Twitter shuts down for some time due to attack

The fragile nature of many of the important destinations of the internet was visible once again. Social networkers of the world, suddenly found that they were not getting their fix from the highly popular Twitter site, and that the site had stopped responding on Thursday, the 6th of August. And it was not only Twitter that was affected, other sites such as Facebook were affected as well. However, Twitter was the site that was most affected.
When sites start going down to attacks, this is mostly due to something called a DDOS (Distributed Denial of Service), and is mostly done through the use of requests for service from many different machines (many could mean hundreds of thousands or millions). In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. One way to do these attacks is through the use of botnets (wikipedia), machines all over the internet that have been taken over.
However, this attack was somewhat different. This was carried out through the use of spams, and was actually part of an attack against the accounts of a person called Cyxymu (wikipedia), a blogger who supports the country of Georgia against Russia. People were sent spam messages with links to his accounts on different social networking sites, and a huge number of them clicked on these links (link to article):

The messages were designed to discredit Cyxymu by associating him with a spam run. Other security researchers, such as Patrik Runald at F-Secure (here) and Graham Cluley at Sophos, are sceptical about this Joe Job-style theory for the attack.
Twitter’s two NTT hosted address blocks were moved in response to the attack, Arbor adds. Twitter's reliance on just one service provider, and apparent lack of back up and redundancy, much less a comprehensive disaster recovery plan, goes a long way towards explaining why it was hit so badly.

One such attack normally causes the attacked entity to place a much higher emphasis on trying to prevent such attacks in the future, and one can expect Twitter to do the same.

Anti-botnet campaign by FBI

Botnets are a major nuisance on the internet. These are a large number of computers having inadequate protection, that have been compromised and are under the control of people wanting to use these large number of computers (in many cases, in the thousands) for a number of activities such as launching distributed denial of service attacks where these computers together attach a web site or network, used as relays for mass distribution of spam and malware, used for phishing, click fraud, and a variety of other attacks.
How does a computer get compromised? The computer may be running a version of Windows that has a hole, and this hole has been exploited to gain control of the computer. In addition, the computer may not be having an active firewall and virus protection. Botnets are increasingly being found on the internet and cause a high degree of costs by causing down-time, by actual losses due to phishing and click fraud, etc. And the biggest problem is that users do not even know that their computer has been compromised; they find that their computer has gone slower, or becomes active suddenly, but there are no easy ways of knowing that their computer has been used by a crime or is compromised. Typically, when a computer has been infected and is a part of a botnet, it can be used to attack hundreds of other computers.
Given this situation, and the dangers posed by the menace of botnets, the FBI has been investigating and found more than 1 million botnet victims so far. Along with the Justice Department, the FBI has been running a program called Operation Bot Roast to disrupt botnets. They have caught people; however, as long as security patches determine the safety of a computer, there will be infected and compromised computers in the wild. Refer this article:

The FBI is working with industry partners, including the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Microsoft and the Botnet Task Force have also helped out the FBI. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity, the FBI said in a statement.
Bots are widely recognized as one of the top scourges of the industry. Gartner predicts that by year-end 75 percent of enterprises "will be infected with undetected, financially motivated, targeted malware that evaded traditional perimeter and host defenses," and early reports from beta customers of a yet to be released product from Mi5 show how nefarious these infections can be. Mi5 says it installed a Web security beta product at an organization with 12,000 nodes and in one month detected 22 active bots, 123 inactive bots and was watching another 313 suspected bots. That may not sound like a lot, but those bots were responsible for 136 million bot-related incidents, such as scanning for other hosts inside the firewall.

It can get pretty hairy for people. Suppose the computer of a unsuspecting user is used to break into a protected military installation or a bank, or used to break down a major network, the first path for investigators will be to find the computers that were used, and in the case of a compromised computer, the owner will have no idea.
This will also start to increase pressure on software companies to make their software more secure from the ground up, such that they do not land in the situation where the security of the system is dependent on patches.

Top spammer arrested in Seattle

We all battle day in and day out against spam. The business of spam has launched several kind of new businesses, with one set towards how to easily harvest spam, send spam on a cheap way, use remote servers under control to send spam and so on; and the other kind of ventures deal with the defeat of spam - tools to control spam such as spam filters, to prevent servers from becoming rogue machines. This battle between spam senders and spam preventers is a difficult battle, with the level of technology becoming much higher.
There are legislations against spam, and spam costs industry a fair deal, costing now billions of dollars in spent time, in the cost of carrying such extra messages, and in the usage of anti-spam tools. In such a case, if people sending spam can be caught, and there are supposedly just supposed to be a few high senders of spam, maybe we can get some relief.
Well, it happened. In Seattle, a prolific spammer, Robert Alan Soloway was arrested on charges of mail fraud, wire fraud, email fraud and other charges. Investigators believe him responsible for millions of email. He has been arrested in the past, but awards against him have not been collected because his bank accounts remain elusive. Refer this report:

The war against spam seems to be never-ending, but a small battle was won earlier this week. Robert Alan Soloway, 27, was arrested Wednesday in Seattle on charges of mail fraud, wire fraud, email fraud, aggravated identity theft and money laundering. Soloway pleaded not guilty to all charges. "Spam is a scourge of the Internet, and Robert Soloway is one of its most prolific practitioners. Our investigators dubbed him the Spam King because he is responsible for millions of spam e-mails," Jeffrey Sullivan, U.S. Attorney for the Western District of Washington, said in a statement.
Soloway allegedly spammed the masses in email fraud since 2003 by using hijacked computers from around the world, and covered his tracks using Chinese servers, fabricated websites and stolen identities. Anti-spam agency Spamhaus once named Soloway in its top ten list of worst offenders, though he’s since been outpaced by even greater threats from eastern Europe. "He is one of the bad ones. He's one of the longest-running and uses criminal methods all the time," said John Reid, an investigator with Spamhaus. "Anyone on the Web for a while would have received one of Soloway's spams."

This is certainly good news, but is this going to be enough ? One caught will be replaced by another, and in a location where they cannot be arrested so easily. It is also incumbent upon email providers to work in such a way that they can prevent spam methods such as spoofing more easily, and stop spam in its source. Making spamming an even greater offence is another way of stopping this, but cooperation is required with countries of eastern europe and China in this regard as well.