Thursday, August 23, 2007



I know I have been absent from blogging post Blackhat and that has lead to a lot of Dave withdrawal by the loyal reader of the Errata Security blog (Hi Mom). I am sorry, I have been working on a project that requires an unbelievable amount of time and attention. The project is almost over so soon regularly scheduled Dave musings will resume. I have to abandon my project temporally to post about the following.

OH. MY. GOD. RUN; do not walk, to your closest store and buy a copy of Wired.
Note: I almost wish I could use a blink tag for that.

There is an article this month’s issue about the cyberwar in Estonia on page 166 written by John Robb. I am almost certain Robb is not the same person who played "porn dealer" in the Nicholas Cage thriller, 8mm. While I am imparting interesting tidbits related to this story in a thinly veiled waste of your time, I have to make a revelation: for the first few months I had read about this story, I kept thinking that it was the country from the Dilbert comic strip. Funny enough it turns out that the country Dilbert often mentions is Elbonia. I am embarrassed. Even red-faced I feel good knowing that if I have offended anyone with my lack of geography knowledge, they can take comfort in knowing that my therapist and Microsoft Word’s Spelling & Grammar feature both agree I am functionally retarded.

Estonia is a hot conversation topic amongst the security crowd recently due to a DDoS that reportedly crippled their government. The topic even made its way to Vegas in the form of a Blackhat speech given by Gadi Evron. In an attempt to depict the massive attack by bots on Estonia, a nifty graphic accompanies the story. The graphic is a world map with lots of multicolored lines showing a bot attack in much the same way Wargames showed ICMB launches. That is it; mom-and-pop wired reader will now equate bot attacks to something like a nuclear missile launch. Here is Kevin Poulsen, also of Wired, writing about the DDoS attack.

UPDATE: The bot attack graphic has been found. From the Wired online story:

Bask in the glory that is the begining of the Cyberwarfare fear! Anybody want to take bets on how quickly similar graphs will show up in marketing materials for security companies? I can hear the sales pitch now, “buy our product or THIS can happen to you”, while sliding a copy of the picture across the desk.

Why am I worried? Becasue if you didn't know better you would think people are dying in the streets with the coverage the DDoS has been given. If I were to ask an average US citizen to look at this picture and tell me what they think about cyberwar I am sure I would get something like:

Ted, 22, Alabama
"You mean someone in Russia can stop from surfing por...err...the hours of the War of 1812 exhibt at my local museum? I sure don't like that. The government should do something about that. We have gone to war for less than that."

Amy, 24, Californa
"Like, I was on the interweb the other day and, like, I got kicked off. I bet it was those bot people going after me trying to get the pictures from my computer. People tell me I look like Paris Hilton, what do you think?"

Tony, 34, New Jersey
"I don't like someone else packets just coming in and out whenever they want. I wanna see them come try that in my neighborhood, I'd give them a dos right upside the head."
Note: I did not actually go ask any average citizens. The above statments are fiction. I did not query average citizens because I fear their replies and a serious case of apathy.
I hope you understnad that my sarcasm is not over the story or its contents but rather what this means for the future. Now that cyberwarfare has hit the mainstream and will surely become the topic of conversations at intellectuals’ cocktail parties, the flood of fear mongering is not far off. Imagine being a fly on the wall at one of insomnia curing parties:
“But Max, there is a CYBERWAR going on. Think of all the children who don't have access to family photos or their vacation itinerary or Ticketmaster. I think we should send relief in the form of iTunes gift cards, which should help ease the burden, some. I mean, it is just as bad as Darfur.”
Note: To get the full effect this statement would need to be in a nasally, high-pitched voice that a mere blogpost just could not convey.
In an effort to provide the feeling of safety to its citizens and because of the overwhelming success of the Terror Warning Level, a cyberattack warning level is not far off. Soon you will overhear people telling their friends “you shouldn’t go on Myspace today, the cyberattack warning level is orangish blue”.

After the warning level sinks in and is on everybody’s browser start page a list of things that all citizens should get and keep in case of a cyberattack. Do not be surprised if man countries issues statements like this:
“The Cyberwarfare sub directorate of the Infrastructure Crisis Avoidance office of Technology Assimilation and Integration Task Force from the Department of Homeland Security (CICATAITFDHS) has just announced the formation of a private company to address the growing concern over cyberwarfare. The newly formed company Unity will provide guidance and assistance to all entities under the name Unity. This governing body of this new company is a consortium of leaders from private industry and public service such as major software vendors, music and movie studios, and the NSA. The first act of Unity is to issues a list for essential things to have in the event the fear of a cyberattack on the US becomes a reality.

1. Devices like scissors, axes, or bolt cutters should be kept close to you internet access device. Cut your phone/DSL line in case of an attack.

2. Malware likes Viruses, Trojans, and 3rd party software like browsers and media players will be resistant to modern A/V tools. For this reason be prepared to microwave your hard drive in case an attack is launched or a Mozilla icon is spotted on your desktop.

3. Backup your files accordingly and store them in a safe place. In conjunction with this announcement, the NSA would like to announce they are partially leaving the intelligence community and now offer a secure offsite storage facility, called SafeAtHome, in sunny Maryland. For a nominal fee, all your important documents can be stored in a nuclear bombproof bunker. In no way would the NSA SafeAtHome program serve, as an intelligence source. The first 1,000 subscribers get a free DVD of the first season of the hit Fox show: “24”.

4. Analog radios, flashlights, and batteries need to stay in stock and
working order. The radio is for listening to the Emergency Broadcast System (EBS) for news about the cyberattack. In addition the radios could be, in theory, used to listen to music when your hard drive has been through the microwave process.

5. Duct Tape. You can never have too much Duct Tape.

In closing almost 99% of all successful cyberattacks use pirated software, music, and movies (such as the 20th Century Fox summer blockbuster Live Free or Die hard, available on DVDs soon) as the infection vector for the first wave of attacks. For this reason, consensuses that all pirated materials pose a threat to internet safety. Destruction of offending materials is required. To aid in the process a new tool just became available called Tattle that will help securely delete all unauthorized materials. By using this tool, you are agreeing that all inventoried items will undergo rigor analysis for potential malware by our partners.

In an effort to make the internet a safer place, everybody must cooperate in the above endeavors. If you discover that a person is not adhering to the set standard safety protocol, please report them to 1-800-TELL-ALL."
Of course, I could be wrong. Once Wired writes about it, it is downhill from there. Moreover, the best part is there will be all this fuss of some script kiddy P4cK3t W4rr10r5. Anybody know what time MTV’s “True Life: I’m a bot herder” is starting production?


Unknown said...

Once Wired writes about it, it is downhill from there.

I tend to find that by the time news outlets like Wired hear about something, it's such old news that it's a non-issue.

Unknown said...

Not only blink tags, but also two animated gifs of torches on either side! Or fireballs exploding!