Wordpress gets hit with second DoS attack in 2 days
March 7, 2011
WordPress suffered a further series of DoS (denial of service) attacks on Friday, a few days after recovering from a particularly debilitating attack that was about twice as bad.
Serving about 18 million blogging sites, WordPress actually traced the vast majority of the attacks of the latest assault back to China. DoS attacks from China are nothing new, and the trend has been intensifying lately.
Analysis pointed to a Chinese language site as one of the principal targets of the attack.
For now, this yet-unnamed website is blocked by Chinese search engine Baidu, prompting speculation that the attacks could potentially be politically motivated.
But a closer inspection of specific events led Wordpress to conclude that commercial motives were probably behind the attacks.
But the situation is rapidly getting worse, and it's not just WordPress that is targeted anymore. The French finance ministry has also admitted this morning that itself came under a sustained and targeted attack last December, targeting files related to the G20 summit that took place in Paris two months later. But why the French finance ministry waited so long to make the news public is unknown, however.
About 155 computers at the ministry were affected. Paris Match magazine, which broke the story, quotes an anonymous official who told it "We noted that a certain amount of the information was redirected to Chinese sites. But that in itself does not say very much, however."
Last month, CBC News reported in January, a small group of Chinese hackers were successful in fooling Canadian federal IT staff into providing sensitive information as well as giving them access to government computers, leading to severe Internet restrictions at the Treasury Board and the Finance Department in Ottawa.
The news was also reported by other news outlets. Although the Canadian government has so far offered little information on the security breach, CBC added that the attack cut off Internet access for thousands of public servants, although service has slowly been returning to normal in the past week.
There has been no confirmation so far that Canadians’ personal information or other sensitive data has been compromised or lost, but there appears to be a full-scale investigation currently going on.
In what the CBC described as an executive spear-phishing attempt, the group of hackers used bogus e-mails to pass themselves off as senior executives to IT staff at the two federal departments and request passwords, while other staff received emails with virus-laden attachments.
In response to various media reports, the Canadian Treasury Board issued a brief statement admitting it had detected an unauthorized attempt to access its networks, but provided no additional details. “Employee access to the Internet has been limited for the time being,” said spokesman Jay Denny.
However, another source told the CBC it's not certain that the cyber-attackers are located in China. Servers based in China may simply have been used to route the attacks from elsewhere such as Russia, Iran, Brazil or other countries. Chinese officials immediately denied any connections to the attacks, however.
The Toronto Star said earlier this morning that former federal chief information officer and Treasury Board secretary Michelle d’Auray has asked staff for a list of Web sites they believe are essential to their jobs.
"The allegation that the Chinese government supports Internet hacking is groundless," foreign ministry spokesman Ma Zhaoxu told reporters during a regular briefing, according to the Hindustan Times. “The Chinese government attaches importance to the safety of computer networks and asks computer and Internet users to abide by laws and regulations in the country where such computers are physically located.”
For the past few years, Auditor-General Sheila Fraser has been warning about flaws in the system that could potentially put federal government IT infrastructure at great risk. More recently, groups like the CATA Alliance have been calling for Canada to follow the lead of the United States in appointing a Cyber-Security Coordinator to ensure a unified response to IT security incidents, build partnerships between government agencies, encourage R&D spending in developing new technologies and raise awareness of Internet security issues.
Although some earlier reports had suggested the attacks were in part discovered through Citizen Lab, the interdisciplinary laboratory based at the University of Toronto's Munk School of Global Affairs, the organization posted on Twitter that it was not involved in investigating the security breach.
In other Internet security news, an international security conference in Munich held Feb. 6 said that better assurances are needed for the proper deployment of cyber-weapons need to be quickly developed and treated with the highest priority.
The very influential 'EastWest Institute' is due to present proposals for the cyberspace equivalent of the Geneva convention at the Munich Security Conference, which has included a debate on cyber-security on its agenda for the first time this year.
Delegates to the conference include U.K. Prime Minister David Cameron, German Chancellor Angela Merkel, U.S. Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov.
The discussion on rules for cyber-conflict follows months after the infamous Stuxnet worm was blamed for infecting industrial control systems and sabotaging centrifuges at controversial Iranian nuclear facilities. Some have described the malware as the world's first cyber-weapon though cyber-espionage in many guises has undoubtedly been practiced by intelligence agencies across the world for many years.
Computer systems underpin the delivery of essential services, including utilities and telecoms as well as banking and government services. Critical national infrastructure systems are most commonly privately held, at least in the U.S. and Europe.
And although attacks against various critical systems are commonplace, they also tend to be low level information-stealing or denial of service (DoS) exploits. Many independent experts in cyber-security dismiss talk of cyberwar as hype – driven more by the marketing departments of US security contractor giants seeking a new market in cyberspace than by reality on the ground.
Others argue that cyberwarfare or information warfare risks are all too real and illustrated by the denial of services attacks that blitzed Estonia off the web and the Operation Aurora assaults against Google and other high-tech firms as well as Stuxnet, a strain of malware that might inspire other forms of malware that attack industrial control kits, perhaps indiscriminately.
The rules of cyberwarfare seek to establish protected domains – such as hospital and schools – that are off limits for attack. Proportionality in response to attacks and identifying the source of attacks is also likely to enter the debate.
British government sources told the BBC that they were not convinced of the need for a treaty governing conflict in cyberspace, while they conceded the need for a discussion on proportional response – and, more particularly, on attributing the source of attack.
Source: The U.K. Guardian.
You can link to the Internet Security web site as much as you like.