December 17, 2005: StrategyPage doesnât just report on Cyber War, sometimes we get caught in the middle of it. We got an electronic nastygram from China recently when, as we were installing a new server, at a hosting site (to improve response time, and lessen the workload on the volunteer staffers who maintain the server). There was a gap of a few days between the time the new server went online, and the hardware firewall (which is a bear to configure) got installed. Into that opening, some Chinese hackers got onto the server and tried to take it over. Actually, it was unclear what they were trying to do, but they did it at 2 AM, when one of our techies was trying to get onto the server to do some database maintenance, the hack attempt was noticed. There ensued a duel between our two guys and the Chinese. The Chinese lost, and we found out they were Chinese when we examined the tools and documents they left behind once they were locked out. Based on that, and the fight they put up, it appears it may have been a training exercise. When China trains its Internet warriors, it sends them out on training missions, to get into a vulnerable server and do the sort of things (like planting a rootkit) that one would do in preparation for a Cyber War. Of course, they could have just been part of a criminal gang, collecting zombie machines to use for extortion and other illegal Internet activities. But they way they were not all business when they were caught, and seemed a little green, indicated someone on some kind of training mission. Their tools and entry methods were more typical of a well equipped hacking enterprise. Actually, it could also have been a very elaborate bot (an automated hacking program). It did leave some code behind, and some modifications to some of our news databases. Whatever it was, it was apparently not completely set up before we cut off the hacker access and deleted stuff that was left on our server. We reformatted and reloaded from backups and were back in business in a few hours.
All this during the last week of November, and, after three unsuccessful attacks, someone got in and modified out main page. They did this by installing an encrypted Javascript Trojan that would try to infect client machines (this sometimes triggered a virus alarm with some anti-virus programs). The Javascript was poorly written, and the Trojan was unable to carry out this infection. The Trojan concept was clever enough, tt was included in an [iframe] tag which basically allows a web page to be included on another webpage â in this case, ours. The other webpage was hosted on a server called freewebs.com, but the hacker hacker webpage was gone, removed by the hosting service, by the time we went looking for it (about 12 hours after our page was hacked).
Those hackers have not been back. We piled up additional defense and tripwires, to hold us until the hardware firewall went online last week. None of these attacks got close to any customer data, which is kept on a separate server (at another location, there are actually three physically very separate servers running StrategyPage.)
As a practical matter, no server on the planet, that is connected to the Internet, is invulnerable to an attack. But if you put up stout enough defenses, you reduce the number of hackers skillful enough to get through, and increase the chances of the attacker getting caught. Thatâs how financial institutions, which are the most attacked targets, maintain their defenses. The most skilled hackers want to avoid arrest, so they tend to avoid taking on these heavily defended servers. There are plenty of less well defended targets, and thatâs who the hackers are now going after. Well, except for one fellow, who weâve tracked back to Montevallo University in Montevallo, Alabama. So, either we have a student from there doing this or (more likely) they have a school PC that was taken over by a hack, and turned into a zombie. Heâs hammering, futilely, at port 1305 on our main server. The hardware firewall just notes this for us, and life goes on.
Posted by: Red Dog ||
12/17/2005 17:15 Comments ||
Top||
#3
We piled up additional defense and tripwires, to hold us until the hardware firewall went online last week. None of these attacks got close to any customer data, which is kept on a separate server (at another location, there are actually three physically very separate servers running StrategyPage.)
Makes a good story. If true why tell, if a lie tell more. To wit don't talk about structure or changes, don't talk about "duels" jeebus. Keep it tight, and keep it very, very quiet.
MADRID, Spain - Anti-war activist Cindy Sheehan led a small protest Saturday outside the U.S. Embassy to denounce the war in Iraq.
About 100 protesters carried banners criticizing President Bush.
Sheehan, whose soldier son was killed in Iraq, called Bush a war criminal and said, "Iraq is worse than Vietnam."
The protest also was called in memory of Jose Couso, a Spanish television cameraman killed on April 8, 2003, in Baghdad when a U.S. tank fired at a hotel where many foreign correspondents were staying. Reuters cameraman Taras Protsyuk, a Ukrainian, also was killed in that incident.
A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012.
Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing
the drug and gang related violence in Mexico.
Chris gives us Mexican press dispatches of drug and gang war violence
over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has
dominated Mexico for six years.
Rantburg was assembled from recycled algorithms in the United States of America. No
trees were destroyed in the production of this weblog. We did hurt some, though. Sorry.
