Skip to content

You (yes you!) may have provided “machine gun” to DDoS spammers

April 3, 2013

NYTimes: “Devices Like Cable Boxes Figured in Internet Attack” by Nicole Perlroth, about the DDoS of Spamhaus and explains:

open resolvers — are simply home Internet devices, corporate servers, or virtual machines in the cloud that have been sloppily configured to accept messages from any device around the globe. Open resolvers have been set up in such a way that they are not unlike the naïve users of public Wi-Fi who forget to turn off their file-sharing settings, so that any hacker on the Internet can creep inside the computer. It’s similar to PC users who do not realize that by not updating their software, they let their computers get infected with malware and used as a zombie in a cyberattack. The difference is that if you think of a computer as a digital weapon, then an open resolver is a machine gun. Attackers can use open resolvers to amplify the strength of a cyberattack by a factor of 100.

Perlroth amps the fearmongering in this computer science lesson. A quick read suggests that many of us might own zombie machine guns fighting a cyberwar and not even know it.

Her choice of source quotes for the article only make it more extreme:

‘They are going to hit everything at once, and that’s when this gets real,’ ” said Matthew Prince, the chief executive of CloudFlare. “That’s the nightmare scenario that hasn’t happened — yet.”

and

“I’ve been waiting for this attack for a long time,” Dr. Vixie said, “so that we could tell the earth’s population to do something about it.”

I am not as optimistic as Dr. Vivie. Internet security is not something we want to deal with. We want open internet as much as possible. More open! But the dangers are real and we need more education and consumer protections before its too late.

The message seems to be: sloppy code gets hacked. But also: all code is hackable. So maybe: all we can really do is escalate a cyber arms race and be zombies in their war games.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: