TOPICS
TOPICS
What's Brewin': Beware of Zombies
Attack of the Chinese Zombies
The wave of cyberprobes or cyberattacks against Pentagon networks and government computer systems in France, Germany, New Zealand and the United Kingdom this summer appears to emanate from China, but no one in authority in the Defense Department or any of the other countries that have been victimized seems willing to finger the Chinese government or military as the culprit.
Paul Strassmann -- who served as director of Defense information in the early 1990s, the acting chief information officer of NASA from 2002 to 2003, and now serves as a Defense senior adviser -- declines to point fingers, either. He prefers, instead, to focus on one startling fact about Chinese activity in cyberspace: As of the morning of Sept. 14, there were exactly (remember, Strassmann is an engineer and likes precision) 735,598 computers in the United States infested by Chinese zombies, he said. Zombies are those small programs that infect computers at the root level and allow the computers to be controlled by remote users.
"This is a fact that should get everyone's attention," Strassmann said. Those zombie computers can launch massive denial-of-service attacks, spewing 1,000 messages a second against target computers, he said.
While at NASA, Strassmann experienced a massive zombie-directed denial-of-service attack which eventually shut down eight of the Internet's root servers. The servers help direct traffic globally through a master directory of domain names.
The zombies infecting U.S. computers today could be used to launch a massive cyberattack, which Strassmann described as "the cheapest attack weapon a nation can buy."
I have a hunch that the 735,598 U.S. computers infected by Chinese zombies did not come about because China is filled with a lot of bored teenagers with broadband connections who just like to goof around in cyberspace.
Want to monitor the inexorable march of the Chinese zombies on your own? Strassmann suggests checking out the zombie stats on a Web site maintained by CipherTrust.
Millions of GIG Scans a Day
Defense experiences millions of cyberscans of the Global Information Grid every day, according to an internal talking paper it prepared in response to news reports this month that China had successfully attacked Pentagon computer systems, including those used by the Office of the Secretary of Defense.
The paper dances around the subject of Chinese culpability and would only go as far as to report, "We have seen attempts by a variety of state- and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems."
Well, that certainly narrows it down.
The Microsoft Petri Dish
Strassmann said one reason that zombies and other cybernasties succeed so well is that they can easily hide in the hundreds of millions of lines of code that make up Microsoft operating systems and applications. Microsoft-based systems are a "Petri dish" for zombies, he said, adding that global reliance on MS systems exacerbates the problem.
Since there are no real, inexpensive alternatives to MS today, Strassmann said users really, really need to be conscious of even seemingly innocent e-mails that can be used to launch a zombie attack.
It's hard to believe, but evidently there are some folks out there who have not figured out that e-mails flogging Viagra are scams -- and potential zombie launchers.
How About Some DeVenCI Code For Zombies?
In a bit of serendipity, the Critical Information Technology Sector group, part of the Defense Venture Catalyst Initiative (DeVenCI), plans to hold a network survivability and recovery workshop on Nov. 13. Maybe out of that workshop will come a new zombie killer?
DeVenCI is looking for innovative companies who do not normally conduct business with Defense to make short pitches on their network software, gadgets and gizmos. Anyone interested in the workshop should e-mail an application (hopefully from a noninfected machine) to devenci@osd.mil no later than Friday, Sept. 28.
Real Bad Pentagon Meetings
I had a meeting with an unhappy bureaucrat at the Pentagon recently that was so strange that it counts as the most bizarre in my 36-year career as a journalist. Suffice it to say that I cannot go into details.
I thought nothing that happened in the Pentagon that day could have been as weird. Then I talked to an Army colonel on a flight out of Washington, D.C., later that week. He too described his meeting in the Pentagon that day as an "out-of-body experience," unequaled in his career.
We both decided that maybe -- just maybe -- there are hundreds of similar meetings in the Pentagon every day.
If anybody who would like to relate such stories, I would be happy to know about them. E-mail me at bbrewin@govexec.com.
COMMENTS
- @ Peter: You may well be right with some of your comments - but why does it have to be such an aggressive, and impolite tone beyond any netiquette? @ Bob: I have been an indirect victim of some of those attacks directed against my working place within the US Defense Community. However, I am using the Internet intensively for about 18 years now - and only once did I catch a virus on my home computers - and that one slipped through my protection hidden on a floppy disc. If organisations would be addressing people's stupidity, teach more, and actively protect their networks with hard- and software fire walls and so on, life would be made much more difficult for the "bad guys"... Without wanting to insult anybody, but as a foreigner, I have to say that your archaic way to make payments by cheque via postal services indeed seems to be a much safer procedure than Internet based online banking here in the US. It is no wonder that Internet criminality has risen to today's standards. In Europe you can use electromagnetic ID cards to reach your account from your home computer, or at least have PIN AND TAN-numbers etc. etc. etc... ovr Posted September 18, 2007 12:11 PM
- We're simply being prepared for a (cyber-) war against China. And people like Strassmann are only too willing to oblige; as long as someone is willing to pick up the tab Strassmann will say whatever you want him to say, like any consultant. And that's just what he is: a consultant, nothing more, nothing less, no matter what he's done in the past. Where does he get the notion that 735.598 computers are infected by Chinese zombie-software? Did he count them personally? Log the IP addresses of attackers to servers and hack into those computers to see what they were infected with? And what is that nonsense that there is no real alternative to Windows? HELLO? Ever heard of OSX, Linux or BSD? Just to name a few. Much more stable, far more secure, far less expensive, runs better on any hardware you throw at it, and, best of all, no vendor-lockin to some company in Redmond. Only a moron would actually believe the nonsense this Strassmann is spreading, it's too bad a site like GovEx actually gives this idiot a platform. Pieter Posted September 18, 2007 8:09 AM
- I suspect that this threat will have zero effect on outsourcing. After, the next quarter is just around the corner but our grandchildrens' future is as much as ten or twenty years in the future. One of the more idiotic requirements by security was to have our internal network put on the internet so they could verify that no intrusions were occuring (among other lesser threats). If our computers (holding critical (non-classifed) sensitive info weren't on the net I suspect that hacking into it would just a teensy harder. If they want to verify our security, our Lan should be disconneted from the internet and they should send a rep on a periodic basis to inspect our system. DOH. bill Posted September 17, 2007 10:16 AM
