Kim Chi In the Intertubes

KIM CHI IN THE INTERTUBES by Charlie Martin

Let’s get the news out of the way first, so we can move right along to the (hopefully informed) speculation.

The news came out today that there has been a relatively large-scale attack on a number of websites – a lot of web sites, and that’s interesting in itself – including a number of US government sites and an odd selection of other sites, like several major newspapers and the New York Stock Excahnge. At the same time, there were major attacks on a number of systems in South Korea, which led to speculation, given the timing and the targets, that the attacker was the DPRK, North Korea.

The mechanics of the attack are simple: a “DDoS” or “distributed denial of service” attack. This simply means that the basis of the attack is to flood a system or web site with so many malicious requests for service that it’s impossible for the system to handle legitimate requests. That’s the “denial of service” part.

The “distributed” part means that it’s not just one attacker system making the malicious requests, but many systems.

Where do all these attacking systems come from? Not from buying them on eBay – instead, the attacker sites are almost certainly zombies, computers that have been infected with a malicious viral or worm-like program that lurks on an under-protected computer until called to do the nefarious bidding of the zombie-master, who could be anywhere on the Internet. The zombies spread through the Internet by looking for unprotected systems and infecting them. Infected systems then start looking for other systems to infect. Almost all of the infected systems are running Windows, and there are so many zombies in the wild already that an unprotected Windows machine, put naked onto the Internet, will be infected within minutes.

That’s how it happens. But why?

First off, it’s not to demonstrate the North Koreans’ technical sophistication, except possibly in Kim Jung Il’s fevered imagination. As you can see from the description, the level of technical sophistication required is about the same as having a bunch of people call a radio show with canned talking point to keep others from calling in. Writing a bot is not a lot more difficult, although it takes some programming skill and a good bit of Windows knowledge. Whoever the perpetrator is, though, doesn’t need to write his or her own bot, because bots — and even active bot networks — are easily available on the Internet. I’m told that you can even rent a zombie network if you know where to ask.

Second, this attack probably wasn’t intended to cause anything more than some annoyance. We know this because of the breadth and variety of the sites being attacked. Some of the sites being attacked, like the White House website, are carefully protected; others, like the Department of Defense, are pretty careful not to have anything exceptionally important on a network accessible from the outside world. If there were any intention of bringing a site down, the attackers would concentrate their forces.

Third, we don’t actually know who did it. The notion that it’s North Korea is largely speculation too, a plausible assumption considering the current Korean situation. But it is a plausible assumption, and it makes a certain amount of sense seen as Kim simply putting up some harassments, much like shooting missiles out into the Sea of Japan.
Now we get to my favorite part, the “I told you so” part. What’s the core issue here? It’s mainly that Microsoft has made Windows so complex, so “heavy”, that it’s impossible to get it even nearly correct. As a result, Windows can be infected (when is the last time you heard of a major virus outbreak for Macs, or UNIX-based systems?) and because of the Internet, the infection spreads quickly.
And there’s the “I told you so.” The basics of how a virus works were laid out by Fred Cohen in 1983, and worms and Trojan horse programs were well-known long before that. What’s more, protection against all of these programs is built into every major operating system… except Windows. For various reasons, because of backward compatibility and Active-X and Microsoft’s cross-program scripting, and most of all because it’s such a big beast, Windows, among all production operating systems, is by far the most vulnerable. The “I told you so” part is that people have been warning for years of the risks presented by not taking care with security from the start.

Now, though, it’s important. We depend on computers for too much, and there are attacks that could be catastrophic. For example, some parts of the power distribution grid are vulnerable, and no I’m not going to tell you how. Warnings from major research groups have been pointing this out for years. (I reported on one in Pajamas Media last December.) This attack wasn’t much of a cyberwar, but future ones could be and very likely will be.

The Obama Administration is, as usual, proposing a “czar” to handle this, no doubt with commissions and budgets and lots of fanfare. But will they really look at the root of the problem?

If we don’t want a major attack and major damage, the real remedy is to begin to make sure computer operating systems and programs are being written to meet the requirements laid out more than 30 years ago.