
	`About \| Buy Stuff \| News \| Products \| Rants \| Search \| Security`

Home » News » Roundups

Not so brilliant Brilliant

April 11, 2002 3:24 AM UTC
'It only required a few thousand machines to DDoS Yahoo.'
-- Nicholas Weaver

'Hi! We just broke into your house. But don't be alarmed - we haven't actually done anything yet, and when the time comes, we promise we will be very careful.'

Such is the message of Kevin Bermeister, CEO of Brilliant Digital and overnight candidate for the title of Rat Bastard of the Century.

Brilliant Digital is a less than brilliant advertising company currently boasting how they've been approved by DoubleClick and how they somehow got Cameron Diaz to help them run a recent advertising campaign.

What's happened is that Bermeister's company has been silently trojanising millions upon millions of PCs by riding piggyback on the file sharing program Kazaa, which only last week got 2.6 million downloads at CNET.

CNET has already published complete (though typically confusing and largely inaccurate) instructions on how to uninstall the spyware, and Bermeister has already responded online with typically Brilliant multimedia courtesy of CNET Friends of the People to explain why his company as opposed to Aureate and all the other scum before him is ok, but people are not amused.

As Nicholas Weaver of UC Berkeley says:

'Any attacker who can control 100,000 machines is a major force on the internet, while someone with a million or more is currently unstoppable: able to launch massively diffuse DDOS attacks, perform needle in a hayfield searches, and commit all sorts of other mayhem. We already understand how worms could be used to gain control of so many machines. Yet the recent revelation that Brilliant Digital Media has bundled a small trojan with KaZaA has underscored another means by which an attacker could gain control of so many machines: poorly secured automatic updaters. If an attacker can distribute his own code as an update, he can take control of millions of machines.'

Weaver goes on:

'With 1 million machines, the DDoS attack possibilities are immense, including such targets as the root nameservers, news distribution sources, important update sites, and other targets of opportunity. It only required a few thousand machines to DDoS Yahoo. 1 million machines could easily DDoS the root nameservers with a highly diffuse attack masquerading as normal traffic, with numerous machines left over to attack specific sites.'

And Weaver is - to say the very least - not very impressed with the pea-brain technology behind this massive campaign. Already reports are flowing in about skiddies on the move, trying to find ways to ferret out the Brilliant Digital suckers and exploit their machines. At the very least, this current furore is guaranteed to slow down the net for several days if not weeks.

Slash Dot carried a discussion on Weaver's conclusions, and readers were not kind. 'There's a pervasive and dumb, very dumb attitude of 'I don't care',' said one. Said another, summing up well:

'If you use KaZaA, with all of its spyware, worm-like auto-updating, and history of escalating privacy invasion, you don't have a clue. You deserve to be 0wn3d d00d.'

If it affected only the lame, as the above reader reasons, then it would be fine. They would be getting what they deserve - to be '0wn3d'. But it doesn't, as Weaver pointed out. Once again the selfishness and cluelessness of the eternally dimwitted has the potential to hurt civilisation as a whole.