Attack of the clones

Y’all may be familiar with geeksta rap:

Geeksta rappers… bust rhymes about elite script compiling and dope machine code… Nerdcore now refers to artists waxing lyrical about topics as disparate as engineering and Lord of the Rings…

“50 Cent has dance clubs and oral sex, we have awesome video cards…”

“If the genre is to succeed, you’re going to need some females…” [Wired News]

You may have heard of the Northbridge-Southbridge rap feud:

“Feuds between Nas and Jay-Z, Biggie and Tupac and 50 Cent and Ja Rule have… [resulted] in more exposure for both artists, so I decided to bring this to the world of CS gangsta rap by starting a feud with MC Plus+,” Monzy explained. [Wired News]

Well, all the trash IMs and dis MP3s have finally claimed their first real-life victim. A desi script kiddie from an Edison high school commanded a botnet to attack a rival online vintage jersey shop. The attack took down an entire desi-owned ISP in upstate New York as well as an Internet backbone in Pennsylvania:

… on one day over the summer it knocked out a “backbone provider” of Internet service in eastern Pennsylvania for 12 hours… [Detroit Free Press]

Jasmine (Jasminder?) Singh infected thousands of PCs with a Trojan horse by spreading a file called ‘Jennifer Lopez’ over file sharing networks. Victims expecting to see J.Lo in BootyVision actually ended up letting Singh control their computers.

Early last July, with control over ~2,000 PCs, he commanded them to take down his victim’s Web site:

Soumen Das, owner of a small Internet provider in Pittsford, N.Y. … realized he was on the receiving end of… a flood of traffic so immense that a site has no option but to shut down. What Das didn’t know at the time, and wouldn’t know until months later, was that the attacker was a 17-year-old high school student from Edison…

Singh’s target? A handful of merchants that sell “retro” or “throwback” sports apparel – replicas of shirts and caps worn by teams of yesteryear… His motivation? A few sneakers and a watch. That was the payment offered by Jason Arabo, an 18-year-old community college student in a Detroit suburb. Arabo had his own retro sports apparel business and was hoping to steal customers from his competitors… [Bergen Record]

… an online sports-apparel merchant… told federal authorities that traffic to his site, jersey-joe.com, had been disrupted for several days, at a cost of hundreds of thousands of dollars of lost sales. When customers tried to gain access to the site, they would be greeted with an error message. The attacks continued through the fall of last year and became so severe that they affected service to other customers of the Web-site hosting company used by Jersey Joe. The host company ultimately told Jersey Joe to go elsewhere, as did two other companies that it then tried to use…

Investigators determined that Mr. Singh had spread the rogue software through file-sharing networks like Kazaa, using the Jennifer Lopez come-on, and instructed the zombie computers to attack two of Mr. Arabo’s competitors… His compensation, he said, was three pairs of sneakers and a watch. [NYT]

The attack shut down the rival businesses off and on from July through December last year. The crapflood’s packets had forged sender addresses, so tracing it was futile at first. The FBI managed to make this rare bust only because Das invested in forensics, a $20K anti-DDOS box:

Soon after the first wave in early July, the store’s Internet provider bought a piece of equipment that not only repels denial-of-service attacks, but attempts to decipher the true “IP addresses” of the zombie computers… “We could then go back to the FBI and say, ‘Look, we now have IP addresses that are accurate.’ ” [NYT]

It helped that Soumen Das, who hosted Hyman’s Web site, quickly spent $20,000 on new equipment that yielded crucial clues. It helped that the damage was widespread, rippling far beyond a few small merchants. [Bergen Record]

With the bots’ addresses in hand, the FBI physically tracked down a few infected university PCs and dissected the Trojan. Singh had been unbelievably careless:

The FBI says it caught Pherk because all the bots were communicating with domains with “Pherk” in them and with an IP address linked to a computer in his home. [Courier-Post]

The FBI eventually busted Singh:

The FBI raided Singh’s Edison home in December. Singh admitted that he had launched the attacks at the behest of someone… who praised him for the attacks’ success and said his business was better on the days of the attacks… Two weeks after raiding Singh’s home, the FBI raided Arabo’s Michigan home. He, too, admitted the details of the crime. [NYT]

Had the FBI thought to ask the Sikh guy already on their payroll, there was a huge clue to the perp’s identity right in his nickname. He probably sat there thinking, ‘You’ll never figure it out, you silly Americans‘:

When Arabo started searching for someone to orchestrate a denial-of-service attack against his competitors, he soon learned about “Pherk,” who also used the online name “Jatt.”

Singh pled guilty last month. He faces five years but may get probation. Jason Salah Arabo, whose name implies he may be part of the Arab-American community in Michigan, was charged in March; he faces five to ten years and is out on $50K bail.

How do you prevent some punk from taking over your PC? If you use Windows, click here. In any case, take the following prophylactic cocktail:

  • Don’t use file sharing programs unless you’re an advanced user
  • Never double-click files you receive in email
  • Turn on your operating system’s firewall
  • Install free antivirus and anti-spyware programs

Here’s the criminal complaint (PDF) against Arabo. Related posts: 1, 2, 3.

21 thoughts on “Attack of the clones

  1. In addition to your own computer’s firewall, you can download any of 2/3 free firewalls available online (I use ZoneAlarm – very good stuff. Let’s know about each and every app that’s trying to access the net – and easy to use).

  2. Well i guess its time to resurrect my old moniker MC Engineer. Its time to let heads know..that OG’s run it… not these fake ass IT guys trying to get a head up in the game. True engineering sciences, and mathematics man.. the numbers game..im talking interpollating spots and plotting Bode’s na’m saying ?! calculus mother fucker! Not some Newton jumpoff either.. Fermat, Pythagoras and the Brotherhood, . real niggz..Holla.

  3. Am I the only one to find it odd that Jasmine/Jasminder Singh’s identity, high school, age, approximate residence location, his crime and plea are being made public with no apparent approval by his guardian despite his being a minor?

    Back when this country had laws, great lengths were taken to protect the identity of minors and to seal records of their transgressions. Let us just hope none of his prospective employers google-search him years from now. I’m sure his Indian parents are lamenting a similar tune, along the lines of “How will we ever post our little blackhat raja on matrimonial websites when the girls’ parents are just a hyperlink away from learning about his criminal past?!”

  4. “Had the FBI thought to ask the Sikh guy already on their payroll, there was a huge clue to the perpÂ’s identity right in his nickname. He probably sat there thinking, ‘YouÂ’ll never figure it out, you silly AmericansÂ’”


    Pet peeve here… but isn’t that FBI agent an American, too?

  5. How do you prevent some punk from taking over your PC? If you use Windows, click here…

    If you use a Mac, you don’t have to worry about it.

  6. Am I the only one to find it odd that Jasmine/Jasminder Singh’s identity, high school, age, approximate residence location, his crime and plea are being made public…

    He was tried as an adult.

    Isn’t Jasmine a girl’s name?

    Usually.

    isn’t that FBI agent an American, too?

    It’s a SNL reference.

    If you use a Mac, you don’t have to worry about it.

    Wishful thinking.

  7. Completely agree, Irene. Have you noticed a lot of Indian parents use the term “American” to describe white or basically non-Indian American Americans? I was even kinda shocked that Jhumpa Lahiri did this in The Namesake.

  8. Oh damn… and that was one of the best SNL skits of all time.. if I could have just heard you doing it using Eddie’s faux-Whitey voice…. I would have caught on… 🙂

    I retract my pet peeve complaint.

  9. Have you noticed a lot of Indian parents use the term “American” to describe white or basically non-Indian American Americans?

    White Americans do this a lot too.

  10. What’s your point? First, I would say the prevalence is not as common among Whites and, second, I think it matters much more when a community is self-labeling in an inaccurate fashion with respect to identity.

  11. … it matters much more when a community is self-labeling in an inaccurate fashion…

    Yep, I agree:

    Say whatever you want about [Indra Nooyi’s] speech, she’s an American. Calling her a foreigner is just ignorant.

    This isn’t an identity crisis, it’s a pop culture reference. In closing, and in honor of George A. Romero’s new zombie flick: ‘Brains… must have brains…‘ 😉

  12. Damn, Pherk….or jay was a hommie….hes just a very very intelligent guy. Microsoft should pay his bail.

  13. man i know pherk.. that boy was good at what he did.. im surprised he was so careless to get caught though.. i guess its payback for all da times he f**ked over my comp.. haha

  14. Man i rember back in 2002 pherk hacked me threw AIM. He said someting about a hacking war or competion. Did anyone evr hear about that? Anywho. I reformated my pc and never heard from him again.

  15. I used to talk to him on AIM. HE was a nice guy to me. I dont think he ever did anything to my computer?? Myabe cuz he thought I was hott… dont know