- Lori MacVittie, senior technical
marketing manager at F5 Networks (www.f5.com), says:
Even after solar eclipses could be
predicted with a fair amount of precision, such an event was often used to
attempt to change human behavior. In the Bible, one of the plagues of Egypt involved darkness covering the land in an attempt to change
the Pharaoh's position on the enslavement of the Israelites. This event is
often (inaccurately) interpreted as a solar eclipse. In other cases, it was not
so much an active attempt as the result of such an (at the time) frightening
event.
Herodotus, the father of history, who lived in the 5th
century BC, cited that Thales (ca. 624-547 BCE), the Greek philosopher,
predicted the solar eclipse of 28 May 585 BCE that put an end to the conflict
between the Lydians and the Medes. -- Solar Eclipses in History and Mythology
Ancient peoples looked upon solar
eclipses, whatever the reigning philosophy or religious thought of the time, as
a sign that something human beings were doing was wrong.
On July 9, the digital equivalent
will occur for some, and it is indeed a sign that something is terribly wrong.
The Malware, The Event, The Solution
If you’re not aware of Operation Ghost Click, take a quick read as it’s the backstory as to why this
upcoming event will occur. Suffice to say that a whole lot of end-users were
infected with the DNS hijacking malware called DNSChanger and the FBI, in its
attempts to ferret out the root cause, set up one of the largest honeypots on
the Internet – intercepting every DNS request sent by the infected users. It
managed this feat by posing as the DNS resolvers used by the malware.
This had the effect of allowing
hundreds of thousands of infected users to keep right on using the Internet as
if nothing was wrong. Their DNS requests were resolved properly, and most of
them were – and are still – none the wiser.
But the FBI is going to turn off
that system on July 9, which will leave the hundreds of thousands still
infected with no valid DNS services. Effectively, for those users, the Internet
will become as black as sackcloth; the Internet will go dark.
The solution for these users is, of
course, to clean their systems of the malware. First, however, they have to
recognize they’re infected – something that will become obvious on July 9.
Folks would really like to avoid the mass disruption that will invariably
result from such a broad outage – especially local ISPs and technical family
members who will no doubt have to field calls that day to explain why the
Internet “isn’t working.” To do that, the power of big data is being employed,
with more and more sites joining in to leverage that data in an attempt to
inform those infected before the DNS eclipse occurs.
The most recent prophet to join the
DNS eclipse movement is Facebook, which “announced Tuesday that it had joined a
consortium of other companies and security experts to help alert more than half
a million users of a computer infection called DNSChanger that may knock their
computers off the Internet this summer.” (Facebook warns hundreds of thousands may lose
Internet in July) This notification is accomplished
by means of leveraging big data collected that identifies infected IPs by
origin ASN.
All ISPs are asked to notify their affected customers and
encourage remediation. If you run a network and would like information
about DNS Changer infected IP’s on your network, please contact one of the
organizations listed below. These organizations are making this data
available for free as a public benefit. These organizations will verify
that you are a responsible contact for the ASN.
DNS Changer infected IP’s are
tracked by origin ASN
Facebook, and other cooperating
sites, use the data collected with respect to infected IPs, to notify end-users
to check their individual machine (recognizing, of course, that IPs in the
end-user space are often shared and highly mobile and thus merely turning up as
an infected IP is not a digital indictment) for the malware, with instructions
that explain how to resolve the situation.
The Power of BIG Data
This exercise, in addition to
providing a valuable (and given the large number of still infected machines out
there, necessary) service, illustrates nicely the value of big data to
organizations. While certainly most enterprises won’t be taking advantage of
this service, there are many others that provide similar (and in many cases
better) granularity in information regarding end-users that can be highly
valuable to the security of the data center.
Knowing, for example, that the
client connecting to your public facing application is coming from an anonymizing proxy, or is known as being an IP used to launch web
application attacks (SQLi and the like), is as good as
gold for many organizations. And like many of those who’ve joined the effort to
inform end-users of their infected state, if the supporting infrastructure is
flexible enough – if it’s programmable, as it were – then organizations need
not chew their own arms off with worry about blocking an IP that’s been marked
but is also shared. Infrastructure imbued with the information available from
big data services can execute processes that better enable end-users to redress
the situation, as is being done with DNS changer, rather than outright block or
deny access.
Big data services are coming of age
and combined with the flexibility of intelligent infrastructure, the
possibilities for leveraging that information are endless.
No comments:
Post a Comment