Saturday, 8 August 2009

KGB takes over the world or exercise in amateur skepticism.

Never underestimate your enemy.

I don’t like to be lied to. Not that I hate it entirely and in small quantities it may actually have therapeutic effect but when it’s done so bluntly, so crudely with such a lack of skill, imagination and elegance I can’t help feeling that somehow I’m being humiliated. Let me explain the logic. It is supposed that anyone who ever attempts to lie to you somehow also supposes that you may not entirely but at least partially believe in the lie told. When I told sophisticated, clever and elaborate lie, emotionally I can’t help feeling some sort of sick admiration about this. Forgive me that obvious self-gratification (I am well aware of my weaknesses one of those is being myself wide open to any flattery attempts) and I feel somehow uplifted by complex and elaborate lies told to me. At least it’s the sign of respect. The amount of labor, time, effort and artistry invested into such lies deserve to be appreciated. On contrary simple, even simplistic lie supposes you are either in a state of mind ready to accept anything being told to you, that you have no organ capable of producing any sort of criticism or on the other hand that you are so stupid, blunt and dumb and, and, and… that you will believe it. So in simple words I HATE being treated so low by the others! It’s the matter of self respect not just refusing to believe but to attempt to actively oppose such lies. So I’m doing this not for any other purpose but to defend my own dignity. For this reason alone I just can’t resist writing about the thing everybody is writing about, namely the DDoS attack.

What actually happened? It reached me in a form of an urban myth: services Twitter, Facebook, Livejournal were subjected to 2-3 days DDoS attack and it all happened because one of unfortunate users of those services said something that KGB disliked and the evil KGB had chosen this form of revenge upon him. Not surprisingly my immediate reaction to this was: EXUSME?! You have to be kidding!

True, an average Internet user is not supposed to know all that geekery, and even less to be aware of that hacking stuff to which the stammering DDoS obviously belongs. And this is the key to the story. This is what makes it potentially believable. The public is supposed to know instinctively that DDoS is just something horrible and evil. Armed with this knowledge we are quite naturally made to arrive to the following conclusion: evil things are done by evil-doers as who else would do evil things just for the sake of them being evil. The evil of the day is of course terrorism (and I am indeed puzzled why in our case an aged and lame KGB was getting preference over much more appropriate young and kicking terrorism) but anyhow, we know that second to best evil is undeniably the KGB. Thus being reduced to the essence the message is: the evil KGB organizes something horrible on the Internet. Why am I so outraged by this story? Just because I happen to hold my own opinion about two components of this story and from what I know it simply does not make any sense. So we are asked to believe in
  1. there were DDoS attacks
  2. and this DDoS was organized and run, perpetuated, executed by KGB
How? Why? On what grounds? Let’s take a closer look at two parts of the story, namely DDoS and KGB.
For those who might not know what DDoS is … DDoS is a Distributed Denial of Service which in short means that (Distributed i.e. many many many) computers start sending malicious messages to victim computer in order to somehow slow down or stop this computer from being functional and users can’t get from the victim computer the service they are used to be serviced with (Denial of Service). The idea is to disrupt normal functioning of victim services either by flooding inbound or outbound channels used by the service to communicate with the outside world or by making target computers work so hard that they become terribly slow or may even halt in the process . What you really need to perpetuate DDoS?
  • A. a number of computers which is indeed supposes some sort of sophistication
  • B. minimal amount of hacking expertise
  • C. a strong desire to disrupt services of your potential victims
What you can achieve? Exactly what it says on the tin. Namely those services will temporarily slow down or even hang for as long as you maintain or even increase the intensity of your attack. You can’t maintain the intensity of your attack indefinitely and even assuming that no measures are taken on the opposite side the duration of the effects depends on the duration of your effort. In reality however it’s stupid to suppose that your potential victim will do nothing and will not attempt to counter your attack. As a result it is a very very short trouble that has no long lasting consequences whatsoever. That what DDoS is. So who and why uses DDoS in it’s pure form? DDoS was traditionally used by groups of hackers who intended to blackmail significant services in order to extract some material funds from them in return for not continuing DDoS attacks. In simple words it is extortion what they were after. And most importantly it’s the thing of the past. All these attacks were unsuccessful i. e. culprits never succeeded in extracting money from their victims. Victims were smart enough to counter DDoS attacks and not to pay any money. On a very small scale it might be used in SEO battles mainly to unnerve the competition. Today it is predominantly a tool of petty revenge practiced by script kiddies, harmless in nature but rather annoying for as long as it lasts. The bottom line is – DDoS is
  • a) inefficient and resource consuming as it requires disproportionately more resources compare to the amount of harm that it causes
  • b) relatively harmless as it has no long-lasting consequences
  • c) indiscriminate and poorly targeted as it affects the broader infrastructure
To make it finally clear one has to consider what DDoS is not and among many other things DDoS is
  • NOT capable of inflicting permanent damage
  • NOT harming hardware or software in any way (save for occasional overheating)
  • NOT capable of stealing your passwords or any other information
  • NOT capable of altering (poisoning) information
  • NOT capable of defacing websites
  • NOT capable of publishing bogus information
  • NOT capable of sending spam messages
etc, etc, etc. For the malicious activities listed above along with many others there are specialized techniques known to quite many hackers and certainly available to any decent law enforcement agency or secret service (KGB included).
On other hand DDoS might still be useful in a very specific situation when there is an important peace of information either supposed to be delivered to victim system or to be spread by that victim system and the importance of this information depends very much on the speed of the delivery of this information. So that is the only meaningful use of DDoS attack per se. To give you an example – if one aimed to disrupt economic activity worldwide it would have been meaningful to DDoS the NYSE web server but only if that information was traveling exclusively over the Internet and only for the duration of the attack itself. Unsurprisingly, however, the Internet is not trusted to be the only vehicle for any sort of mission-critical or otherwise significant information and consequently even this kind of attack would not achieve the desired effect.

The most tricky thing with DDoS is that it can only be registered on the server side. From the user side it all looks the same. The evidence of a DDoS attack available to you as a user is when you open a victim website and it doesn’t open. This state is commonly referred as being down. But the most interesting thing is that these symptoms are not peculiar to DDoS as such. In fact I witnessed those symptoms just as well and I had some difficulties tweeting during this period too. But the fact that it was DDoS attack and not just simple routing problem or some other hardware or software outage cannot possibly be verified on my side. It can only be confirmed by authority sources from the victim side because only they can see what sort of trouble it really was. I can only believe what I am being told and incidentally I am being told a whole load of rubbish. Some bright sparks deducted that the cause of all was an email spam campaign with messages containing links to victim services. Did it ever occurred to them that if this was the case than any other similar email spam campaign would have similar destructive consequences or this logical operation is beyond their intellectual capacity? Perhaps I am being too hard on them taking into account that Max Kelly, chief security officer at Facebook without hesitation declared the following
"The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources. If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see."
Hang on! It’s Facebook, the fourth most popular internet site nearing 4% of global page views according to Alexa. Hundreds per second… I’m not about to gather your lost marbles for you – too busy dealing with mine after hearing this. No wonder in the same breath he proclaims
"It was a simultaneous attack across a number of properties targeting him [Cyxymu] to keep his voice from being heard."

Now, don’t even think of making me to believe these guys. It’s not just mere incompetence – they are loonies. As a matter of fact having sources of this quality we still don’t know if it was DDoS attack at all or something other caused the outages we all witnessed. If guys like this are entrusted with security on Facebook – what level of competence would you expect from their system administrators?

Now let’s take the second part of the story which when you dig a bit deeper tells us about some chap from Georgia (former Soviet republic, not the US State) known by the nick Cyxymu writing something that assumingly annoys KGB so much that KGB decides to disable albeit temporarily normal functioning of certain services where this character could potentially post his information.

Well, so far so good. Now if you want me to believe this, would you please care to convince me that DDoS is actually the best possible way of silencing dissident voices on the Internet. Of all possible tactics ranging from account hacking to physical threats they somehow cunningly choose DDoS. I’m not disputing the fact that KGB is evil. Let’s make it clear. Albeit I view this statement as being a bit one-sided. It's not that I'm saying that KGB has also a good side, I'm actually saying that not only KGB is evil and KGB is as evil as many other agencies with similar functions. No doubt it is evil. But wait a second, now you want me to believe that KGB is both evil and stupid.

Suppose Cyxymu guy indeed published some information that KGB thinks is inappropriate or even poses a direct threat to their power if you wish. If you were KGB what you would do? You have the potential to either wreck a havoc upon good half of the Internet or quietly delete those dissenting messages what would you choose? Suppose KGB has the potential to halt important segments of western Internet infrastructure. Well, if you are KGB then it’s only reasonable not to display this potential openly. The most stupid thing to do is to shout about it loud. You would rather prefer to save this capacity for the moment when you need to disable important governmental or defense agencies or even CIA web site for that matter etc etc etc and not to expose this openly to the entire world in process of hunting down the poor Cyxymu guy.

You want me to believe they are as stupid as to crack nuts with a sledge hummer? If they for whatever reason didn’t have the capacity to quietly delete those dissenting messages using team of evil hacker KGB agents we have to take into account another peculiar side of the story - our dissident was writing in Russian. Hence this author never intended his messages to be widely circulated around the world. He was mainly addressing them to the Russian speaking audience.

It wouldn’t be a secret that most of the Russian speaking audience is residing within the borders of the former Soviet Union. So the most reasonable thing would be to surgically proxy filter the undesired information at the point of entry. You can practice exactly the same thing in privacy of your own home with your home router by adjusting a couple of built-in features.

What else evil KGB could do to prevent this important information reaching the audience? Why instead of deleting or filtering this KGB would temporarily and only partially disable access to millions user accounts of those services also exposing their capacities to do so on the way? It seems to be as obviously idiotic as if in an attempt to stop me from blogging forever someone would undertake carpet bombing of the entire NY City with itching powder not caring much about temporary duration of the substance itself and neither being too concerned with collateral damage inflicted upon the unsuspecting civilian population. Add to this the inevitable exposure of means of delivery coupled with the amount of resources involved and even after this the absurdity of the situation would only approach but never equal the one under consideration. Something must be wrong with this. If it is KGB they are not evil they are just stupid. And for what it’s worth we have nothing to fear. People stupid enough to do this can not be dangerous. Have mercy on them.

Assume for the sake of argument it was the evil KGB behind the attack. Playing the devil’s advocate let us ask ourselves what KGB was trying to achieve by DDoSing Facebook and Tweeter (assuming, of course they are not stupid and their means were somehow appropriately chosen to fit the ends)? Considering the tool chosen, namely DDoS it should be a piece of significant information that is of such an urgent nature that it is crucially important for it to be immediately and rapidly spread by those targeted services and it should be either already present on those services or intended to be published there.

Going though the posts of Cyxymu guy we can’t find anything that would radically change our view on the current policy issues of the former Soviet Union or whatever world affairs in general. If there was something significant that the world should know and KGB was trying not to let us know in time, we would have known it by now. Now when DDoS ceased completely it would have been published and gain the appropriate prominence. Instead the most significant news item that came after the attack was precisely that - this Cyxymu guy was the target of the attack and the KGB was the culprit.

Isn’t it precisely the kind of publicity the KGB would rather avoid getting? If this was the plot behind the attack why would they damage the unsuspecting Gawker or Gizmodo who couldn’t care less about Georgia or Russia or all of this former-Soviet business altogether? Just because they are evil and hate all Americans? Gimme a break! So, stop bullshtting me as I don’t like it!

Another interesting turn of the story was brought up by my friends who can read Russian and are actually aware of what people are allowed not allowed to say in a those wild stepps of Russian Internet. Surprisingly they couldn’t find anything that could potentially send the KGB brotherhood to such an outrage as to justify attacking whole bunch of western hosts.

I’m inclined to believe there are quite many users in Russia expressing views similar if not much more radical than this Cyxymu guy with no immediate consequences whatsoever. In all honesty in the translation I was provided with I couldn’t find anything particularly interesting at all. To me, believe it or not, it was just boring. Some of his posts to my infinite surprise were actually nearly apologetic of some bits of Russian policy in Caucasia. So based on what I know the Cyxymu guy has a completely different overtone from the one we are made to believe in. Whatever opinion one may hold regarding the degree of suppression of freedom of speech in Putin’s Russia the Cyxymu guy is not Politkovskaya. I simply refuse to take seriously the view that a chap having 42 tweets on Twitter presented such a serious threat to regime that the need to DDoS attack Twitter itself was not only apparent but also happened to be the best possible solution of all available to the evil KGB.

The truth of the matter is that Cyxymu guy is insignificant. Or he was insignificant before the DDoS “attack”. Quite by chance he happened to be the main beneficiary of this event. But here the "quid prodest" logic seems to be at fault. Was he behind the attack? Definitely not, ‘cause if he was the world would certainly gone mad.

Now it’s time to piece the story back together. All things considered the story begins to look quite different from initial impression perpetuated by urban myths. We witnessed some difficulties accessing several significant social networking sites. Within several days it was interpreted as DDoS attack with no hard evidence to support this interpretation being presented to the public. In a moment out of complete nowhere there comes the Cyxymu guy with his story. Probably an honest paranoid schizophrenic who sincerely believes that the whole world is after him and self-confident enough to say that his writings alone brought such a havoc upon Facebook Twitter, Livejournal, Blogger and the like. So far so good. Nothing surprising in this. Sometimes I myself have an ugly suspicion that there are bugging devices all over my house and I have uncomfortable feeling of being followed while out on the street but then who doesn’t?

A healthy pinch of paranoia never harmed anyone. LOL What is surprising in all this is that somehow his paranoia begins to resonate. Not only he is being listened to, but he is taken altogether seriously. Of all it is the UK’s Guardian (a newspaper I tended to respect and even to sympathize with) takes the leading role in retelling the KGB story, closely followed by no other than Cnet. And it does not matter how much comments they’d put in, how much objectivity they inject into the story – the truth of the matter is that it is a non-story altogether. It should not be retold in the first place. DDoS attack and Cyxymu guy are unrelated. There are no KGB agents hiding in every dark alley you can recall.

Is it simple incompetence that breeds paranoia or paranoia that prevents them from thinking rationally the final result is the same – bad journalism. If such are the standards of journalism these days... I don’t personally like that Putin guy either (he isn't sexy enough to my taste) and I also find Russian foreign policy in general and Russian policy in North Caucus in particular to be short-sightеd to say the least. I may even bother writing something about it but only if you promise that the next Twitter outage will be blamed on SexySEO fighting KGB too, and ahhhh don’t forget that Guardian interview comes in the same package. But what were the editors thinking? Did they just overlook the stupidity of the situation? I simply have to believe this version as otherwise I might think that they had to trade their honor and professional reputation for something that obviously outweighs them both.

Now it is only reasonable to ask what is my take on all that DDoS story. What do I think really happened and who was behind it. Well, let me take you back to the title of this post and gently remind that it is not an exercise in conspiracy theorizing but in simpleminded skepticism. My answer is how do I know? Admit it, we simply have no reliable information to make any positive conclusions and besides I really do believe that there are plenty of much more important things in this world than KGB and their attempts to take over this very world altogether.


vitic said...

Yes, KGB is both EVIL and STUPID.
If you read historical (and current) documents about KGB, you will soon notice that their usual response to something they or their superiors, spouses, pets etc don't like is "We'll kick your but" and many other variations of that theme. That's how you would expect an immature teenager to behave but not highly educated adults trying to protect their country.

So, I wouldn't rule out KGB although they would not be the first ones to come to my mind in this case. Russia is full of delusional "patriots", the same kind that still says that Stalin was the best leader ever. Any group of such "patriots" could have done it, no need to wait for KGB.

Anonymous said...

Whatever is the situation SEO position matter only.

SEO Services India Company - AstinSoftech

SexySEO said...

@Anant Spamming, dear? Whatever! I like your "comment" ROFL :))))))))))))

SexySEO said...

"@Lora - you lay the argument out in two steps: there was a DDoS attack, and that it was alleged to have been orchestrated by the KGB. My blog post spoke to the former, and I stand by those comments. As to the latter, I have no idea. - Rick Klau"

Tom Crane said...

Ok, I took Latin, but I do not know "quid prodest." Say what?

SexySEO said...

@Tom quid prodest - who benefits, who profits. ;)

Tom Crane said...

Tom: So, where did you learn quid prodest? I need to add that to my limited stock of handy Latin phrases..... Sexxy: Roman law ;) see also see also: cui bono, cui prodest Tom: Oh ok, its that crazy Medieval era latin. Its supposed to be very different from classic era Latin, which is what I did. Poor thing, you must be a refugee from some crazy Catholic school. My sympathies.... ;-)
Tom: Roman law? I thought only priests and a few rabid law students studied that....

SexySEO said...

@Tom Thanks for reposting our "private" conversation, dear ;)