Create an Account
username: password:
 
  MemeStreams Logo

Damballa doesn't get it...

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Damballa doesn't get it...
Topic: Computer Security 4:27 pm EST, Mar  4, 2010

Damballa is missing the forest for the trees...

The computer attack which led Google to threaten leaving China and created a firestorm between Washington and Beijing appears to have been deployed by amateurs, according to an analysis by a U.S. technology firm.

"I would say this particular botnet group was not well funded, in which case I would not conclude they were state sponsored, because the level of the tools used would have been far superior to what it was," said Gunter Ollmann, vice president of research at Damballa, an Atlanta-based company that provides computer network security.

If the security hole in Internet Explorer was the smoking gun of the attacks, what Ollmann and his researchers looked at was "the occupants and driver of the getaway van," he said. They analyzed the global network of computers that attackers remotely used to deploy the attack, called a "botnet" -- computers that, unbeknownst to owners, are taken over remotely and used to spread malicious software, or malware.

What Damballa researchers found in the Google attack botnet was less '007' and more 'DIY,' using software that could be found and downloaded widely on the Internet. "This team launching the attack were unsophisticated amateurs," Ollmann said.

The botnet used in the attack began being tested in July, nearly six months before the attack, according to Damballa analysis.

He added, "Some of the codes within the malware were at least five years old" -- ancient, by software development standards. The attackers used technology "that had been abandoned by professional botnet operators years ago," he said.

The botnet is not the key to this. APT doesn't use many hosts in their attacks. They don't maintain some huge botnet, nor do they don't need to.

One of the key hallmarks of APT is using the minimum resources and least advanced techniques necessary to get the job done. You see old code, old tricks, and few hosts (which are often used by other groups). As long as it gets past the security solutions the target has in place, they don't care.

When you analyze APT activities, you see a clear division between teams doing the work. They do a 7-day week with 8 to 11 hour days.

These are all hallmarks of a non-amature outfit.

Stop thinking about the botnet aspect. Think like an intelligence operative. If you were targeting an organization, and you started by using your most advanced tools, what happens when you get caught? You start using less advanced tools? That's stupid.. You'd use your most basic assets, then when you got caught, you'd start using your next best set of assets. The P in APT is PERSISTENT.

Damballa doesn't get it...



 
 
Powered By Industrial Memetics
RSS2.0