Cyberattack as a Form of Civil Disobedience

I saw a tendency to leave a while ago, but you're back. It's not nice to tell it to yourself, so Kamil did it. He did it with a "yay", fortunately apolitically. Today's topic is not about technical topics, because you are better than me in many cases, and in the group you will kill me with questions. I will try to address these topics more politically and socially, based on technology. Today we will talk about cyber attack as a form of civil disobedience. We will also talk about a few-slide tutorial or information about the presence of such a conventional gymnasium on holidays. So that the guys from RBS would not get bored. Maybe some other issues could be found. A little encouragement, but of course there

will be also warnings. I have been running an IT company for some time now, offering hosting to my clients with a higher security level. What does it mean exactly? I am not here commercially, so I will not elaborate. I will just say that I, as an admin, am a very bad person. I love to cut traffic, look at it, analyze what comes and what comes out. So it turns out that a client who has been receiving spam for a kilogram of money on a certain home company, after going through the house, stops receiving it because the anti-spam filters are so restrictive that the invoice from the PLEA does not pass. Okay, that's it. What is the civil disobedience? We have a lot

of examples of civil disobedience. It's not a strike, as we often understand it, because a strike is when you say "Oho! They're working already!" "Is it okay now? Thanks!" Okay, so back to the slides you didn't see on the stream. And we come back to the topic. A situation in which a unit or a group of people consciously performs acts against local or national law. So if we went to the parliament, packed our luggage in the car of a certain MP and went there, it is a civil disobedience. We went there to strike illegally, we broke the law, because it would be legal to strike at the gate. What does it mean when it is actually a disobedience, and not an act of terrorism? These actions

must be taken in a way that does not threaten life, i.e. we do not throw stones at policemen, as it happens, or we do not burn tires on the streets. And the goal that we want to achieve It cannot be the price of fuel, as in the case of the Act, where people go out and fight for the internet to be free. Whether the Act was censored or not, whether Article 11 was censored or not, is a different topic. I'm just giving an example to prevent any questions. The goal must be fully dedicated to the general public, not only to one small, narrow group, but to the whole general public. It is difficult to categorize it. Some examples of

such a general public will also appear. The means of expressing civil disobedience, i.e. strikes, protests, including those not recognized by the authorities, If we recall a few days ago, in a certain town, I don't remember where, Parada Równości, and the organization of it, despite the fact that it can be considered as an illegal activity, there were strikes in 1986. When the commune banned strikes, it definitely banned gathering, and people were fighting for the information to be passed. You can also use strikes in your own way, even if they are legal, but this is a more gentle version, where no one will try to arrest us for it. The difficulty of service activities for service officials. Here we can take a situation where there is a tenement house where

families live. The owner decided to clean the tenement house, he set the rent to some mega-price of 200 PLN per meter. A cellar comes in, because people are unpaid, and he starts to throw them out. He does it in the assistance of the police, and the service officials follow. And if the social group starts to make it harder for the action, blocking the entrance to the building, it is a civil disobedience. Because we, as citizens, oppose the action of state apparatus. The word "apparatus" is not a good comparison. The state apparatus. The state processes, the people who represent the state, We understand that according to Polish law, you have to pay for the debt, and if someone does not pay, you can throw him out. Only here comes the

situation where the debt appears, so it is also a specific situation. The impoverishment or prohibition of the functioning of state bodies. Various bodies work differently, it is a matter of which body we will include. But it can also be related to the employment of the services, because state bodies often use the services of the police or other special services. "The confusion or the impossibility of meeting with a group promoting ideas against which the opposition is expressed." I don't know if everyone remembers the birthday of a man with a crown in the background from some time ago. If not, if we know that in a given place and time a group will gather, which will be hailing the principals,

or will perform other gestures, or will promote ideas that are in some way dangerous for society, whether it is fascism, Nazism, or other situations of this kind, There is no problem in blocking them. Here is a simple example. Marches of Independence take place in Warsaw on May 11th, organized by various institutions. It is both about the UN and not about the UN. There is a lot of it. Some of them are more or less peaceful. And there are organized counter-manifestations, which are more or less legal, because they are not always allowed. The current city policy says that the routes are planned in such a way that these two, two campaigns do not meet. If the group I would not say that it will block the road, but it will

also lead to a situation in which we do not disturb anyone's physical integrity, we do not attack him physically, but we make it impossible for him to go from point A to point B. This is still an expression of non-sense of the citizenry. against the authorities, which allowed the march of such a group, which in one way or another, for example in a crypto way, or shouting "White Poland", which is a slogan that offends some, so the prohibition of such a group from crossing the city. Activist organizations like Greenpeace. Attachment to trees is the best example of this. There were no authorities, because they do so many illegal things, like entering the legalized land, clinging to trees, and making it impossible to cut trees. I know

that they even put themselves under the diggers. I don't know if they do it. Greenpeace is a great example of disobedience towards everything. But Greenpeace is exaggerating when it attacks ships and causes flooding or damage. Here we are talking about material losses and it is already a crime, not just an activist action. Ok, cyberwar is coming up in this presentation. At the end of the topic we have DDoS, so I will leave this reference. Cyberwar, the use of computers, the Internet, any other means, the fridge connected to Wi-Fi or the Ethernet to carry out an attack on the IT system or the enemy's living force. The enemy's living force is a citizen, a civilian, a soldier, a policeman, a guard, anyone who is on the enemy's

side. It's a bit of a nomenclature, taken from military circles. What is it aiming for? In fact, cyber attack or cyber war, we hear most often that hackers from Russia, from the country of the potato and vodka. They attacked the bank or government bodies from the country producing hamburgers. And that's what we're based on. A few years ago, the case was described by an unlikely side. For example, we knew that for 5 years someone was sitting in the email system, He sent emails and copies every now and then. Of course, the Ministry of Finance said: "No, no, no, they only read our invitations to the issue of invoices and so on. We will never know what actually happened there. Or maybe we will find

out if someone ever pulls out some coins from the closet of a different gentleman than Mr. Kiszczak. Cyberwar is a whole series of hostile actions performed with electronic equipment. On the one hand, there is a computer, and on the other hand, there can be everything. It can be IoT, your phone, your computer. It is an attack against the enemy using technology. An example of cyberwar I recently read a scenario. where the idea was that hackers would steal two American drones. They are so big, armed and it wasn't cool. Fortunately, it was just a scenario of some cool, better game that never came out. Okay, let's go on. The tools of the cyber war. As I said, the annoying programming,

ransomware. Malware, actually scour, what we will write and what we will adapt to make our user code work with accurate programming. Will pouring pop-ups with pretty or ugly ladies on someone's computer depend on the country? Yes, it is a cyber war, but it is a failure of the work. If it is an office, then, let's say, that flooding 10 out of 20 computers in the passport distribution office will cause the efficiency of this office to drop by half, if not even more, because of course it is time to make coffee. Abuse of access to the network, i.e. breaches, theft of trusted data. Why did I separate it? Because theft of trusted data does not always have to be

caused by abuse of access to the network. I once proved to a certain person that the fact that he has a Windows password and that he doesn't leave his computer for more than 20 minutes outside his view, that he leaves it in the hotel for an hour and closes the room, is not a security at all. Because you can make a binary copy of the disk, run it on a virtual machine and it ends up being accessible to data. And in the past, unfortunately, not everyone thought about encrypting disks. Not everyone thinks about it, so it's a problem. Breakage of computer systems, unauthorized access. Abuse of network access, sniffing of packages, sending, let's say we are here, I log in, I

start reading your bank accounts, or let's say someone from MON is sitting here, to log in from a public connection to a Mono application. Let's say that Mono application is so beautiful that it has a self-signature certificate and some kind of abuse is created. Someone just posts a password, he will be able to make a middleman or some other kind of network attack. and steals that access. It happens. I'm not saying it's not. Today you hear that someone went to KFC, turned on the phone, connected to the network and two days later it turned out that they stole money from his account because he said he would pay his bills. And such DDoS access, that is, from one source, DDoS from

distributed sources, from many sources. In fact, DDoS starts with two computers. So if someone has a laptop, we'll make a DDoS for someone. And the socio-technical attacks, i.e. sending invoices from Play, sometimes it's enough to know the organizational axis well, to collect business cards at conferences. Seriously. And let's say that we have an example, we have a company X, which has three employees at the conference, we collect three business cards, A few days later, weeks later, if we manage to spoof the email, assuming that the company has a weak filter of emails or their email allows for cheating, to say in the box that we have sent someone's email, I do some googling on LinkedIn, Facebook,

not always, but often. I wait for a birthday event. We see that the person we have given has a birthday, we send an invitation file, so it's some kind of social media. Sometimes it's enough to observe, read Google, LinkedIn. and we see that it often goes out. Some people are still getting on: "Good morning, you won BMW". Okay. Electronic disobedience is suffering, because I'm already moving away from the electronic one. So I'm going back to this technology. As we've already talked about physical disobedience, The electronic interdependence is different from what we are used to. It occurs in the network. Of course, it comes from entering someone's property, blocking certain things, blocking buildings. The same traditional tactic

is blocking buildings, or block the other way around. Or even to prevent the entry or exit of the person we intend to pressure. Presbyterians tried to do it with their town, but the government had always had evacuation exits. It happened, as I said, in the case of Klimpis, that people blocked the mine with their own bodies. Some time ago I remember a video from a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a

video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a

truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs.

It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a video of a truck carrying pigs. It was a truck carrying pigs. It was a video of a truck carrying pigs. It was a truck carrying pigs. The view is terrible, the driver is not stopping at all, he is just driving on. Fortunately, people managed to get away. What is it that we are getting to? This type of methods can be used electronically.

Electronic hearing allows you to achieve the same result through a virtual occupation strike. I think that when I say "virtual strike" and I say "DDoS" some people start to get a light in their head and I know what I'm aiming for. The thing is that a virtual strike is a strike as usual but nobody leaves the house, everyone is sitting in it and doing activities from their own home. Electronic disturbance theater. Does anyone know it? EDT? Short? Does anyone know the history of hacktivism? Seriously? OK. OK. Do you know anything better now? Nothing? OK. A group of artists, performers and hacktivists founded in 1997, among others by Richard Dominguez, attacked the PENTAGON website and the Mexican government in 1998. Why? To draw attention to the situation

of the Indians in the Mexican state of Chiapas in the context of the fight against the Pats. It started with electronic non-combatant services, by providing IT tools such as: Floodnet, Oh, that's more! It's the same action, generating movement on a given website to make it work. This is how it looks now. When I saw the picture of Dominguez, I remembered the Karate Kid's master. I always say that the most dangerous are the old-timers, because we don't suspect them of anything. Well, these guys are still active, they are still carrying out their actions, they are still promoting their ideas. Maybe they are not as active and open as they used to be, but you can still track them.

Vogel case. On June 20, 2001, I know that in 2001 we lived in different circumstances, Andreas Thomas Vogel started the "Deportation Class" campaign. By publishing the program for automatic removal of the Lufthansa website. The main German carrier in a protest against the company's practice. Does anyone know what was the company's practice? And what is the biggest problem in Europe now? The company's practice was that in 2001, after the 90s, when the Germans had a very liberal policy of accepting refugees and immigrants, it was enough to appear on the border without foreign currency, with an unproper passport and poor life situation or safety, let's say someone escaped from a country, it was accepted. This is where the Turkish people came from, for other reasons. Lufthansa, together with

the German government, mass deported people running for asylum. They were trying to get rid of the problem, they were sending people away, so that these people would never reach them. Using the version of the electronics group "Distobar's Theater" - that's why I mention EDT - About 13,000 people joined the action of blocking the main German carrier, which led to a significant stop on the side. Shortly after the action, among others, the Lufthansa Council of Representatives always stood up to the CDR to expel immigrants using its airfields. So, as I said, there was a social group that needed help, immigrants, because they were treated like packages that were withdrawn, and in general, he took part in their defense. When he took

part in their defense, he broke the law, because a cyber attack was carried out, which in the canons of today's If today's canon was based on the rule that Russian hackers versus American side in the Gov domain, it would be considered a cyberwar. Hence my reference to cyberwar. Vogel was accused of inciting to engage in acts against Lufthansa and arrested. So, a paragraph for inciting to crime. In 2005, so four years later, The court in Frankfurt has declared that it is guilty of using force against Lufthansa, based on material losses that the line has suffered. The line did not work, you can't sell tickets, there is a serious kick for them. I have some information here that he had to

carry the return of the full capacity of the connection. In general, they are sentenced to a fine of the bone or a fine of deprivation of freedom for... guess how much? How much? No, Google is the answer. Good. And yet you read! Wow! That's good! I'm very happy. I thought you wouldn't read, because what a test of observability. Because I once had such a presentation and people got information here, and then the question at the end. You can do it anyway. "But he was innocent. Not believing in his innocence and the truthfulness of his case, he filed a complaint. The case was brought to court by the highest court. He, on the other hand, issued the first

precedent-based verdict, removing the first court sentence." Now I have a nice quote from this article. "Online demonstration did not carry the signs of attack and did not constitute a method of showing strength, but aimed at influencing public opinion." Wow! We have legalized DDoS! Okay, so we have legalized DDoS. Let's say that in this case it turned out to be correct, because it was compared to civil disobedience. "The administrators of the Libertad, initiated by Vogel, have adapted the following statement: "Although it has a virtual character, the Internet is still a public sphere. In the event of dirty interests, protests in this sphere should also be legalized." Does anyone agree with this statement? I see that there are

a lot of voters from a certain party here. who agree to each signature. Okay, I understand, you have only the right to do that. Let's move on. Vogel's case was the first of its kind on the international market, where not only legal, because, you know, there are always such arguments, but also philosophical arguments were presented, which were about the legality of using DDoS. Seriously. Now, as a tool for hacktivist actions. We say that DDoS is not legal when we play around, because, let's face it, it's just for fun, to show the information from CloudFare, that the page is unavailable. It's not cool. It's cool when it comes to hacktivism. And now, going further with this thought, Sontes emphasized the fact that, as I

said before, it wasn't about fan, about Lufthansa being destroyed because he didn't like Lufthansa because Germans were beating him. The point was to show that a certain social group is oppressed, it is bad and it must be defended. The point was to follow the public opinion, not Lufthansa. Lufthansa stopped transporting immigrants not because of the fact that they made a mess, but because the press started to attack them. They didn't take over DDoS with one attack, because they cleaned it up. But if later, for the next few months, their sales dropped because of bad work, it works. Is DDoS a new occupation process? I think I answered this question. If we take this issue into account, Transfers of everything to

the electronic world, the world of the Internet. One of the prelegents said before that there is a blockchain everywhere, there is electronics everywhere and we are all excited about it. If we are excited about this blockchain, if we are excited about other electronic things, we are transferring everything to electronics, then we should also translate our citizen affairs into this. Not only paying the payer, not only sending invoices to the tax office, not only filing complaints or car inspection, but also issues of protests and expressing our opinion. What is sit-in? It is an action that is directly characterized by the lack of violence, it must be open, more than one person, just like in DDoS, there must be two computers, fighting injustice. So again, it's not about making someone's

life difficult, but about fighting a certain situation. Sit-in is actually an occupation, a form of civil disobedience, which can be characterized by the criteria I mentioned. What does it mean that it has to be taken openly? The point is that we cannot say that by going to sit-in we have to take personal evidence. Let's not be fooled, the consequences of sit-in are such that you are arrested, or the police In the US, when I googled it, most of these protests end in the following way: the police collect the company, remove it from a given place, write down the data and release it. Because in fact, the problem is solved and closing them 30 times doesn't make any sense. Unless there

are losses caused by them, because then a company with no civil authority can take the consequences.

Does anyone remember? Yes, premier.gov.pl. Polish hacktivism of recent years. To be honest, drawing Polish underground is a bad idea, because they are poorly represented as hacktivists. I mean, for example, the premier's website, which doesn't earn money, is only a representative page, it was removed. The content that appeared on it, because this is the first version, the second version was that the Prime Minister is a bad person, okay, it was already a misrepresentation, but the first version that appeared, that is, that the entire Polish Internet in recent days has been dealing with a wave of protests against the Act and so on, and so on, it is a clear message It's not a de-use, it's a deface. Of course, it's something completely different, but it could be

connected. What if I was the author of this attack and was caught? Well, let's face it, the authors of this attack were caught sooner or later. I would probably try to use European law, European directives, which work in such a way that when it comes to specific to the law, for example the European Law on Freedom of Speech and Speech is higher than our national regulations. So maybe I would spend a few years on it, but maybe I would go to court and prove that I didn't destroy anyone's life, unless the admin would get the password. The guy would probably be out. I didn't destroy anyone's life, I didn't threaten anyone's life, I didn't do anything physical or mental harm

to anyone. Maybe to the admin, but the admin gets beaten up at this point. In fact, the attack was purely PR. Only. And now, what is the outcome? Until now, when the media was talking about the act, about the protests, I remember that when I woke up in the morning and turned on the TVN news at 8 am, the TVN was beating me for half an hour. TVN actually recreated the recording where the TVN is. I tried to find the recording with this YouTuber, but it didn't work. It died in the internet. I suspect that we would laugh a little, because the outfit imitating Mr. Jaruzelski from 1989, from December 13, was still being used. People laughed loudly. In 1981,

the outfit would have suggested a lot, it would have made the Prime Minister laugh. that suddenly it turned out that the media stopped talking about the law protecting creators and copyrights, and started talking about censorship of the Internet. It worked. And now, of course, later they claimed that they were having a debate, this debate was really cool, it was one-sided, just like it was being watched. The debate didn't give much, because when the media started to take over them, they realized that the chances of next elections, because we as a young generation, we have 18-year-olds, we can vote, and they will sign it, they will lose 100%. I don't remember the result of the next elections, I don't really pay attention to it, because it

won't be better anyway. Okay, DDoS for the stubborn, not to mention the idiots. The use of DDoS attacks is to disrupt the functioning of the harmful system or process, to trigger a reaction on a regular basis and to draw attention. These actions should pay attention to the role of contemporary online activism. As I said, physical activism has not given much in recent years. Apart from the fact that it ends with entering the Sejm in the trunk, burning tires, throwing through the fence. So, in fact, not a strike, not a protest, but a destruction. Because, in fact, let's not be fooled. When someone jumps over the fence of the Sejm, he performs a terrorist act according to the

law. And the guard of the place is the police. Every soldier has the right to shoot him. So I think I prefer to be executed under the Sejm. Don't do it at home. I did it in a separate lab. I did it on my own responsibility after contact with the server administrator who was attacking and was a victim. It wasn't a big company, because I would have reached the conclusion that I wouldn't be able to explain to anyone why I needed to generate DDoS from server to server. I suspect it would take a long time to explain it, but it took a long time because there was little time to organize the conference. Why is DDoS most often used as a practice? Seriously. I wrote "Google DDoS Tool"

and said: "I'll see what I can compete with by writing my own DDoS tool". It turned out that there are about 10 million results. Oh well. How can it be simpler? I type in "Google" and I have it. Of course, half of them, if not most, are some malware used to infect high school students' computers. Why another screen? I decided to look for a video. I said I would learn something from the video. It turned out that there are almost 11 million videos. So I looked at a few and decided that the best practice I would choose would be... I won't tell you. I will tell you later. Okay, now some statistics. Key trends of DDoS in Q2 2018. I've been reading the Verasign charts, so

I'm going to read the quotes from Verasign. I've got what I needed. What do we see on this chart? First of all, the increase in the number of attacks by 35% compared to Q1. If I remember correctly, Easter holidays were in Q2, right? So we have the Christmas factor again, which Krystian was talking about. The biggest peak attack reached 32 GB at the moment, with a speed of 4.7 million packets per second. That's a lot. I don't know if you remember, but a few months ago there was an event where Google claimed, or rather it was claimed, that Google's DNA was being received by the world's main ones. I don't remember the website, but there was a chart showing

the number of requests to these DNSs. And it turned out that for some time there was a nice peak. So there was some kind of attack. In the end, it was never publicly informed. I didn't get to know about it, it's very possible. Average results of attacks in the peak moment: an increase of 111% of the average attack size to 5.7 Giga per second compared to Q2 2017. 26% of attacks with a size of more than 5 Giga per second. How do they have it? I don't know. I mean, I know. We all know that the number of servers in the Chinese classes, or in general, the number of servers in the world, oh, the password root, root, root, admin, admin,

admin, admin, password, password, monkey, And many more things like that. Even yesterday, when I was configuring a server, I had a client who was very, very careful about RODO. He was very, very careful about all contracts. I have 4 contracts with him, so I won't say the names. And finally, I asked him for an password, he sent me a login by e-mail, he sent me a password by SMS. And at this point I started laughing. No, QWERTY123. Okay, but what? The most common attacks are UDP, FLUTE, which is 56% of all DDoS attacks in the second quarter. However, 20% of attacks were used by three or more methods of performing DDoS attacks during one event. Attack DDoS was not strictly attack DDoS, but it was

a cover. I suspect that Mr. Robot, everyone of you watched it. Did you watch Mr. Robot? I've already told you about it. If you didn't, I'll get angry. Another spoiler. In the first episode, Attack DDoS appeared on one of their clients. And it turns out that Attack DDoS is only an incentive for administrators to restart servers. Because in servers, there are hidden routes that are revealed after restart. Great idea. So this was a presentation about droppers. If we were to sit down and explain how this scenario would actually work, it would probably be like this: after restart, a dropper is activated, which pulls the rest of the code. But to have a restart, we need

to force a network problem. DDoS attacks over the years. We can observe that 58% of DDoS attacks exceeded 1 Giga per second. Comparing that they are in the first and second quarter of the year. We then noted 35% increase in the number of attacks and 49% decrease in the average size of attacks. How was it caused? I think it is only a matter of geopolitical decision. Another issue that we are dealing with here is that in the second quarter of 2018, 62% of the researchers who experienced DDoS attacks were repeatedly attacked during the quarter, i.e. attacks were repeated many times. Generally speaking, DDoS attacks remain unpredictable and differ significantly in terms of speed and complexity.

Why are they unpredictable? A week ago, on the Facebook group DevOps, there was a discussion about the company and its attack on them. It was an attack on DDoS. So everyone says: "Damn, such a big company should prepare for DDoS." Okay, but we still don't know what size it was and we don't know if their security didn't cover some level and someone was cool and gave 1GB more and it was over. Method differentiation. Here we have that in fact 52% of attacks taken in the second quarter used at least two attack methods. So one attack method does not give us the certainty that we will deploy this system. The most common attack directed against the network on many levels. You can also observe the trend of

changing the attack method during one DDoS event. In the second quarter of 2018, Verasign, which I mentioned earlier, observed that the attackers were mainly directing their actions on corporate network services. Let's not fool ourselves, we will turn off the network in the company and the company is dead. Why take their websites, databases, if it is enough to cut off their communication with the world? including email and IPsec using vectors such as SMTP, SNP and GRM. Today's DDoS attacks require monitoring in order to optimize the easing strategies. As I said, we don't have a golden mean, we can only ease the effects, i.e. the load balancing system, the distribution of this traffic. Some say that you

can always use IP tables. If we have a stupid botnet, I repeat, a stupid botnet, with 100 hosts, we can cut it. If we have a high level attack, so in the first wave we get 100 bots, we cut them and another 100 bots come, etc. We have someone who planned to replace them with rotation bots. We can actually beat and beat and beat and suddenly it turns out that we have the whole world cut out on the IP tables and nothing comes out of it. The most popular attacks are usually Flood, Dugging Fatale in 2018. The attacks of this type are 56% of all attacks. As we can see, we also have other types of attacks,

such as DNS, LDAP, NTP, or SNMP.

One of the easiest methods used in hacktivism is refreshing a given page. This way we generate traffic. Each server collects and sends us data. Each server has a certain number of clients that it can serve at once. So it ends up with a fall. There is a virtual occupation protest, a group of people is organized, they visit the site and many times force the site to open. As I said, the server does not fall from the amount of traffic it sends. Most often the network does not fall, the server itself does not fall. Linux, Windows or other kind of operating system. But it falls on Apache, NGX, because they are not able to generate more data to

send. They just hang up and hang up. I had such an example, maybe not DDoS attack, but The situation was born when I installed a very old "plenum" engine on an Apache, unpacked on Windows. It was old, 100 users logged in, which caused the page to collapse. Because Apache was falling back and said that it could not collect data anymore. Its working space did not allow for a greater number of database data. This type of attack can be carried out even by an unconscious person. Because we are actually forcing someone to press F5 and let's face it, if one of us sees that the page doesn't work, he will be surprised. Maybe UW students know USOS, they can log in.

"The biggest protest of this type was a virtual occupation protest held in 2005. The American anti-immigration organization again became the target of over 78,500 people from all over the world who could take part in the protest without leaving their homes. In fact, at this moment, while gathering people for a physical protest is difficult, because your mother has to let him go, because if we touch on a specific matter, But why am I talking about this mother? His mother has to let him go, his wife has to let him go, his boss has to let him go, someone has to let him go, he has to want to go. He has to travel those 700 km to Warsaw, come from some

Ląkowa Mniejsza or another Paconów, And yes, he is at home, he has a 512 Neostrada, he has his own connections, I mean, it still happens that it works like that. My mother in the countryside still works like that, even though it has its own specific parameters. He has his own connections, whether he is at home, in the office, whether he is 18 years old, whether he is not 18 years old, whether his wife does not allow him, whether he allows him, he is at home in front of the computer. The person next to him doesn't know what he's doing. And in this way we can easily get a group of... ...I won't call them hackers... ...of soldiers

who perform a certain command, which is "fresh". So this animation fits this type of attacks the best. Everyone heard about ping, everyone used it, I think everyone sent ping to WP. One more thing: WP has separate servers for pinging. You can do that. But have you ever been afraid of ping as administrators? I do the same. I have OVH servers and OVH checks if my IPs are still alive. And they keep saying that my servers are dead. Because all the ping is cut out. Because every second, every moment ping was coming and unfortunately my systems were beeping that there is a small attack attempt. A bit of practice, but I won't make a demo today to encourage you to make DDoS. I'm not talking about

that, you're here to educate yourself. But what I'm going to show is a method available to every gymnast. Kamil told me that I'm against standardization. I wrote what I'm going to show later in Python and then I wrote it to Bash. because it works too and you can answer it on everything. I've found some old OpenWrt and it turned out that Python is not exactly like that. So it was possible to use it from a router. I checked on Zipit, I don't know if you know Zipit Z2, a small microcomputer built for chatting, mainly for writing. Does anyone know it? Okay, I could post a picture. It was also possible to use it from this. So if it was possible to use it from

this, then why not from a refrigerator? The concept of this lab was simple, everyone could do it, and everywhere. Idiot resistance, nothing could be broken. High attack efficiency in terms of user use. Of course, I'm not going to get petabytes per second, because it's unachievable. But the point is to gather 100 people, give them this toy, and cause something to happen. Even if it starts to slow down, And somewhere in the network there will be the suspicion of the website being under attack. We all know that there are such services for digging information, where you can find pluses and other things like that. Even fake news can quickly break through, and information about suspicion that a

given government is under attack will also quickly come up. The effects I achieved: the interface load was up to 120 Mbps, assuming that we had two VPSs, both of which had a 60 Mbps output by the supplier. 5 lines of code in bash on two VPSs. So, the workload, after all, more work cost me building an app in Python, which will throw from the database interfaces to the database, after localhost, than writing these 5 lines. The jump in loading time of the page based on CMS WordPress from 0.8 seconds to 18 seconds. The loading time was measured by the Pingdom domain. This is the page for measuring the loading time of the pages. For 10 tests, the

result of 5 seconds was repeated 4 or 5 times. If we added another 98 people with this type of software, I suspect that we would have a result of 10/10. And this is a piece of code. For, Ping. Does anyone know what the -i parameter is? Interval. How often was the package sent? How much? So quite a lot. Then we have the amount that will be repeated, the maximum size that we managed to achieve, the victim's address, which is victim.sms.pl, def null and throwing it into the trash, except for the output. It works. You just need to turn it on, go out, turn off Shell, and it will go in the background until you turn off

the computer. Yes, it's a fact. You need root. But as we said before, we have servers with root, root, rootadmin, maybe there are old openwrt that can be exploited. I think that a person who builds botnet or looking for minions to carry out an attack will tell them to start using root. This is how the first bot's chart looked like. As we can see, it generated about 120 MB. The Zabbix charts on the switch state that there was 1 Gb, so the interface was completely packed with packets. How it happened, the administrator did not explain it to us. Despite the fact that only these two machines were connected to this port, so nothing else was bugging there. I have the

tests where I tested the next settings and finally the final moment, which started at 22:45, we have a test of about 120. On the second bot we have a similar chart. Here we have the next tests that appeared. And now the victim. Here we can see the situation where the first drop occurred, where I only turned off the first bot. So it is at about 80, above 60. So our internet provider has made a mistake or gave a spare to the user so that there is no ringing every now and then. And of course, when we turned on the second bot, both of them worked at the same time. We can see that the connection to 120 is built up. The interesting thing is that theoretically, when I pinged

from my home network, because of course Pentest went from server to server, I pinged from home, then theoretically the ping really jumped significantly. Because it kept coming and coming. As it turned out, the infrastructure was built in such a way that the ping I send was mainly received by network connectors. So at this point, the attack could only function only when I would do it from the inside. So if we have a server room like... If someone has a server in a server like Home, Nazwa and other such instances, and it's not between one and the other DC, as long as we assume that pings are so stretched, then we can buy a VPS in

the same 24 and run it at will, it's not even known if they will see it on the switches. Or maybe they will. Any questions? Okay, well. You mentioned social injustice. It's hard to judge. If you have 100 people in your room, everyone will start attacking another party, another application, another system. And we will basically put the Internet in the middle of it, using these possibilities. If you think social injustice is an example of something? Generally speaking, all strikes and actions are started by a forum. 100 people dare to attack the forum. And most of the time, such action is launched... For example, from other forums, not minefields, but other websites, one user calls a few thousand viewers who are collecting images and information to produce fake

news that X party took money from Germany for selling something. It's about discrediting the production of fake news. And despite the fact that we have 1000 comments under the photo, which clearly support this stupidity, let's face it, the picture was actually posted by 3 people. So if I talk about 100 people who perform the DDoS attack, it's 100 people who are as big as Ohones to perform the attack, and behind them are 10,000 people who encourage them to do it. It rarely happens that it's a matter of... I think it had to be a very loud case to make it sound so loud. Let's face it, the case of the file... The first one worked, the second one didn't. No, no, when it comes to the file...

The mess that happened in the country with the first file, let's call it that, I won't be polemic, I'll just limit it temporarily, The storm that broke out with the first act was brought from the street, when it comes to the Internet. This time, millions of masks did not appear on the street, so the environment that was sitting there in front of the computer was not touched, did not feel social permission. I don't know if you can remember the story of Anonymous. They also felt a social freedom when they attacked a fascist, and they attacked him only because they were offending their friend from Forczan. It's ok when you can attack someone who is doing

something wrong, it's worse when you get a victim who doesn't like you because you don't like her. Then we are not talking about civil disobedience, but about cyberterrorism. Thank you. Have you heard about attack like slow lullies? Yes. You don't have to have a lot of nodes. I'll tell you what, yes. But it's not about getting ready and starting it on one computer. You can play with writing. But as I said, I'm against standardization. Maybe not everything is going to be standardized. But yes, slow lullies can be used. At this moment we are not talking about the civil disobedience, because you have one person. There is still cyberterrorism. You can encourage several cases to start the same thing. You

can, you can, you can. At this moment we can even talk about logic, when it comes to the killer. Don't be afraid, I won't say anything bad. I have a question. You talk so much about fake news. If you would release fake news, and this page is also on your page, and everyone would check it, would it be the same checking that would destroy the server? Do you refer to one of my private affairs? No, ok, I'll tell you about it in the next episode. The thing is, yes, the fake news will be confirmed, but what's the point? If I put the operating page on, I don't know, let's say this is a bulge, For example, if one user says: "Hey, it works, no problem", the rest of the

people will just ignore it. But if they wait 6 seconds for the page to load, they will say: "Hey guys, something is wrong, because it takes 6 seconds to load". And at this point everyone will want to know if it takes 6 seconds to load. So I think we can work this way. Because if there is no threat, it is like a false fire alarm. If you turn on the fire extinguisher, one guard will come and turn it off. But if you light the trash can and turn on the fire extinguisher, there is a small fire, but he has to take some procedure and the evacuation takes place. I would look at it this way.

Some event must occur for the fake news to work, if I'm talking about the ideology of fake news. We can discuss it sometime. How to make fake news work. Anyone else? Do we have time for questions? I think not. Thanks. Ok, so, a little summary. If someone wants to, you can find my email address, our company Twitter, our company Facebook. You can find me on Facebook as Piotr Jasiek, or as Seriosz Łapa Blek. Sorry, Harry Potter fans. So, thanks for everything, thanks for listening, for asking questions, and thanks for not eating me with technical questions. I will gladly share the code of this super botnet to everyone. Ok, thanks, that's all.