Following the coordinated attacks on mainstream media sites in Nigeria, EMMANUEL MAYAH visits the cyber crime scenes and reports on how millions of zombie computers are deployed as foot soldiers to attack big businesses, political dissidents, competitors or enemy organisations.
Life in Nigeria is pretty much becoming a video war game. In the past, you could choose to bump off an individual or an enemy organisation using letter bomb, price-tag assassins, corporate spies or attack dogs in white collar. Today, the thin line between reality and science fiction is blurred, so much so that a cripple with the right computer know-how can sit in one corner of his room and mobilise millions of zombies to cause an oil spillage in the Niger Delta or to hold a multinational hostage until a huge ransom is paid.
In Italy, not too long ago, a mob boss was shot but survived the shooting. That night, while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was a dead man a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the “accident.”
Elsewhere in Nigeria, shockwave swept across the city of Lagos last year after a television house became the target of a bomb attack. The same effect was achieved three weeks back, as mainstream newspaper websites were brought down by unknown hackers.
One of the first people to discover the cyber siege was Nigerians in Diaspora, who rely on online newspapers to follow news and political developments back home. One of the sites affected was the sunnewsonline.com. Virtually all the sites were blank or had one stagnant old page that refused to move an inch no matter how hard you hit at the keys. In desperation, long-distance calls were coming in from the US, Europe, Australia, Asia, and other parts of the world. Everyone wanted to find out what was going on and, in the process triggered a cycle of panic that looked like the aftermath of a coup d’état.
Given the crime history of Nigeria, it was probably only a matter of time before felonies, like advance fee fraud, identity theft and sundry scams, were elevated to cyber terrorism. Though no ransom was reportedly demanded in this maiden attack, the cyber hijackers may well be serving notice that it is now possible to sabotage a multi-million-dollar operation or hold hostage an entire organisation without wielding an AK-47. In such an event, it would be pointless calling in the police, given that hi-tech capabilities are required to even see the footprints of the criminals.
Amy Webb, a digital media consultant whom this reporter met in the US this year, recounts how one of the websites she maintains was taken hostage by hackers.
“My site went down for hours, and I received a ransom note demanding $10, 000 to stop a “denial of service” attack. There are more and more documented cases of attackers attempting to hold websites to ransom, demanding payment in exchange for stopping their onslaught,” Webb said.
The “Denial of Service” attack, also known as DoS, are malicious efforts to keep authorised users of a website or web service from accessing it, or limiting their ability to do so.
Users of LiveJournal and Twitter would never forget August 6, 2009 in a hurry. Suddenly, both websites were completely offline. Users couldn’t access their accounts, and there was seemingly no explanation. It was later learnt that hackers had coordinated something even worse than a DoS attack. It was called a “Distributed Denial of Service” or DDoS attack. In this case, hundreds of thousands or millions of computers are used to cripple a web page, website or web-based service. A common form of DDoS is a massive number of computers being used to send requests to a web site, overwhelming it to the point where it can’t respond to legitimate requests from normal users.
Webb said that was exactly what happened to LiveJournal and Twitter.
The origin of a DDoS attack is extremely difficult to pinpoint, and without knowing who’s behind it, it’s hard to determine the motivation for an attack. However, it’s reasonable to assume that some attacks are politically motivated. For example, during the conflict between Russia and Georgia in August of 2008, there were efforts, on both sides, to bring down the websites of the warring countries. The most recent DDoS attack in August 2009, which brought both Twitter and Facebook down, was actually directed at one person: a Georgian blogger who maintains accounts on Twitter, LiveJournal and Facebook. Political activists were attempting to stop him from communicating, but the attack disabled all three networks for all users worldwide.
It is estimated that there are about 40 million computers in Nigeria. Without the owners ever suspecting it, each of these computers can be deployed as foot soldiers, even by an attacker in another country, to do the biddings of some evil geniuses. There are several different ways attackers can bring down a site with a DDoS attack. Some prevent legitimate network connections from being completed by keeping the host’s resources busy with bogus requests. Others overwhelm a network with a large number of data packets, consuming the available network bandwidth.
A site can be rendered unavailable even as a result of large numbers of legitimate requests. One example of this is the so-called “Slashdot effect,” wherein a popular site, Slashdot, links to another website, and the massive number of Slashdot users clicking on the link temporarily brings down the other site. While this is not considered a DDoS attack, it has essentially the same result.
Other modes of attack are possible, but increasingly, most DDoS attacks have one thing in common: the rise of botnets. In this context, a botnet is a collection of computers that can be remotely controlled by an attacker, whether directly or via peer-to-peer communication. Typically, this control is accomplished through the use of malware installed on each individual machine. The individual computers are sometimes called “zombies” because they can be controlled remotely without the knowledge of their owners. Such computers are often used to send spam. It’s estimated that the majority of spam originates from compromised zombie machines.
A recent example of a botnet was the collection of computers compromised by the Conficker worm, first detected in 2008. The estimated number of infected computers varied widely, but was as high as 15 million at one point. Such a collection of machines could be used to instigate a DDoS attack. In fact, some hackers even “rent out” botnets, offering them for use by others for a fee per machine.
New kids on the bloc
Cyber attack may well be the new face of Internet crime in Nigeria. As crime morphs from Advance Fee Fraud to credit card fraud, armed robbery to kidnapping, cyber attack could turn out to be a new-found honeypot. Since the late nineties, one of the more popular cyber attacks is to threaten a large bank. The criminals, labelling themselves terrorists, hack into the system and then leave an encrypted threat message for senior directors. In essence, the message says that if they do not pay a set amount of money, then the terrorists will use anything from logic bombs to electromagnetic pulses and high-emission radio frequency guns to destroy the banks’ files. What adds to the difficulty to catch the criminals is that they may be in another country. A second difficulty is that most banks would rather pay the money than have the public know how vulnerable they are.
In 1997, a cyber crime group known as the Chaos Computer Club created what was known as an Active X Control for the Internet that can trick the Quicken accounting programme into removing money from a user’s bank account. This could easily be used to steal money from users all over the world that have the Quicken software installed on their computer.
The American experience is clearly captured by Kevin Coleman, a Cyber Warfare analyst, who says that Cyber attacks on businesses have risen in frequency and sophistication and that the monetary damages that accompany these incidents are rising as well.
“America’s corporations are under constant attack from cyber criminals, terrorists and rogue nation states. The devastating consequences of a cyber attack on our business community have now risen to a level where it must be considered a threat to our nation’s security.”
Seyi Oguntuase, a Security Management expert, told Saturday Sun that Cyber terrorism are acts of deliberate, large-scale disruption of computer networks, especially of personal computers, attached to the Internet for the primary purpose of creating alarm and panic.
“Believe it or not, we are living in the virtual world. The possibilities in today’s world are so frightening it is difficult to tell what a reality is and what exists in the realm of the imagination. As the Internet becomes more pervasive, in all areas of human endeavour, individuals or groups can use the anonymity afforded by cyberspace to threaten other people. Their confidence is boosted by the fact that there is no inherent threat of capture, injury, or death to the attacker; unlike other crimes that require the physical presence of the criminals at the scene.”
Indeed, the confidence of cyber criminals can only be rivalled by their evil ingenuity. The culprit behind a DDoS attack against popular websites, including CNN, eBay, and Amazon in February 2000 turned out to be a Canadian high school student with no clear reason for launching the attack, other than that he could do it.
Webb says that while personal websites and blogs are not generally targeted for DDoS attacks, every organisation with a website or web service critical to its operation should be aware of these attacks and be prepared for the possibility of being targeted.
“Quite obviously, having your site or service rendered inaccessible for even an hour can result in lost revenue.”
Oguntuase warns that the attacks on media websites in Nigeria should be viewed more seriously not even by the media community but by the managers of the country’s national security.
He said: “The media in Nigeria have had to contend with all manner of state terror, like proscriptions, shutdowns, killings of journalists, especially in the long years of military dictatorship. However, the vulnerability of the state is manifest in activities like the Niger Delta militancy, kidnapping for ransom and pipeline vandalism. Like the media, government operations are becoming more computerised; so both maybe facing a common enemy. I say this with all sense of responsibility because, even though Nigeria has not attained the level of IT sophistication found in the West, we have a mainstay, oil, whose operation is comparable to what is obtainable in other parts of the world. While it remains a conspiracy theory, it has been said that the recent BP oil spill in the US, was as a result of sabotage by cyber terrorists that succeeded in compromising BP’s computer network.”
One example of cyber terrorism that threatened national security was when terrorists in Romania gained access to the computers controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved. However, the culprits were stopped before damage actually occurred.
In May 2007, Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II memorial from downtown Tallinn. The attack was a distributed denial-of-service onslaught in which selected sites were bombarded with traffic in order to force them offline. Nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline; in addition, the political party website of Estonia’s Prime Minister Andrus Ansip featured a counterfeit letter of apology from the Prime Minister for removing the memorial statue. Despite speculation that the attack had been coordinated by the Russian government, Estonia’s defence minister admitted he had no conclusive evidence linking cyber attacks to Russian authorities. Russia called accusations of its involvement “unfounded.”
Similarly, the website of Air Botswana, was defaced by a group calling themselves the “Pakistan Cyber Army,” just as a disgruntled employee caused the release of untreated sewage into water in Maroochy Shire, Australia.
In response to heightened awareness of the potential for cyber-terrorism, the then US President, Bill Clinton, in 1996, created the Commission of Critical Infrastructure Protection. The board found that the combination of electricity, communications and computers were necessary to the survival of the U.S; all of which could be threatened by cyber-warfare. The resources to launch a cyber attack are commonplace in the world; a computer and a connection to the Internet are all that is really needed to wreak havoc.
On November 2, 2006, the Secretary of the US Air Force announced the creation of the Air Force’s newest MAJCOM, the Air Force Cyber Command, which would be tasked to monitor and defend American interest in cyberspace. The plan was, however, replaced by the creation of Twenty-Fourth Air Force, which became active in August 2009 and would be a component of the planned United States Cyber Command.
On December 22, 2009, the White House named its head of Cyber Security as Howard Schmidt. He will coordinate U.S Government, military and intelligence efforts to repel hackers.