Why Is the Government Vulnerable to a Simple Cyber Attack?

Posted by: Stephen Wildstrom on July 9, 2009

A wide-ranging attack on government and corporate Web sites that began last weekend and is continuing seems, at least so far, to be causing more confusion than damage. A denial of service (DoS) attach hit a number of government and business sites in the U.S. and South Korea. Some successfully fended it off, others were crippled to varying extents for varying periods of time. The attack is only designed to slow or block access to sites, not penetrate them, so there is no danger to data and the main effect is inconvenience for users.

Contrary to widespread reports that seem to have originated in the South Korean government, little evidence has come to light to suggest that North Korea is behind the attack. That’s not to say the North Koreans don’t have something to do with it, just that the evidence is lacking.

But whoever is behind this, it is disturbing to learn that a number of government agencies are still vulnerable even to a relatively unsophisticated attack, one that most Web-savvy businesses have long since learned to deal with.

The SANS Institute, a Bethesda, Md.-based security research organization, has been tracking the attacks closely and has managed to scrape together some information on what is going on. The attacks, like most bad stuff on the Internet, were launch from botnets, remote-controlled networks of compromised personal computers that can spew spam or jam Web sites. In this case, the bots tried to bring down Web servers by hitting them with a flood of connection requests.

SAN's tracking efforts have found that the command and control computers that run the botnets are located in multiple countries. But since the command and control computers can themselves be remotely controlled, this does not necessarily tell us much about the origin of the attack. The bots themselves are located all over the world, including in the U.S. The attacks have only involved part of the botnet at any one time. This means the server requests are not coming from a static group of computers, making the defense somewhat more difficult.

SANS researchers have been watching the attacks grow more sophisticated since they began nearly a week ago. The standard response to a DoS is to stop the flood of phony connection requests as far upstream as it can be detected. The initial assaults were easy to stop through standard packet filtering techniques but as time has gone on, the malicious traffics has been made to look more and more legitimate. This makes filtering harder, but not impossible.

Probably the most troubling thing learned so far is how poorly prepared the government continues to be and how weak its defenses are against a common form of attack. Says SANS research director Alan Paller: "The most important lesson learned: too many Federal agency security people did not know which network service provider connected their web sites to the Internet so they could not get the network service provider to filter traffic. As a result Homeland Security Dept.'s US-CERT will (probably) establish a (non-public) registry for federal web sites where they maintain up-to-date information about which providers are responsible for the content (because of SQL Injection errors that let federal sites infect visitors) and the network access so they can act much more quickly to help agencies under attack."

Reader Comments

GloomBoom.com

July 9, 2009 12:20 PM

It is typical government modus operandi. They are incapable of doing anything but reacting. Does this surprise anyone?

Earthling

July 9, 2009 1:42 PM

There should be laws that fine ISP's for hosting bots, since they present a cybersecurity risk. Several of the cyber security vendors routinely identify bots, so ignorance is no excuse. If an IP is suspected of being a bot, it should be quarantined by the ISP until remediated. Implementing this on a global level could be done by tariffs on international data traffic enforced at Internet backbone routers. If X% of an ISP's traffic is identified as spam forwarding, DoS attacks, etc., then they are charged an escalating fee for any data traffic to/from the USA. There would be technical and legal issues to confront, but at some point either the Internet is cleaned up or it becomes unworkable. Right now any schoolkid or foreign hacker can bring down a government agency, and time on botnets is available for rent in the hacker underground.

anyname

July 9, 2009 2:51 PM

It's highly likely that the US government sites under attack are setup in this manner to induce cyberattacks for PR wars and counter-intelligence scenarios.

surpize

July 9, 2009 4:43 PM

It doesn't exactly install confidence that Kundra and Chopra are the highest tech minds in the Obama government and both oversaw departments in their last positions that experienced absolutely MASSIVE data breaches like health data and prescription benefits theft by hackers.

His Tech Team needs a serious infusion of security-savvy personnel.

Doug

July 9, 2009 4:50 PM

protecting the U.S. from cyber attacks is another task which Bush has left for Obama

American

July 9, 2009 5:07 PM

These North Koreans should be taught a lesson.They are openly disregarding any international norms and standards and must be brought to justice. Today they hacked the govt. websites,who knows what they are capable off. Wy are we playing second fiddle to this rogue nation.Put sanctions,stop trade and then we'll see where they get their software from for downloading and hacking our own websites.

GrahamUK

July 9, 2009 5:35 PM

It's not that difficult to stop cyber attacks, even the denial of service attacks can easily be avoided by careful server loading. It makes you wonder why major organisations, especially government organisations haven't got the barriers in place to stop it. Ineptitude? SEO Experts

Larry Beattie

July 9, 2009 6:43 PM

The basic problem is poorly designed Operating Systems (OS) in use across the network. We keep trying to plug holes in operating systems that were not originally designed to interact in a gobal netwok of interacting operating systems.

With the present OS, Only a mega OS overlay of the network, much like monitoring an electric grid, can detect and "circit Break" source surges, or destination surges, in demand to any one server.

Anti-trust is hampering

July 9, 2009 7:08 PM

I think anti-trust actions against Microsoft is helping cyber attacks. Governments of the world should allow to embed anti-virus and anti-spy ware, etc. In addition, they should mandate Microsoft to implement such technology to make it harder to exploit PCs on network. At the moment, anti-trust actions are preventing Microsoft to embedd such tools!

Janet Wilson

July 12, 2009 11:45 PM

Hacking and identity theft seems to be on the news everyday. I cannot believe that our government is not prepared and protected. I recently got my entire family identity theft protection free at shieldsafe.com It is completely free.
We should launch a cyber attack back at North Korea and show them that we are a super power not to be reckoned with.

steve s

July 13, 2009 12:17 AM

-I am not a crook. -Read my lips...no new taxes. - I did not have sex with that women. -it would be a lot easier if this was a dictatorship -I will begin withdrawing American troops from Iraq immediately

-we had a cyber attack

Anthony K

July 13, 2009 7:41 AM

A more reasonable explanation is that this government relies heavily on defense contractors for things such as computer system and software development and maintenance; the main contractor being Microsoft. Microsoft's server operating systems are very solid; however, the Windows Server OS has historically been an easier target than UNIX based systems. There are many who advocate using Linux at this level; however, there are real cultural incompatibilities between the open source "information wants to be free" nature of OSS and Linux, and the closed "information must be hidden" nature of government and its vital computer networks.

Teaching North Korea a "lesson" is idiotically reactionary, and sanctions and boycotts by the US won't affect North Korea. North Korea doesn't rely on legal American software licenses.

chis g

July 13, 2009 1:58 PM

Anthony, the MS O/S is NOT solid at all. MS has many, many architectual flaws. The reason the Gov't went with MS many years ago and migrated off Unix, MVS and MF is because it's cheap and easy to use and administer on cheap hardware- much lower costs.

Folks need to wake-up to MS and Bill Gates's big scam. Bill has never written a line of code for MS- he's a business guy. I constantly hear how smart he is or how wonderful MS is from the clueless media all the time. It's the same thing here with security and cyber crime. Actually, it's not terribly difficult to prevent, the problem is that the powers up top take the same approach- cheap, cheap, cheap and are not willing to pay for adequate security.

I also see almost all CTO and CIO's are clueless when it comes to IT- they are just politicians.

Maybe this is good from a wake-up call perspective...maybe not, I think the bigger the organization the more they put their heads in the sand and just hope it doesn't happen again.

pegr

July 13, 2009 3:34 PM

Good lord, the collective intelligence of this blog is staggeringly low...

jouser

July 14, 2009 12:09 PM

You blame the north koreans but this could very well be [north korean] teenagers. Everyone assumes the APT from China is the govt but you can't say whether it's black hat teens with too much time on their hands. We have the same immature kids in the US...

Post a comment

 

About

Bloomberg Businessweek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, and Douglas MacMillan, dig behind the headlines to analyze what’s really happening throughout the world of technology. Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!