Massive DDoS attack on core internet servers was 'zombie army' botnet from popular smartphone app.

[Reefa]

The recent attack on the internet's core servers is even more severe than previously thought according to cybersecurity expert John McAfee, who believes it was brought about by a so-called "zombie army" botnet unwittingly installed on hundreds of millions of smartphones through an as yet unidentified app. It is unclear who the perpetrators of the attack are but McAfee speculates that the aim of the attack - taking down the internet - and the unsophisticated way the botnet could be implemented through a simple smartphone app, suggests hackers sympathetic to Islamic State (Isis) or another terrorist group may be behind it.

 

The recent attack on the internet's core servers is even more severe than previously thought according to cybersecurity expert John McAfee, who believes it was brought about by a so-called "zombie army" botnet unwittingly installed on hundreds of millions of smartphones through an as yet unidentified app. It is unclear who the perpetrators of the attack are but McAfee speculates that the aim of the attack - taking down the internet - and the unsophisticated way the botnet could be implemented through a simple smartphone app, suggests hackers sympathetic to Islamic State (Isis) or another terrorist group may be behind it.

 

The distributed denial of service (DDoS) attack that took place between 30 November and 1 December targeted 13 internet root name servers, which combined are responsible for supporting almost the entire internet. There are thousands of secondary servers around the world that could function as temporary replacements, but the majority are cached systems that only hold the data for a temporary period of time.

 

There are 370 more permanent servers, but taking these servers down through a similar DDoS attack would be trivial. At the peak of the DDoS attack, the servers received more than five million queries per second, and more than 50 billion queries in total during the two-day period.

 

McAfee and other cybersecurity experts, including notorious hacker Chris Roberts and DEFCON organiser Eddie Mize, believe that smartphones are the most likely culprit for such a botnet, as one can be easily installed to a device through an app, such as a flashlight app.There are other possibilities for the botnets, such as Spam emails, but due to the sheer volume displayed in the attack that answer is unlikely. With more than 7 billion smartphones in the world, McAfee sees this route for an attack on the internet as the logical answer.

 

"There are smartphone apps with more than 100 million users that are known to be spying on us," McAfee tells IBTimes UK. "It is trivial to build a free app which gets its ideas from a central source. As to who may have done this, I always look to those who have the most to gain or who have the largest axe to grind. The majority of the domain servers are controlled by U.S. interests - three are controlled by the US government. Who has the largest axe to grind? Isis. Who has the most to gain? Isis. Isis certainly has the technical capability to write a popular app. But I have no direct evidence.

 

"If there were 100 million users of an app, only 0.1% of the phones would have to be activated in order to achieve the effects that we saw. I have not yet identified the app, and it may be multiple apps. But this is as serious as it gets. We have absolutely no defenses in place to counter this threat. If the perpetrators had activated a mere order of magnitude more phones we would have lost the internet."

 

It is the third time since 2012 that a DDoS attack has been carried out against the root name servers and operators have suggested that IP source addresses can be easily spoofed. However, the latest attack was notable for the fact that source addresses were widely and evenly distributed, while the query name was not.

 

"The problem with the recent attack is that the originating IP addresses were evenly distributed within the IPV4 universe," McAfee says. "This is virtually impossible using spoofing. The second oddity is that every single request asked to resolve the exact same address. There is only one circumstance that can explain the above: the mythical "Zombie Army" of botnets has been built and has been partially activated."

 

Should such a botnet be fully deployed, the global impact would be "catastrophic" for financial and essential services, according to Roberts, while Mize believes "we have no defenses [against a mobile app botnet] and it was entirely unanticipated. The people in power need to be woken up before the world, as we know comes to an end."

 

ibtimes.co.uk

[dMog]

sorry but john m is more of an expert on being a wakadoodle than anything else  now...please check other more credible sources and not just the stuff that pops up and looks flashy because it is nefarious  ...and also check the reliability of the source...this guy  has lost most of his marbles and credibility for quite some time now

[Reefa]

15 minutes ago, dMog said:

sorry but john m is more of an expert on being a wakadoodle than anything else  now...please check other more credible sources and not just the stuff that pops up and looks flashy because it is nefarious  ...and also check the reliability of the source...this guy  has lost most of his marbles and credibility for quite some time now

If it wasn't for the other two..[McAfee and other cybersecurity experts, including notorious hacker Chris Roberts and DEFCON organiser Eddie Mize

I wouldn't have bothered posting..So maybe actually read it next time before quoting the obvious about mcafee..

Source is legit..

[DKT27]

Multiple IPs and a single target address. I wonder what the address would be.

 

While this might be a big thing, stopping such might not be so. Just checked and found that Google handles about 50,000 requests in a second, not even near the number mentioned in this article. Meaning, a anti-DDoS mechanism can be simple to implement in which any query which goes beyond a million can be blocked. Infact, this can be implemented even for a particular address level. If that's not possible and something big is required, then they can prevent anyone from querying the root servers except the one who are trusted, like official public DNS servers.

 

This is what I can understand of all this.

[straycat19]

1 hour ago, dMog said:

sorry but john m is more of an expert on being a wakadoodle than anything else  now...please check other more credible sources and not just the stuff that pops up and looks flashy because it is nefarious  ...and also check the reliability of the source...this guy  has lost most of his marbles and credibility for quite some time now

 

John McAfee was a worthy opponent in the late 80s and early 90s when everyone was trying to beat his antivirus software.  Regardless of what you think about his personal life he is still one of the great security experts that understands the intricacies involved.  Amazing how know nothings always want to take down the people that do know.  

[dMog]

not to start a fight but john did a very good job of doing that to himself... no need to twist the knife i stand corrected on my post and admit defeat

[steven36]

21 hours ago, straycat19 said:

 

John McAfee was a worthy opponent in the late 80s and early 90s when everyone was trying to beat his antivirus software.  Regardless of what you think about his personal life he is still one of the great security experts that understands the intricacies involved.  Amazing how know nothings always want to take down the people that do know.  

It don’t take a genius to be  a snake oil salesman like John McAfee was .. He made Anti-virus software before there was even such thing as  a start menu even  .  Everyone knows Kapsersky set the stranded for the industry in  the 2000s before them they all was not very good products out. there actuality was becoming  a real user base on the internet by then . In John McAfee time there was hardly no one on the net like there is today. Antivirus  do a better job nowdays with far more threats than anything in those days .

 

There no antvirus can stop you from being hacked no way and they  will be a  shakedown of the Antivirus industry soon    . But  I’ve not had no trouble  with catching a virus  in years really many real virus don’t exist  any-more  its mostly malware  that common sense can help you just as much as any  Antivirus can . A lot malware is self inflected of installs  of it thorough  windows programs and now phone programs . The developers are at fault  even a lot free Antivirus programs  are bundled with 3rd party programs . When the  Antivirus industry starts doing this  you know its not really about security but only  about making a profit .   that’s called job security,  let us write pup  put it in programs then people will buy antimalware  to remove them . But if you don’t install pup to began with its not a threat.

 

i see the writing on the wall .. Maybe you cant ? All of them want you to use  there product to make a profit,  but most AV now days  have the very same signatures the ones that matter anyway  . Some have more lies  than others jn them is all.  false  signatures..