DDoS attacks bring down vital government and health services, restrict access to information, and may result in financial loss. But with so many people now using DDoS in response to the war in Ukraine, can we call all of them criminals?
The summoning of Ukraine's IT army let the genie out of the bottle, longtime cybersecurity expert Patricia Muoio told Cybernews.
"I don't know if anybody will be able to put that back in. Tools are out there for people to use. You want them to use them for these noble ends, but will they? Will these noble ends in the hands of amateurs cause collateral damage that you didn't think about and wish you hadn't started?" she said.
Not only are those tools and knowledge public and not that hard to find, but hacktivists also make an effort to educate people on how to use various hacking tools, for example, DDoS attacks.
Pascal Geenens, Radware's director of threat intelligence, pointed me to a professionally edited video tutorial on using DDoS in support of Ukraine. It was made and shared by Youtube influencers with nearly 270,000 subscribers. The video has already been viewed 100,000 times.
The video is openly promoting the disBalancer Liberator app. Within days of the Russian invasion of Ukraine, cybersecurity firms Hacken and disBalancer launched a specialized app that allows ordinary unskilled civilians to participate in orchestrated denial-of-service attacks on Kremlin-backed websites. Since then, the app has evolved to become known as Liberator, aiming to bring about "fatality for Russian propaganda."
I'm sympathizing with the people who oppose war propaganda, but I'm concerned how this will evolve beyond the current conflict,Geenens said.
Russia promised to seek liability for hackers attacking the country's infrastructure. It might not seem that big of a threat to hacktivists residing outside Russia and its allies. However, hitting the Kremlin while in Russia will have consequences. For example, Russian FSB officers detained a resident of annexed Crimea who was allegedly involved in attacks on the websites of Russia’s Sberbank, RBC, Interfax, Lenta.ru, RIA Novosti, and Rossiyskaya Gazeta. Russian media reported that a 29-year-old system administrator faces five years in a Russian prison.
At the same time, Russia is not likely to prosecute hackers attacking entities from the West. The country is a safe haven for many prominent cybercriminal gangs as the Kremlin turns a blind eye to threat actors, helping it cripple its Western enemies.
To rephrase a popular saying, one country's enemy is another's freedom fighter. Russia wants to go after hacktivists crippling its infrastructure, but they sure will be hard to prosecute.
Patricia Muiuo believes the issue with hacktivism is that many hacking tools have now become publicly available, and it is dangerous as they could be used for malicious purposes, too. What do you think about sharing this kind of knowledge and tools publicly? What danger does it present?
Hacktivists have relied on easy-to-use, publicly, and readily available tools for many years. The power and risk associated with hacktivist groups do not come from the tools, but from their ability to disseminate information quickly and gather a large crowd of like-minded people. A single attacker leveraging simple tools will not be effective. But orchestrating an attack using a large crowd and simultaneously targeting a single target can become an issue for that target if it does not have adequate protections in place. YouTube tutorials about the use of tools that are publicly available do, however, help the security community understand risks and solve problems. The sharing of information that could potentially be leveraged for attacks helps organizations to be more aware and better prepared to deploy adequate protections. The knife cuts both ways; but without the information, the state of our defenses would be far behind what they are today and provide free roam for skilled attackers. It does, however, mean that organizations cannot sit idle and must have a timely response to new threats and vulnerabilities. I do not believe that keeping attacks and vulnerabilities secret will be more effective than sharing the information.
Should DDoS be considered a crime no matter what purpose it serves? As long as you attack a common enemy, is DDoS not a crime?
I’m not here to judge, neither attacks nor attackers. In the minds of hacktivists, their actions are justified, whatever their common cause and regardless of whether they are serving for the IT Army of Ukraine, the pro-Russian Killnet, or DragonForce Malaysia. From the perspective of the victims, every attack is a crime. People need to be aware that actively joining an ongoing war, whether physically or virtually, makes them a mercenary in the eyes of the opposing forces and might lead to unwanted consequences now or in the future.
However, my biggest concern with those DDoS attacks is that the unsolicited packets are routed through a shared medium — the same medium and infrastructure that is leveraged by organizations to run their businesses, and the same infrastructure that might impact health care institutions and put lives at danger. Every attack adds load to this shared infrastructure and might lead to unwanted consequences.
Security researchers at Avast Threat Labs warned that disBalancer’s Liberation application registers the user, including personal information, like location derived from the IP address, and that this information is communicated over an unencrypted HTTP protocol to disBalancer’s command and control servers. The targets that the application is attacking are also unknown to the user of the application. The application runs in the background, out of the control of the person who installed it, and conducts attacks against a list of targets curated by the authors of the application. The authors communicate their list of targets on their Telegram channel, but only after the attacks are conducted.
Are DDoS even that effective? I would think that many organizations are well aware of this cheap attack and have put protections in place.
Given enough participants, even the most basic attack vectors can become an issue for the target. If the target has adequate protections in place, most attacks can be mitigated with no or minimal impact. However, there are still plenty of public resources that are left unprotected. If there weren’t, DDoS would not be the tool of choice for hacktivists. Moreover, as businesses migrate to hybrid- and multi-cloud environments, their attack surface grows substantially and they are not always in control of the third-party services their applications depend on — both scenarios leave organizations more vulnerable to threats.
More from Cybernews:
Subscribe to our newsletter