Huge Compromises

April 27th, 2011

The media has definitely been busy the past few months. There have been some very high priority compromises and news generating events recently. Some of the big headlines have been Epsilon breached and customer emails stolen, RSA SecurID compromised, Another attack against Iran?, FBI takes offensive against Coreflood Botnet, and Sony Playstation Network compromised and ALL personal data stolen. The term APT (advanced persistent threat) has also been thrown around in a lot of the compromises and it makes me wonder if these are isolated insentients or if they may be related in some way. Can we also expect to keep getting some of these high profile compromises or will they die down?

I love a good conspiracy so I would like to hear that they are all related and this Blog post by Krypt3ia strengthens my belief even more that China is up to no good and possibly ramping up for an all out attack in the Cyber Domain. Only time will tell but until then, I will keep theorizing about my conspiracies.

Low Orbital Ion Cannon

December 9th, 2010

Anonymous have mobilized. Well, a subset of Anonymous under the banner of Operation Payback have started attacking organizations that have discontinued services to WikiLeaks (at the time of writing there is no DNS name and it is located at 213.251.145.96). After reading several articles on the subject, I was familiar with the tool that Anonymous was using to attack these sites. From what I can tell there are several versions of the tool named Low Orbital Ion Cannon (or LOIC for short). LOIC is a modified version of an open source load tester. It was modified to connect to an IRC channel and get a list of targets to start attacking.

This is interesting in and of itself as the users are joining an opt-in botnet. I did not have the time to download it and take a look but I did run into a JavaScript version that peaked my interest a bit. I went ahead and grabbed a copy of it and put it up here. It is pretty basic, you put the target url in the first box and launch with “IMMA CHARGING MEH LAZER”. After looking at a packet capture of the traffic it does exactly what you would expect it to, it opens several connections to the server in question. At this point it doesn’t do anything but http and https connections but it would be interesting to see it support other protocols such as SSH and DNS.

 
     
); ?http://www.statcounter.com/free_hit_counter.html