Tag Archives: code

An unseen miasma of threats and spies and anarchists and criminals

Posted on by

I’m just an uneducated layman at this kind of thing, strictly amateur, but I sure can see why botnets are being built up by using WordPress. WordPress does not take security seriously. Never really has. It’s a joke. Even their fix it plug-ins can crash sites. And they blow off people who complain, essentially tell them it’s their fault and refer them to bulletins and forum discussions years old. It’s a huge site just screaming to be exploited for nefarious use. Facebook is an ideal channel for predatory malware, too, but WordPress is even worse because so little effort is made to impede it. At least Facebook seems to give a damn. And in a plot device worthy of I Spy or Mission Impossible (or even Batman) It appears that someone is building up to a huge Denial of Service attack on unspecified targets in the U.S. (so far they’ve been going after Washington D.C. based media sites, interestingly enough). And they are planning to use WordPress as the means to do so. Infected javascript is snuck onto a legitimate website’s homepage (such as those media outlets in Washington) which automatically redirects visitors to a WordPress blog that was hijacked and filled with malware (or set up deliberately as a Trojan horse full of malware). Suddenly your machine is infected too, and your security software might not even realize it. You begin infecting others. This latest phenomenon began in late July. About the time, interestingly enough, that WordPress bloggers began complaining again about performance issues.

There are nearly 70,000,000 blog sites on WordPress. All those blogs with all their plug-ins and widgets, literally billions of them, each of which is a potential vulnerability. That is, plug-ins and widgets are ideal ways an enterprising hacker can introduce malware to a blog page. WordPress, staring at numbers like that has done the easy thing and barely done anything at all. The Alfred E.Neuman theory of website security. You can either be proactive or just not give a flying fuck. Hence there are no fixes (well, there are, but they tend to crash Windows, something WordPress hasn’t bothered to address).  It’s somewhat disturbing when you realize that the brass at WordPress has decided to let the teeming millions of blog owners fend for ourselves. So some of the geeks in our midst have developed their own fixes. Alas geeks that they are, almost all of these fixes are written in dense packets of code that will scare the bejesus out of anyone with social skills. No easy to download tools for these people, which means that only a tiny percentage of WordPress users can apply any of these fixes (provided they even work). And as I said before, the limited fixes that WordPress does provide, in periodic upgrades, are so badly written that they freeze up Windows (often with a very attractive flashing or windows that metastasize so fast that your only recourse is to shut down the computer.) 

You have to be impressed by the WordPress brass and their belief in their decentralized approach to internet security. Afterall, the exact same thing that is happening now happened last April. 90,000 WordPress sites, hijacked by malware that created an enormous botnet that began Denial of Service attacks that just about did in WordPress itself. Was that a practice run? Whatever it was, it worked, making the site just about unusable for about a week there. Whew. That was close. Let’s hope it never happens again. The Chinese (or whoever)  could probably not believe their luck, and so they did the same thing again. That’s what is happening now, and you can google your brains out trying to find more that a couple press releases from WordPress announcing their half-assed and unworkable fixes. They might as well sacrifice a chicken and chant. That would be just as effective.

So potentially millions of WordPress blogs can be brazenly hijacked by unknown evildoers, who draw in unsuspecting visitors to innocent sites suddenly full of malware that, unknown to them (or to the owners of the infected site), will eventually make them unwitting participants in an oncoming Denial of Service attack when it comes. A potentially massive denial Denial of Service attack. Not that any of the infected visitors will have a clue that they are doing so. That’s the beauty of it. That’s what this botnet is, that’s what it does. All these infected computers that will one day receive a signal to begin contacting targeted sites over and over, maybe thousands of times per machine, overwhelming it’s ability to respond and essentially taking it offline. And doing so without the user–you or me–having any idea we are doing so. Talk about a perfect crime. This current website hijacking campaign was preceded by a similar attack that contacted Free Tibet activists on their Android phones via a “rogue” Twitter account and led them to a compromised Tibetan human rights website infected with malware. Not only did it link them to a botnet, it also provided their location (or their Android phone’s location, anyway) on a 24/7 basis, as well as gave a look-see to the evil doers into just what these Tibetan activists had on there. (I can’t find the article now, but I believe the infected site was a registration site for a human rights conference, which probably means credit card information was requested.) Interestingly enough, the malware used (something involving Adobe) had been used previously against manufacturing and defense industry targets (i.e., for industrial and military espionage). The coding was in Chinese. You  figure it out.  One of those things Edward Snowden didn’t bother mentioning.

(I saw today, incidentally, that the Dalai Lama’s website  had been hacked in a similar fashion. What’s driving a lot of this is the Tibetan self-immolation campaign. Beginning in 2009, at least seventy-eight Tibetans have burned themselves alive protesting Chinese occupation. The Chinese, frantic to put an end to it, have infiltrated Tibetan social media. A digital campaign against self-immolation, which is about as analog a message medium as you can imagine.)

Hijacked WordPress sites have been serving malware at the core of a number attacks during the first six months of the year.  Attacks against Washington, D.C.- area media sites involved javascript injected on to the sites’ homepages redirecting victims to a compromised WordPress site hosting malware. The same tactic was used against Tibetan freedom supporters where attackers were using Twitter to send victims to a Tibet-themed WordPress blog that featured Adobe Flash, a technique that had been used in the past against manufacturing and defense industry targets. What a coincidence. It bothers me, by the way, how local media sites in the Washington D.C. area–not the Washington Post but a television station, for instance) are being targeted. Why those? Why concentrate on D.C. people? Regular people, too, the type that log onto the local happy hour news team website. I have no idea.

By the way, those Facebook issues we’ve all been having seem to be related to this sort of outside interference as well. I have no idea if they’re related. There seems to be no financial gain in this. No one is scamming anybody or stealing credit card info. This is either a domestic, politically motivated campaign (an extremely well organized Anonymous type thing, which doesn’t seem likely) or a foreign power infiltrating and damaging the U.S. cyber infra-structure. It has gotten particularly intense this summer.

I suppose it ought to make us feel better that we do it too. Snowden laid that out. Is there a Chinese whistleblower doing the same? It would be helpful. Though unlikely as hell, not with their black jails. But it would give us, that is the American public, a clearer picture of where we’re at. Is the NSA creating huge botnets in China? Is this mutually assured digital destruction? The Chinese have admitted that a massive Denial of Service attack launched against American websites in 2011 (aka “Operation Aurora”) was counter espionage, and that they acquired some very useful information (some of which sounds similar to what Snowden revealed.)

Of course, 99% of you haven’t a clue what I’m talking about, but maybe you ought to. It’s almost Cyber World War, baby, and you are all right in the middle of it. I must have a dozen security and anti-viral/malware/worm/hack programs I use now. There is not one that can do all. And who knows what remains invisible in our machines? Or on sites that we use. Your Facebook page can be infected just like your hard drive can. Any site is the same. The whole cloud is a vast network of potentially infected sites, slipping infected code between each other. Cloud virus protection is a growth industry. The impenetrable firewalls that maintained the sanctity of intranets are sooooo last technological era. Almost everything is wide open now. We’re all as connected in the ether as are the neurons in our brains. It’s surreal. And just as a brain can be shut down by seizures that overpower all the neurons, overwhelming synaptic connections till every neuron is firing and freezing the whole thing and the body is paralyzed and spazzing and unconscious, so can botnets launch massive denial of service attacks that knock out websites by the thousands and effectively cripple huge chunks of the internet for a while. This digital existence of ours is full of virtual plagues, virtual wars, virtual criminals, virtual time bombs and virtual creatures that move about in perfect sequence following binary dictates. We are so fucked, you might say. Or at least doomed to an endless battle with these forces of virtual evil.  Some of you are so web-bound, online in some way or another 24/7. And that world you have your head lost in is an unseen miasma of threats and spies and anarchists and criminals and drone like codes that just can’t help themselves as they infect whatever they can. Craziness. I remember when we were bothered by pornographic emails. And all they did was offend us. Simpler times, those. There was email, and there was our lives.Two separate things.  Now many people’s lives are their Facebook accounts. They have friends they have never met, never will, and probably wouldn’t even like if they did. Men fall in love with two dimensional naked ladies who move about on their screens. We read books in photons where once we touched paper. Our money is in electrons, we never see it, and we’re not even sure if it’s ours anyway.

We have totally surrendered ourselves to this other world. In some ways we exist more in the ether than we do in the physical world. Yet out here, in reality, we have some control over our lives. But online, in the ether, they own us. They know everything about us. Not the government so much ss we fear, not really, when compared with all the data that Facebook and everyone else you register online with has. I’ve already gone on and on about data mining and what it means for you (in You Are What You Type).That stuff creeps me out. It’s essential, but kind of creepy. Too many years working in online marketing, I guess. I scan my machine almost daily with Spybot to get rid of all the spyware (it works better in the safe mode with networking, by the way.) I’ve done deadly battle with Win32 and WebCake. DoubleClick is a pain in the ass. The ZeroAccess Trojan was a tough one. Man. Had to go through half a dozen anti-virus softwares before I found one that worked. A vicious little bastard, that thing. And who knows what is lurking on my machine, invisible. Who knows what is ready to pounce every time I log onto another website. What sneaks past us off our Facebook pages, or even via Twitter. Our iPhones are like live virtual grenades, ready to go off and wreck things.  

I try not to think about our automobiles. Though I love the status report I get every month from OnStar. It even tells me my tire pressure, for each tire. Imagine that. Yeah, imagine that. Some guy in the Midwest somewhere knows more about the tire pressure in my car than I do. Or a light comes on while I’m driving in the middle of nowhere. I call OnStar on the phone in the rear view mirror. They tell me what the light means. A little coolant,. Mr. Wahl. The lady is a thousand miles from me, and she knows that my engine needs coolant while I, in the driver’s seat maybe three feet from the radiator, had no idea. That is just amazing. Till some virus fucks it all up. Afterall, our benign internet hs turning more and more malign. And we don’t care. We leave it to the specialists to worry about that. Because we are having too much fun with all this stuff to care.

I wonder if there’s an app for that, caring. Something that’ll do the caring for you, plus tell you it’s time to feed the dog and where the best Mexican place is in Tehachapi. Pictures of tacos, Yelp reviews, directions, everything. Now that’s what I call progress. pictures of tacos on an iPhone. And to think this all began as a way to talk to each other after a thermonuclear war. Who’d a thunk it.

OMG. I’ve been sexted. Talk to you later.