Archive
Is Trend Micro correct in its #OpIsrael ‘Botnets Involved in Anonymous DDoS Attacks’
OpIsrael DDoS spike: 7 April
Trend has done an analysis of #OpIsrael attacks on April 7. It notes that on that particular day, traffic to one particular website, normally around 90% Israeli, became 90% international due to the botnet DDoS attacks.
This increase in non-Israeli traffic was well distributed, with users from 27 countries (beside Israel itself) accessing the target site.
This is factual and we can take it at face value from a company like Trend. The next comments, however, start with fact but end in interpretation:
[fact] Examining the IP addresses that had accessed the target site, we noticed that some of these were known to be parts of various botnets under the control of cybercriminals. In addition, further investigation revealed that these IP addresses had been previously identified as victims of other attacks like FAKEAV, ransomware, and exploit kits.
[opinion] These findings highlight how major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well. These attacks are not nearly as “harmless” as some would think.
The interpretation is that because a particular PC is known to be infected with a bot, participation in the DDoS attack against Israel was necessarily under the direction of the botherder criminal. But an alternative interpretation could be that the PC owner, entirely independently, decided to take part in the protest. (This is unlikely given the need to hide the source IP during such a protest.) Another possibility, however, could be that an activist protester, not otherwise a criminal, could have hired a botnet from a criminal, not otherwise an activist.
My point is that the final comment (“major DDoS attacks are, at least in part, not just carried out by hacker groups like Anonymous but by cybercriminals as well”) is a non-sequitur from the preceding argument. Trend may be right; but should not be making such a bald statement without further ‘proof’.
It highlights a danger we all face as we shift our news intake from traditional newspapers to blogs: the automatic acceptance of an opinion as fact. Blogs, for their part, should draw a distinction between fact and opinion – and the conclusion of this particular blog should be clearly labelled ‘opinion’.
JASH – just another Saturday hack
Evernote (announced it) got hacked on Saturday – joining an illustrious 2013 line-up. New York Times, Wall Street Journal, Washington Post, Twitter, Facebook and Bank of America just off the top of my head.
These are all major companies holding vast amounts of our data – companies you would hope to be hack-proof. Clearly they aren’t, which lends weight to the idea that once you’re targeted, you will be breached.
But if that’s the case, what’s happening with the banks (not counting BofA, of course) and our financial accounts? Are they not being targeted, or is there a cost level to genuine security that the banks achieve, but hardly anyone else?
Are ‘free’ services like Evernote, Twitter, Facebook and the newspapers simply not viable if they have to provide genuine security? Have we reached the stage where ‘free’ means ‘insecure’?
Or are the banks getting breached but just not telling us?
Microsoft: if it needs to be said, it’s said here first
Ahem… I refer my honourable friends to my earlier post last year.
In which, I said,
So Microsoft’s new strategy could be to own both hardware and software – starting with its own tablet but moving into phones (perhaps by buying Nokia?) and desktops (perhaps by buying Dell or Acer, or even building new from scratch?)…
Toward a new strategy for Microsoft
Yesterday, Reuters reported,
Microsoft Corp is in discussions to invest between $1 billion and $3 billion of mezzanine financing in a buyout of Dell Inc, CNBC cited unidentified sources as saying on Tuesday.
Microsoft in talks to invest up to $3 billion in Dell
Keep up, chaps.
