• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Cyberattacks with offline damage

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
baqai

baqai

Member
Joined
Sep 30, 2002
Location
Karachi, Pakistan
Found this intresting article and thought about sharing it with you people


What's virtual is virtual, and what's real is real. Right? Maybe not.
Most experts think of cyberattack as something that will happen in the virtual world, with effects on, say, computer networks or access to bank accounts. Cyberattacks involving the use of online tools against the offline world would be much harder.



But a recent paper by a computer security researcher at Johns Hopkins University suggests that there are plenty of gateways that connect the cyberworld with the more familiar terrain of the physical world that some refer to as "meatspace." And since he is a security researcher, he does it by showing the potential for a cunning attack that crosses that gateway.
Aviel D. Rubin, the technical director of the Information Security Institute at Johns Hopkins University, describes in the paper with two co-authors a real-world attack that uses computers to automate tasks and the power of the Internet to disseminate information.
Using tools that have been published by search engines like Google that allow programmers to automate searches on a large scale, Rubin and his colleagues described a relatively simple program that could set the victim up to receive catalogs from hundreds of thousands of Web sites that have sign-up forms.
In fact, something like what Rubin describes has already happened. Last year, Alan Ralsky, a spam-sending entrepreneur known as the "spam king," gave an interview to The Detroit Free Press boasting about his 8,000-square-foot house and all the money he made from sending unwanted e-mail to hundreds of millions of people at a time. Shortly after that article appeared on Slashdot.org, a major online news source for technophiles, its readers signed Ralsky up for thousands of catalogs, brochures and more. Soon he was getting hundreds of pounds of mail every day.
That was a spontaneous effort by a large community. But Rubin's paper suggests that anyone can get a computer to stand in for the Slashdotters and bury someone in junk. And Google shows hundreds of thousands of Web pages from which anyone could request a catalog.
It sounds like a new version of the oldest prank in the book--the cyberspace equivalent of the old order-50-pizzas-for-your-enemies trick. But it's much bigger than that. An attack could be enormously disruptive to the target and could paralyze the local post office that has to deal with the onslaught. As the report notes, the exploit could be used as a diversion to accompany a deadly terrorist act, like mailing an envelope containing anthrax spores.
Some experts have talked about hypothetical, sophisticated cyberattacks on real-world facilities that are connected to the Internet, like the power grid and dams. But the situation described by Rubin suggests that a far more low-technology approach could cross the barrier between virtual and real realms.
Other automated attacks could easily follow, he said in an interview, including automated orders for hundreds of maintenance requests, package pick-ups and service calls.
Why risk unleashing such mischief by writing about it? That's always the question security researchers face, and Rubin said that he would never have released the paper if he thought that the attack would not emerge otherwise, or if there were no way to stop it. But the programming tools are out there, he said, and sites are vulnerable. It's only a matter of time before the "script kiddies" who start cyberattacks from code that others develop and share start trying to bury people in paper. "If we knew about it and did nothing, and then the attack was launched, we would be guilty of negligence," he wrote. "It is our judgment that the time has come to reveal this threat."

In the report, he also describes ways that Web sites can make the process of filling out forms hard for automated programs to do, in some cases simply by asking the user to answer an unexpected question or to solve a simple puzzle before proceeding. One of the fathers of computer science, Alan Turing, once suggested that artificial intelligence could be tested by seeing if a program could be good enough to fool a human being into thinking he was communicating with another person.
A "reverse Turing Test"--already in wide use in computer security to foil automated attacks--would stump a silicon brain while letting people get the information they need without much fuss, he said.
The paper, which can be found is available online, has impressed Bruce Schneier, a security expert who has been looking at these issues. He is writing about it for the latest edition of his widely read newsletter, Crypto-Gram.
"This interstitial area where cyberspace meets the real world is a ripe area of attack," he said in an interview. He sees this problem as being the real-world equivalent of a distributed "denial of service" attack, in which the attacker gets computers around the world to inundate a target machine with data, messages and other electronic detritus that make it impossible for legitimate users to get through to it.
A spokeswoman for the U.S. Postal Service, Sue Brennan, said the attack described by Rubin might not work in practice. "The concepts in the document, while compelling, appear to be systematically flawed with regard to the controls our major mailers would have in place to prevent such an event from occurring," she said.
"That's good," Rubin said, but he argued that an attack that ordered only one catalog from thousands of sources might have serious effects before it could be detected. "I hope she's right," he said. But he did not sound optimistic.
Entire contents, Copyright © 2003 The New York Times. All rights reserved.
Click to expand...


[Click Here For Original Source Article]
 
The one thing I don't understand, is if script kiddies like using computers and the internet so much, why do they use it to cause damage? In doing so, they will make people afraid of it, and make people try to shut it down.

There's huge potential for stuff like this, but as soon as someone does it, lawmakers will be passing some seriously tough laws, that in all likelyhood, wouldn't just stop the destructive use, but also stop the legitimate uses as well.
 
i think so it's their way of feeling that they are the "boss" or "king" or what ever their fascination of being superior to someone else :rolleyes: if only they use their knowledge (what ever they have) to something constructive
 
Interesting article.

Alot of people don't see the other side of this problem though. It may be some "script kiddie" trying to get back at someone for calling them a name in some obscure chat room that they shouldn't be in anyways, but what about all the trees? 100 pounds of mail per day is a lot. Also-- the companies that are being taken advantage of: companies that send out 100s of dollars worth of catalogs +shipping to "potential customers". Other things like service calls and package pickups cause a loss to the company, when they could be elsewhere, making money.

In the cycle of things, all of those magazines out with no sales may cause a company to fold, or lay off people. This is especially true for small online businesses.
 
You must log in or register to reply here.

Similar threads

Kenrou
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Replies
2
Views
137
rainless
rainless
BruceUSA
Synology NAS help Please
Replies
4
Views
117
=XAF=AfterShock
=XAF=AfterShock
rainless
nofltr Developer Diary
Replies
1
Views
142
rainless
rainless
M
DTT3500 - Liquid Damage - Help Fixing
Replies
2
Views
2K
don256us
don256us
F
Favorite Audio Part
Replies
1
Views
116
Archer0915
Archer0915
Back