Iran DDOS 2



I just read a great post by Jose Nazario suggesting that there hasn’t been much evidence of the use of botnets. But the most interesting point he makes is where he points out that the site under attack could take offensive action against the people participating in these “refresh” style attacks:

The attackers who participate by loading these pages and going off to dinner, sleep, or on with their days open themselves up to attacks back through drive-by attacks. Imagine a simple scenario: the victims modify their sites to include some code like LuckySploit that commits a simple set of attacks. The attacker’s machine reloads the page (this is, after all, part of the attack). Hit a browser or accessory bug and bam, the attacker has been attacked. Now you’ve got a foothold on the attacker’s machine and, if you’re a sophisticated cyberwar player, you can use this to further understand your adversary. This is a dangerous strategy. If you’re going to employ this kind of attack you need to remember you may be putting your “army” at risk.

That’s interesting because it has happened before. A similar type of campaign back in 1998 by EDT was focused on the Pentagon and the site under attack retaliated:

In September 1998, the Electronic Disturbance Theater, a group of activists that practices politically driven cyber civil-disobedience, launched an attack aimed at disabling a Pentagon Web site by flooding it with requests. The Pentagon responded by redirecting the requests to a Java applet programmed to issue a counteroffensive. The applet flooded the browsers used to launch the attack with graphics and messages, causing them to crash.

(Also, the defacers are getting into it: A gov.ir site was defaced too (http://www.marivan.gov.ir/Election.htm))

Post a comment.