|
Tuesday, 23 February 2010 02:49 |
|
Imagine what a cyber offensive capability would look like. Lots of discourse on US military uses of cyber attack has been bandied about this past year, but there has been no discussion of the actual tools. Sure, it is assumed the cyber espionage techniques are in use by all parties. But direct attacks to take down servers is either limited to DDoS, using bots or server farms to generate an overwhelming force, or kinetic attacks that would take out fiber via dragging anchors or well placed explosives.
For a demonstration of a cyber weapon, fittingly named XerXeS after the warrior king of Persia, watch the video that J35t3r (Jester) put together and that Anthony Freed over at Security Island has published. The Jester has advanced his anti-jihadi tool-chest considerably with an interactive interface complete with animated heart beat, and exploding targets. The backend reportedly has been enhanced to use multiple source obfuscation techniques that hide the location of his attacking machine. I assume that the source will always appear different to the victim if they examine their logs. The autonomous aspect that allows him to set it up and let it run enhances his ability to cause havoc with his enemies, Taliban and other Jihadists actively using the Internet to recruit, train, and promulgate their anti-Western views.
This is the sort of tool that I expect will be used the next time war breaks out between two networked countries. Why bother inciting a crowd to pummel a target website, when it can be strategically taken down just at the appropriate moment? Attribution is carefully avoided using web anonymizers or redirectors. THis type of attack against routers, programmable controllers for manufacturing and SCADA controllers, could be very effective.
|
