooms. Kapersky Labs is (I think) one of the many groups/companies out there who highlight network/hardware/software deficiencies in hopes of making a buck by getting work to find weaknesses in companies. Not all security firms are like that; but there are quite a few who are.

Marg, if you read the article I linked it stated that the who was not elaborated on. However, it does not take much to create a basic denial of service attack. I may face harsh disagreement but I feel that if a group wanted to take down the American backbone they could (if they had the resources), because the only invincible network is a disconnected network. We have redundancy built in sure; but all it takes is a few hundred or thousand PCs infected with a trojan just sitting and waiting for a command to do its job.

Here's an interesting article. This was easily located via google so I don't need to hear about how I'm arming the enemy with knowledge.

www.pisa.org.hk...

It's very easy to target the right servers via a trace. I won't discuss it here; but it's easy.

Originally posted by chaosrain
As for financial servers, most of the biggies have to be set up as mission critical systems with automatic mirror machines, switches, and routers coming on line as the initial systems go down.

Well thats a big part but you also cannot forget that these attacks can be shutdown before they even reach these servers. We can kill the type and port from the ISPs router which can handle the traffic. It just doesnt seem really viable to try and DDOS anything. The only way they could really kick us in the groin would be to break in and just start removing every bit of data they can. Even with they these companies have large SAN (Storage Area Networks) which would be able to pick up right where they left off. It would cause a blip but not a very big one in the long run. These internet security folks are pretty damn paranoid.

Originally posted by chaosrain
If there was a massive attack due to be triggered on 8/26, wouldn't there be some preliminary activity pointing to it? How can you stage a DoS attack without first hacking and controlling a multitude of machines to do your bidding?

Good point, but how long have we been hearing about trojans and how they can be used for DDOS attacks? How many don't we know about because they haven't activated? I've not said I believe it will happen tomorrow and I still don't think it will; but one has to acknowledge this is possible.

As I said earlier, I've seen no govt communications on this, nothing on the CERT site, one post on open disclosure, none on bugtraq, none from ex-colleagues (NOC at Intermedia, CTO at 2ndCentury, NOC at TimeWarner, manager of security consulting division at my ex-firm).

Just an FYI, not saying an attack is happening: I just heard that most of South Florida is down now. At first it was just the Naples area (a regional office for us). If I recall correctly, the backbone heads through Tampa, down through Ft Myers and turns around Naples to go east to Ft Lauderdale/Miami. I may be slightly off but that's what I remember from my Intermedia days.

[EDIT]: Clarified reason I mentioned South Fla being down. Can anyone confirm? Most likely related to a fiber cut related to Charley cleanup.

[edit on 8/25/2004 by titian]

[edit on 25-8-2004 by Sauron]

Further to the point, if you look at recent port traffic here: isc.sans.org... you'll see that the port used by Sasser is still quite heavily used.

What will people do without interent if it happens...
I dont want to go outside!!! I havent done that in years!!!
Maybe I can get done what I have been meaning to get done if it does happen.

Please read this: www.viruslist.com...