On 03/20/2013 01:59 PM, Amitai Franklin wrote: > is this a true threat?
> http://www.thehackerspost.com/2013/03/opisrael-hacktivists-starting-cyber.html Well, given that a high number of devices run *very* outdated and insecure software, it is a threat to home-users and poorly maintained web-servers. Expect servers running very outdated software (or very bad software, like IIS on Windows Server) to be unavailable every once in a while. This is annoying, but won't really hurt anyone. If the modern Jihadist puts his focus on attacking through telecommunication networks -- that's GREAT! - it will expose those individuals to the free internet and give them the chance to educate themselves in something actually useful - it will break the information monopoly inside terrorist organizations - it is very unlikely to cause any real harm or damage to people (while it still might cause economic damage) DON'T BELIEVE MYTHS OF HACKERS MANAGING TO BLOW UP NUCLEAR FACILITIES REMOTELY! These are very naive and stupid fantasies of the yellow-press -- fear sells. Facilities which are that relevant for public safety are well guarded (i.e. not connected to any public networks, workers are not allowed to bring their own digital devices such as pen-drives, cameras, phones, ... anywhere close to it) Remember, even for stuxnet, *actual physical access* was needed in order to infect the control systems which were part of the Iranian nuclear program. (i.e. social engineering is also very relevant here) In terms of *real* security risks, i.e. damage besides just annoyance by DDoS, I would not expect this to get very far for several reasons: * nobody with a real clue is participating in it (the group names called here are all rather new and probably mostly not very experienced windows kiddos) * hate and aggression makes people act stupid and blunt -- not very helpful character traits in these kind of activities * this appears to be a political protest rather than an actual *intentional* threat (this assumption might not hold to be true for all participants though). they are fishing for attention and the global media provides it (and unfortunately, we also do, right now...) * despite the fact that anonymous-symbols are used (probably in order to win new participants in the scene and look more important/impressive), there is no hint of a wide backing for this campaign inside any community. don't forget that there is no trademark/copyright/what-so-ever preventing me and you from using the anonymous-mediakit today for our purposes :) * there is not sufficient bandwidth and infrastructure in the likely-to-be- originating networks. and even if they use botnets (maybe even inside Israel), it will be easy to block the command&control centers. > how do you think arig will coup with such attempts in the future? Arig will not have to coup with such things :) They won't get there. Why? - we use up-to-date free open source software - there is almost no attack surface -- we don't expose any services on any public internet (apart from the Arig website) - arig nodes are not centrally managed -- breaking into a single point will never give administrative access to other points. - arig users are likely to be more educated and therefore more aware of the potential vulnerability of the systems they use (i.e. we don't use InternetExplorer; many of us don't even run Windows at all; we all know a bit of TCP/IP; ...) I mainly see two real dangers here: 1. The media campaign can be abused to create a campaign for more "national network security" inside Israel, i.e. the Ministry of Truth wants to make a "national firewall" in order to "protect" you... This reaction is likely (i.e. preparations are already ongoing for a while) and could impact the privacy of Israeli surfers as well as limit free speech and/or access to information inside Israel. I dislike the thought that the public attention to this childish game could be abused to justify national NetNanny deployments (instead of running more education programs for system administrators and refraining from using obsoleted and closed-source systems, which could actually reduce the "threat") 2. There is indeed a high number of insecure and outdated devices on the ARPA internet -- mostly in small businesses and private houses (but also in executive offices of billion-$ companies). Self-updating devices which are also in the focus of administrators and users are less likely to be targetted. But expect home-routers, office-printers, IP-phones, NAS-systems, ... to be *very* vulnerable and easy to target (especially if they run a never-updated vendor-supplied proprietary firmware) This could also affect administration and government offices, but again, those networks are shielded from the outside by proper firewalls (hopefully), so mainly small businesses and home users are the expected victims. Some links to get the picture of the current "threat-level": http://internetcensus2012.github.com/InternetCensus2012/paper.html http://www.h-online.com/security/news/item/Professional-videoconferencing-system-as-a-spy-1824707.html http://www.kb.cert.org/vuls/id/782451 http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html And interesting side-node is that the expected DDoS attacks can be used to generate some statistics and collect data about the participants in such an attack :) For me, this sounds like the most interesting thing about it -- but in a way, this data most probably also won't contain any major surprises. _______________________________________________ arig-discuss mailing list arig-discuss@lists.subsignal.org https://lists.subsignal.org/mailman/listinfo/arig-discuss
