[IP] An Army of Soulless 1's and 0's (Is your computer a 'zombie'?)
Begin forwarded message:
From: "John F. McMullen" <observer@xxxxxxxxxxx>
Date: June 24, 2005 5:01:47 AM EDT
To: johnmac's living room <johnmacsgroup@xxxxxxxxxxxxxxx>
Cc: CardinalFarley List <CardinalFarley@xxxxxxxxxxxxxxx>, USA Talk
List <USAtalk@xxxxxxxxxxxxxxx>, Dave Farber <farber@xxxxxxxxxxxxx>
Subject: An Army of Soulless 1's and 0's (Is your computer a 'zombie'?)
From the New York Times -- http://www.nytimes.com/2005/06/24/
technology/24zombie.html?
An Army of Soulless 1's and 0's
By STEPHEN LABATON
WASHINGTON, June 23 - For thousands of Internet users, the offer
seemed all too alluring: revealing pictures of Jennifer Lopez,
available at a mere click of the mouse.
But the pictures never appeared. The offer was a ruse, and the click
downloaded software code that turned the user's computer into a
launching pad for Internet warfare.
On the instructions of a remote master, the software could deploy an
army of commandeered computers - known as zombies - that
simultaneously bombarded a target Web site with so many requests for
pages that it would be impossible for others to gain access to the site.
And all for the sake of selling a few more sports jerseys.
The facts of the case, as given by law enforcement officials, may
seem trivial: a small-time Internet merchant enlisting a fellow
teenager, in exchange for some sneakers and a watch, to disable the
sites of two rivals in the athletic jersey trade. But the method was
far from rare.
Experts say hundreds of thousands of computers each week are being
added to the ranks of zombies, infected with software that makes them
susceptible to remote deployment for a variety of illicit purposes,
from overwhelming a Web site with traffic - a so-called denial-of-
service attack - to cracking complicated security codes. In most
instances, the user of a zombie computer is never aware that it has
been commandeered.
The networks of zombie computers are used for a variety of purposes,
from attacking Web sites of companies and government agencies to
generating huge batches of spam e-mail. In some cases, experts say,
the spam messages are used by fraud artists, known as phishers, to
try to trick computer users into giving confidential information,
like bank-account passwords and Social Security numbers.
Officials at the F.B.I. and the Justice Department say their
inquiries on the zombie networks are exposing serious vulnerabilities
in the Internet that could be exploited more widely by saboteurs to
bring down Web sites or online messaging systems. One case under
investigation, officials say, may involve as many as 300,000 zombie
computers.
While the use of zombie computers to launch attacks is not new, such
episodes are on the rise, and investigators say they are devoting
more resources to such cases. Many investigations remain
confidential, they say, because companies are hesitant to acknowledge
they have been targets, fearful of undermining their customers'
confidence.
In one recent case, a small British online payment processing
company, Protx, was shut down after being bombarded in a zombie
attack and warned that problems would continue unless a $10,000
payment was made, the company said. It is not known whether the
authorities ever arrested anyone in that case.
Zombie attacks have tried to block access to Web sites including
those of Microsoft, Al Jazeera and the White House. In October 2002,
a huge but ultimately unsuccessful attack was mounted against the
domain-name servers that manage Internet traffic. The attackers were
never caught.
Federal officials say the case involving the athletic jerseys was
solved after some college computers in Massachusetts and Pennsylvania
were found to be infected with software code traced to a user whose
Internet name was pherk. That hacker, a high school student in New
Jersey, told investigators that he was acting at the behest of a
merchant - the owner of www.jerseydomain.com.
The merchant, an 18-year-old Michigan college student, could face
trial later this year in a federal court in Newark. The case offers a
rare glimpse both into the use of zombie computers and into the way
that law enforcement officials are trying to combat the problem.
More than 170,000 computers every day are being added to the ranks of
zombies, according to Dmitri Alperovitch, a research engineer at
CipherTrust, a company based in Georgia that sells products to make e-
mail and messaging safer.
"What this points out is that even though critical infrastructure is
fairly well secured, the real vulnerability of the Internet are those
home users that are individually vulnerable and don't have the
knowledge to protect themselves," Mr. Alperovitch said. "They pose a
threat to all the rest of us."
Mr. Alperovitch said that CipherTrust had detected a sharp rise in
zombie computers in recent months, from a daily average of 143,000
newly commandeered computers in March to 157,000 in April to 172,000
last month.
He said that the increase was attributable to two trends: the rising
number of computers in Asia, particularly China, which do not use
software to protect against zombies and the worldwide proliferation
of high-speed Internet connections.
Aside from the use of tools like CipherTrust's within businesses,
experts say consumers can largely make their computers off limits to
zombie activity by using up-to-date antivirus and antispam software.
One factor helping those seeking to create zombie networks, known as
botnets, is the increasing use of high-speed Internet connections in
the home. Aside from being able to handle (and generate) more
traffic, such households are more inclined to leave computers running
- the computers recruited as zombies need to be on when called by the
master.
Eric H. Jaso, an assistant United States attorney in Newark who is
prosecuting the New Jersey case, said the zombie cases often wind up
damaging more than just the target.
"The effects of these attacks on the Internet itself are far ranging
and highly damaging to innocent parties," he said. "The ripple effect
is that when one server is attacked, other servers are affected and
damaged. Web sites crash. Backup systems become unavailable often to
entities like hospitals and banks that are part of the critical
infrastructure of the country."
The overall damage in the New Jersey case is estimated by the
authorities at $2 million.
That investigation began last July 7, when an online sports-apparel
merchant, Gary Chiacco, told federal authorities that traffic to his
site, jersey-joe.com, had been disrupted for several days, at a cost
of hundreds of thousands of dollars of lost sales. When customers
tried to gain access to the site, they would be greeted with an error
message.
The attacks continued through the fall of last year and became so
severe that they affected service to other customers of the Web-site
hosting company used by Jersey Joe.
The host company ultimately told Jersey Joe to go elsewhere, as did
two other companies that it then tried to use and that suffered
problems from the zombie attacks.
Federal and state investigators say the case was cracked through a
combination of luck and sleuthing. While the F.B.I. continued to
monitor the attacks on Jersey Joe, student computers at colleges in
Massachusetts and Pennsylvania were found to be infected with the
software that converted them into zombies.
Hackers "find computers on colleges to be particularly attractive
because they have a larger bandwidth and are able to send more
packets of data," said Kenneth R. Sharpe, a deputy attorney general
in New Jersey involved in prosecuting the case.
A close examination of those computers disclosed the software had
been trying to communicate with a user named pherk. Investigators
traced the name and an Internet computer address to a 17-year-old
high school student from Edison, N.J., named Jasmine Singh.
Confronted by law-enforcement authorities, Mr. Singh acknowledged his
involvement and said it was at the behest of an 18-year-old
businessman, Jason Arabo, whom he had met through a mutual friend.
Mr. Arabo ran a sports jersey business from his home, selling online
at www.customleader.com and www.jerseydomain.com.
Investigators determined that Mr. Singh had spread the rogue software
through file-sharing networks like Kazaa, using the Jennifer Lopez
come-on, and instructed the zombie computers to attack two of Mr.
Arabo's competitors - Jersey Joe and another online shirt company,
Distant Replays of Atlanta. His compensation, he said, was three
pairs of sneakers and a watch.
The F.B.I. then set up a sting operation against Mr. Arabo. According
to court papers, an undercover investigator held a series of instant-
messaging chats with Mr. Arabo on America Online in December. Mr.
Arabo told the undercover agent that he had previously recruited Mr.
Singh and that those attacks had not done enough harm to keep his
rivals offline, the court papers assert.
According to the court papers, Mr. Arabo asked the agent to mount
denial-of-service attacks against rivals in exchange for sports
apparel and watches. In later chats that month, he asked the agent to
"take down" Jersey Joe's server and redirect its Internet traffic to
a pornographic site, the court papers say, and repeatedly asked the
agent to "hit them hard."
Mr. Arabo, a student at a community college in a Detroit suburb, was
arrested in March and charged in a federal criminal complaint with
conspiracy to use malicious programs to damage computers used in
interstate commerce. He remains free on $50,000 bail and the
condition that he stay off computers and the Internet. (The
jerseydomain.com site now carries the notice "Under New Management.")
He faces a maximum sentence of five years.
His lawyer, Stacey Biancamano, did not respond to several messages
seeking comment.
For his part, Mr. Singh pleaded guilty last month in New Jersey
Superior Court to charges of computer theft. Under a plea agreement,
he faces a maximum sentence of five years at a youth correction
center when he is sentenced in August, but the state prosecutor's
office says it will not object to probation.
Mr. Sharpe, the New Jersey prosecutor in the case, said that Mr.
Singh had boasted to his high school friends about his ability to
create the zombie networks. "It was an ego thing," Mr. Sharpe said.
"Hacking in its purest form is not about compensation or about
wrecking a Web site. Hacking in its pure form is to show what you can
do."
Copyright 2005 The New York Times Company
*** FAIR USE NOTICE. This message contains copyrighted material whose
use
has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving
the included information in their efforts to advance the
understanding of
literary, educational, political, and economic issues, for non-profit
research and educational purposes only. I believe that this
constitutes a
'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain
permission
from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
"When you come to the fork in the road, take it" - L.P. Berra
"Always make new mistakes" -- Esther Dyson
"Any sufficiently advanced technology is indistinguishable from
magic"
-- Arthur C. Clarke
"You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP)
"To achieve, you need thought. You have to know what you
are doing and that's real power." -- Ayn Rand
John F. McMullen
johnmac@xxxxxxx johnmac@xxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxxxxx
johnmac@xxxxxxxxx johnmac@xxxxxxxxxxx
jmcmullen@xxxxxxxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxx
ICQ: 4368412 Skype, AIM & Yahoo Messenger: johnmac13
http://www.westnet.com/~observer
BLOG: http://johnmacrants.blogspot.com/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/