Like the comment below the article says, that line about turning off recursive DNS is pretty lame. Tantamount to saying "if you don't want me coming in your house you shouldn't have used wooden doors n00b!". It's still breaking and entering.
Call me crazy but I tend to think every service has a Backdoor these days. It's not surprising to see one for a Ddos service.
In other news, the sky is still blue.
Thanks for sharing the article though! Was a fun read.
Cheers,
Joshua
More on the same topic.
http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
Maybe the FBI use this to commit crimes in USA using a foreign company
as proxy so nothing dirty show on the books. That way the FBI can
avoid respecting USA laws.
No proxy needed. No need to hide.
While working for a very large hosting company, I once observed DHS hammering an occupy related website. No attempt to hide the source ip or anything.
What are you going to do? Sue them? If they wish to take a site offline, they will ddos it or simply seize the domain under the national security banner.
"Sue them?"
Uhm...yes? That's why we have courts that we can sue federal agencies in.
Yes. I'm aware of that. It would be futile in most cases, which is a huge problem in and of itself, as that's really the only recourse.
I mean they were using a shared hosting plan. Not exactly deep pocketed.
My point is that the abuse of power is blatant and they are unafraid of any kind of retaliation. They don't need to hide.
Would it be futile though? I mean...DHS running a DOS against an
American organization is the kind of stuff that makes Constitutional
lawyers salivate.
I'm not trying to call you out, btw. I'm genuinely curious why the
hosting company itself didn't file suit. You've got a US Government
agency abusing your resources and acting in a blatantly illegal
manner. That's the kind of stuff that results in letters of
resignation when publicized.
"No attempt to hide the source IP"
"I mean, they were using a shared hosting plan"
What makes you certain it was DHS?
Genuinely curious, because this is a hell of a claim.
Sorry. The occupy site was on a shared hosting plan at the company I worked for.
Source determined via Whois output for the attacking ip found via our analysis. It was a rather crude dos attack (repeated get requests). At first we figured they were just mirroring the site for offline analysis or something, but it soon became evident they were just hammering the site.
Yes we could of sued. However the inevitable stonewalling, endless resources of the feds etc would of made for a long and exhaustive legal battle.
This was at the height of the occupy activities. Far worse offenses were being committed by federal, state and local govts during that period than a dos attack by DHS.
Are you certain it was a DoS attempt? They may have just been running
a surveillance software package such as URLy warning, which GETs the
pages of a site repeatedly and diffs them to watch for updates. In the
case of an (non-)organization like Occupy I can't imagine law
enforcement would neglect to do this. I've been on the receiving end
of this sort of thing myself (long story).
And if you were certain, are you certain the folks at DHS were aware their machine(s) were engaged in a DoS attack?
You can find zombies in the oddest places...
Regards,
-drc
Maybe my tinfoil isn't on tight enough, or maybe I give to much credit to a
gov't, or perhaps I'm just feeding the trolls, but I have a very hard time
believing that DHS, launched a DoS from their own machines.
-jim
HAH! Thats pretty funny....the tinfoil piece.
Smells more like a honeypot than anything. Now that this guy's clearly
decided to open his mouth and claim he's got the green light from the Fed,
I wouldn't be surprised if they change their mind.