Information Warfare - III
And you thought proxy wars are cheap? Where are you from - the middle ages?
Today nobody needs to fight a war. There's more than enough in this world to go around, but still people feel "obliged" to treat their neighbours like crap and then fight about how they are "right" at a world conference level. Shameful.
But this is exactly the reason for this Information Warfare series - to make the common man more knowledgeable and more prepared... For the war of the future is Information.
And information is... Well cost wise it's cheaper than dirt.
Today let's talk about Spoof DDOS / SMURF attacks. I'm sure you all know about it... But let me recap for the purposes of those who don't.
Original term: DOS. Denial Of Services.
When a cyber attack results in certain services being denied to it's regular users, it's called a Denial of Services attack. It's the most basic tactic of war - you blow out the power stations, burn granaries and other food storage warehouses, pollute / poison water supply - they are all Denial of Services attacks.
Now-a-days we use the term to pertain to a website's services as well. Suppose you want to check your email, but Gooooooogle (pardon my latin) is experiencing a rather unfortunate DOS attack. What you will see: "Page not found". What can you do: "NOTHING". You just need to sit back and worry about the loss of your email, how you can't reach out to anyone and how isolated you are in this enormous world without access to your email. I know because that's what I'd feel...
Evolved term: DDOS. Distributed Denial Of Services.
Most websites / platforms of course knows about DOS attacks and they took precautions! They have multiple, multiple servers all over the planet. So if one server is feeling under the weather, the others just silently fill in for it. Amazing work of genius right? This is true for Linked In, Google, Microsoft, and even the Yahoos who work at Yahoo!
But what if the attacker thinks about it differently. Instead of attacking ONE server, he will attack ALL the servers. Furthermore, he will not attack from ONE source, he will attack you from MANY sources. See this illustration: The Reds could be DDOS attackers, and the Greens could be the poor victim servers.
The attackers always coordinate their efforts to ensure MAXIMUM downtime. Isn't this fun!? Now what is the direct outcome of this kind of attack? Denial of Services of course!
However this is far, far more destructive because of the multiplier effect on intensity of attack, and its more difficult to stop! The civilian is always the casualty because they have no email (for example).
But this can really apply to all of the following:
- Email, News and Social Media websites
- Online groceries / FMCG
- Bill payment websites (phone, electricity, etc)
- Bank websites and Banking portals
- E-commerce websites
- Servers for public services like Whatsapp, Snapchat, etc
- And really - it can bring your internet existence to a standstill.
See the most destructive part of this is - by blocking your access to your own money and bill payment websites, they are depriving you of not only service TODAY but potentially damaging your credit reputation, AND reducing revenues for the service provider for months to come.
And now let's go to the final - hardest to detect, hardest to prevent, hardest to defend against - type of DDOS attack: The Spoof DDOS / Smurf attack.
As you know the Internet communication method/'protocol' contains a piece of data that identifies the sender of the request. Consider: What would happen if I used your unique identifier? The answer is simple: The response of that particular request would be sent to YOU and not to me. So I can throw a pie at someone, and when they throw a pie back, it would hit YOU, not me. Get the logic?
Now suppose you are only able to handle 100,000 such responses in an hour. What if I use 500 computers to send 100,000 requests EACH, to very powerful server systems?
YOUR server would be buried under 50,000,000 - 50 MILLION responses that you simply cannot handle! Your server would die a miserable death.... And the horrible part is that those responses were not even supposed to be handled by your server!
Variations: The standard SMURF attack can be blocked by most good Internet Providers today (so naturally that excludes everyone in India from the safety zone). However variants of the attack can be used to knock out mobile networks, overload substations, block highways and other regional transport, and so many, many, many things!
Blocking mass transit:
- Use social engineering to get access to the control room for the transport systems
- Plant a network snooping device - something that scans the network and identifies IP addresses and basically understands the network structure
- Identify the bottlenecks & program your DDOS attacker computers to CHOKE them
- Take a guess: How many trains/buses are going to run on time when their computers don't know which train/bus needs to go where and at what time? ZERO.
Blocking roads:
- Hack the app of either Ola or Uber or one of these cabbies
- Identify a bottleneck flyover / highway / road junction that you want to choke
- Order dozens of cabs on both sides of that junction... Then request the cabbie to come to the OTHER side of the junction.
- Apart from the cabbies going crazy, you've blocked the whole junction! Nobody is going to get through - not even a TANK.
Mass starvation: Better not. This can really kill, and I don't want to be the cause of that. I will never put this up... There's enough death and suffering in the world as it is.
Chaitanya Dhareshwar is a certified Cyber Crime Investigator. His BS is often painful to hear, but strikingly true. If you have complaints about it, please refer it to [email protected] thank you.