Cyber Terrorists Rock DMAT Servers in “One of the Worst Attacks Ever Seen”

Blogbat ^ | October 10, 2004 | Blogbat

[blogbat]

Attack used FEMA site to take offline over 5 million other sites in official act of "cyber terrorism":

Millions of websites were recently brought down due to a security breach of FEMA’s DMAT servers, according to a source where the servers were initially compromised. Victims including multitudes of e-commerce and government sites. No one knows yet truly how deep the breach went.

DMAT is the Disaster Medical Assistance Team for the United States Public Health Service and is the medical wing of the NDMS (National Disaster Medical System), which serves the Department of Defense, Department of veterans Affairs, the Department of Health and Human Services and FEMA.

[blogbat]

Let me just say that I wouldn't do anything to create a reputation of being unreliable for myself here, so I challenge those who can to independently verify the information.

In the outside chance my source (who is nationally known within their community) has made any statement deliberately false- you have my word they will be outed right here and by name as well as their position within DMAT.

That said, I'm sticking to it.


p.s. MrBambaLaMamba, love that tagline ;)

[Prime Choice]

If they shut down the economy, it can cost lives in the long run,

Bah. The economy functioned just fine before the Internet. Even today with all our electronic transactions, if it all went offline, business would fare just fine on paper for days if not weeks. So I don't buy the claim that it would cost lives in any stretch of time. Again, this crap doesn't evoke a sense of terror; in evokes a sense of annoyance.

But still, the implicaions of hijacking the servers of FEMA should make us a little nervous on its own marits.

Why? Haven't you noticed how the NOAA, NASA, GAO, and a host of other .gov servers have long been the happy haunts of many an anklebiting scriptkiddy? Hell, even the .mil servers which answer to the Department of Defense have more than their fair share of break-ins on a regular basis.

FEMA getting 0wn3d is nothing new. This sort of nonsense has been going on since the 1980s.

[Prime Choice]

The threat of cyber-terrorism is real.

Cyber-terrorism is a myth. Network outages evoke annoyance, not terror. Even in the worst-claimed cyber attacks in which businesses claimed BILLIONS of dollars in losses (such as they claimed in the wake of the MELISSA and ILOVEYOU worms), no businesses collapsed, nobody died, and the economy was not harmed in the least.

In fact, NONE of the businesses that claimed billions in losses claimed those "losses" to their stockholders or the SEC. Hmmmmmm! Interesting thing, that.

This idiosyncratic hype about "cyber-terrorism" isn't helping, people. It's only engendering a sense of helplessness when it's incredibly simple to defend against the vast majority of attacks.

But hey...if you folks wanna play Chicken Little, be my guest.

[supercat]

BTW, one thing I've been toying with would be notion of a stateless TCP document server. It wouldn't support http: or other standard high-level protocols, but it would be fully compatible with TCP-compliant gateways, routers, etc. The design would be limitted to serving documents, but the only limit to the number of connections would be the amount of traffic the "pipe" could support. If someone wanted to open and leave open a thousand TCP connections on each of a thousand machines, the server wouldn't care, or even know.

Such a server, because of its invulerability to attacks on its main access port, could be placed directly on an Internet backbone without risk of compromise, thus preventing anyone from initiating too many TCP connections for a firewall to track.

Anyone ever heard of such a thing?

[shezza]

we have plenty of homegrown enemies who are far more capable than anyone else in the world.

That was my first thought.

[Prime Choice]

This sounds VERY urban legendish. It is highly unlikely for one server to take down "Millions of websites".

Not only does it sound urban-legendish, it's starting to smell like pure Bravo Sierra. Nothing of the sort shows up in The Internet Traffic Report, The Internet Health Report, The Internet Storm Center, or any other net-tracking center.

[blogbat]

I would agree, "getting 0wn3d" has become nothing new at all.

Government officials are apparently saying this one is a big deal. It would be good to get more of the details about the whys, the wheres and the whens, though. The question are:

1. As a couple have accurately already pointed out: Why didn't we notice all of the e-commerce sites going down at some point?

2. Specifically, what day and during which hours did this happen- and in what order?

3. What was the exact nature of the attacks on the outside web servers -the details on the type of the attack on the DMAT network would also be nice

4. Why, in specifics, is this that much different from other incidents like it

[Dont Mention the War]

Criminy...the idiot who came up with the ridiculous notion of "cyber-terrorism" needs to be flogged in a public square.

Cyberterrorism is when some hacker puts a photo of Helen Thomas on the front page of all the big-name web sites!

[GeekDejure]

(Buy 'Allah' brand urinal cakes - If you can't kill the enemy at least you can piss on their god)

---

The above instruction was written by MrBambaLaMamba (Peace Be Upon Him), a highly intelligent FReeper !!! ;-))

[Prime Choice]

Cyberterrorism is when some hacker puts a photo of Helen Thomas on the front page of all the big-name web sites!

<Sam Kinison>
    Oh! OH! OHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!! I'm in HELL!!
</Sam Kinison>

[NJ_gent]

"Government officials are apparently saying this one is a big deal."

Which ones? What did they say? Where can we read their quotes? Seriously, if the only source of the information is anonymous heresay, it should be recanted until something even remotely concrete can be found to support it. Posting rumours and heresay as if they were fact is far too CBS-ish in my opinion.

[Nonesuch]

Given the statement "take offline over 5 million other sites", you'd think that somebody somewhere would have noticed these sites being "taken offline".

It's quite possible that a host serving up DMAT info really was compromised, but the rest is hyperbole.

If I were you, I would think twice about how reliable this someone inside is, and take any future information from this source with a very large grain of salt.

[blogbat]

I think the grain of salt is that it came from a non-technical person. The person his or herself is of a credible character not given to hyperbole. In fact, a respected professional in the medical community. Give some time, we'll separate the meat from the bones. I'd rather it had been from the IT guys, trust me. But I think this is noteworthy, which is why I posted it originally.

You might also notice on my site that I question the DDoS scenario because nobody seems to have noticed such an incident. Not to worry, nonesuch, I'm am going to be fair here.

[Prime Choice]

Government officials are apparently saying this one is a big deal.

Which officials at which agency? I would like names, please.

It would be good to get more of the details about the whys, the wheres and the whens, though.

Agreed...especially since none of this has shown up on anyone else's radar. Let's face it, an attack of the magnitude claimed here would show up on a LOT of radars, mine included.

[Ernest_at_the_Beach]

There was a period of time over the weekend when I tried to get into FreeRepublic and other websites and was unable to. Had other things going on so I didn't pursue what exactly was happening...maybe this explains it.