Singapore server leads massive zombie PC attack.

Biggest rogue network controlled from Singapore

Infocomm Development Authority shuts down server that controlled 10,000 computers worldwide

By Eugene Wee
eugenew@sph.com.sg

ATTACKED from Singapore!

That distress call from Australia revealed that one of the biggest rogue computer networks was being controlled from Singapore.

A hacker had used worms or viruses to seize control of more than 10,000 computers worldwide.

He then linked the zombie PCs into a robot network, or botnet, to attack other computers.

And controlling the botnet was a powerful server in Singapore, which the hacker had hijacked.

The Infocomm Development Authority of Singapore (IDA) shut down the server last month following an attack on an Australian university network.

Together, the 10,000 zombie computers packed enough power to paralyse sensitive institutions like banks.

Zombie PCs are so-called because they have been penetrated by hackers and secretly carry out their commands.

Your own computer could be at risk if you don't take precautions. (See report at left)

The Singapore Computer Emergency Response Team (SingCERT), which is part of IDA, said it was alerted by the Australia Computer Emergency Response Team (AusCERT) after the zombie PCs attacked a university computer network there.

SingCERT told The New Paper that this is the largest botnet it has ever come across here.

SingCERT then worked with a local Internet Service Provider (ISP) to shut down the botnet's controlling server.

It declined to reveal which ISP was involved or who was using the server at the time.

The hacker responsible for hijacking the server has yet to be tracked down.

If caught, he could be charged here under the Computer Misuse Act and jailed up to three years or fined up to $10,000.

'The person controlling the botnet will typically break into someone else's system and use it to carry out his illicit activities,' said a SingCERT spokesman.

NOT EASY TO CATCH HACKER

'Catching the culprit can be complicated, especially if he is able to cover his tracks well.'

Things get more complicated when the zombie PCs and the controlling servers are located in different countries.

'To shut down such a network will require the co-operation of the owner of the controlling server,' the spokesman added.

'And if the server is located in another country, then it will be necessary to work with the computer emergency response team in that country or with the relevant law enforcement agency.'

According to a recent Internet Threat report released by Symantec, makers of popular anti-virus software Norton Anti-Virus, more than 30,000 computers are 'recruited' into botnets every day.

The highest number it recorded was more than 75,000 computers in one day.

Some hackers are even renting out these botnets to the highest bidder.

Two months ago, the US Federal Bureau of Investigations issued an arrest warrant for a Massachusetts businessman who paid hackers to launch attacks on three of his competitors' websites using botnets.

Anti-virus software makers TrendMicro also detected more than 400 bot programs making their rounds last month, a huge jump from the same time last year when only 17 were detected.

Mr Ang Ah Sin, TrendMicro's regional marketing manager for Asia South Region, said the spike may be due to the fact that hackers now stand to profit in monetary terms rather than just fame and notoriety from their botnet activities.

Fortunately, the spread of zombie PCs in Singapore is still relatively under control.

'This is not a prevalent issue in Singapore,' said the SingCert spokesman.

'However, there is a need for us to stay vigilant and to take necessary precautionary steps to protect our systems from attacks and becoming compromised.'

 

"powerful server in Singapore" ?

Must be one of the unversities.