On Friday, there was a large Denial of Service (DDoS) attack that occurred in the United States that affected Internet traffic and caused online businesses and popular social media sites, as well as cloud computing applications and corporate websites to be unavailable, run slow in opening files or accessing emails, or sites became unresponsive. This attack started on the East Coast and filtered across the country in three targeted waves that initiated in the morning and lasted throughout the afternoon. By late evening the effects of the attack were still being seen.
US Federal Agencies were confident that they would be able to find the culprits but as of the time the news picked it up, the identity of the attackers was not known.
A Denial of Service Attack is a cyber attack where a hacker or other perpetrator attempts to make a network resource or a target machine unavailable so that users cannot use or access it. This can be a temporary interruption or an attack on the host that will suspend its services. The majority of DDoS attacks are carried out by flooding the targeted machine with requests and traffic in an attempt to overload the system which prevents real requests from being sourced. Criminal attackers sometimes target high profile sites like banks and credit card firms, or other large financial institutions. Corporations with high profile reputations are also targeted as well as government entities. DDoS attacks make legitimate users of a service unable to use it.
There are two types of Denial of Service attacks, those that flood services and those that crash services. They are called DDoS, with the first “D” because they are “Distributed.” In some cases the machines that are attacking have forged IP addresses so that they look like they are coming from somewhere they are not. Or the IP address is spoofed to be something else, which could be identified as a different machine. By forging and spoofing these machines are hard to identify, incognito in a sense. In a Distributed Denial of Service attack the perpetrator uses multiple machines which can be a few, hundreds, or even thousands with unique spoofed IP addresses. Flooring a service with thousands of requests at the same time can halt legitimate requests and in some cases not just cause slowness, but crash the entire service so that it is not accessible.
To remotely control the compromised machines, these attackers use them to overwhelm targeted sites with data packets. After the attackers take over a number of systems, they will use these victim machines as part of the distributed attack.
A “BotNet” is an interconnected (Internet-connected) network of computers communicating with other compromised machines that have been infected with malware without the user’s knowledge and controlled by cybercriminals. They are typically used to spam email, transmit viruses, and engage in cybercrime. Computers communicate their message by command and control. BotNets are used many times in Denial of Service Attacks.
The core components of a BotNet are “Command and Control (C&C)” and “Zombie Computers.” C&C is server infrastructure used to control malware and botnets. The C&C servers may be directly controlled by the malware operators or run on hardware compromised by malware. Certain types of DNS can make it harder to track down and control servers. Control servers may also change DNS domains. Since computer security often succeeds at destroying malware command and control networks, criminals are resorting to other means to keep their infrastructure intact like overlaying C&C infrastructure on IRC or Tor, using peer-to-peer networking systems that are not dependent on fixed located servers, or using public key encryption to stop attempts to break into or spook the network.
Symptoms of a DDos Attack
As the source of Friday’s attack is still not know we need to look at what types of groups could carry something out on this scale. The news mentioned Anonymous. Sure, that is one group that could do this. Anonymous are usually hactivists standing up for a cause, they go on Ops against various people and entities that they think are oppressing freedoms and people, or have done wrong. They are an amourphous movement, not just a “group” per say. They are legion. They are everywhere. Could be them, could not. Could be other groups, domestic or international. May instead be state actors funded by the government. With all the talk about Russian hackers taking down the Democratic National Convention and releasing emails, that could be state sponsored suspected by the Federal government and seemingly influenced by Russia, or they were directly responsible. Could be China.
How does this relate to grydscaen? Well, I am going to tell you.
The fundamental story behind grydscaen is “hackers against the government.” Friday’s attack went to the heart o the US infrastructure of the Internet affecting marketplaces and businesses, as well as individual users. The Elite government in grydscaen is known to take websites offline if they don’t like their messaging, and use the Newsfeed to spread propaganda. The Packrats, a cyber terrorist group, are trying to keep the gridscan (the network of everything) a free and open source for all. When the government gets out of hand, the Packrats attack. They will take down the power grid, kill the traffic lights, zip the Newsfeed with nonsense graphics, take over the Newsfeed satellite and broadcast subversive messages, hack into the Zone Police database, attack the gridscan, steal data right out from the under the Corporation. Definitely Packrat activity.
Systems become vulnerable to control when they are not secure. Ensure your patching is up to date and all security and virus protection have the latest information. Use complex secure passwords, two-factor authentication, and keep those IDs and passwords secure. Do not use the same password and username across sites. Some systems have automatic updates that are triggered and can keep individual user’s systems up to date. It is good to know that your individual system is secure. And remember, don’t open that spam email or an email that comes from someone you don’t know.
Hopefully the government will find out who affected the attack Friday. Until they do, I guess we have to just wait and see what news they bring.