Re: World's most powerful supercomputer goes online
Another potential use for the Storm worm... I can't imagine this would be why it's being assembled since there's no money in it, but consider the prospect of x million machines cycling from idle to full load once a minute. If the power swing in doing this is (for example) 100 watts per PC then even at 1M machines that's switching a 100 megawatt load in and out of circuit, which could cause some fun in power distribution systems. You could easily double (or more) this load by putting the PC and monitor to sleep and then running it up to full load and back down again. Obviously it's highly unlikely that that's what the Storm botherders are planning to do with it, apart from the lack of financial motive you'd need to carefully synchronise the timing, and the PCs would be distributed all over the world rather than affecting one grid. Probably the most you'd get is localised problems, overloading, maybe a few fires from wiring. OTOH the shock effect of someone being able to do this worldwide would be something to behold. Talk about a "light blue touch paper and stand clear". (If they *do* do this with Storm, remember that you read it here first :-). A much simpler attack if all you want to do is cause panic would be to just brick the machines and watch the fun when 1M+ RMAs hit the service channels. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
At 11:23 PM 8/30/2007, Peter Gutmann wrote: This may be the first time that a top 10 supercomputer has been controlled not by a government or megacorporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it? And I wonder what the LINPACK rating for Storm is? There have been a number of half-years that [EMAIL PROTECTED] was faster than the top machines in the top500 list (counting by bogomips, not real LINPAK), and most of the times I've checked, it's been at least in the top 10. Some of the stats can be found at top500.org and http://boinc.netsoft-online.com/e107_plugins/boinc/bp_summary.php (though good [EMAIL PROTECTED] stats have been harder to get in recent years, partly for organizational or presentational reasons, and partly because it's spun off a bunch of other mass-computing programs.) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
On Sun, 2 Sep 2007 14:48:31 +0200 plus or minus some time Guus Sliepen <[EMAIL PROTECTED]> wrote: > Experience with tinc (a VPN daemon with peer-to-peer like architecture, > which replicates certain information to all daemons in a single VPN), > showed that even in a network with only 20 nodes, it is extremely hard > to get rid of information. You either need to shut down all daemons at > the same time to make sure all state is lost, or modify the software to > allow explicit deletion of certain information. With more that 1 million > nodes it will be even harder to delete data. > Actually the stormworm network illustrates this example perfectly. As with most DHT based P2P networks, stormworm suffers from latent/stale node data still in the memory of other nodes. Asside from the overnet peer bootstrap files for each stormworm node, the list of nodes in the network is distributed in memory across all the nodes. Stormworm is especially bad because the authors didn't take the latent data problem into account. There is no built-in mechanism for a botted host to remove dead peers from their list in memory. With tens of thousands of nodes, IPs of machines that were infected and cleaned weeks ago still occasionally show up. I suspect this behavior is the primary source of the ridiculously high (and inaccurate) estimates for the size of the stormworm botnet. Brandon - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
On Sat, Sep 01, 2007 at 03:46:45PM +1200, Peter Gutmann wrote: > I feel I should add a followup to the earlier post, this was implied by the > rhetorical question about what the LINPACK performance of a botnet is, but > I'll make it explicit here: > > The standard benchmark for supercomputers is the LINPACK linear-algebra > mathematical benchmark. Now in practice the LINPACK performance of a botnet > is likely to be nowhere near that of a specially-designed supercomputer, since > it's more a distributed grid than a monolithic system. On the other hand bot- > herders are unlikely to care much about the linear algebra performance of > their botnet since it doesn't represent the workload of any of the tasks that > such a system would be used for. Another interesting use may be data hiding. The botnet software could store information in RAM (never on disk), and replicate it to other nodes. If one node goes down, other nodes will still have the information. If one node detects that virusscanners or forensic tools are being used, it can easily wipe the information from RAM or just reboot the machine without fear that the information would really be lost.=20 Experience with tinc (a VPN daemon with peer-to-peer like architecture, which replicates certain information to all daemons in a single VPN), showed that even in a network with only 20 nodes, it is extremely hard to get rid of information. You either need to shut down all daemons at the same time to make sure all state is lost, or modify the software to allow explicit deletion of certain information. With more that 1 million nodes it will be even harder to delete data. -- Met vriendelijke groet / with kind regards, Guus Sliepen <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Re: World's most powerful supercomputer goes online
I feel I should add a followup to the earlier post, this was implied by the rhetorical question about what the LINPACK performance of a botnet is, but I'll make it explicit here: The standard benchmark for supercomputers is the LINPACK linear-algebra mathematical benchmark. Now in practice the LINPACK performance of a botnet is likely to be nowhere near that of a specially-designed supercomputer, since it's more a distributed grid than a monolithic system. On the other hand bot- herders are unlikely to care much about the linear algebra performance of their botnet since it doesn't represent the workload of any of the tasks that such a system would be used for. Where Storm leaves every conventional supercomputer in the dust is in terms of the sheer hardware resources (number of CPUs, amount of memory, and network bandwidth) at its disposal. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
Florian Weimer <[EMAIL PROTECTED]> writes: >* Peter Gutmann: >> This doesn't seem to have received much attention, but the world's >> most powerful supercomputer entered operation recently. Comprising >> between 1 and 10 million CPUs (depending on whose estimates you >> believe), the Storm botnet easily outperforms the currently >> top-ranked system, BlueGene/L, with a mere 128K CPU cores. > >It's a bit unfair to compare those numbers with single-image systems or >tightly-coupled clusters. Grids are the more apt comparison. Sure, absolutely, that's why I made the LINPACK comment at the end. However for the sorts of usages that malware authors might put it to (e.g. A5 rainbow tables, as Daniel Schroeder suggested) it's probably going to be hard to beat. The message was intended to draw attention to the frightening amount of raw computing power that's now in the hands of people whose identities and motives we're not even certain of. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
* Peter Gutmann: > This doesn't seem to have received much attention, but the world's > most powerful supercomputer entered operation recently. Comprising > between 1 and 10 million CPUs (depending on whose estimates you > believe), the Storm botnet easily outperforms the currently > top-ranked system, BlueGene/L, with a mere 128K CPU cores. It's a bit unfair to compare those numbers with single-image systems or tightly-coupled clusters. Grids are the more apt comparison. > This may be the first time that a top 10 supercomputer has been > controlled not by a government or megacorporation but by criminals. Doubt it. If I recall the confirmed Phatbot numbers correctly, they where pretty substantial, too, especially for that time. And this was the first time when I came across that "botnets are grids plus scalability and security" joke. Some of the HTTP-based botnets advertised pretty high infection numbers, too, but such claims are difficult to verify. On the other hand, LINPACK numbers for a botnet would likely be much lower than what is suggested by the raw CPU count. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
http://en.wikipedia.org/wiki/Storm_Worm Dark Reading Keywords : Attacks / Exploits / Threats : Botnets http://www.darkreading.com/topics.asp?node_id=1801 Dark Reading News Analysis: Storm Hits Blogger August 30, 2007 : The ubiquitous Storm Trojan has found a new home on spam blog sites in Google's Blogger network http://www.darkreading.com/document.asp?doc_id=132793 Storm Botnet sends spoofed YouTube spam Author: Phil Cogar Published: 29th Aug 2007 http://www.bit-tech.net/news/2007/08/29/storm_botnet_sends_spoofed_botnet_spam/ 1 Storm Botnet Is Behind Two New Attacks Posted by kdawson on Sunday August 26, @12:51PM from the do-not-click-here dept. http://it.slashdot.org/article.pl?sid=07/08/26/1558245 Storm Botnet Puts Up Defenses And Starts Attacking Back Researchers are warning universities that they're at risk of being hit with massive distributed denial-of-service attacks when they scan their own networks. By Sharon Gaudin InformationWeek August 16, 2007 04:23 PM http://www.informationweek.com/story/showArticle.jhtml?articleID=201800635 lots more... http://www.google.com/search?hl=en&q=storm+botnet&btnG=Google+Search --- end - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
On Fri, Aug 31, 2007 at 06:23:57PM +1200, Peter Gutmann wrote: > This may be the first time that a top 10 supercomputer has been controlled not > by a government or megacorporation but by criminals. The question remains, > now that they have the world's most powerful supercomputer system at their > disposal, what are they going to do with it? And I wonder what the LINPACK > rating for Storm is? Isn't most of the cost/complexity of super-computers the interconnect fabric and memory system, not the CPUs... Clearly for easy to partition problems this beats the "super-computer" systems, but many large problems won't tolerate Storm's interconnect latency... The LINPACK benchmarks on super-computers largely measure memory-bandwidth not CPU power, but the memory pre-fetch pipeline depth is not unbounded, most algorithms will stall if latency is too high... Simulations of supernova explosions or aircraft wing dynamics probably don't easily scale on Storm... -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
That's quite an interesting thing to ponder, but don't forget that only some supercomputer applications (like crypto!) can be handled well by this sort of highly distributed system. There is more to most "real supercomputers" than just MHz times number of CPUs - there is also very high-speed data communications and sharing between those multiple CPUs. The botnet does not have that, so it is limited to working on problems that can be completely divided into independent pieces of work where there is little or no need to pass data between the CPUs. If you're trying to do an exhaustive key search, however, it looks like a pretty attractive thing to use. --- Todd Arnold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
Peter Gutmann wrote: > This doesn't seem to have received much attention, but the world's most > powerful supercomputer entered operation recently. Comprising between 1 and > 10 million CPUs (depending on whose estimates you believe), the Storm botnet > easily outperforms the currently top-ranked system, BlueGene/L, with a mere > 128K CPU cores. Using the figures from Valve's online survey, > http://www.steampowered.com/status/survey.html, for which the typical machine > has a 2.3 - 3.3 GHz single core CPU with about 1GB of RAM, the Storm cluster > has the equivalent of 1-10M (approximately) 2.8 GHz P4s with 1-10 petabytes of > RAM (BlueGene/L has a paltry 32 terabytes). In fact this composite system has > better hardware resources than what's listed at http://www.top500.org for the > entire world's top 10 supercomputers: > > BlueGene/L: 128K CPUs, 32TB > Jaguar: 22K CPUs, 46TB > Red Storm: 26K CPUs, 40TB > BGW: 40K CPUs, 10TB > New York Blue: 37K CPUs, 18TB > ASC Purple: 12K CPUs, 49TB > eServer Blue Gene: ? > Abe: 10K CPUs, 10TB > MareNostrum: 10K CPUs, 20GB > HLRB-II: 10K CPUs, 39GB > > This may be the first time that a top 10 supercomputer has been controlled not > by a government or megacorporation but by criminals. The question remains, > now that they have the world's most powerful supercomputer system at their > disposal, what are they going to do with it? they could probably easily compute the GSM A5 Rainbow Table and listen to any GSM phone connection they want :) http://video.google.com/videoplay?docid=8955054591690672567&hl=en or even more evil: they compute the rainbow table und sell it to the highest bidder... > And I wonder what the LINPACK > rating for Storm is? > > Peter. > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: World's most powerful supercomputer goes online
On Fri, Aug 31, 2007 at 06:23:57PM +1200, Peter Gutmann wrote: > 128K CPU cores. Using the figures from Valve's online survey, > http://www.steampowered.com/status/survey.html, for which the typical machine > has a 2.3 - 3.3 GHz single core CPU with about 1GB of RAM, the Storm cluster > has the equivalent of 1-10M (approximately) 2.8 GHz P4s with 1-10 petabytes of > RAM (BlueGene/L has a paltry 32 terabytes). The Steam survey is going to overestimate the power of the average machine because it is only sampling machines which are capable of playing Half-Life 2 (or other equally resource intensive games). The recommended machine for Half-Life 2 is a 2.4 GHz CPU with 512 Mbytes RAM. No surprise that most of the machines surveyed hit that minimum. As for "most powerful supercomputer" - that ignores that the interconnect used (the Internet) is going to be 2 to 4 orders of magnitude slower in bandwidth and latency than that used in any modern supercomputer. -Jack - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
World's most powerful supercomputer goes online
This doesn't seem to have received much attention, but the world's most powerful supercomputer entered operation recently. Comprising between 1 and 10 million CPUs (depending on whose estimates you believe), the Storm botnet easily outperforms the currently top-ranked system, BlueGene/L, with a mere 128K CPU cores. Using the figures from Valve's online survey, http://www.steampowered.com/status/survey.html, for which the typical machine has a 2.3 - 3.3 GHz single core CPU with about 1GB of RAM, the Storm cluster has the equivalent of 1-10M (approximately) 2.8 GHz P4s with 1-10 petabytes of RAM (BlueGene/L has a paltry 32 terabytes). In fact this composite system has better hardware resources than what's listed at http://www.top500.org for the entire world's top 10 supercomputers: BlueGene/L: 128K CPUs, 32TB Jaguar: 22K CPUs, 46TB Red Storm: 26K CPUs, 40TB BGW: 40K CPUs, 10TB New York Blue: 37K CPUs, 18TB ASC Purple: 12K CPUs, 49TB eServer Blue Gene: ? Abe: 10K CPUs, 10TB MareNostrum: 10K CPUs, 20GB HLRB-II: 10K CPUs, 39GB This may be the first time that a top 10 supercomputer has been controlled not by a government or megacorporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it? And I wonder what the LINPACK rating for Storm is? Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]