Biggest hacks of 2012 (thus far)

A DDoS really shouldn't qualify as a hack. Anyone can run an app. Zero skill required.
 
The group accessed the component manufacturer through an unpatched copy of Internet Explorer that an employee was using.
Click to expand...

How do they find that one unpatched copy of IE? :eek:
 
Slootvreter said:
How do they find that one unpatched copy of IE? :eek:
Click to expand...

It wouldn't qualify as a "Biggest hack" if they did not. These guys are pro and know what to look for.

Oh and I agree with the DDoS is not a hack. Although it takes a extraordinary amount of effort to take down a big site. And DDoS may cause certain vulnerabilities to open up.
 
Messugga said:
A DDoS really shouldn't qualify as a hack. Anyone can run an app. Zero skill required.
Click to expand...

Its not that simple unless you get hundreds and thousands of people together to run something lame like LOIC. Otherwise its much more complicated then you make it out to be. Firstly... "running an app" shows that you only know about lame tools like loic. A proper dDos requires a zombie botnet (which in turn requires setting up virus/trojan payloads to infect machines to become zombies). These zombies in the botnet then need to communicate with command and control servers which are in turn managed by a distributed or single command server. So no... "anyone can run an app" does not cut it in the real hacking world.

A bunch of kids getting together on 4chan and using a windows app like loic is not real hacking. Also if you think I am wrong I am happy to give you an IP to attack so you can show us how your "anyone can run an app, zero skill required" works. :)

evilskaap said:
Agreed. HOIC and LOIC makes it even easier. Forcing a site down by keeping it busy != real hacking that requires skill.
Click to expand...

See above.
 
Last edited:
ghoti said:
Its not that simple unless you get hundreds and thousands of people together to run something lame like LOIC. Otherwise its much more complicated then you make it out to be. Firstly... "running an app" shows that you only know about lame tools like loic. A proper dDos requires a zombie botnet (which in turn requires setting up virus/trojan payloads to infect machines to become zombies). These zombies in the botnet then need to communicate with command and control servers which are in turn managed by a distributed or single command server. So no... "anyone can run an app" does not cut it in the real hacking world.

A bunch of kids getting together on 4chan and using a windows app like loic is not real hacking. Also if you think I am wrong I am happy to give you an IP to attack so you can show us how your "anyone can run an app, zero skill required" works. :)



See above.
Click to expand...

Buddy, I'm doing my thesis on botnets. I'm aware of how those attacks work. That's not what 90% of these attacks use though. They coordinate on IRC and have people nuke a server with LOIC and the like. People with significant botnets won't risk their C&C's being traced/discovered and there aren't many solid P2P botnets yet.
 
But non of these hacks were nearly as funny seeing the ANC website being hacked .... multiple times. Actually it wasn't really a hack, in by any hacker standards, it was a wide open door to upload your own content if I remember correctly.
 
rogerwe said:
But non of these hacks were nearly as funny seeing the ANC website being hacked .... multiple times. Actually it wasn't really a hack, in by any hacker standards, it was a wide open door to upload your own content if I remember correctly.
Click to expand...

Imagine someone uploading 'the spear' onto the ANC website!hahaha
 
Messugga said:
Buddy, I'm doing my thesis on botnets. I'm aware of how those attacks work. That's not what 90% of these attacks use though. They coordinate on IRC and have people nuke a server with LOIC and the like. People with significant botnets won't risk their C&C's being traced/discovered and there aren't many solid P2P botnets yet.
Click to expand...
Could I have evidence that 90% of dDos attacks us LOIC. To blame these kids for 90% of ddos attacks I think is completely false and misleading. The majority of botnet attacks happen for financial reasons against corporate targets as the owners of the botnets use the ddos as a form of blackmail. People use those botnets all the time. Investigators are aware of the botnets. Very few of them hide! Some are over 6 years old! Those botnets are constantly harvesting information. Well known botnets are well known botnets and some of them have being in existence for years. So I have no clue where you are getting your information from. So forgive me if I ask for evidence, because what you are saying, doesnt seem to tie into the reality that I live.

Yes, there has been an increase in hacktivist ddos attacks. These have made the media (normally the extortion attacks dont make the media because the company being extorted does not want the world to know). So I assume its these recent public hacktivist groups like lulzsec that made the mainstream media that has formed your opinion.
 
Last edited:
I'm divided on these hacking claims. Taking down a website? Whoopty doo. Ddos? Yawn...

If they did not get to the internal network or got some serious info from the website hack it is a script kiddie at play.
 
ghoti said:
Could I have evidence that 90% of dDos attacks us LOIC. To blame these kids for 90% of ddos attacks I think is completely false and misleading. The majority of botnet attacks happen for financial reasons against corporate targets as the owners of the botnets use the ddos as a form of blackmail. People use those botnets all the time. Investigators are aware of the botnets. Very few of them hide! Some are over 6 years old! Those botnets are constantly harvesting information. Well known botnets are well known botnets and some of them have being in existence for years. So I have no clue where you are getting your information from. So forgive me if I ask for evidence, because what you are saying, doesnt seem to tie into the reality that I live.
Click to expand...

I have stats from my research at home which I'll post if I remember. Anyway, you're missing my point. Of course there are massive botnets, some with hundreds of thousands of bots and yes, some of them have been around for years. They often get used for spamming email, blackmail, etc. for profit.

My point is that the guys controlling these massive botnets, arguably their livelihood, aren't going to compromise them by providing an entity such the FBI with the amount of information that can be gathered by a DDoS. Step one to killing a botnet is to find out about as many members in the botnet as possible. DDoS'ing a server with a large portion of your botnet will light all of them up. Once you know which systems to look out for, there are some stats and algorithms you can run to trace C&C nodes. Botsniffer and Botminer are tools that quickly come to mind that manage to trace C&C nodes with pretty descent accuracy.

Secondly, there are several successful botnets' source code available. Infection is automated and makes use of exploits on the boxes they infect. This is especially the case for the larger botnets. I absolutely agree with you that if the hacker writes the code to get his agent onto the victim box, he's most certainly a hacker and probably has a fairly great amount of skill. You don't need to write your own code though, and several of the larger botnets make use of identical or very slightly modified code of others. I have some source code from a rather larger botnet stored somewhere, but a 5min Google search will lead you to it. I found one where you actually do only have to click a button and it starts scanning for vulnerable systems within a specified IP range.

Again, I don't think the really serious guys will get involved with the FBI and the like, to such an extent. Rather, they'll lay low and use their botnets only when required. Also, it's been fairly well documented that during earlier DDoS attacks by Anon, attacks were coordinated via IRC which LOIC on various user systems was configured to point to for commands. This was during the Wikileaks debacle if I'm not mistaken. Not really a botnet then.

Wikipedia:
Tools and communication

Operation Payback members use a modified version of the Low Orbit Ion Cannon (LOIC) to execute the DDoS attacks.[103] In September 2010, a "Hive Mind" mode was added to the LOIC.[103] While in Hive Mind mode, the LOIC connects to IRC, where it can be controlled remotely. This allows computers with LOIC installed on them to behave as if they were a part of a botnet. Utilising this tool, the coordinators of Operation Payback were able to quickly take down websites belonging to anti-piracy groups.[103] Botnets of all sizes have also been used.[104]
Communication consists of an IRC channel where targets are decided upon, after which "attack posters" are produced and posted on the various imageboards (4chan/7chan/711chan/420chan/808chan).[105] Media such as Twitter and Facebook have previously been utilised for co-ordination,[105] but on December 8, 2010 Operation Payback's Facebook page was removed and their official Twitter account was suspended.[89][106][107] Also, according to Valleywag, Encyclopedia Dramatica was forced to delete their article on Operation Payback.[108][109][110]
Click to expand...
 
Last edited:
Messugga said:
I have stats from my research at home which I'll post if I remember. Anyway, you're missing my point. Of course there are massive botnets, some with hundreds of thousands of bots and yes, some of them have been around for years. They often get used for spamming email, blackmail, etc. for profit.
Click to expand...

Would be great to see them, because not even the security firms support your opinion. Im busy reading a Q2 article by Kaspery, and they say pretty much what I have being saying about them.

My point is that the guys controlling these massive botnets, arguably their livelihood, aren't going to compromise them by providing an entity such the FBI with the amount of information that can be gathered by a DDoS. Step one to killing a botnet is to find out about as many members in the botnet as possible. DDoS'ing a server with a large portion of your botnet will light all of them up. Once you know which systems to look out for, there are some stats and algorithms you can run to trace C&C nodes. Botsniffer and Botminer are tools that quickly come to mind that manage to trace C&C nodes with pretty descent accuracy.
Click to expand...

Most these guys RENT out their botnets to whomever will pay. They dont need to hide. They advertise their services.

Secondly, there are several successful botnets' source code available. Infection is automated and makes use of exploits on the boxes they infect. This is especially the case for the larger botnets. I absolutely agree with you that if the hacker writes the code to get his agent onto the victim box, he's most certainly a hacker and probably has a fairly great amount of skill. You don't need to write your own code though, and several of the larger botnets make use of identical or very slightly modified code of others. I have some source code from a rather larger botnet stored somewhere, but a 5min Google search will lead you to it. I found one where you actually do only have to click a button and it starts scanning for vulnerable systems within a specified IP range.
Click to expand...

People who buy code like Zeus code are nubs. It doesnt take the worlds greatest hacker to use meterpreter/SET/Armitage and create your own payload....

Again, I don't think the really serious guys will get involved with the FBI and the like, to such an extent. Rather, they'll lay low and use their botnets only when required. Also, it's been fairly well documented that during earlier DDoS attacks by Anon, attacks were coordinated via IRC which LOIC on various user systems were configured to point to for commands. This was during the Wikileaks debacle if I'm not mistaken. Not really a botnet then.
Click to expand...
If by "laying low" you mean... they post on forums and advertise their botnets for commercial reasons then I completely agree with you. Those attacks you are talking about are media churn attacks. People think thats the bee`s knee`s because it made the mainstream media. They were lame attacks. Also, the moment a company gets extorted I can guarantee you they contact the FBI. So hiding botnets from the FBI is pointless.

I fully remember the attacks against Paypal, Visa and such during the last time LOIC did anything relevant. It was a bunch of activist tweens who downloaded a windows app to get together to ddos people. I remember reading the 4chan forums, I was in the irc chat rooms. Those attacks are new and not the main reason for DDOS. I do agree that attacks by hacktivists have increased... and thats what the media grabs onto which is how you probably formed your perception. I even remember in the last loic attack on Facebook that failed. I downloaded loic to a virtual machine and laughed my head off because there was a payload in loic. IE, the real hackers were targeting the idiot loic users :D

Right now there is a DDOS attack against Wikileaks (Im hearing reports of 50gbps) itself and I can bet you every cent I have that they are NOT loic kids getting together.

Can you tell me when the last great loic attack was?
 
Last edited:
Gotta love the spirit of anarchy which the Web (and specifically digital anonymity) promotes and engenders. May it only go from strength to strength!
 
ghoti said:
Right now there is a DDOS attack against Wikileaks (Im hearing reports of 50gbps) itself and I can bet you every cent I have that they are NOT loic kids getting together.
Click to expand...

Look, I'm not arguing with you and perhaps we're talking past each other. I'd hardly consider myself an expert (Yet. That's afterall the purpose of doing research :p) and I'm learning from what you say, so please don't hold back as I'm taking you seriously. You have to agree with me though on my original statement that performing a DDoS is in itself not really a significant hack. Gaining control of a significant botnet in the first place requires some trickery however.

As for the Wikileaks DDoS, I haven't been following closely lately but my first thought was that a government got involved with it.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter