Detecting a DOS attack can be quite difficult, especially if it is a Distributed Denial of Service or DDOS attack. In this case, a bunch of different computers work together to generate the flooding traffic. For example, a botnet, an organized network of compromised PCs or computers, can be used to launch DDOS attacks by having all the hosts send a small amount of flooding traffic. Since each host does not send a huge volume, the attack often goes undetected until all the traffic converges at the target, making the attack difficult to block or defend against. DDOS can also be launched using cooperative computers, in a voluntary botnet, such as those organized by hacktivists both for and against Wikileaks.
There are some colourful names for different types of DOS attacks such as ‘Smurf attacks’, ‘SYN floods’, or ‘Ping of Death’. Regardless, all DOS attacks use the same principles and can have the same disastrous results.
-> Your question not answered this week? Argue for your vote on the Shameless Plugging area of our discussion forum.
Chapter 14.
Mick O'Malley – adores his sister. (4 comments)
Halfway between Logan Airport and Lewis Wharf, Mick watched Boston Harbor stream past. Mick enjoyed the sea air as the water taxi bounced over the light chop. His sister’s apartment’s close proximity to the water allowed him the option of a water route, and, a check of the traffic confirmed his choice.
Disembarking, Mick walked the dozen blocks from the dock to the apartment. The day was beautiful, and the sun was making its way down between the houses tall. Mick enjoyed the atmosphere of the city. He was looking forward immensely to seeing Jocelyn, and, of course, Sam. Since his sister and niece wouldn't be home yet, he went in a nearby Irish pub. Strangely, it seemed to be filled with a convention of Pilgrim re-enactors. Thinking of Akihabara, he decided this must be cosplay, or costume play, Massachusetts style. When ordering, he quizzed the waitress, a Russian judging by her accent.
“Is your bar always filled with Puritans, or do other Dissenters have their days as well?” he enquired. She smiled back at him.
“When I came in today, it was already like this… Someone said there is something on the web that told them to come here dressed like this,” she replied, sweeping her arm across the room.
He considered searching for the web page.
Could it be some kind of themed geocaching?
He decided against looking it up, thinking that if he didn't occasionally rein in his curiosity on the web, he could become a slave to it.
A few hours later, he showed up at the apartment. Jocelyn, her husband Joe, and Sam shared the entire top floor of the four-story building – quite a large space for Back Bay Boston.
Jocelyn gave him a big hug as he walked through the door, saying that it had been way too long since she had seen him. He refrained from mentioning that she only saw him when he visited Boston, and that her making a trip to Manhattan could reduce this interval considerably.
He had missed her as well. Jocelyn worked part time at a public library a few blocks away, mainly while Sam was at school. They caught up over a cup of coffee until Sam burst through the door, kicking off her shoes, dropping her coat, and shedding her book bag in a single fluid movement.
“Uncle Alec!” she shouted with a big grin on her face. Her hug was short as she grabbed his hand and pulled him up out of his chair and towards her part of the apartment. There were few walls in the space, but her corner was clearly identifiable by the artwork on the walls and colorful books on the shelves. “Let’s do Origami!” she exclaimed, sitting down and pulling out colorful squares of paper. Fortunately, he had anticipated this and had learned a few new patterns in Nihon. They passed quite a few hours happily with one project naturally and seamlessly leading to the next.
Joe arrived home when it got dark, shaking Mick’s hand firmly. Joe was a photojournalist for the Globe and had a weather-beaten air he had no doubt perfected on trips to Iraq, Afghanistan, and Palestine. Mick could see why Jocelyn would be attracted to him, but he couldn't really see how she could be married to him – they seemed too different. He suspected that Kateryna would probably enjoy talking with him about photography.
Later, he helped put Sam to bed. She asked for a story, and again he was prepared. He told a story from Tokyo about the Forty Seven Ronin, samurai left without a master after the murder of their warlord. They spent years plotting and planning revenge on a rival warlord responsible for the murder. When they accomplished this, they all committed ritual suicide together, known as Seppuku in Nihon. Mick hoped his sister wasn't listening in, or he would get it later, but Sam loved it, and wanted to talk about honor and self-sacrifice and why people do the things they do. Eventually, she went quiet and he managed to slip out as she drifted off into sleep.
At the kitchen table, Jocelyn looked tired, so he declined her offer of coffee, suspecting she was just doing it out of politeness. Mick hoped perhaps there'd be a chance to talk tomorrow. He shared a few choice observations about the evening with his social network, then retired without even checking mail.
The next morning, over breakfast, Mick was grilled.
“So, explain to me again what a 'buffer overflow attack' is?” Sam led off the questioning.
“Have you been trying to read Uncle Alec’s dissertation again?” Jocelyn inquired from behind the sink.
“Yes, but I still don't get it,” she pouted.
“That’s OK… it is a little theoretical,” Mick began. Seeing that Jocelyn was about to interrupt, he continued. “I don’t mind, really, sis. Let me try an analogy…” he began. He enjoyed the challenge of trying to explain complicated technical topics to his youngest admirer.
A few minutes later, Jocelyn had a look on her face that suggested that perhaps she just had a glimpse into her brother’s world for the first time... Sam seemed satisfied for the moment, too.
“OK, I'm off to school. Bye Uncle Alec!” Sam said running out the door, waving to her uncle, kissing her mother, and dashing out of sight.
Joe joined them for breakfast a few minutes later, so Mick couldn't bring up his topic with Jocelyn. Joe continued the grilling where Sam had left off.
“Alec,” he began, “What if someone invented an unbreakable encryption algorithm! Could you imagine what would happen?”
“Actually, there already is an unbreakable encryption algorithm, and governments of the world have been using it for decades now. It is known as a ‘one time pad’!” Mick replied, having been asked this question before, probably as a result of a popular, but inaccurate fictional thriller on the topic.
“Oh, I see. Hmm. I had another question,” he continued. “So you are the security guru and so you make us use all these weird programs to email you and call you and everything, right? You're big on security – I get that. But do you have triple deadbolts on your doors? Do you drive an armored car? It seems like you aren't consistent.”
Mick nodded and leaned back in his chair. Joe had a good point.
“Well, I do keep my door locked at my apartment, I don’t actually own a car; car sharing works quite well for me. But if I did, it wouldn’t be an armored car. I don't go overboard on my physical security, and I don’t think I go overboard on my Internet security, even if it perhaps appears that way. Here’s the big difference: if criminals want to break into my house, they have to travel to my apartment, drive or walk down my street, break a window or door, right? If they want to steal something, they have to carry it out under their arm or throw it in their vehicle.
“Now compare this to my electronic possessions. If cyber criminals want to break into my computer and steal or delete my information, they can do it from anywhere in the world if I am connected to the Internet. They can sit in complete anonymity in any part of the globe and launch attacks on my computer. Consider the risk to them. Which is more risky, having to be present on my street, or typing in commands over the Internet?
“Think about tapping my communication. Before the Internet, to tap my phone, they would
have to attach alligator clips to the phone wires in the wiring closet in my building, or climb a telephone pole on my street, or break into the local telephone company central office building where the wires that go into the mainframe computer (known as a telephone switch) are located. All of these involve a lot of risk; the wiretappers could easily get caught. Now with Internet phone calls, they can potentially listen in using a piece of software installed remotely on my computer or server. The software can then record all my calls and email the recordings to someone on the other side of the globe. The attackers never have to leave their house or have any physical connection to monitor me.
“And that’s not considering the automation possible, that a single piece of software can search the Internet looking for any particular type of communication. So maybe they aren't targeting me personally, they are just recording calls, then doing automatic speech recognition to look for spoken digits that might be a bank account, credit card, or pin number, for example.
“Just as communication becomes very easy with the Internet, attacking and monitoring someone becomes easy as well, and requires adequate security to protect against it.
Joe nodded slightly. “But isn't it just about who you trust? You don't trust anyone, and it forces you do all this?” he countered.
“Joe, the great thing about the Internet is that you don't have to trust anyone. Just by using proper security techniques, you can verify everything and everyone. Of course, this does all fall down if someone steals your secret keys or hijacks your personal accounts by learning your passwords.”
“Yeah, I kind of get it. But don’t you get tired of it all? Don’t you feel like a spy or something? And, what do your girlfriends think?” Joe had hit close to home with this question. Sometimes, it did grate on Mick, but he just couldn’t ignore it and pretend to be oblivious. Perhaps this was one reason why he had felt so comfortable with Kateryna: there was no need to explain this whole side of his life as she already got it.
Joe seemed to realize how much time he was wasting discussing such trivial topics, and packed up his things and got ready to set off.
“Oh, Alec, you said you’d tell me the address of that website that lets photographers securely upload their images for archiving.”
“Sure, here it is,” Mick replied, writing it down on a piece of paper.
“Why do you do that? Why do you put a slash through a zero?” he asked.
“To distinguish a zero from the letter ‘O’, of course,” he replied, surprised it needed an explanation. Most programmers did this out of habit, as confusion between Ø and O could easily cause a password to fail, or code to not compile.
When Joe left, Mick finally had his sister to himself.
“So, Jocelyn, come have a cuppa with me,” he called out to her, offering a cup of coffee. She smiled and sat down in the chair next to him and took the cup.
“So, what’s on your mind?” she asked.
“What makes you think something’s on my mind?” he replied.
“I knew as soon as you walked through the door. What is it? Or should I say, who is she?” she asked. Mick smiled back at her. His emotional encryption was obviously just a two-time pad to her – encryption that was easily broken. He briefly wondered if this was obvious to others besides her.
“OK, yes, there is someone. Her name is Kateryna, but we’re just friends…” Jocelyn smiled. “And she’s married.” The smile melted away. “I know, I know. We met a few weeks ago in Hiroshima, and then again in Seattle – I had no idea she was married.” Mick held up his hand as Jocelyn looked about to interrupt. “We’ve been working on a few work projects together. Then last week in Vegas she tells me she is married. I just don’t know what I’m doing, or even what I want...”
“Oh, no!” she began. Mick shrugged.
“I should be angry with her, but I’m not. I should stop thinking about her, but I can’t. What’s the matter with me?” Mick asked.
“You know the answer…” Jocelyn replied, and Mick nodded. “Any kids?” Mick shook his head.
“No. Her husband is a Romanian immigrant as well.”
“Oh, Alec, please be careful. I know you can take care of yourself, but I think you’ve fallen for this woman,” she began. “Does anyone know?” she asked.
“No one besides you, I think. Although maybe Liz has guessed.”
“Sure, makes sense. You still need to sort things out with her, too, you know! So, brother, you obviously want to talk about Kateryna, so tell me about her.” Jocelyn replied leaning back in her chair.
Mick gave a little grin in spite of himself and began to tell the story of how they met in Nihon and their adventures in Seattle and Vegas.
Thank goodness for sisters!
Nearly an hour later, Jocelyn indicated she had to head out to the library.
“Alec, I’d love to chat longer, but I have to get to the library early to check out the new RFID system,” she said, referring to a Radio Frequency Identification system.
“Cool! So all the books have a little RFID tag in them? I’ll bet it makes re-shelving and inventory a breeze,” he replied.
“You’re not kidding! We now have an automated system that sorts the returned books and tells us exactly where to put them back on the shelves. And inventory used to take days with the library closed. Now we just walk up and down the shelves with a reader, and it tells us which books are in the wrong place. It is just great!”
“OK, no problems. I have plenty to amuse myself here,” he replied.
Mick thought it fitting that Jocelyn worked in a library. As children, they went together to the library nearly every day, and sometimes he couldn’t get her to leave. She was one of the few people he knew who read more books than himself.
Mick relaxed when she left, replaying the conversation in his head. Jocelyn was right – he mainly just wanted to talk about Kateryna to someone. But he did plan on taking her advice seriously, and to not get more involved with Kateryna.
After the conversation about RFID tags, Mick did a little research about RFID trackers in clothing.
His next order of business was to have the conversation with Vince about releasing the details of the attack. He suspected the conversation would not go well, and he was right.
“Mick, you know I can’t do that. You agreed when we started that none of the data or results could be shared or publicized,” Vince began after Mick made his request.
“I know, but you must understand. Your attack is not an isolated incident. In fact, I don’t even think it was directed at you in particular. I think that this attack and the other attacks are some kind of trial run: a series of tests to see how well it works and see what kind of responses the security community will generate. Something really big is happening out there.” Mick could tell he was not making any progress with Vince, and decided to play all his cards. “There’s more. I didn’t tell you, but while I was in New Mexico, I was followed and threatened by a couple of guys. I’m fairly sure they were involved in organized crime. They linked your spambot compromise with last month’s web server compromise. They are from the same place, the same source.” Mick could tell he made an impact with this.
“Why didn’t you tell me? Did you report this to the authorities? We need to increase security on our premises.”
“Well, you should do what you think best, but I think the threats were directed against me, personally, rather than at LeydenTech. I’ve been involved in investigating and fighting these attacks – all of them, one way or another. I might be the only person who can put all the pieces together. And –” he continued but Vince interrupted.
“You need to talk to someone in the government. I have a friend in Homeland Security. We were at Harvard together. You should talk to him, and maybe he can do something.”
“Can I mention your attack?”
“Yes, if I can be on the call,” Vince replied. “And you need to give me all the details of your encounter.”
“Sure, I’ll mai
l you all I know.” Talking to the Department of Homeland Security didn’t make Mick feel comfortable, but it felt like the right thing to do, to tell someone in the government. Surely the National Cyber Security Division would be interested in hearing about the attack?
Vince agreed to set up the call and get back to him.
Mick caught up with Lars that afternoon on a secure voice call. He filled him in on the latest on the botnet, but decided to leave out the part involving Homeland Security. At the end of the call, Lars went back to his second favorite topic.
“Hey Mick, I read a great article in the Times about the use of Helvetica in the New York subway system! It is such a great font! I wish we used it in Helsinki,” commented Lars.
“What font do they use there?” Mick asked, then realized his mistake. “No, don’t tell me. Save it for next time we are together. I should run now.” He signed off a few minutes later.
The next day, Mick was on the Acela Express train halfway between Boston and Washington, D.C. With the Shinkansen experience fresh in his mind, this was hardly high speed rail, but it wasn’t bad by American standards. It had been decided that a face-to-face meeting with Homeland Security was more appropriate than a call, even a secure one. Whom he was meeting was a bit vague… he was supposed to wait at a street corner near the Lincoln Memorial. Mick joked to Jocelyn that he was going to meet ‘Deep Throat.’ He planned to be back in Boston the next day for one more day before flying home to New York.
Mick alighted the train at Union station and set off walking towards the Mall, enjoying the cool November air. He checked into his hotel after making a brief stop at another hotel. He had plenty of time, so he wandered around a little, enjoying the sights. He idly recalled having been here for inaugurations, festivals, and demonstrations.
Counting from Zero Page 13