[PLUG-TALK] Military-grade virus attacks
keithl at kl-ic.com
Tue Oct 5 11:17:45 PDT 2004
This is random blather, but more interesting than politics.
The latest series of ssh "doorknob rattling" attacks have been
appearing in a coordinated way - typically one or two or three
machines seem to be used, no exponential increases as I would
expect with some automated virus spreading. Somebody is collecting
older Linux machines.
Being somewhat paranoid, this started me thinking about what a few
hundred well-trained, clever, paid-to-do-it "Internet soldiers"
could do to the net, given powerful tools and a few months to
experiment and gather zombies. In other words, a small and
decently equipped military force.
Some estimate that there are *thousands* of undetected security
holes in something the size of a Linux or Windoze distro; imagine
this group finding dozens of exploits to work with, rather than one
or two. Further, imagine them constructing a powerful and manageable
set of exploit controls, so that an attack can be coordinated and
sequenced, rather than just launched.
A big enough team could target not just a few types of system, but
a wide variety of tools - Cisco routers, wireless access points,
telephone switches, just about anything net connected.
I assume that any information anywhere connected to the net (credit
cards, passwords, bank transfers) would be at risk of exposure. The
biggest concern would be uncertainty - what is hacked and what isn't?
This would be especially troubling if the military group took their
time about inserting the exploits and covering their tracks.
Essentially this would bring down the Internet until the machines
connected to it could be rebuilt, securely and verifiably. I'm not
sure how to do that, especially if the exchange medium is corrupt.
What could a group like PLUG do to survive, then aid in the recovery?
Keith Lofstrom keithl at keithl.com Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
More information about the PLUG-talk