Customize

Massive cyber attack targeting the US

Discussion in 'News and Current Events' started by The Wrong Guy, Sep 5, 2014.

  1. The Wrong Guy Member

    • Like Like x 2
  2. The Wrong Guy Member

    • Like Like x 2
  3. The Wrong Guy Member

    • Like Like x 1
  4. Ersatz Global Moderator

    Do we get under our desks for these or are we supposed to stand in a doorway?
    • Like Like x 6
  5. The Wrong Guy Member

    • Like Like x 2
  6. The Wrong Guy Member

    Commander X@CommanderXanon 23s
    My guess is all the targets of the massive cyber attack against the USA were government because there are no reports of commercial outages.
    • Like Like x 2
  7. The Wrong Guy Member

    Tzunami@TzunAmi73 37s
    Cyberattack update: Mostly in Seattle, Kirksville, Saint Louis, and San Francisco.
    Other common places: New York, Montreal Canada, Perth Austrailia
    • Like Like x 1
  8. The Wrong Guy Member

    • Like Like x 1
  9. The Wrong Guy Member

    • Like Like x 1
  10. The Wrong Guy Member

    Commander X @CommanderXanon · 14m
    I would say the worst of it is over for now. But my feeling is the massive attack this afternoon was just the beginning of something huge.

    From June 26, 2014:

    Norse Hacking Map Shows US Getting Hammered | Business Insider

    http://www.businessinsider.com/norse-hacking-map-shows-us-getting-hammered-2014-6

    From September 4, 2014:

    In case of cyber attack: NATO members ready to pledge mutual defense | Ars Technica

    The United States and the other 27 members of the North Atlantic Treaty Organization plan to aid the defense of any other NATO country in the event of a major cyber attack, according to an agreement that will be ratified this week at a major alliance meeting.

    http://arstechnica.com/security/201...-nato-members-ready-to-pledge-mutual-defense/
    • Like Like x 1
  11. Disambiguation Global Moderator

  12. The Wrong Guy Member

    • Like Like x 1
  13. Disambiguation Global Moderator

    Thanks TWG very interesting
    • Like Like x 1
  14. The Wrong Guy Member

    China Launches Man in the Middle Attack Against Google | Infosecurity Magazine

    The Chinese authorities have launched a man-in-the-middle attack campaign against users of the country’s research and education network CERNET who try to search via Google, in a bid to monitor and censor the HTTPS site.

    http://www.infosecurity-magazine.com/news/china-man-in-the-middle-attack/

    Analysis of Chinese MITM on Google | NETRESEC Blog

    The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We've performed technical analysis of the attack, on request from GreatFire.org, and can confirm that it is a real SSL MITM against www.google.com and that it is being performed from within China.

    http://www.netresec.com/?page=Blog&month=2014-09&post=Analysis-of-Chinese-MITM-on-Google
    • Like Like x 2
  15. rof Member

    lol

    they should call it gook in the middle
  16. Kilia Member

    WTF??? Well I'm safe here in Alaska. lol
    • Like Like x 1
  17. The Wrong Guy Member

    Bw0SDVHIEAAK4fY.jpg:large.jpg

    After noticing a lot of attacks aimed at Kirksville, Missouri, a search led to this:

    The current radar, an Air Route Surveillance Radar - Model 3, is a long-range radar that feeds data to air traffic control centers that control aircraft flying over the region.

    From http://en.wikipedia.org/wiki/Kirksville,_Missouri

    Search: https://privatelee.com/search/?q="Air Route Surveillance Radar" Kirksville

    After posting what's above, I found this:

    Current Use: Active FAA long-range radar site, now with an ARSR-3 radar. This now-FAA long-range radar site is now data-tied into the Joint Surveillance System (post 9/11).

    http://www.radomes.org/museum/showsite.php?site=Kirksville AFS, MO
    • Like Like x 3
  18. The Wrong Guy Member

    How IP Viking works

    At the heart of IP Viking lies thousands of monitoring “agents” that collect live Internet traffic data – about 19 terabytes of it each day.

    “Our agent system is distributed worldwide. We have thousands of Internet points. We actually have infrastructure on every single … Internet exchange point in the country,” said Tommy Stiansen, Norse’s chief technology officer, during a phone interview. “We basically try to see as much of the dark side of the Internet as we possibly can.”

    This “dark side of the Internet” includes everything from general Web traffic, to peer-to-peer networks, to IRC networks, to TOR.

    It is through its agents that Norse is able to keep a keen eye on what’s happening around the Net. Among these agents are thousands of “honeypots,” traps set by Norse in an attempt to lure in hackers or, more frequently, automated tools that attack computer networks, and build botnets, which harness the power of otherwise innocent computers – like the one you’re on right now – to do various forms of digital dirty work. These honeypots include everything from servers to SEO-targeted links for hacking-related content.

    “We have a very large honeypot, where we have, at any given time, over 5 million emulations towards the Internet,” said Stiansen. “Meaning we emulate over 5 million users, severs, infrastructures on the Internet. We mimic a bank. We put in place honeypots to mimic Microsoft Exchange servers, Linux systems, ATMs. We try to mimic as much as we can of the infrastructure online to make it look attractive to be attacked.”

    It is through these honeypots, or “mousetraps,” that Norse is able to dupe hackers or malicious computer tools into revealing information about themselves, like IP addresses, which Norse can then use to keep track of their activities. Once IP Viking has pinpointed some “unethical traffic,” as Stiansen calls it, the system is able to see which systems are being attacked or have been hit with malware that recruits these systems into botnets, which are then used to carry out other attacks.

    From http://www.digitaltrends.com/web/next-generation-hacker-hunting-ip-viking-norse-corp/
    • Like Like x 2
  19. Disambiguation Global Moderator

    I'll come back on a sock and like this.
  20. Disambiguation Global Moderator


    He's a smart guy in the Air Force working against old guard.
    • Like Like x 1
  21. Disambiguation Global Moderator

  22. Disambiguation Global Moderator

    Why were they also hitting the other cities? Looking for amplifiers? Distraction?
  23. fishypants Moderator


    Somebody buy that man a thesaurus.

    http://www.collinsdictionary.com/dictionary/english-thesaurus/large

    However large the incident, I refuse to believe that brobdingnagian, supersize, gigantic, colossal, humungous, ginormous, mammoth and elephantine could all have failed to properly encompass its scale. That's before we even start on terms such as fuck-off man-size jumbo immensity.
    • Like Like x 1
  24. DeathHamster Member

    All those attacks will hit my router and fail, except port 80, which will go to my Raspberry Pi, and fail. Or succeed .. and be wiped by a complete restore.

    You know the drill:
    hqdefault.jpg

    Close all the ports!
    • Like Like x 2
  25. Quentinanon Member

    http://en.wikipedia.org/wiki/Ministry_of_State_Security_(China)
  26. rof Member

  27. The Wrong Guy Member

    This is from the Norse blog today. Quote:

    It came as no surprise to the folks at Norse DarkWolf Labs that the IP address 218.77.79.43 remains at the top of the list for malicious activity this week, the third week in a row, with over 55,180 events between September 3rd and 8th.

    As described in the Threat Thursday post previously, and updated last week, the IP address 218.77.79.43 is assigned to the CHINANET-HN-HY CHINANET-HN Hengyang node network, Hunan Telecom on ASN 4134 for China Telecom.

    After last week’s Threat Thursday post, one of our readers Tweeted to @NorseCorp inquiring as to the attribution of this IP address, sharing the Network Threat Blacklist System web site [http://antivirus.neu.edu.cn/scan/] of the Northeastern University Network Center in Shenyang City, Liaoning Province. Their Network Threat Blacklist System shows 218.77.79.43 as being part of Hengyang Telecom ADSL, and has been seen hitting their systems as well.

    Image one (1) below is a screenshot from the Northeastern University Network Center Network Threat Blacklist System web site [http://antivirus.neu.edu.cn/scan/] listing the current top ten threats, with 218.77.79.43 ranking in at eighth:

    140911-img1.png

    Image One (1): Screenshot from Northeastern University Network Center Network Threat Blacklist System web site - Click on image to open in a new tab

    This raises the question as to who or what this IP address is assigned to. The Northeastern University Network Center attributes this IP as Hengyang Telecom ADSL, but the information we receive from the Regional Internet Registry (RIR) regarding this IP is not as concise.

    As the screenshot from DarkViking in image two (2) indicates, there is no mention of Hengyang Telecom ADSL. The RIR provides the city as Changsha with a latitude and longitude nearby, with the ISP as CHINANET HUNAN PROVINCE NETWORK and the AS Name & Number as CHINANET-BACKBONE. Hengyang province is a considerable distance from Hunan province and the city of Changsha:

    140911-img2.jpg

    Image Two (2): Screenshot from Norse DarkViking regarding IP 218.77.79.43 - Click on image to open in a new tab

    With the owners not providing accurate information regarding IP ownership and routing, the RIRs cannot provide accurate information. Thus, our analysis may not be as accurate, being only as accurate as the information provided. It is interesting that internal to China, the information would be more accurate than what is provided to the RIRs – perhaps being purposefully skewed at the RIR.

    Considering CHINANET is the ISP for the entire country, if ownership and routing information is not accurate or is falsified, this makes subjective analysis problematic at best.

    Clearly this IP is being a nuisance, scanning internal and external hosts of the host country. As the online conversation regarding our posting last week mentioned, there is perhaps concern regarding all traffic from this ISP, and potentially this country in general, if activity of this nature is ignored.

    Continued here:
    http://www.norse-corp.com/blog-thursday-140911.html
    • Like Like x 1
  28. The Wrong Guy Member

    Chinese hacked U.S. military contractors, Senate panel finds | Reuters

    Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment, a U.S. Senate panel has found.

    The Senate Armed Services Committee's year-long probe, concluded in March but made public on Wednesday, found the military's U.S. Transportation Command, or Transcom, was aware of only two out of at least 20 such cyber intrusions within a single year.

    The investigation also found gaps in reporting requirements and a lack of information sharing among U.S. government entities. That in turn left the U.S. military largely unaware of computer compromises of its contractors.

    "These peacetime intrusions into the networks of key defense contractors are more evidence of China's aggressive actions in cyberspace," Democratic Senator Carl Levin of Michigan, the committee's chairman, said in releasing the report.

    Officials with the Chinese Embassy in Washington did not immediately comment.

    Cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said China had for years shown a keen interest in the logistical patterns of the U.S. military.

    The investigation focused on the U.S. military's ability to seamlessly tap civilian air, shipping and other transportation assets for tasks including troop deployments and the timely arrival of supplies from food to ammunition to fuel.

    Those companies typically do not have the level of defense against hackers as major weapons makers or the military itself.

    "The military uses secret or top-secret networks that are not on the Internet, but private companies do not," said Alperovitch. "That's a real challenge."

    Continued here:
    http://www.reuters.com/article/2014/09/18/us-usa-military-cyberspying-idUSKBN0HC1TA20140918
    • Like Like x 2
  29. The Wrong Guy Member

    This is by Pete Herzog, from the Norse blog today. Quote:

    Whatever you may have heard about hackers, the truth is they do something really, really well: discover. Hackers are motivated, resourceful, and creative. They get deeply into how things work, to the point that they know how to take control of them and change them into something else.

    This lets them re-think even big ideas because they can really dig to the bottom of how things function.

    Furthermore, they aren't afraid to make the same mistake twice just out of a kind of scientific curiosity, to see if that mistake always has the same results. That's why hackers don't see failure as a mistake or a waste of time because every failure means something and something new to be learned. And these are all traits any society needs in order to make progress.

    Now, there is the expected resistance from authorities. Mostly because people don't know what hacking really is. Many people who have been called hackers, especially by the media, or who have gotten in trouble for "hacking" were not, in fact, hackers. Most all of them were just thieves and fraudsters.

    When you read in the news, Teen girl hacks Facebook to harass a classmate, what you're seeing is a sensationalized headline. What a hacker reads in that headline is: Mean girl watched classmate type in her Facebook password and then logged in as her. That mean people and criminals do bad things with communications medium is not a reason to fear people.

    Hacking is a type of methodology. It's a way to do research. Have you ever tried something again and again in different ways to get it to do what you wanted? Have you ever opened up a machine or a device to see how it works, read up on what the components are, and then make adjustments to see what now worked differently?

    That's hacking. You are hacking whenever you deeply examine how something really works in order to manipulate it, often creatively, into doing what you want.

    A hacker is a type of hands-on, experimenting scientist, although perhaps sometimes the term "mad scientist" fits better, because unlike professional scientists they dive right in, following a feeling rather than a formal hypothesis. That's not necessarily a bad thing.

    Continued here: http://www.norse-corp.com/blog-thursday-140918.html
    • Like Like x 2
  30. anon8109 Member

    The original meaning of the word hacker has been lost. It now means someone using a computer to do bad things.

    Its original meaning was a comparison between programming and chopping a tree. You can chop a tree down by carefully planning where to make the cuts so that it falls where you expect it to and with the least amount of effort, or you can just hack at it randomly and strenuously for as long as it takes to make it fall.

    Likewise you can approach a programming problem by carefully thinking and planning how your program will work, or you can just write something, try it out, and fix the problems as they crop up. Hacking usually leads to ugly solutions, but it gets the job done if somewhat sloppily.
    • Like Like x 2
  31. Anonymous Member

  32. Despite the fact that it may seem like a crippling cyber attack, the United States and many other countries are consistently "attacked." However, the percentage of successful breaches due to these many attacks are negligible. The majority of these attacks are simplistic DoD or even mySQL exploits; both of which can be filtered out. Yes, there are other more dangerous types, but not enough to cause issues.

    As background, I worked for DoD and DHS as a strategic cyber-warfare analyst.
  33. meep meep Member

    Lol at attacking Sony being CyberWar. It's CyberVandalism.
    • Like Like x 1
  34. kinda funny though, the only thing affecting my internets is being unable to stay connected to world or warcraft for more than 10 minutes
  35. I just noticed that my IP location has changed from AZ to Kirksville, MO. I know little about this but did a search and found your thread. Do you have any advice? I'm on a Mac.
  36. Anonymous Member

    Probably best to abandon the Mac and hide in the root cellar.
    • Like Like x 1
  37. A.O.T.F Member

    Are you using Tor Browser?
  38. A.O.T.F Member

    Lol .. Now that's fuckin funny :p

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins