Akamai Attacked'We're not incompetent, we swear' ( old news - 10:49AM Wednesday Jun 16 2004) tags: security · trouble According to Akamai, yesterday's outage - which impacted several major websites and a large chunk of web traffic - was the result of a "large scale, international attack", and not incompetence, says the Associated Press. This morning, Akamai offered additional details on the attack, noting that "The attack impacted Akamai's Internet naming functionality (Domain Name Service, or DNS) and resulted in delays in DNS name resolutions and, in some cases, timed-out DNS requests." However, "The attack did not cause an outage in Akamai services, as Akamai continued to serve both DNS requests and website content for customers throughout the period of the attack," the company points out.
Related:- Thursday Evening Links
- Monday Morning Links
- Friday Evening Links
- Wednesday Evening Links
- PA Man Charged With Selling Hacked Cable Modems
- FoxNews.com Serving Up Infected Ads?
- T-Mobile Systems Hacked?
- Avast Antivirus Has Gone Mad
|
 
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| Does it matter? Does it matter whether it was incompetence or an attack? Either way, things stopped working. I don't care if the outage was due to a Martian attack, it proves the current setup is too fragile to be so important.
--
AMD A64 3200+/ Chaintech VNF3-250/ 2x 512Mb Kingston HyperX PC4000/ WD 120Gb on serial/ Gainward GF4 4600/ Antec 550 True Control/Custom water cooler | |
|  | 
Steve
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Does it matter? said by Camelot One  :
Does it matter whether it was incompetence or an attack?
Maybe it doesn't matter much to an end user, but if you're the customer paying Akamai big bucks to get this right, it probably matters to them a lot.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
| | | 
bhan261
join:2001-02-12
New York, NY
| Re: Does it matter? My company is an Akamai customer. We use them for global load balancing on our worldwide data centers. And yes, we are very much alarmed by the fact that what appears to have been a relatively isolated "attack" could have had the consequences it did. We've already begun implementing procedures to be able to "pull the plug" on Akamai more quickly in the future. | |
| | | | 
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: Does it matter? quote:
My company is an Akamai customer. We use them for global load balancing on our worldwide data centers. And yes, we are very much alarmed by the fact that what appears to have been a relatively isolated "attack" could have had the consequences it did. We've already begun implementing procedures to be able to "pull the plug" on Akamai more quickly in the future.
News reports are that Akamai was victim of a massive DDoS attack.
How does your company now plan to resist those?
If you have a method better than using Akamai we'd all like to use it.
Not knowing what you've got in mind, your company would probably be spending shareholder money more wisely by having its lobby group(s) call on federal legislators with strong demands for improved Internet security.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | | MaineMoose
join:2003-04-25
Auburn, ME
| Re: Does it matter? I was seeing numbers of "80%" availability from Keynote, but I have a hard time beliving it. Both google and yahoo were only at about 5% availability for me comming from 3 different networks - Verizon DSL, AT&T data center in virginia, and AboveNet in San Jose. I rarely got any response from the akamai name servers - mostly timeouts. With the near zero TTL's, it's no wonder the sites were toast. | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | It does matter what caused the outage.
If it was due to incompetence on Akamai's it would be Akamai's fault, rather than a failure of legislators, law enforcement, academics, and industry officials who have fought against making the Internet a secure place in order to save themselves a few bucks on equipment, or continuing making bucks selling patchwork security measures, in the short term.
You don't blame companies for earth quakes.
You don't blame companies because somebody or some criminal organization is running an extortion racket.
If you want to prevent a recurrance you have to look at the root cause.
All the time we have collectively spent blaming companies for having pipes that are too small, well now it has been done to Akamai and we know the problem is in fact not small pipes or anything else that an individual company can fix.
The problem is the Internet fails to meet key user requirements for security.
And I think the problem is aggravatted by the interests of companies making money off of patchwork solutions, and the interests of other companies in not spending money on architecture upgrades. Because why else are we not fixing the root cause. | |
| | | 
garagerock
Premium
join:2002-06-14
Louisville, KY
| Re: A law enforcement and legislation failure quote:
If it was due to incompetence on Akamai's it would be Akamai's fault, rather than a failure of legislators, law enforcement, academics, and industry officials who have fought against making the Internet a secure place in order to save themselves a few bucks in the short term
Hmmmmmmm....not to mention the millions of unsecured end users sitting atop a 3 mb cable connection with no AV, no firewall, etc. that wouldn't have ANYTHING to do with it, eh?  | |
| | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: A law enforcement and legislation failure quote:
not to mention the millions of unsecured end users sitting atop a 3 mb cable connection with no AV, no firewall, etc.
If you hang out in the security forum you'll see that people with AVs, firewalls, and reasonably secured computers still get hacked and cracked.
One problem is that user requirements include one for "no special educational training", and not needing a CS degree to run a secure system.
We IT professionals are failing to meet those requirements. Heck, we don't even acknowledge it.
We blame those "darn defective substandard users" that our systems don't meet their requirements.
(And in fact, many CS degree holders and security specialists have had their systems hacked. Of course these are higher value systems or in high threat environments, but still, it shows that with the current legal situation regarding the Internet there is no real security.)
A physical world bank hacker can penetrate a standard 18" steel reinforced concert bank vault in 20 minutes with a thermic lance.
The reason that there aren't bank hackers all over the place is that bankers lobby politicians to:
(a) ensure that law enforcement catches such bank hackers, and
(b) to ensure that judges put such bank hackers in prison for multiple years, even on a first offense.
We need to push our politicians to treat internet hackers similarly to bank hackers.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | | 
reub2000
Premium
join:2001-12-28
Evanston, IL | Re: A law enforcement and legislation failure A. It could be impossible to find the hackers
B. They might be in a country that doesn't care like china
C. The script kiddies who where cought, are being prosecuted | |
| | | | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: A law enforcement and legislation failure quote:
A. It could be impossible to find the hackers
B. They might be in a country that doesn't care like china
C. The script kiddies who where cought, are being prosecuted
Yes those are some of the main things that need to be fixed.
Technically (computer technically or legal technically) all those things can be handled. It is just a matter of changing technical specifications, regulations, and laws.
A. We could require all Internet connected service providers install egress filters on retail clients(that only let traffic out if it has a source IP address that is valid for that subnet).
These could even be built into cable modems and DSL boxes.
By preventing spoofed source IP addresses, it becomes easy to narrow down the immediate source of an attack (for disinfection), and to block that source IP.
Egress filtering costs money (consumes cpu cycles on routes), so competitors won't do it unless all competitors are forced to do it.
B. China is actually very good at cracking down on its domestic hackers, it is pretty much a police state.
What you are seeing is largely computers in China hacked by people from outside, and us not prosecuting our own people.
Also, it is technically feasible to create a structure to block entire countries or regions from the Internet on a moments notice -- globally on or a port-by-port basis.
C. Scriptkiddies could do little if it wasn't for the hacking tools openly distributed on the Internet. There are also older individuals who coach under 18s in what to do, and they should be prosecuted for contributing to juvenille delinquency.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | | | |
reub2000
Premium
join:2001-12-28
Evanston, IL
| Re: A law enforcement and legislation failure quote:
A. We could require all Internet connected service providers install egress filters on retail clients(that only let traffic out if it has a source IP address that is valid for that subnet)
Good idea. That would make it easier to block ip addresses participating in a ddos attack. But it might seriously harm the anonymous nature of the internet.
quote:
These could even be built into cable modems and DSL boxes.
Better to do it on the ISP level. The modems will be easily hacked, old modems won't have this, and you could get a modem from another country. Look at DVD players, some of them you can disable region protection and macrovision pretty easily.
quote:
C. Scriptkiddies could do little if it wasn't for the hacking tools openly distributed on the Internet. There are also older individuals who coach under 18s in what to do, and they should be prosecuted for contributing to juvenille delinquency.
Well, how are you going to stop those? Good luck trying. And if you ban them, only hackers will have them. There was a good discussion on password crackers on the security forum. By letting the average joe have the same tools that script kiddies use, they can cheek to make sure there password are strong enough. | |
| | | | | | lesopp
join:2001-06-27
Land O Lakes, FL
1 edit | how about at every ingress point:
access-list 111 deny ip "appropriate china net" any
!repeat as necessary | |
| | | | | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: A law enforcement and legislation failure quote:
access-list 111 deny ip "appropriate china net" any
!repeat as necessary
It is a good solution for some things. There are companies who do that. I do that with several countries on my email. But I can only do that because I don't do business in those countries and don't expect to do business in those countries.
1. The USA is the main country with hacked systems, and I can't block them so easily because I do do business with them.
2. Akamai users do do business in China and want to do business in China.
3. There are block lists you can subscribe to, of known hacked computers, but because of the lack of egress filters they aren't effective against DDoS attacks (because the source IPs are spoofed/faked).
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | |
garagerock
Premium
join:2002-06-14
Louisville, KY
| Hence the wink. No, really-you're kidding. IT folks get hacked? Unheard of....if only we'd all switch to Linux. hahahahha 
see, sarcasm.
quote:
We IT professionals are failing to meet those requirements
Horsehockey. What happened to personal responsibility? Users can't type "internet security" into Google and follow the results? They can't pay someone to either do it for them or show them how to?
Whether the international myriad of laws and countries decide to change all of their laws to somehow "regulate" the internet is a moot point. It ain't gonna happen. Just look at any international effort to sign arms treaties, environmental treaties-no one agrees on any of those, either. What makes you think that somehow we're all gonna agree on this issue? | |
| | | | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: A law enforcement and legislation failure quote:
We IT professionals are failing to meet those requirements
quote:
Horsehockey. What happened to personal responsibility?
What ever happened to our professional responsibility?
We cannot ignore user needs and requirements in our analysis and design.
Their responsibility ends when we (ISPs, security vendors, and governments) take their money for solving their IT and public safety security problems.
Keeping the current low level of internet security is a protection racket for certain professionals and businesses, and an opportunity for organized crime and vandals at the cost of public security.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | | 8744675
join:2000-10-10
Decatur, GA | You want our legislators; the same legislators who brought us the infamous Can-Spam Act, to protect us from hackers?
I'll carry my eggs in another basket, thank you! | |
| | | 
Monster Rain
Premium
join:2002-08-03
USA
| said by keith2468 :
The problem is the Internet fails to meet key user requirements for security.
That's kind of a blanket statement, don't you think? IMO, most or many parts are secure. Hopefully, they learn from their mistake and move on. That's all we can really ask. There's no such thing a truly secure network, we all know that, but sometimes it takes an attack or malfunction to wake people up. | |
| | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Secure is not the same as untargetted. quote:
The problem is the Internet fails to meet key user requirements for security.
Secure is not the same as untargeted.
I'll agree there are lots of things on the Internet that haven't been targeted yet, for which nobody has yet bothered to create an attack tool.
But being secure to me means being able to resist attack.
What is it that you think is actually secure on the Internet?
A distributed denial of service attack, like the one on Akamai, will work on any Internet node.
Using Akamai is the current state of the art defense against such attacks. Akamai provides widely geographically distributed servers on massive pipes, and so optimum resistance to DDoS attacks.
And now Akamai has succumbed.
If you make private armies legal, and don't prosecute bank burglars (bank hackers), it doesn't matter how thick the bank vault walls are. Successful bank burglary would be a legislative and law enforcement failure, not an engineering failure because the vault walls weren't 36", or reinforced with titanium instead of steel.
And that is the current situation. We have a legislative and law enforcement failure.
Technical band-aid solutions, selling people more "anti-virus", "anti-trojan", "anti-spyware", "anti-phising", blacklists, etc., is not a real solution -- it is (depending on the person) a get rich quick scheme or a hobby or a way to put bread on the table for a few years.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | davebenham
join:2002-01-31
Round Lake, IL
1 edit | I don't blame a company for natural disasters or mob activity, but I would expect them to have reasonable countermeasures in place to prevent 'disasters' from completely disrupting their ability to do business.
Using your argument, a company could blame Oracle when their database server crashes and they can't recover the data. Never mind the fact they should have been making backups. | |
| | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: A law enforcement and legislation failure quote:
I would expect a company to have reasonable countermeasures
Forget reasonable countermeasures, using Akamai is the state of the art solution to DDoS attacks.
So what we have is a company, Akamai, that has lead the way in implementing the sort of bandaid solutions avaiable to individual companies using the Internet, and it wasn't enough.
The problem isn't a technical computer problem at Akamai.
The problem is legislative and regulatory.
The Internet just wasn't made to be secure against hacking, it was made to be secure against nuclear attack.
User requirements have changed.
So the next step is to update the specifications to reflect this, and then implement those new specifications.
It is all a part of the applications development lifecycle.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | | | davebenham
join:2002-01-31
Round Lake, IL
| Re: A law enforcement and legislation failure So, you want the government to propose a solution? Ha, that would be good. Politicians can't even sort out the most trivial issues when it comes to dealing with technology, I doubt you really want them poking around routers and switches on the Internet.
Wherever the solution lies, let us hope it is as far away from any government regulatory body as possible. I want to make sure the solution works.
"The best minds are not in government. If any were, business would steal them away." -- Ronald Reagan | |
| | | 
TechieZero
Tools Are Using Me
Premium
join:2002-01-25
Wesley Chapel, FL
| said by keith2468 :
The problem is the Internet fails to meet key user requirements for security.
And I think the problem is aggravatted by the interests of companies making money off of patchwork solutions, and the interests of other companies in not spending money on architecture upgrades. Because why else are we not fixing the root cause.
The deal is, we like how easy and convenient internet use is right now. If we implement new tighter structures, the internet's ease of use will be diminished. | |
|
Monster Rain
Premium
join:2002-08-03
USA | **IT Happens It's the Internet. Good news is we can always bounce back. | |
| | dosbubba
join:2002-01-26
Eustis, FL | Re: **IT Happens The point is that one attack was able to take down many major sites. The Internet wasn't designed to be centralized like this. | |
| | 
jap
Premium
join:2003-08-10
038xx | xoc's two posts win him jap's Voice Of Reason recognition award for this thread! | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB | Smaller companies do not always bounce back. | |
| 
rjackson
Premium,Mod
join:2002-04-02
Ringgold, GA
clubs: | Attack? According to this article, the outage was their own fault. What gives? | |
| | 
Karl Bode
News Guy
join:2000-03-02 | Re: Attack? That outage was last month. A different incident. | |
| | | | | | | 
technick
Premium
join:2000-12-16
Loganville, GA | Re: Attack? 
1. Open Mouth
2. Lift Foot
3. Insert Foot in Mouth
4. Chew | |
| 
tadmaz
join:2002-05-30
Mount Prospect, IL | so was this a ddos attack or something? | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: so Yeah from what they describe.
Problem is using Akamai is the best defense against a DDoS attack. Akamai is a throwing money, big pipes and massive geographically distributed servers solution to the DDoS problem.
Well, we've tried that and now that doesn't work. It was only ever a bandaid.
It treated the symptom, not the root cause.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
 ·Comcast
| Re: so said by keith2468 :
Yeah from what they describe.
Problem is using Akamai is the best defense against a DDoS attack. Akamai is a throwing money, big pipes and massive geographically distributed servers solution to the DDoS problem.
Well, we've tried that and now that doesn't work. It was only ever a bandaid.
It treated the symptom, not the root cause.
It was a solution and a very good one. It worked. They couldn't take down the websites so they moved to the dns. Now if they spread the DNS out much more as well it will take an even bigger army to drop it.
The solution to security isn't what happens if they do it. It's what happens when they do it. There needs to be a backup for all plans. Even laws won't help with this.
We all know that everything has weaknesses it's what we do after the weakness is exploited that counts. Nothing is secure. As long as you have something some one else wants your not secure. be it money or traffic. These people get kicks from doing stuff to show weaknesses thanks it helps improve the security and also helps us see flaws.
--
This package does not contain a winner... | |
| | | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| 144" steel reinforced walls? We computer technical people see computer problems as IT technical problems with IT technical solutions.
So we go from 18" bank vault walls, to 36" bank vault walls, to 72" bank vault walls.
Bank burglaries lost their popularity (they were once more common than robberies) when alarm systems and police radio systems came into common use.
Prompt response to an attack by law enforcement, with a high likelyhood of arrest, conviction, and a lengthy sentence, ended the popularity of bank burglary.
There are enough computers on this planet to DDoS attack Akamai. It just takes time for blackhats to organize them. Law enforcement has to step in and disrupt them before they have that time.
And by the way, proper law enforcement would eliminate the need for many companies to spend money on Akamai.
Akamai itself makes money off of blackhats. Akamai benefits because of the lack of effective law enforcement and security standards on the web.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| More on the attack from Internet Storm Center »isc.sans.org/diary.php?date=2004-06-15
quote:
Akamai/Internet DNS Problems
Starting at around 8:30 am EDT (12:30 UTC), a number of sources started to report a widespread Akamai DNS issue. Large web sites, which use Akamai for its DNS service, no longer resolved in DNS, and became inaccessible to their users. The affected sites were Yahoo, Google, Microsoft, FedEx, Xerox, Apple and likely many others. The situation improved around 10:30 EDT, mainly because some of the affected domains temporarily switched from using Akamai DNS servers to their own DNS servers.
The problems seem to be attributable to a DDoS attack on Akamai's DNS servers, though we do not presently have the information to make a definitive assessment. According to the Akamai spokesperson, the problem was not limited to Akamai. He attributed the outage to an attack on the Internet infrastructure on a larger scale. We do not currently know of any sites that were affected by the attack without using Akamai's services.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| | russotto
join:2000-10-05
Collegeville, PA | More on the "attack" So far, every story about an "attack" I've found traces back only to Akamai themselves. Seems to me quite possible there was no attack at all, just a screw-up on Akamai's part. | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | Re: More on the attack from Internet Storm Center Do you have links to these other stories?
Or maybe you are thinking of this incident: »Attack? | |
| | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Re: More on the attack from Internet Storm Center Here is Akamai's press release.
»www.akamai.com/en/html/about/pre···459.html
Something missed in earlier discussions. Of course the DNSs (domain name servers) we use are one of our own ISP's DNSs.
Our own ISP's DNSs should only be consulting Akamai's DNSs when the entry they have for a domain name has expired. (There is a configurable time limit. I think typical time limits are in 2 to 45 minutes, after which it checks to see if the entry has changed.)
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| jsouth
Jsouth
join:2000-12-12
Wichita, KS
| Firewalls are not just bandaids! I think that a lot of worms and viri that are spreading around ARE propagated by USERS and could be stopped by firewalls, anti-virus software etc.. Sure some firewalls do get hacked. The only problem is that a lot of the crap going on is the USERS fault. First they don't keep all patches and updates current. Second a lot of them download or open questionable material and with the updates not being there get all sorts of problems. I run Windows XP and have never been hacked or had one virus. I do have a firewall and anti-virus software and I disagree that they are just "band-aid solutions." | |
| | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast
| Re: Firewalls are not just bandaids! I agree the only time i get a virus or my system hacked is when I do it to see what they do, to reverse it. Usually a couple layers of security keep the little kids out. And if it's a good hacker you won't stop them or see them until it's to late.
--
This package does not contain a winner... | |
| | | 
bayer
@141.156.x.x
| Re: Firewalls are not just bandaids! wow... how can u say that firewalls or any software with patches is not a band-aid solution. a patch *is* a band-aid to cover a hole in the software. a patch or update to a firewall is a band-aid for the firewall. the firewall itself is a band-aid to keep out a hacker/virus/worm/trojan/etc. while accessing the internet. i agree with steve that the underlying problems inherent with being online need to be solved, but i don't see how this is possible. with laws and enforcement it would still be impossible to achieve 100% protection... there will always be some bad apples out there who are clever enough to escape apprehension... | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Why Firewalls are just bandaids! You cannot defend against a DDoS attack by anything you do on your own computer system.
DDoS attacks work by flooding the victim with traffic from many apparent sources (zombies, trojaned computers under remote control) so that the victim can't process it, and the victim cannot filter the attackers from normal traffic.
The normal solution is to move the site to Akamai, whose big pipes and multiple geographically distributed servers will take too much traffic for a DDoS attack to be feasible.
We now know, after this successful attack, that that solution doesn't work any more.
Given no law enforcement, blackhats can work freely to build private armies of trojan infested zombies. And the owners of expertly trojaned machines never know they are "owned" by a blackhat, because a smart blackhat keeps a low profile on his victim machines.
Patches and firewalls are bandaids because the root problem is anarchy and crime on the Internet, not software vulnerabilities.
It is like blaming Ford and GM because someone keys your car.
You want scratch proof paint -- you couldn't afford it.
There is no way anyone can write a long complex full function operating system and not have bugs in it, and have it affordable for consumers and businesses. If there were, you'd be correct.
But, for example, HP can't even consistently write little print drivers without vulnerabilities.
IBM still issues patches for operating systems that were originally written over 30 years ago.
There will never be enough patches that Unix, Linux, Windows, or even BSD are vulnerability free.
(No publically reported vulnerabilities does not mean no known vulnerabilities. Real hackers do not use kits based on published vulnerabilities.)
This is not to say that as a stop-gap we shouldn't keep our computers patched, protected with an up-to-date AV, and up-to-date AT, a firewall, freeware products Spyware Guard, Spyware Blaster, and IE-Spyad -- but we need to recognize that these are just bandaid solutions, always playing catchup to the criminals, never putting them behind bars, never solving the root problem.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
| 
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD | Akamai now blaming "Zombies" Akamai is now blaming a "bot net"-- a large network of zombified home PCs -- for the outage yesterday.
As reported by C|Net
»tinyurl.com/yulpq | |
| |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB | Re: Akamai now blaming "Zombies" In fact the Internet Storm Center (SANS) is also blaming zombies for the attack.
Zombies are how successful anonymous DDoS attacks generally work, and usually they use spoofed source IP addresses, to further confound defenses. | |
| | 
koitsu
Premium
join:2002-07-16
Mountain View, CA | If Akamai wanted to track it back, it's simple: /JOIN #4k4m411z0wn3d
--
Making life hard for others since 1977. | |
| | | |
|
|
·