Friday, December 10, 2010

WikiLeaks DDoS and You

So I read a recent article yesterday about the WikiLeak supporters doing DDoS attacks on sites and it got me thinking.

Really thinking.

Consider this -- a group of hackers (and support them or not that is what they are), are bringing sites down at will on a moment's notice. No weeks of preparation, or coordinated touch and then attack. This is "hmmm...them" and boom that site is down. MasterCard, Visa, PayPal, etc etc. Boom. ______ Insert your company name here ______ BOOM.

Botnets are out there just twiddling thumbs. Some C&C (command & control, those "mothership" servers that command and control the bots at your parents' house and my uncles' house and those of the annoying admin assistants at work that forward you all those emails with smiling cats and angels and hearts and "you mean the world to me") servers are just sitting idle, a hair off the network. Infected machines are everywhere. Maybe mine right now. Maybe yours. Waiting. Some C&C comes online and says "Hit Greg's site" and voila it is down.

So why is WikiLeaks freaking me out a bit? I think WikiLeaks is a great thing. I really do. I may be wrong in thinking that, and to be honest I haven't researched the laws, but if you are dumb enough to leak out confidential stuff then it isn't their fault for publishing it. After the first few leaks, you'd think integrity and ethics would keep people from leaking info...ah but that isn't human nature, which dictates self-aggrandizing and soap boxes! Anyway, without more editorial, what is happening with WikiLeaks freaks me out because it shows that an organized group can take down big sites at will. If big sites are having problems, your mom and pop shop will too.

I have been soapboxing about devs learning about security and plugging holes. And the DDoS attacks show that even that won't stop them. You have to mess with DNS. And we all know how many people are good at messing with DNS and getting it all back in order a month later. It ain't the devs who can't close XSS holes that have been open since 1999! That's for sure.

So here are the pieces and you tell me how it affects you:
  • Crippling attack

  • lack of understanding of attack

  • lack of resources to stop attack (expertise and time in-house or $$ for out-house)

  • lack of understanding and resources to bring things back up

  • lack of disaster recovery plan in most cases

  • this attack brings your site's server down...oops is your email on there too?

  • this attack is not stopped by anti-virus or strong development best practices

  • this attack can happen to anyone at will and on a moment's notice

How do you rate in those? How about your company? Your friends? Your family? Your nation?

If a big huge attack has not been done yet, it is simply not yet time. The pieces are there. The code is there. The bots are there. It is just a matter of time before a set of things are brought down at once. Or that you or I say something that makes someone mad and boom...we are down.

I read how one guy did DNS changes that basically redirected the DDoS attacks back on the C&C server and it brought down the attack! ha! Classic and well done! But that is rare. You and I don't have that working for us. What can we do? I look forward to some comments and input on this one.

I am available for consultation or idea swapping on this sort of thing. In addition I train and speak to .NET developers about securing their web apps. Even though this sort of DDoS attack is not stopped through standard ASP.NET programming, there are lots of places where other attacks come through your apps. XSS and SQL Injection continue to run rampant. I can help you cut your risk of damaging attack significantly by doing a code review, training your developers or just helping you with next steps. Contact me at for more information.

No comments:

Post a Comment