|
|
 هكذا نجح القراصنة في مهاجمة شبكة الإنترنت وحجب أشهر المواقع العالمية
|
00:39 AM October, 23 2016 سودانيز اون لاين
زهير عثمان حمد-السودان الخرطوم
مكتبتى
رابط مختصر يُرجح أن يكون الهجوم الضخم على منافذ شبكات الإنترنت العالمية، والذي حجب بعضاً من أشهر المواقع الإلكترونية في العالم، قد حدث بسبب قراصنة استخدموا أجهزة شائعة في الاستخدام اليومي مثل كاميرات الويب والأجهزة الرقمية. ومن بين المواقع الإلكترونية التي استهدفت يوم الجمعة كان "تويتر" و"باي بال" و"سبوتيفاي".
وجميع هذه الشركات عميلة لشركة Dyn، شركة البنية الأساسية التي تتخذ من نيو هامبشاير في الولايات المتحدة مقراً لها، وهي تعمل بمثابة لوحة تحكم في حركة المرور بالإنترنت.
كان انقطاع الخدمة متناوباً ومتنوعاً جغرافياً، ولكن قيل إنه قد بدأ في شرق الولايات المتحدة أولاً قبل أن ينتشر في باقي أجزاء أميركا وأوروبا.
واشتكى المستخدمون من عدم تمكنهم من الوصول إلى عشرات المواقع بالإنترنت من بينها "ماشابل" و"سي إن إن" و"نيويورك تايمز" و"وول ستريت جورنال" و"يلب" وبعض الشركات التي تستضيفها "أمازون".
استخدم القراصنة مئات آلاف من الأجهزة المتصلة بالإنترنت والتي قد أُصيبت مسبقاً بشفرة خبيثة، تُسمى "شبكة الروبوت" أو كما نُسميها مازحين "جيش الزومبي"، لفرض هجوم خاص وقوي بآلية حجب الخدمة (DDoS).
إن الهدف من هجوم (DDoS) هو أن يزداد الحمل على خدمة الإنترنت من مصادر متعددة حتى تصبح غير متوافرة، تقول شركة "Dyn" إن الهجوم كان من ملايين عناوين الإنترنت مما يجعله واحداً من أكبر الهجمات على الإطلاق.
قالت شركة "Dyn" إنها استطاعت حل هجوم واحد عطل العمليات لمدة ساعتين تقريباً، ثم كشفت عن واحد آخر بعد بضع ساعات وكان يسبب اضطرابات أكثر، وبحلول المساء كانت الشركة تحارب هجوماً ثالثاً.
الأجهزة المتصلة بالإنترنت
جزء من ذلك الهجوم، على الأقل، كان قادماً من الأجهزة المتصلة بالإنترنت بما في ذلك كاميرات الويب ومسجلات الفيديو الرقمية.
وأكد باحثون في الأمن الرقمي يعملون مع شركة "Dyn" للتحقيق في ذلك الهجوم إنه متعلق بشبكة كاميرات تلفزيونية مغلقة الدوائر "CCTV" ومتصلة بالإنترنت، وهناك شركة صينية واحدة تصنعها تُدعى XiongMai Technologies.
وأوضحت أليسون نيكسون، مديرة البحث في شركة الأمن "فلاش بوينت"، إن كاميرات "CCTV" المتصلة بالإنترنت ومسجلات الفيديو الرقمية قد اتصلت اضطرارياً بالشبكة معاً باستخدام برنامج "Mirai" البرمجي الخبيث والمتطور لتوجيه عدد طلبات اتصال مع عملاء شركة Dyn.
وقالت للباحث الأمني بريان كريبس: "إن الجدير بالملاحظة هو أن خط إنتاج الشركة قد تحول فعلياً بالكامل إلى "شبكة روبوت" تهاجم الولايات المتحدة الآن".
استُخدم نفس البرنامج الخبيث "Mirai" في سبتمبر/أيلول لإطلاق ما قد وُصف آنذاك بأكبر هجوم "DDoS" على الإطلاق على موقع كريبس "Krebs on Security" الذي استُهدف بسبب تقريره عن جريمة إلكترونية.
قام القراصنة بنشر شفرة مصدر "Mirai" مسبقاً هذا الشهر مما ألهم عدداً كبيراً من المقلدين.
وكان الخبراء قد حذروا قبل أيام من هجوم يوم الجمعة من شبكة روبوت متطورة، بواسطة سلاح مكون من مجموعة من البرامج الضارة وما قد يصل إلى 100 ألف جهاز شخصي مقرصن.
وقد حذر باحثون في شركة "لفل 3 كوميونيكيشنز"، وهي شركة اتصالات عالمية تُركز على الأمن المدار، في وقت سابق من هذا الأسبوع من أن التهديد من شبكات الروبوتات هذه يتزايد وينمو كلما وُصل جهاز بالإنترنت.
وأصدرت وزارة الأمن الداخلي الأميركية تحذيراً الأسبوع الماضي.
كان "Mirai" هو برنامج شبكة الروبوت الأكثر تطوراً الذي قد رأته شركة 3 لفل، فهو قادر على تدوير عناوين بروتوكول الإنترنت "IP" –على الأرجح لتجنب كشفه.
والمقلق أكثر من هذا هو أنه "لا يزال يتطور".
استهدف "Mirai" أجهزة الاستخدام اليومي والأجهزة المنزلية -مثل مسجلات الفيديو الرقمية والكاميرات وحتى الغلايات- التي تتصل بالإنترنت، وهو مفهوم للتواصل يشار إليه باسم "إنترنت الأشياء" (IoT) وقد أُنشيء دون مراعاة فعلية للأمن.
وقال باحثو شركة لفل 3 إن أغلب –حوالي 80%- شبكات الروبوت كانت مسجلات الفيديو الرقمية تتصل بالإنترنت، مع باقي أجهزة التوجيه وأجهزة متنوعة أخرى مثل كاميرات "IP" وخوادم لينكس، وأضافوا: "غالباً ما يتم تشغيل الأجهزة بواسطة كلمة السر الافتراضية والتي تُعد سهلة التخمين لروبوتات الويب".
493 ألف جهاز
قدر مايكل ميموزو، عضو مجموعة أبحاث الأمن السيبراني كاسبرسكي لاب، يوم الأربعاء أن عدد الأجهزة التي تم كشفها وصلت إلى 493 ألف جهاز، وكانت أغلبها موجودة في الولايات المتحدة. وأضاف "لكن البرازيل وكولومبيا هما أيضاً على رأس القائمة".
اعتبرت شركة Dyn أنها أنهت الهجوم بحلول الساعة السادسة مساءً بتوقيت نيويورك، ولكن لا يزال غير معروف من الذي نشر شبكة الروبوت، وما السبب وراء ذلك.
وقال كايل يورك، الرئيس التنفيذي لاستراتيجية الشركة، لرويترز: "إن تعقيد الهجمات هو ما يجعلها صعبة للغاية بالنسبة لنا". وأضاف الأمن الداخلي ومكتب التحقيقات الفيدرالي أنهم يحققون في الأمر.
ونشرت ويكيليكس تغريدة في الخامسة مساءً بتوقيت نيويورك يوم الجمعة مضمونها أن داعميها هم من كانوا وراء الهجوم.
"السيد أسانغ ما زال حياً، ويكيليكس ما زالت تنشر، نحن نطلب من الداعمين أن يتوقفوا عن تعطيل إنترنت الولايات المتحدة، لقد أثبتم وجهة نظركم".
View image on Twitter
View image on Twitter
Follow
WikiLeaks ✔ @wikileaks
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point.
11:09 PM - 21 Oct 2016
46,036 46,036 Retweets 31,523 31,523 likes
أثار الباحث الأمني بروس شنير حالة من الاضطراب عندما كتب في سبتمبر أن أحدهم، من المحتمل أن تكون بلداً، كان "يتعلم كيفية تعطيل الإنترنت".
وكتب أن "دولة قومية كبيرة" (ستكون روسيا أو الصين أول التخمينات) كانت تختبر مستويات متزايدة من هجوم "DDoS" ضد مقدمي خدمات البنية التحتية للإنترنت لم يُسمهم، فيما بدا أنه اختبار لإمكانية القيام بهجوم على هذا المستوى.
قالت نيكسون لرويترز إنه لا يوجد سبب للاعتقاد بأن أية حكومة تقف وراء اعتداءات يوم الجمعة، لكن الهجوم قد نُفذ بمقابل مادي ومن الصعب جداً معرفة مُنفذيه.
Cyber attack: hackers 'weaponised' everyday devices with malware to mount assault
Hundreds of thousands of devices such as webcams and DVRs were infected with malicious code to create a so-called ‘botnet’ to target leading sites
/
How did hackers use everyday devices to launch a cyber attack؟
Sam Thielman in New York and Elle Hunt
Saturday 22 October 2016 06.47 BST Last modified on Saturday 22 October 2016 13.15 BST
Share on LinkedIn Share on Google+
Shares
2,346
Comments
1,208
Save for later
The huge attack on global internet access, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.
Among the sites targeted on Friday were Twitter, Paypal and Spotify. All were customers of Dyn, an infrastructure company in New Hampshire in the US that acts as a switchboard for internet traffic.
Outages were intermittent and varied by geography, but reportedly began in the eastern US before spreading to other parts of the country and Europe.
Users complained they could not reach dozens of internet destinations, including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.
Major cyber attack disrupts internet service across Europe and US
Read more
Hackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code – known as a “botnet” or, jokingly, a “zombie army” – to force an especially potent distributed denial of service (DDoS) attack.
The aim of a DDoS attack is to overwhelm an online service with traffic from multiple sources, rendering it unavailable. Dyn said attacks were coming from millions of internet addresses, making it one of the largest attacks ever seen.
Dyn said it had resolved one attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By the evening it was fighting a third.
At least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders.
Security researchers working with Dyn to investigate the attack have linked it to a network of web-enabled CCTV cameras made by a single Chinese company, XiongMai Technologies.
Allison Nixon, director of research at the security firm Flashpoint, said its web-enabled CCTV cameras and digital video recorders were forcibly networked together using the sophisticated malware program Mirai to direct the crushing number of connection requests to Dyn’s customers.
“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs.
The Guardian has contacted XiongMai for comment.
The same Mirai malware was used in September to launch what was then described as the biggest DDoS attack ever on Krebs’ website, Krebs on Security. His reporting on cybercrime has made him a target in the past.
Hackers released the source code for Mirai earlier this month, inspiring a significant number of copycats.
Experts had warned of increasingly sophisticated botnets – in essence, a weaponised combination of malware and as many as 100,000 hijacked individual devices – just days before Friday’s attack.
Researchers at Level 3 Communications, a global communications company focused on managed security, warned earlier this week that “the threat from these botnets is growing” as more and more devices were connected to the web.
The US Department of Homeland Security had issued a warning last week.
Mirai was the most sophisticated botnet malware Level 3 had seen yet, able to rotate the IP addresses (likely to avoid detection) about three times as often as had been observed with other botnets.
More worryingly still, it was “becoming still more sophisticated”.
Mirai targeted household and everyday devices – such as DVRs, cameras and even kettles – that were connected to the internet, a concept of connectivity commonly referred to as “the internet of things” (IoT). Many were devised without particular mind to security.
Level 3 researchers said the majority – as many as 80% – of botnets were networked DVRs, with the rest routers and other miscellaneous devices such as IP cameras and Linux servers.
“The devices are often operated with the default passwords, which are simple for bot herders to guess.”
Michael Mimoso, of cybersecurity research group Kaspersky Lab, estimated on Wednesday that the number of compromised devices had reached 493,000, with most in the US. “But Brazil and Colombia are also high on the list”.
Dyn categorized the attack as “resolved” shortly after 6pm New York time, but it is still not known who deployed the botnet, and why.
“The complexity of the attacks is what’s making it very challenging for us,” the company’s chief strategy officer, Kyle York, told Reuters. Homeland Security and the Federal Bureau of Investigation said they were investigating.
A tweet from WikiLeaks at 5pm Friday New York time implied that its supporters were behind the attack.
“Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point.”
WikiLeaks
(@wikileaks)
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL
October 21, 2016
Security researcher Bruce Schneier caused waves when he wrote in September that someone, probably a country, was “learning how to take down the internet”.
He wrote that “a large nation state” (“China or Russia would be my first guesses”) had been testing increasing levels of DDoS attacks against unnamed core internet infrastructure providers in what seemed like a test of capability.
Nixon told Reuters there was no reason to think a national government was behind Friday’s assaults, but attacks carried out on a for-hire basis were famously difficult to attribute.
|
|
  
|
|
|
|
|
|
|
 Re: هكذا نجح القراصنة في مهاجمة شبكة الإنترنت (Re: Mohamed E. Seliaman)
|
Analysis Major Weekend Cyberattack Was a Preview for Israel's Future Wars
Israel's military computer systems are well protected, but civilian infrastructures are still quite vulnerable to cyberstrikes.
FILE PHOTO: The face of an attendee is reflected in a laptop computer screen alongside code as he participates in the TechCrunch Disrupt London 2015 Hackathon in London, U.K., on Saturday, Dec. 5, 201Luke MacGregor, Bloomberg
Analysis Rise of the toasters: one is harmless, a million are a cyber army
No ordinary attack: cyberthreat posed by Internet of Things will only grow
How hackers exploited the Internet of Things to bring down the internet
Meet the Israeli startups connecting the Internet to everything
The hacking that brought down websites in the United States and Europe on Friday seems to be the most extensive, sophisticated and ambitious attack of its kind the West has ever experienced. Over the past two years there have been two major hackings of civilian infrastructures in Ukraine and Turkey that were attributed – without it ever having been categorically proven – to Russia, in the context of conflict between it and the two neighboring countries. Israel had a similar hacking experience, of much lesser magnitude, during the last war in the Gaza Strip, which it was able to counter without real damage.
As of Saturday, neither the American government, nor experts interviewed in the media, had directly accused anyone of the attack. It is clear that the attack represents major offensive capability and that it required a great deal of preparation. Ostensibly, the immediate suspect is Russia, which has been accused over the past two months of being behind the hacking of senior officials in the Democratic Party, leaks to the Wikileaks site and the indirect assistance given to the campaign of Republican presidential candidate Donald Trump.
Just last week, Vice President Joe Biden hinted that the United States would consider cyber- retaliation against Russia if it continued the attacks. Precisely in this context, Russia might consider such extensive hacking too risky a gamble – and Moscow is usually an expert at pushing the edge, rather than undertaking suicide attacks.
The actual damage was apparently not very extensive. No American firm collapsed or stopped functioning, although some sites were shut down for a few hours. Denial of service attacks are nothing new; they are the preferred way of hacking civilian infrastructures in terms of the hackers’ cost effectiveness, because the defending side can’t totally stop the attack in a way that completely blocks their access to the internet.
skip - EMail Alerts
Sign up below and receive every new Amos Harel scoop and analysis
directly in your inbox
According to Israeli cybersecurity experts, the success of such an attack depends on the recruitment of a sufficiently large mass of attackers and targeting the “internet of things” – that is, internet-connected household devices, rather than computers. Most state security bodies know how to identify computer systems connected to countries that represent a major danger; they blacklist and identify them and are thus able to stop an attack. But security cameras and refrigerators are not on any blacklists – and so up until now attacks by such devices have not been anticipated.
FILE PHOTO: An attendee works at his laptop during the TechCrunch Disrupt 2015 conference in London, U.K., on Monday, Dec. 7, 2015. Jason Alden, Bloomberg
Now that the attack has happened, the relevant industries might have to re-assess their vulnerability to hacking via devices connected to the web. That is true, for example, in the car industry, where most new vehicles come off the assembly line connected to the internet.
Such an attack could happen in Israel in the future. There are rival countries, or those with vested interests, that could act against Israel. The country’s security and military computer systems are fairly well protected and their interface with civilian systems is limited in a way that makes them hard to strike. Civilian infrastructures, especially those not belonging to the state, are still quite exposed despite considerable progress in recent years in the field of cyber-security.
In any case, the cyber-events of the past two days seem like a taste of the future. In the short term, it remains to be seen whether Russia, or hackers associated with it, will be tempted to disrupt the U.S. presidential elections on November 8. In the longer term, it is clear that cyberattacks will be an inseparable part of any future conflict between two countries with technological capabilities.
While attacks by bombs and missiles require a great deal of international involvement, leave clear fingerprints and often spark harsh criticism, hacking is a different sort of weapon. It can be used to perpetrate a more mild strike that cannot always be traced to the perpetrators. Hacking is convenient for sending threatening signals, for an attack that can serve as an alternative to a military face-off, or for an opening strike after which the bombs and missiles come. Since Israel and the United States are fostering such capabilities, they are also aware of the possibility that their opponents know how to use similar means against them.
Amos Harel
Haaretz Correspondent
articles by Amos Hare
| |
|
|
|
|
|
|
| |
زهير عثمان حمد
Mohamed E. Seliaman
فيس بوك
تويتر
انستقرام
يوتيوب
بنتيريست