Over the years I've always been amazed at the amount of immaturity on the internet. Add immaturiy to the illusion of anonymity that most people seem to have on the internet and it can be a recipe for large amounts of hate. There is a certain type of users on GameSurge that typifies the worst the internet has to offer. Some are racists, some are wannabe eThugs who pretend to be gang-bangers and talk like idiots.
Then you have the kids who have too much free time on their hand and made to order trojan horse applications at their control. They've managed to infect hundreds or thousands of Windows machines which are generally more open to takeover. There are libraries of these trojans freely available with source code and generally these kids don't have to (and don't ) know anything about programming and are not good enough to program such things on their own. If left to their own devices without any examples or code to use, they'd just go back to perusing the internet for porn. The sad thing is these kids are generally under the age of 18 and their parents either don't know or don't care about their activities. I say the parents don't care because on multiple occasions I have tracked down these kids and spoke with their parents. Their lack of understanding about what their children are getting into leads them to generally ignore the behavior. They wouldn't let their kids vandalize other peoples property, but when it comes to terrorist like activities on the internet, it goes right over their heads.
Here's an example of a kid who may either be posturing or actually have a legion of infected machines at his control:
(h4ck3r) u <3 cokc eh fag???
(h4ck3r) w8 til i intorduc u 2 my boatss!@!
This past weekend one of our security guys on GameSurge noticed the #botnet channel and its topic.
-OpServ- #botnet Information
-OpServ- Created on: Sun Jun 04 08:41:44 2006 (1149439304)
-OpServ- Modes: +stnC
-OpServ- Topic (set by xenex`, Sun Jun 04 13:53:10 2006): GameSurge will be DDoSed on 6/6/06 at 6:06pm PST. Be ready.
-OpServ- Users (1): -OpServ- @xam (~zgqwz@68.180.9.13)
I should point out that the ~zgqwz@68.180.9.13 user is probably on via an infected machine. When we try and block these users, they just connect from any of their "legion" of infected machines with different address.
As of right now (1.5 hours earlier than the threat) I'm being DDoS'ed (Distributed Denial of Service Attack) for ~300mbit/s. Now mind you that's not a big attack. Frankly it's a small attack compared to many of the attacks we've received. The point is more that these kids don't know or don't care about the implications of what they do. These attacks affect everyone from the users of the infected machines they use, their ISP, every ISP between them, to the target machine. Often times these attacks are so big as to affect other customers of the ISP where the target machine is being hit. I've seen ISP's fold under pressure, such as The Planet and Speakeasy.
When one talks about recourse for actions like these, it can be a nebulous area. Sometimes the authorities will get involved, most times they will not. Attacks like these cost money and time. For every person you hear about on the news getting busted for DDoS'ing, there are hundreds of others. I've seen kids grow from being in their mid-teens to adults, the whole time attacking people, and while I know the authorities know about them and their activities, they're not "big" enough to warrent the expense of prosecution.
On GameSurge we keep an extensive database of our users who participate in these activies, cataloging their trojans, names, real life information if possible, associations and logs of activities which we provide to various law enforcement agencies. To date we've found limited success in doing this and have seen some of our "Script Kiddies" and attackers prosecuted for their activities. In most cases they are not prosecuted for attacking us directly, but rather for their other activities which our information has helped, at least in part, uncover.
DDoS'ing and threats of DDoS have been used to extort people and they've been used to try and stifle competition. DDoS'ing also comes up as an act of eBullying, kids who aren't socially adjusted, who are probably bullied in real life use it as a release to be the aggressor.
The sad thing about this phenomena for me is I'm now at a loss as to what to do about such things. The authorities do what they can, I'm sure, but in the long run I've found the only real option is to weather the storm and move on. I guess being attacked is one of the ways to know you're successful, but it sure sucks as a thank you for providing a free community service to people.
;p>As I finish this blog entry the attack subsiding and is down to 70mbit/s. In about 20 minutes it should subside completely, for now anyway.
