http://www.wired.com/news/culture/0,1284,41167,00.html
by Michelle Delio
10:45 a.m. Jan. 12, 2001 PST
Recent vicious cyberattacks on IRC services have now been linked to a
National Infrastructure Protection Center security warning that
advised systems administrators to protect their systems against a
potential widespread distributed denial of service attack over New
Year's weekend.
According to court documents filed on Thursday by the FBI as well as
sources involved in the investigation, the agency is now investigating
a Lynwood, Washington teenager who is believed to have been part of a
planned widescale attack "to take down the Internet" over the recent
holiday weekend.
The teenager is also under investigation for attacking the servers of
DALNet, an IRC service.
The teenager, whose name is being withheld due to his age, admits that
he was involved in the creation of "Godswrath," a program that allows
users to launch distributed denial of service attacks.
But he is denying involvement in any attacks on DALNet, and said that
the threats to hijack the Internet that appeared on the Godswrath
website were "just blowing off steam."
A spokesman for the FBI's Los Angeles office, which is leading the
investigation, said he could not comment on the case, but said an
official statement will be released Friday or Saturday.
The agency is also investigating the possibility of involvement by
other people, reportedly located in California, Michigan and Israel.
Meanwhile, many IRC services are still under attack.
Undernet appears to be the hardest hit, with its IRC service bots down
and no projected date for their return.
When an IRC server is attacked, it also impacts the IRC Internet
service provider's ability to carry on normal day-to-day network
operations. The most recent attacks on Undernet have been so severe
that some providers have terminated their agreements to host the IRC
servers on the Undernet network.
But according the Undernet administrators, even this has not stopped
the attacks.
Some of Undernet's service providers continue to be the subject of
extensive DoS attacks, even after disconnecting the IRC servers.
It appears, Undernet administrators said, that "the intent of the
subject(s) orchestrating these DoS attacks is not only to destroy an
IRC network, but also to adversely impact the business enterprise of
individual ISP's that have hosted Undernet IRC servers."
"I am completely bewildered as to what these attacks are supposed to
achieve, other than the destruction of a service that has been in
place for nearly 10 years," said Beth Healy, former administrator of
the Undernet User Committee.
"The vast majority of Undernet volunteers, including IRC operators and
administrators, are people who have real jobs and families and
concerns and yet make the time to help maintain the network and
continue to provide a totally free service to its users. And yet
people are taking this for granted, and that is the real shame here,"
Healy added.
But some say that Undernet should share some of the blame for the
attacks.
Bill Lavalette, who owns and operates the NdrsNet irc Network, said
that Undernet resisted his attempts to aid them in securing their
servers.
"We went to them two years ago and told them how to fix their network
to help protect their users and provide a more stable form of chat.
They laughed at us," Lavalette said. "As it stands now, it is the most
out-of-control IRC network on the Internet."
"I feel sorry for the users of that network more so than the owners
and admins. Their lack of attention to the users and their network has
made it easy for the script kiddies to attack them and as with
anything the more publicity and proof of concept that it can be done
the more it will be done. Undernet for the most part as of now is
under the control of the script kiddies," Lavalette added.
Undernet administrators say there are numerous issues that will
complicate a swift resolution to their current crisis.
Other IRC channels such as DALnet have publicly stated they have
decided to work closely with the FBI and other international law
enforcement agencies to get attackers arrested, rather then trying to
solve the problem internally.
DALnet's cooperation with law enforcement directly lead to the
investigation of the Seattle-area teenager accused of launching
Godswrath, along with the recent arrest of four hackers in Israel.
"Over the past year, DALnet has lost over a dozen servers due to
attacks of this sort," DALnet CEO David "Taz" Kopstain said.
"These attacks simply underscore the fact that people need to be
continually vigilant about security issues; everyone needs to spend
the time and money necessary to secure machines, servers, and networks
against being made unwitting participants in someone's nefarious
scheme of revenge or terrorism, DALnet founder Sven "Dalvenjah"
Nielsen said.
"People need to realize that by not keeping their machines secure,
they are costing the rest of the Internet community millions of
dollars in time and lost revenue."
The human cost is also significant. IRC has many devoted users, who
are saddened by the seemingly irrational attacks on the chat services.
"I've been an IRC devotee for over 10 years and have never seen this
level of attack," a user named Rico wrote in an e-mail.
"It's such a shame that the very technology that has fostered open
communication and the only really true peer-to-peer sharing will most
likely suffer an untimely death."
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Mon Jan 15 01:27 CST 2001