Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Government IT Politics

Zimbabweans Hit By Cyber Attacks During Election 63

Posted by Soulskill
from the failsafes-failed-safely dept.
judgecorp writes "During last week's Zimbabwean election, some huge denial of service attacks took down sites including several reporting on human rights issues and potential irregularities in the election. Those affected suspect government involvement. ... GreenNet is only just recovering today, with some customer websites still down, having reported the strike on Thursday morning, the day after Zimbabweans headed to the polls. It appeared to be a powerful attack – TechWeek understands it was at the 100Gbps level – aimed at GreenNet’s co-location data centre provider Level 3, which subsequently did not let GreenNet move workloads within that facility. ... The DDoS that hit GreenNet was not a crude attack using a botnet to fire traffic straight at a target port, but a DNS reflection attack using UDP packets, which can generate considerable power. DNS reflection sees the attacker spoof their IP address to pretend to be the target, send lines of attack code to a DNS server, which then sends back large amounts of traffic to the victim."
This discussion has been archived. No new comments can be posted.

Zimbabweans Hit By Cyber Attacks During Election

Comments Filter:
  • Elections (Score:5, Funny)

    by jkflying (2190798) on Wednesday August 07, 2013 @04:44AM (#44495357)

    Obama, Cameron and Mugabe are on a boat, when they realise it is sinking and there is only one lifejacket. They decide, being leaders of ostensibly democratic countries, to vote over who gets the lifejacket, so they each write a name on a piece of paper and put it in a cup.

    Once everybody is finished, they counted the pieces of paper, and the results were:
    Obama: 1
    Cameron: 1
    Mugabe: 6

    • by Anonymous Coward
      The tally didn't really matter in the end. By the time they had counted the votes, Mugabe had arrested Cameron and Obama and then convicted them for treason in a show court.
    • This is largely how he got into power in the first place, thanks to Lord Carrington and Maggie Thatcher.

      Of his principal opponents, Joshua Nkomo was the foremost, though he might not have been much better an option (except that he had the grace to die sooner). Bishop Muzorewa never really gained the traction he needed, because he didn't use artillery.
    • Robert Mugabe himself has modded the parent 'Overrated' three times.
      • by jkflying (2190798)

        It actually only got moderated "overrated" twice. I guess ZanuPF were a bit low on mod-points yesterday.

  • by Drakonblayde (871676) on Wednesday August 07, 2013 @04:56AM (#44495385)

    Been on the business end of a DNS reflection attack. Not fun. Not only do you have to figure out how to deal with loads of DNS responses invading your network, the contact that's listed for the allocation that the spoofed IP falls under gets slammed with inquiries from angry operators wanting to know why their network is sending so many damned DNS queries to them. Very disruptive.

    • We should pause and step back a moment to meditate upon these attacks... hopefully it won't take too long or too many resources to do so...

      • by gmack (197796)

        There are multiple ways these attacks could have been prevented but laziness and incompetence rule yet again. ISPs could add egress filtering, or they could limit the amount of open recursive resolvers on their network.

        In the end, I suspect the only way to fix this will be the same way we fixed open mail servers: start blacklisting badly behaving ISPs.

        • by Drakonblayde (871676) on Wednesday August 07, 2013 @06:38AM (#44495737)

          It's not as simple as that. Blacklisting badly behaving mail servers is one thing. That's pretty much an application level fix. You just don't accept the mail from the mailserver.

          DNS reflection is more insidious. If I spoof an IP address and send a query to a DNS server that's authoritative for the domain, it's going to send a response back to the IP address in the source of the packet. Now I do that with a shitload of domains and a shitload of DNS servers, and they all start sending responses to the spoofed IP. A good DNS reflection attack will hit so many sources that it's impractical to filter them all, you'll spend a crapload of time just trying to keep the access-lists updated, and it's exponentially worse the bigger your border is. The only thing you can do is null-route the spoofed IP at your border to prevent the responses from getting into your network and bringing down your entire infrastructure.......... assuming you have border routers that won't die under the flood in the first place. The second you do that, the attacker has won.

          If they're sending queries to authoritative name servers what are you going to do? Blacklist them? The authoritatives are doing what they're supposed to.

          The only real way to stop DNS reflection is to convince every operator to do proper border filtering. If the source address in the packet didn't come from their allocation, they should drop it. Convincing network operators to do so is incredibly difficult.

          The one I was on the end of, they did it smart. They started at 5am on Christmas day, which is pretty much about the best time to ensure that any response is sluggish at best. It went on for two weeks and didn't cease until 4 different providers had operators willing to pool their Netflow data in order to track back where the shit was actually coming from, and we found the CnC nodes buried in TWC's network. TWC was kind enough to terminate those nodes with extreme prejudice.

          Didn't help though, we still lost the customer.

          • by gmack (197796)

            I agree about filtering outbound traffic but keep in mind that these attacks work best with open recursive mail servers and there are few reasons to configure them that way. Need a resolver for your network? Then lock it so only your network can make requests on it. I just did a quick look up of the ISPs with open recursive name servers and found a company my employer does a lot of business with has 31 open recursive name servers. There is just no excuse for that.

            My thought is that we need to cause pain

        • To reflect: To meditate upon

  • Why the hell is anyone who can still use a computer - or better yet, *own* a computer - still in Zimbabwe? You'd think the strategy for anyone with some means would be: Leave now. Come back when that old stupid fuck is dead.
    • Many do, but many stay because hope is a triumph of optimism over experience. Also, where do you propose they all go? Given the literacy rates a significant proportion of the population can use a computer. While I love the idea of Mugabe sitting alone in a ghost town, it isn't really practical...

      • by korbulon (2792438)

        Oh I know, lord I know - my question was more rhetorical than realistic. It's just so sad to see an entire country succumb to a cancer like Mugabe. Aside from the obvious parties, who else is to blame for the current situation? I mean, how did it come to this? And for so long?

        Human history is a long line of relative misery, punctuated by brief epochs of absolute misery.

        • When Mugabe refused to allow the UN to administer the money the British were sending him to buy farms for the war veterans (because then he would not be able to steal it, and also, pride "Zimbabwe is a sovereign Nation!"), the money stopped and he had nothing to give the war veterans who then revolted. What happened next was highly predictable in hindsight. He printed money to appease them, which they squandered and inflation ate. So they demanded land and took it.

          The problem is, when you're riding the tige

          • by korbulon (2792438)

            Seems to me that much of Africa has amazing potential, but most of its countries are caught in a vicious cycle of incompetent, patrimonial and ruthless leaders with strong ethnic ties, an endless stream of warlords and strongmen propped up by commodities and foreign aid. Indeed, throwing wealth at the problem seems to do far more harm, like water on an oil fire. Nothing good can take root in such wretched soil. It's just so... fucking depressing.

            • South Africa isn't too bad. Not too good either, but it passes. The real issue is pretty much nowhere in Africa has a functional democracy. South Africa's does partially work, but not completely. It is really depressing, I know. I lived through the worst of Zimbabwe. If SA goes the same way, I guess I'm leaving Africa. I would be very sad to go though. Africa, despite it's issues is an absolutely amazing place to be.

    • by edanto (1990742)
      One thing that I discovered on my visits to Africa is that it can be extremely difficult for Africans to get visas to enter other counties. They don't have the freedom of movement that we enjoy. On top of that, many will have responsibilities to support relatives (social security in Zim is very limited), so leaving ain't as easy as it might first appear.
      • You know why Africans can't get visas? Because when their visa expires, they don't go home. Countries keep track of things like this. Then, they modify their visa laws to match. You know why it's easy for Americans go to anywhere? Because they spend money locally and then leave. A perfect fit, what every country wants. Even America.
        • by edanto (1990742)
          If only things were so simple. Hey, I'm sure if Africans had a nice stable democracy, with a ludicrously powerful dollar to return to, then they would go home to. The poster before me had simply asked why people in Zimbabwe didn't leave, and we've both given him part of the answer.
          • by Entropius (188861)

            They are leaving, though -- per a friend of mine from Pretoria, there are a great many Zimbabwean refugees heading to northern South Africa, and the SA government doesn't quite know what to do with them.

            • Yes, they take a lot of the Jobs in SA. Mainly because they're more willing to work and often better educated than their South African counterparts. In any case, since the SA government props up Mugabe, it is sort of a self-created problem. If all the Zimbabweans went home (and former Zimbabweans like myself), the economy here would take quite a hit... Still, you can't empty an entire country...

  • A DNS amplification attack is not hacking the Gibson, geesh.

    Besides, what's the point of elections in Zimbabwe anyway? To decide whose face goes on the eleventy-billion dollar note?

  • by coutysd (3011631)
    Simon : Wow Kate! That makes it seem much better. You're right, baby steps are the way forward. Starting with my immediate environment.
  • I think the thing that blows me away the most about this news is that there is anything of a cyber nature in Zimbabwe to attack in the first place.

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...