New Denial of Service Attack on Internet

New Denial of Service Attack on Internet

COSEv19no4.qxd 26/05/00 12:21 Page 309 Computers & Security, Vol. 19, No. 4 porn business, the scope of the customers, (and the fact that) they a...

37KB Sizes 2 Downloads 33 Views

COSEv19no4.qxd

26/05/00

12:21

Page 309

Computers & Security, Vol. 19, No. 4

porn business, the scope of the customers, (and the fact that) they are spread across the states and across the globe, shocked me”, Coggins said. Lead prosecutor Terri Moore agreed, calling the scope of the operation “absolutely frightening”. “I’m a seasoned prosecutor and I was appalled, I was floored”, she said. Parry Aftab, director of anti-child pornography group Cyberangels, called Landslide a major commercial scheme, setting it apart from most child pornography on the Internet, which is not commercial. “This is a very, very important case”, she said.“For child pornography, this is as important as the World Trade Center bombing.”Without commenting specifically on Landslide, Aftab said commercial rings are extremely dangerous and even deadly for the children who are targeted.“They are particularly heinous”, she said.“Many of them kill the children after they abuse them. They use foreign children, from Eastern Europe and South America. It is the kind of world you can’t imagine.” The Reedys, who are being held in federal prison until a detention hearing next week, have been forced to take down their alleged kid porn, and most of the sites they once operated are now out of service. But they’re still using the landslide.com site to assert their innocence.“We have committed no illegal act, and are confident to be found innocent of any such charges”, the site reads. They’re even soliciting funds for their defence on the site.“Please buy an Adult Check ID, and show your support to fight this injustice!” their message reads, with a link to a form where customers can offer up their credit digits.They also offer several links to the paid adult pornography sites that are still running, even as they are being held in jail. [Editor’s note: Cybernet Ventures Inc., the owner/operator of Adult Check, says it is in no way associated with Landslide, Inc., and is not supporting the Reedys’ defence.] If found guilty, the Reedys face stiff penalties for each of the 87 counts handed down, which carries with them a maximum penalty of 15 years imprisonment and a $250 000 fine. The Russian webmaster is charged with 12 counts of the same crimes, while the Indonesian webmasters face 16 counts each. US prosecutors are hoping to extradite the accused and try them in Dallas.

Prosecutors hope the Landslide bust will signal an end to the relative ease with which people have been peddling the illegal material over the Internet, but say they know the problem is not likely to go away anytime soon. “It’s a major case. It’s like we caught the head of three (drug) cartels.And it will have repercussions”, said Coggins.“But it would be extremely naïve to say this is the end of it. It’s huge and there are hundreds of these webmasters out there.”

New Denial of Service Attack on Internet Security experts are warning system administrators to be on the lookout for a newly discovered software hackers can deploy with plans to bring targeted Internet servers to their virtual knees. The software, discovered ‘in the wild’ in at least one location is capable of launching the kinds of attacks that all but knocked a number of high-profile Web sites offline earlier this year — incidents that have already resulted in mischief charges being laid against a Canadian teenager. The recently discovered software — a combination of tools being called ‘Mstream’ — is capable of being secreted on numerous otherwise innocuous host computers as part of a coordinated campaign to that appears to originate from multiple locations and is designed to prevent the targeted computers from responding to legitimate connections.The technique is known as a distributed denial of service (DDoS) attack. Dave Dittrich, a software engineer and consultant at the University of Washington, and three colleagues were among the first to document an analysis of Mstream, which they said was found running on a Linux-based server at the university in late April. Over the weekend, source code for some Mstream components was posted anonymously to a pair of securityrelated Internet mailing lists. So Dittrich and his team quickly released a preliminary version of their findings, which described the software as “more primitive” than such better-known DDoS tools as Trin00 and variations on software known as Tribe Flood Network and Stacheldraht.

309

COSEv19no4.qxd

26/05/00

12:21

Page 310

Security Views/Dr. BIll Hancock

Also studying Mstream after its appearance on the mailing lists were the engineers at X-Force, the research and development arm of security-software company Internet Security Systems. Chris Rouland, X-Force director, told Newsbytes that Mstream is designed to work using a “three-tier” approach common to many of the DDoS tools. In a three-tier assault, attacks emanate from multiple ‘zombie’ machines on which the malicious software has been installed, while the zombies receive their marching orders from a master application. That master software is itself usually installed surreptitiously on a compromised machine, making it more difficult to find the hacker, or hackers, who actually configure and trigger the attacks. Like Trin00 and Tribe Flood Network, Rouland said, Mstream attacks slow a target machine by repeatedly sending it data requesting permission to establish communication, but providing a phony ‘return address’. Target computers then quickly run out of available horsepower as they attempt to acknowledge requests from thousands of bogus destinations. Rouland said ISS is about to release an Mstreamaware update to its own software that can automate the process of detecting DDoS installations and attacks. Meanwhile, X-Force is offering instructions on its Web site for administrators who want to check for Mstream manually. ISS’s X-Force and addition technical information on tracking down Mstream can be found at: http://xforce.iss.net/ . David Dittrich’s original report on Mstream can be found on his own Web site at the University of Washington: http://staff.washington.edu/dittrich/misc/ ddos/ .

US Supreme Court Confirms ISPs Not Liable in E-mail Messages The Supreme Court yesterday let stand a lower court ruling that says Internet service providers (ISP) can’t be held liable when a person is defamed in E-mail or online bulletin board messages. Acting without comment, the court rejected an appeal filed by plaintiff Alexander G. Lunney after the New York Court of

310

Appeals dismissed his suit against Prodigy Services Co. late last year. The suit stems from a 1994 incident in which an imposter sent several vulgar E-mail messages in Lunney’s name to a Boy Scout leader in the town where he lived. Lunney’s father sued Prodigy claiming that the boy, then 15, was “stigmatized by being falsely cast as the author of these messages”, according to court records. In its December ruling, the New York Court said Prodigy couldn’t be held liable for the stigma created by the false messages because it can’t be considered the publisher of the messages. The court cited an earlier ruling, Anderson vs. New York Telephone Co., in which it was determined that the phone company couldn’t be sued for libel because of, “a scurrilous message that a third party recorded and made available to the public by inviting anyone interested to dial in and listen (to).” Like the phone company, Prodigy has only a passive role as a carrier of information and isn’t a publisher, the appeals court ruled.The ruling went on to say that even if it could be proved that Prodigy was a publisher in the legal sense, the Internet service provider “would be entitled to a qualified privilege subject to the common-law exception for malice or bad faith.” The appeals court also rejected an assertion by Lunney that Prodigy failed to properly investigate people when they signed up for E-mail accounts and thus allowed the imposter to create a false account using Lunney’s name. Prodigy argued that such a standard would be impossible because it would require “an ISP to perform investigations on millions of potential subscribers”, court records say. According to the court records, Lunney proved he didn’t write the vulgar messages. But he still received a letter from Prodigy saying it was closing the account opened in his name due to the obscene content of the messages. When it was determined that Lunney hadn’t actually opened the account, Prodigy apologized, the court records say.

Software Scam — 17 Indicted A federal grand jury has indicted 17 people for