Archive Pen & Links

North Korea called the government too many times

July 8, 2009

When I read about various portions of the U.S. government getting whacked in a cyber attack over the holiday weekend, I imagined some sort of sophisticated Mission Impossible setup taking advantage of the smaller staff sizes to infiltrate the system.

What I didn’t see was Kim Jong Il essentially leading an army of elephants to charge the sites.

Of all the rudimentary things, I didn’t think so much of the government, including the Federal Trade Commission and Treasury Department, was vulnerable to a distributed denial of service attack.

A what, you say?

A DDoS (pronounced DEE dos if you want to sound cool) shuts down a Web site the old fashioned way — by jamming it with so much traffic the servers can’t respond and buckle under the load.

Everyone has experienced a form of this at home or at work. Unless you have call waiting, if you’re on the phone, anybody who calls will get a busy signal. If someone wanted to keep you from getting a call, they could just spam the redial button on their end and keep your phone ringing off the hook.

Now imagine a phone system with thousands of lines and an operator for each one. It’d be pretty tough to get a busy signal, right? Not unless there were thousands upon thousands of people calling at the same time in a coordinated effort to shut down the system.

But that couldn’t happen online, right?

Not unless you had a botnet handy. For those of you who forgot about what a botnet is, it’s an army of zombie computers created by some form of malware infecting the system. They’re all waiting for one command. In this case it was “go to the same site at the same time,” which overloaded the servers. Very rudimentary and brute force.

Remember to keep your anti-virus and anti-spyware software up to date to protect your computer from becoming a part of a botnet.