Glass house dwellers beware
As the USA has a vast cyber-border to protect, perhaps it was foolish launching electronic attacks against regimes that don't toe the US line?
Denial-of-service attacks against US banks' web systems were the work of Iran rather than Islamic activists, says a former American government official. A group called the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for two waves of cyber-attacks against US banks including US Bancorp, Bank of America, Citigroup …
"Denial-of-service attacks against US banks' web systems were the work of Iran rather than Islamic activists, says a former American government official."
Well, that makes it OK then!
"A group called the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for two waves of cyber-attacks against US banks including US Bancorp, Bank of America, Citigroup, Wells Fargo that took place in September and December. The stated reason for the "protest" attacks was religious outrage over the continuing presence on YouTube of the inflammatory Innocence of Muslims video on YouTube."
That makes sense - some idiot puts a video on YouTube that you don't like so you take down banking websites in retaliation. Because, of course, the banks are behind all of the Muslim oppression going on after all...
"Being adamant isn't exactly a sign of intelligence, it's a sign of being bone headed. There are better ways to prove something."
Well, invading Iraq to prove that Hans Blix was wrong didn't quite achieve the desired objective, but even so you've got to wonder how they'd set about proving Iran's guilt.
This sounds a lot like the WMD debate. We are just looking for an excuse the drop bombs on someone. The cyber attack (maybe) meets kinetic retaliation. First Iran and then the headlines will read "US Govt thinks attack may originate in UK." Then, we can launch planes against the evil UK from Ramsbury.
"The 'itsoknoproblembro' tool was designed and implemented as a general purpose PHP script injected into a victim’s machine allowing the attacker to upload and execute arbitrary Perl scripts on the target’s machine."
Is this ex USG guy f**king kidding us?
No zero day vulns (or rather multiple zero day vulns).
No complex development language.
No assembler.
It's PHP. FFS.
I've no doubt that there plenty of US officials who would like it to be the Iranian government.
Too bad it just did not take that level of competency.
Fail for anyone thinking it needs to be a govt and the sysadmins who let this thing exist. Find it and kill it.
The datacenter I'm hosted at gets ddosed with about 20Gbit every day pretty much all day. It peaks at about 60Gbit once a month or so(my sysadmin also works for the datacenter from time to time so we get access to all kinds of fun statistics). I never did find out who is behind it... guess its Iran.
I always liked to imagine banks have a better setup then I have but my fairly cheap plan makes it so I don't notice a thing from the ddos except during the 60Gbit peaks or when they target me specifically with such an amount instead of for some reason spreading the attack across several random servers in the datacenter(although in that case its the upstream provider nullrouting my ip's instead of letting the datacenters firewall farm deal with it).
I mean the ones whose web servers have been infected by it.
You allow PHP script uploads.
You let them have run privileges.
You don't notice it starting a process (or 10).
OK so this thing can sneak through a malware scanner.
It's not like it leaves no footprint on every server it's infected.
I wonder what took someone so long. I came up with this method well over ten years ago (calling it packetstorm with all of the cited features), and while I DO have a military background (none in cyberwarfare fwtw), it's not like it's hard to conceive. So either the Iranians haven't got their game face on or it really was cyberactivist.
I also wonder about my national leadership here. Usually we finish (frequently win) one war before we start, or become the receiving end, of another. I guess the people in Washington, D. C., like a challenge. If they keep this up, I'm going to have to seriously think about gearing up a defensive here. Getting caught in a cross-fire situation is a bitch.
"Usually we finish (frequently win) one war before we start, or become the receiving end, of another."
I struggle to see any sizeable war in the past half century that the US (and usually the UKas well) have engaged in that has been won, unless you regard winning purely as the defeat of your opponent's armed forces.
WW2 was won because the main protagonists were militarily defeated and then reconstructed as prosperous, peaceful democracies. But since then, we've achieved a draw in Korea, abject defeat in Vietnam, been all but thrown out of Iraq, are in the process of running away from an unreconstructed Afghanistan. And our stand-off war in Libya left the place running to such a high standard that the US ambassador could be murdered. The common theme for the last three is that the plan was only military, and afterwards nobody had a clue, and nobody wanted to have a clue. None of these three nations look to be on a path to prosperity or any form of credible democracy (elections not withstanding), and remain rife with violence, crime and corruption.
"I struggle to see any sizeable war in the past half century that the US (and usually the UKas well) have engaged in that has been won, unless you regard winning purely as the defeat of your opponent's armed forces."
Well Mr AC you might be shocked to find that militarily that is exactly how victory is defined.
However guerrilla warfare is more difficult. You might like to look at "Who dares wins" by Tony Geraghty. Not all the wars the British Army made the media. Sadly it predates the results in Northern Ireland. Leaving Vietnam to the Australians and New Zealanders to assist in might have been one of the UK governments better decisions. Did Canada help out as well? I don't think so.
As for post victory planning it was Colin Powell who described the man in the State Dept thinking about what to do in Iraq as the "Stupidest motherf***er he'd ever met."
any technical evidence to back up their claims".» But you see, US officials, unlike the rest of us, are not constrained by evidence or lack of same - they are still running that old «faith-based reality» meme. One shouldn't, however, go so far as to congratulate these officials for this «innovation» - telling lies about the other side goes a long way back. Remember British propaganda about the Boche bayonetting babies in Belgium during the Great War ?...
Henri