Language Selection

English French German Italian Portuguese Spanish

An Army of Soulless 1's and 0's

Filed under

For thousands of Internet users, the offer seemed all too alluring: revealing pictures of Jennifer Lopez, available at a mere click of the mouse. But the pictures never appeared. The offer was a ruse, and the click downloaded software code that turned the user's computer into a launching pad for Internet warfare.

On the instructions of a remote master, the software could deploy an army of commandeered computers - known as zombies - that simultaneously bombarded a target Web site with so many requests for pages that it would be impossible for others to gain access to the site.

And all for the sake of selling a few more sports jerseys.

The facts of the case, as given by law enforcement officials, may seem trivial: a small-time Internet merchant enlisting a fellow teenager, in exchange for some sneakers and a watch, to disable the sites of two rivals in the athletic jersey trade. But the method was far from rare.

Experts say hundreds of thousands of computers each week are being added to the ranks of zombies, infected with software that makes them susceptible to remote deployment for a variety of illicit purposes, from overwhelming a Web site with traffic - a so-called denial-of-service attack - to cracking complicated security codes. In most instances, the user of a zombie computer is never aware that it has been commandeered.

The networks of zombie computers are used for a variety of purposes, from attacking Web sites of companies and government agencies to generating huge batches of spam e-mail. In some cases, experts say, the spam messages are used by fraud artists, known as phishers, to try to trick computer users into giving confidential information, like bank-account passwords and Social Security numbers.

Officials at the F.B.I. and the Justice Department say their inquiries on the zombie networks are exposing serious vulnerabilities in the Internet that could be exploited more widely by saboteurs to bring down Web sites or online messaging systems. One case under investigation, officials say, may involve as many as 300,000 zombie computers.

More than 170,000 computers every day are being added to the ranks of zombies, according to Dmitri Alperovitch, a research engineer at CipherTrust, a company based in Georgia that sells products to make e-mail and messaging safer.

"What this points out is that even though critical infrastructure is fairly well secured, the real vulnerability of the Internet are those home users that are individually vulnerable and don't have the knowledge to protect themselves," Mr. Alperovitch said. "They pose a threat to all the rest of us."

Full Article.

More in Tux Machines

Red Hat and Fedora

Rackspace and FOSS Report

  • The Rackspace State of Open Source
    As the OpenStack Summit in Barcelona kicks off, Rackspace has released a report entitled ‘The State of Open Source’. With every conference seemingly extolling the virtues of open source software, this report is timely. It manages to differentiate between enterprise open source and the wider open source software market.
  • Why digital transformation needs open source
    As if there wasn't already ample reason for businesses to switch to open source, Forrester analysts Paul Miller and Lauren E Nelson released a report in April 2016, entitled Open Source Powers Enterprise Digital Transformation — CIOs Need To Embrace Open Source Software To Drive Change, which further drives the point.
  • Despite Security Fears, Open Source Is Fuelling Innovation and Cost Savings in UK Businesses
  • Security concerns fail to hold back UK open source success
    However, despite its increasingly common use, many (54%) still perceive external security threats to be a big barrier to adoption, that’s according to a report published by Rackspace. The State of Open Source study, which was conducted among IT decision makers in UK businesses with over 1,000 employees and revenues over £500m, and looks at the ways open source is being used, its benefits, but also what is holding back adoption and business concerns. According to the report open source has come of age with 85% using open source technology to migrate a closed source project to open source. Open source also isn’t just a tool for small businesses; the vast majority (90%) of large businesses are now deploying open source-based enterprise applications, with 25% being completely open source. The reason for the growing adoption is because of the money and time savings. Rackspace found that for each project that had been migrated to open source technology, six out of ten organisations saved on average £30,146 and reduced project lifecycle by six months. Greater innovation was reported by many (49%), and 46% were driven to open source because of the competitive opportunities. Additionally, just under half (45%) said that it enabled them to get products and services to market faster. John Engates, Chief Technology Officer at Rackspace, said: “While open source technologies have been around for many years, it is great to see that enterprise businesses are finally dipping their toes in and seeing the tangible benefits.

FOSS and Blockchain

Security Leftovers

  • The internet apocalypse map hides the major vulnerability that created it
    During Friday’s massive distributed denial of service (DDoS) attack on DNS service provider Dyn, one might be forgiven for mistaking the maps of network outages for images of some post-apocalyptic nuclear fallout. Screenshots from sites like showed menacingly red, fuzzy heat maps of, well, effectively just population centers of the United States experiencing serious difficulty accessing Twitter, Github, Etsy, or any of Dyn's other high-profile clients. Aside from offering little detail and making a DDoS literally into a glowing red menace, they also obscured the reality of just how centralized a lot of internet infrastructure really is. DNS is ground zero for the uneasy tension of the internet’s presumed decentralized resilience and the reality that as of now, translating IP addresses into domain names requires some kind of centralized, hierarchical platform, and that’s probably not going to radically change anytime soon. Other maps provided by various business to business network infrastructure companies weren’t much more helpful. These maps seem to exist mostly to signal that the companies in question have lots of cool data and that it can be made into a flashy map — which might impress potential customers, but that doesn’t offer a ton of insights for the layperson. For example, threat intelligence company Norse's map appears to be mostly a homage to the Matthew Broderick movie War Games: a constant barrage of DDoS attacks beaming like space invader rockets across a world map. Akamai has an impressive 3D visualization that renders traffic as points beaming into the atmosphere. And website monitoring service Pingdom offers a dot map at such a far-out zoom level that it's essentially useless for seeking out more meaningful patterns than "outages happen in population centers, also there are a lot of outages."
  • CoreOS Patched Against the "Dirty COW" Linux Kernel Vulnerability, Update Now
  • World’s first hack-proof router launched
    Turris Omnia router, tagged the world’s first hack-proof router, was launched yesterday at the CES Unveiled Show in Prague, Czech Republic. As an essential part of any home internet network, routers are rather poorly secured and protected against cyber attack. More often than not, the only security feature is the default password. With easily required internet knowledge and some skills, these routers can be hacked, providing unauthorized access to a complete internet network. From there on, anything is possible.