最有看点的互联网金融门户

最有看点的互联网金融门户
全新的互联网金融模式国际资讯

多家英国银行计划囤积比特币以支付网络黑客赎金

最近,伦敦的几家大银行准备开始大量贮备比特币,支付给那些威胁攻击银行重要信息技术系统的网络罪犯。

据信息技术专家称,比特币由于无法追踪而颇受犯罪网络欢迎。一些蓝筹公司正购买比特币,以向网络罪犯支付赎金。

周五,黑客攻击了包括Twitter、Spotify以及Reddit在内的一批大型网络公司。黑客使用了一种特殊代码,限制了数十万台联网的家用设备,如监控摄像头、打印机,通过一家名为Dyn的美国公司发动了“分布式阻断服务”(DDoS)攻击,Dyn为网络公司提供目录服务。DDoS攻击就是用大量数据淹没服务器,使服务器超载而崩溃。

尚没有证据表明Dyn公司也被黑客敲诈,但显然黑客已经用这种代码威胁了其他公司,要求这些公司支付比特币作为赎金,否则就会遭受类似攻击。

Simon Moores博士是美国政府前技术大使,年度国际网络犯罪大会的主席,该大会是一个聚集全球信息技术专家的机构。Moores博士称网络攻击的规模大、力度大,这使一些银行转而认为,与其冒被攻击的风险,不如支付赎金来的划算。

Moores博士称:“警方承认,由于攻击数量大增,警方没有足够的资源处理这个问题。金融机构储存比特币,完全是出于实际的考虑,若遭受高强度的攻击,执法单位的处理速度无法满足它们快速重新开张的需求。”

Moores博士拒绝透露哪些银行在大量购买比特币,但据了解,高级警官对此知情。网络攻击给带来的生意损失可能远远超过赎金总额。电信服务商TalkTalk去年由于遭受网络攻击,损失了101000位客户,损失6000万欧元。

Moores博士称:“大公司开始担心,网络攻击不仅仅事关信息安全,而且事关董事会、股民以及消费者的信心。我们看到,这些网络攻击的工具正被当成武器来使用。事情的发展远远超出了商业公司的预期。”

近几个月,DDoS攻击向目标服务器每秒输送600GB(千兆比特)的数据,据专家称,这足以使绝大多数网站崩溃了。

Moores博士预测情况会越来越严重。“一旦每秒数据量超过1TB(万亿比特),任何保护措施都形同虚设。现有的所有保护系统都无法抵挡如此大的数据流。”

今年9月,KrebsOnSecurity.com网站遭受攻击,该攻击据称是“为使该网站崩溃而设计的一场极大规模的、不寻常的DDoS攻击。”初步调查报告表明,这次攻击的数据流量为每秒665GB,远远超过了使网站崩溃必要的数据量。

一些专家认为,Krebs此前报道了DDoS的出租服务vDOS,随后DDoS的两名年轻创始人被逮捕,这次攻击是为了报复。

这次对Krebs的攻击是由一个大型僵尸网络(一批被操控的电脑)发起的,即数十万遭黑客入侵的设备构成物联网(IoT),包括路由器、网络监视器和数字录像机。这些设备是互联网的软肋。不像个人电脑或智能手机,这些设备没有密码保护,只有出厂设置保护。因此,当僵尸网络扫描整个互联网,寻求易被控制的物联网系统时,这些设备很容易成为其目标。

一位名为Anna-senpai的用户将这次攻击中僵尸网络的源代码发布到黑客论坛,使这次攻击在互联网安全圈子以外受到关注。

Anna-senpai在黑客论坛上说:“一开始进入DDoS行业时,我并不打算久留。我挣了点钱,现在大家都关注物联网,是时候转向GTFO了。”

Anna-senpai发布僵尸网络源代码几个小时之后,就引起了混乱,因为其他人开始利用这个代码控制更多的设备。不久就动员起一支由僵尸设备组成的大军,攻击Dyn.

黑客攻击Dyn,使大量网站暂时崩溃。其他出现问题的网站包括Mashable、CNN、the New York Times、the Wall Street Journal以及Yelp.

亚马逊网络服务部门在西欧也遭遇类似问题。在英国,用户无法访问推特和一些新闻网站。

Anna-senpai的身份及其发布源代码的动机尚未可知。一些人认为可能有国家机构参与其中。信息技术圈提到了中国、俄罗斯和朝鲜。

恶意事故处理公司Plixer的信息技术主管Thomas Pore称:“尽管这次针对的Dyn的攻击并不是为了敲诈,但所要赎金的新攻击模式已经出现,公司害怕黑客攻击,使整个网络基础设施范围内,客户无法打开公司的网站,因而支付赎金。在网络基础设施范围内阻断用户,如DNS(阻断服务)对服务商及用户都有很大影响,这可能促使公司快速交付赎金,以避免损失用户,造成更大金融损害。”

商家与黑客的对战,是一场规模的对战。黑客可以征集来发动攻击的设备正成指数倍增长。

据估计,目前连接了物联网的设备有10亿至190亿台。保守估计,这个数字五年内将增长到300亿到500亿。

Moores博士认为,联网的智能设备将被具有破坏性的电脑控制,而现有的安保系统将无法控制住这些电脑,这个时候,互联网就会决堤。

他拿金融危机作比方,预测互联网也会有一个“雷曼兄弟时刻”。(雷曼兄弟公司破产是信贷危机开始的标志。)

Moores博士说:“我们要认识到这一点。人人都过度曝光了。”

黑客的崛起

DDoS攻击进化史

2000年2月

网络用户“Mafiaboy”,即15岁的加拿大人Michael Calce,发动了第一次大规模分布式阻断服务攻击(DDoS),使一些受欢迎的网站崩溃。他的Rivolta计划使雅虎(当时第一的搜索引擎)和一些领头科技攻击瘫痪。

2008年1月

黑客组织Anonymous发动Chanology计划,攻击科学教派(Church of Scientology),使其网站Scientology.org崩溃。

2012年4月

犹太大屠杀纪念日前夕,一个反以色列的网络攻击小组试图清楚网络上所有提及以色列的信息,但未成功。

2013年3月

垃圾邮件过滤公司Spamhaus将一个名为Cyberbunker的网络服务器列入黑名单,随后遭到DDoS攻击。Cyberbunker及其他服务器公司雇佣了一批黑客,用僵尸网络使Spamhaus瘫痪。攻击时,每秒数据流量最高达330GB,是一般DDoS攻击的五倍。

2016年1月

纽约黑客组织攻击BBC的网站,每秒数据流量大602GB,是此前最高记录的两倍。

Several of London's largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems.

The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.

On Friday, hackers attacked the websites of a number of leading online companies including Twitter, Spotify and Reddit. They used a special code to harness the power of hundreds of thousands of internet-connected home devices, such as CCTV cameras and printers, to launch "distributed denial of service" (DDoS) attacks through a US company called Dyn, which provides directory services to online companies. DDoS attacks involve inundating computer servers with so much data traffic that they cannot cope.

There is no evidence that Dyn was the subject of extortion demands but it has become apparent that hackers have been using the code to threaten other businesses into paying them with bitcoins or risk becoming the target of similar attacks.

Dr Simon Moores, a former technology ambassador for the UK government and chair of the annual international e-Crime Congress, the global body that brings together IT professionals, said the scale and ferocity of the attacks meant some banks were coming round to the view that it was cheaper to pay off the criminals than risk an attack.

"The police will concede that they don't have the resources available to deal with this because of the significant growth in the number of attacks," Moores said. "From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business."

Moores declined to identify the banks buying up bitcoins but it is understood senior police officers have been made aware of the practice. The cost to businesses of an attack can far outweigh paying off the blackmailers: telecoms provider TalkTalk lost 101,000 customers and suffered costs of €60m as a result of a cyber attack last year.

"Big companies are now starting to worry that an attack is no longer an information security issue, it's a board and shareholder and customer confidence issue," Moores said. "What we are seeing is the weaponisation of these [hacking] tools. It becomes a much broader issue than businesses ever anticipated."

In recent months, DDoS attacks have led to around 600 gigabits of data a second being directed at targets - more than enough, according to experts, to bring most websites down.

Moores predicted that the situation was becoming critical. "Once it goes above a terabit, that wipes out any protection. No current protection systems can deal with that sort of flood."

In September the website KrebsOnSecurity.com was the target of what it describes as "an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline". Initial reports put it at approximately 665 gigabits of traffic a second, far more than is typically needed to knock most sites offline.

Some experts believe the attacks were launched in response to articles that Krebs had published about the DDoS-for-hire service vDOS, which coincided with the arrests of two young men identified as its founders.

The attack on Krebs was launched by a large botnet, a collection of enslaved computers - in this case, hundreds of thousands of hacked devices that constitute the internet of things (IoT), notably routers, IP cameras and digital video recorders. These devices are the internet's achilles heel. Unlike personal computers or smartphones, they are often not password protected, relying on factory settings. Because of this they make soft targets for botnets scanning the internet for IoT systems that can be easily compromised.

The Krebs attack might have gone largely unnoticed outside of internet security circles if someone using the name Anna-senpai had not then chosen to release the source code that powered the botnet on to a hackers' forum.

"When I first go in DDoS industry, I wasn't planning on staying in it long," Anna-senpai said on the Hack Forums site. "I made my money, there's lots of eyes looking at IoT now, so it's time to GTFO."

Within hours of Anna-senpai's decision to release the botnet into the wild, it was creating havoc as others started to employ the code to enslave more devices. Soon an army of zombified devices was mobilising against Dyn.

By targeting Dyn, it appears that hackers were able temporarily to disrupt a raft of sites. Others that reported problems included Mashable, CNN, the New York Times, the Wall Street Journal and Yelp.

Amazon's web services division reported issues in western Europe. In the UK, Twitter and several news sites could not be accessed by some users.

Anna-senpai's identity and motivation for releasing the code remains a mystery. Some believe state agents were involved. China, Russia and North Korea have all been mentioned in IT circles.

"While this particular attack [on Dyn] may not have been motivated by extortion, a new model of ransom-based attacks could be on the horizon, motivated to pay off threats for fear of infrastructure-wide customer outages," said Thomas Pore, director of IT at Plixer, a malware incident response company. "An infrastructure outage, such as DNS [denial of service], against a service provider impacting both the provider and customers may prompt a quick ransom payoff to avoid unwanted customer attrition or larger financial impact."

The problem facing businesses battling the hackers is becoming one of scale. The devices the hackers can recruit to launch their attacks is growing exponentially.

It is estimated that there are anywhere between 7bn and 19bn devices connected to the IoT at the moment. Conservative predictions suggest that this figure will balloon to between 30bn and 50bn within five years.

At some point, Moores believes that the dam will burst as the rollout of connected smart devices will allow for the harnessing of devastating computer power that can no longer be repelled by existing IT security systems.

He draws an analogy with financial crises, predicting that a "Lehman Brothers moment" is on the cards.

"We've got to come to grips with this," Moores said. "Everybody's overexposed."

RISE OF THE HACKER

The evolution of DDoS attacks

February 2000

"Mafiaboy", a 15-year-old Canadian called Michael Calce, launches the first big distributed denial-of-service attack (DDoS), crippling popular websites. His Project Rivolta takes down Yahoo, the number one search engine at the time, and many leading tech companies.

January 2008

Hacking collective Anonymous targets the Church of Scientology in an operation called Project Chanology that briefly knocks Scientology.org offline.

April 2012

A cyber-attack by anti-Israel groups on the eve of Holocaust Remembrance Day fails in its attempt to erase all mentions of Israel from the internet.

March 2013

Spamhaus, a filtering service to weed out spam emails, is subjected to a DDoS attack after adding a web hosting company called Cyberbunker to its blacklisted sites. Cyberbunker and other hosting companies hire hackers to shut down Spamhaus using botnets. At its peak the attack was being conducted at a rate of 330 gigabits a second, around five times the average DDoS attack.

January 2016

A group called New World Hacking attacks the BBC's website at a rate of 602 gigabits a second, almost twice the size of the previous record of 334 gigabits a second.


用微信扫描可以分享至好友和朋友圈

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

胡宁 | 未央团队未央编辑团队

47
总文章数

TA还没写个人介绍。。。

加密货币太高调?英国警方草拟比特币罚没指南

Jamie Redm... 08-14

韩国比特币监管法案面世,5亿韩元成市场准入门槛

Kevin Helm... 08-11

全球最大专业基金公司Fidelity正式推出比特币投资组合跟踪服务

sh Benning... 08-10

乌克兰计划于2017年安装150台比特币自动取款机

火币区块链研究中心 08-10

纽约市政工作人员而在工作时间采矿比特币而被处罚  

火币区块链研究中心 08-05

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1