This ZDNet item points to an investigation of a coordinated effort to create a network of compromised hosts for the purposes of cyber espionage against India, the United Nations and even the Dali Lama. The idea of large numbers of compromised machines is not a new concept. What is less common is the idea of targeting very specific group of computers for a very specific reason rather than using the sort of shotgun approach of co-opting whatever machine is available.
How hard do you think this was to do and, are there other efforts out there that replicate this scenario about which we are blissfully ignorant?
Share your thoughts.
5 Comments
I am not a security expert by any means, thus the reason I attend Capella’s IAIS online bachelor’s degree program. Botnets are one of many ways to attack a network. A botnet is a group of preprogrammed network of computers or systems that can and often do contain malicious software code. The purpose of this code is to perform duties of a DDOS, Phishing, or virus attack (though not limited to). There are various ways to protect against a botnet, firstly keep in mind that a botnet takes advantage of software vulnerabilities and unsecured ports. Thus, patch management in the mindset of our very own DoD’s Defense-in-Depth approach will protect you against this behemoth. I foresee a future where the Internet will have more and more VPN or secure connections due to these types of attacks. Time will tell if I am correct.
Link:
http://en.wikipedia.org/wiki/Botnet
It is true that the trend seems to be more emphasis on creating secure tunnels between hosts rather than relying on the ‘trusted network behind the firewall’ paradigm on which we have heavily relied to this point.
Hi Mary
You have summarized one of the interesting networking components of Windows 7 Enterprise and Windows Server 2008r2. Microsoft have done just what you suggested. Instead of a VPN that requires a security conscious user, they have created “Direct Access” for the Enterprise version. This component can be configured by the user’s organization to use secure connections to access organizational resources. By creating two tunnels, one for IPv6-over-IPsec that uses DES to encrypt data, and a second using DNSsec that allows name resolution for a list of DNS domains to be securely resolved back to the company. Sorry to sound like an add for Microsoft.
In my experience this helps answer the fundimental problem of networking, It was never designed to be connected the way we have.
There was an interesting article on DNSsec the other day now that you mention it… I have heard an array of opinions as to how many network devices have been configured to test for packet size and to drop anything that is not within those parameters.
http://www.theregister.co.uk/2010/04/13/dnssec/
Speaks to the fact that sometimes a new control conflicts with an old control creating some tension while they all just learn to get along
I find it sad that we need our network devices to only communicate with other devices they trust.
P.S. the Register is a fabulous resource, and brit humor is the best.