Monthly Archives: August 2012

Distributed Denial of Service ‘DDoS’ attack stymies vote in Miss Hong Kong beauty contest

Residents of the island, a Special Administrative Region of China, are up in arms after plans for a popular vote in the Miss Hong Kong beauty pageant were sidelined by a distributed denial-of-service attack that knocked the voting system offline. The attack on Sunday evening swamped systems used for the vote with millions of bogus votes – far more than contest organizers had anticipated. Organizers were forced to cancel the online vote and ask the pageant judges to elect the winner themselves, according to a story in The Standard . Hong Kong Station TVB issued a statement on Monday apologizing for the wrinkle in the first ever Idol-style vote for the island’s beauty queen, putting the blame on audience reaction that was more “warm” than expected. The voting snafu forced organizers to throw the decision to the pageant judges, who chose a winner based on the three finalists overall performance. (Isn’t that how it’s supposed to work, anyway?) According to a story in The Standard , however, the “overly warm” response from viewers was, in fact, a DDoS attack against the pageant’s Microsoft Azure cloud-based voting system that flooded the servers with millions of votes, knocking them offline. The RC station planned for around half a million viewers to vote during a 10-minute slot Sunday evening, but actual traffic far exceeded that, according to TVB’s deputy director for foreign affairs Tsang Sing-ming, who is quoted by the media. Another station official, TVB general manager Cheong Shin-keong, is quoted saying that the extra traffic was “deliberately made” and that the station had hired an outside firm to investigate. The controversy over the apparent DDoS attack was exacerbated by the judges’ decision to choose contestant Carat Cheung Ming-nga as the next Miss Hong Kong, rather than Tracy Chu Chin-suet, the public’s favorite, who was second runner-up, The Standard reported. A related contest to give a Mini Cooper car to an online voter, selected at random, was cancelled after the voting system went down. Immediately after the vote, Hong Kong’s Communications Authority was flooded with more than 400 complaints on Monday about the aborted voting. The incident was a black eye for Microsoft, as well. That company partnered with TVB, lending its Azure cloud based infrastructure to host the voting system. Outraged viewers also left comments on TVB’s webpage, castigating the station for its mistake, for its reliance on Microsoft and – not least – for picking the wrong gal. Once a British colony, Hong Kong transferred to China in 1997 and has been run as one of two Special Administrative Regions ever since, following a “one government, two systems” policy under which residents enjoy greater freedom of expression and political voice than their countrymen on the Chinese mainland. However, that system is slowly changing, with the Communist Party slowly exerting control over more facets of life on the island. In July, thousands of citizens took to the streets to protest changes to Hong Kong’s public schools and school curriculum that was seen as emphasizing Communist Party orthodoxy and downplaying Hong Kong’s unique history. Hong Kong being Hong Kong, the parallels between the aborted Miss Hong Kong vote and the island’s larger political context weren’t lost on viewers. “Prove in Hong Kong does not have universal suffrage!” wrote one viewer on the TVB website. For fast DDoS protection against your e-commerce site click here . Source: http://nakedsecurity.sophos.com/2012/08/28/ddos-hong-kong-beauty/

Excerpt from:
Distributed Denial of Service ‘DDoS’ attack stymies vote in Miss Hong Kong beauty contest

Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

San Francisco, CA – infoZine – Denial of service attacks – flooding websites with traffic in order to make them unavailable to the public – have become an increasingly popular way to take down or block Internet content. A new online guide from the Electronic Frontier Foundation (EFF) outlines how website operators can fend off these attacks and keep their sites alive and accessible. “Denial of service attacks have been used by governments to silence online criticism as well as by activists protesting companies and organizations they don’t like,” said EFF Director for International Freedom of Expression Jillian York. “Major websites often have the resources to keep running during a denial of service attack, but smaller sites – such as those belonging to independent media or human rights organizations – are sometimes taken down permanently. Our online guide is aimed at leveling the playing field.” EFF’s “Keeping Your Site Alive” guide includes tips on choosing an appropriate webhost to provide the security and technical assistance needed to weather an attack. The guide also gives advice on how to back up and mirror content so it can be made available elsewhere in case the site is compromised, and includes tutorial videos with background information on the technical concepts involved. Denial of service attacks are an issue for websites across the globe, so EFF’s guide is available in many different translations, including Chinese, Russian, Persian, and Arabic. “Lack of resources or knowledge can mean some websites are more vulnerable than others,” said EFF International Freedom of Expression Coordinator Eva Galperin. “We want to give website operators around the world the tools they need to protect their content and stay online.” Source: http://www.infozine.com/news/stories/op/storiesView/sid/52927/

View article:
Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

DDoS attacks protection advice from the EFF

Denial of service (DoS) and distributed denial of service (DDoS) attacks are increasingly common phenomena, used by a variety of actors—from activists to governments—to temporarily or indefinitely pre…

Read this article:
DDoS attacks protection advice from the EFF

Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

The hacktivist group Anonymous staged a number of DDoS attacks on UK government websites yesterday in an apparent show of support for the controversial WikiLeaks founder Julian Assange, who remains stuck inside his Ecuadorean embassy bolt-hole as he attempts to avoid extradition to Sweden. Anonymous, who have been associated with numerous distributed denial of service attacks in the past, yesterday claimed to have taken down a number of high profile government sites in the UK, including the Justice Department website and “Number 10”, the official website of Britain’s prime minister. In addition, it’s believed that the hacktivist collective was also responsible for taking down the UK’s Department of Work and Pensions website on the same day. The group later claimed through its @AnonIRC Twitter that the attacks were part of “#OpFreeAssange, in reference to the WiliLeaks founder that they have long supported. The Ministry of Justice later confirmed the attack in the following statement: “The Ministry of Justice website was the subject of an online attack last night at around 2000 hours. This is a public information website and no sensitive data is held on it. No other Ministry of Justice systems have been affected. Measures put in place to keep the website running mean that some visitors may be unable to access the site intermittently. We will continue to monitor the situation and will take measures accordingly.” As of this morning, it appears that the Department of Work and Pensions site is now running normally, but the Ministry of Justice said that it’s still experiencing some problems with its website, and that it cannot give a time frame for when the problems might be solved. Number10.gov.uk also remains down, with no word from the government as to when it might be back. Source: http://siliconangle.com/blog/2012/08/21/opfreeassange-anonymous-ddos-attacks-take-down-3-uk-sites/

Read the original:
Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

Earlier this year, India had an encounter with “Anonymous”, a diffuse alliance of what are commonly (and incorrectly) called hackers. In its much-publicized “Operation India”, Anonymous blocked public access to, hacked and defaced various websites in protest against the rising censorship of the Internet. This is a legitimate political cause. However, a movement cannot be judged purely by the legitimacy of its goals, and it is important to consider the legitimacy of the means used to achieve these goals. Anonymous used distributed denial of service ( DDoS ) attacks to submerge, albeit temporarily, many websites. The DDoS attack bombards the target website with more user requests than it can bear, until it becomes unavailable to all others. Many compare this to picketing, and use the term “virtual sit-in” for it. The DDoS attack does not breach a website’s security, and is therefore not hacking (more correctly called “cracking”). In contrast, defacement of websites, deletion of data or leaking restricted data, entails hacking, which involves breaching a website’s security and is more analogous to breaking and entering physical premises. Anonymous has done this too in India—defacing some websites and leaking confidential data from others. There are a few crucial differences between picketing as civil disobedience, and the DDoS attack. One is that picketing requires many people to come together and sit in protest. One or two peace protesters cannot successfully block a road. Although there was a time when DDoS attacks also required a large number of people to bombard the target, they can now be achieved by one person with the technological skills to “fire” a large number of computers at the target website.Therefore, a DDoS attack no longer implies that a sizeable section of the public cares enough to be part of a virtual sit-in. The second difference between DDoS attacks and civil disobedience lies in the “hacktivists” unwillingness to be accountable. Martin Luther King and Gandhi made it clear that civil disobedience includes accepting the penalty for breaking the law. Faceless untraceable hackers are far removed from this ethic. While it is true that they risk harsh reprisal if identified, the legitimacy and heroic aura of civil disobedience comes from the willingness to risk that reprisal. It may therefore be difficult to argue that even the DDoS attacks by Anonymous qualify as civil disobedience, which arguably is the most legitimate of the spectrum of options available to a political dissident. If political activists use varied and escalating tactics in the physical world, “hacktivists” use strategies ranging from DDoS to more intrusive defacement, disabling and leaking of data to draw attention to political causes. The legitimacy of these methods—the proportionality and justification of harm caused—can only be determined with reference to particular contexts. One has to evaluate the threat necessitating activism, innocent casualties of the activists’ actions and whether less harmful strategies have already been explored. This is difficult. For instance, the indirect repercussions of a DDoS attack or leaking data may not be apparent at first glance. Anonymous tried setting boundaries to avoid harming innocent citizens during Operation India. It declared that infrastructure websites such as the railway booking portal were not to be attacked, and it prevented disclosure of sensitive financial information when a cinema tickets database was hacked. These precautions, though laudable, are however not quite enough. The influential members of Anonymous cannot successfully identify every action that may cause public harm. For instance, when Anonymous attacked the Supreme Court of India and the Reserve Bank of India websites, it seemed ignorant of the potential impact on litigants and the economy. When it leaked confidential police records, it seemed unaware of the significant hazards of leaking people’s names, addresses and other private data. The precautions taken by Anonymous may vanish next time, since the loosely knit, ever-changing nature of Anonymous community means that power and influence can shift; splinter groups with fewer scruples can emerge. Anonymous cannot achieve the control and accountability possible in a more tangible organized group. This collective operates under disturbingly low levels of transparency and accountability, greatly exacerbated by its ability to veil itself in the shadows of the Internet. New recruits are sometimes endangered by misleading information about the legality and consequences of joining in DDoS attacks. Guerilla warfare is often used without properly exploring more peaceable means, thanks to the power and revenge mob-ethic by which Anonymous is driven. The use of technological arsenal to launch cyber-attacks ignores the likelihood of escalation— “hacktivists” tend to forget that technology is a neutral tool that governments can also use. The government may counter-attack, using its considerable resources to acquire the necessary technological capacity. Citizens may end up being the casualties of the exchange. Phase one of Operation India was riddled with moral ambiguity. If OpIndia participants wish to show the world that they are more than bored nerds playing at a social movement like it is a video game, with all the accompanying air-punching, adrenaline boosting, self-aggrandising thrills, they will ensure that phase two’s constructive and legitimate Right to Information campaign is a roaring success. For instant DDoS services against your e-commerce website click here . Source: http://www.livemint.com/2012/08/19212459/The-perils-of-8216hactivism.html

View post:
India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility

The website of the Kremlin-funded news network Russia Today has been hit with a denial-of-service attack that some have linked with the station’s support for Wikileaks founder Julian Assange, and others with the impending Pussy Riot verdict. The English-language Russia Today (RT) tweeted on Friday morning that its hosting provider had confirmed RT.com was “under DDoS attack”. An anti-Wikileaks group subsequently claimed responsibility, but there is as yet no proof of this connection. It is notable that Friday is the day when a Russian court will decide the fate of three members of the punk protest band Pussy Riot, which has been very critical of Vladimir Putin. RT’s tweet came through at 8:12am. Around 20 minutes later, Antileaks tweeted that it was responsible for the DDoS, and attached a hashtag supporting Pussy Riot. The Wikileaks account then went on to condemn the attack, suggesting that it was connected with RT’s support of Assange, rather than the punk band. Assange, who faces extradition from the UK to Sweden to face questioning over sexual assault allegations, had a chat show on RT, with one of his guests having been Ecuadorian president Rafael Correa. Correa granted Assange diplomatic asylum on Thursday. However, that move has so far had a limited effect, since the UK does not recognise that type of asylum and Assange cannot get safe passage to an airport. RT is a strong supporter of Assange, but it is also a supporter of the Russian leader. Many free-speech advocates are incensed at the likelihood of the Pussy Riot members facing jail time for playing an anti-Putin song in a church. Summary: The Kremlin-funded channel, which featured Julian Assange as a talk-show host, says it has come under denial-of-service attack. Antileaks says it’s responsible, but the timing could more to do with the Pussy Riot verdict than Wikileaks. For fast DDoS protection against your e-commerce website click here . Source: http://www.zdnet.com/russia-today-hit-by-ddos-as-anti-wikileaks-group-claims-responsibility-7000002794/

Excerpt from:
Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility

DDoS protection service: Top vendors in the field

Distributed denial of service (DDoS) attacks have in the past been viewed mostly as a tool of online protest due to Anonymous' obvious predilection for this service disruption technique, but have long…

View original post here:
DDoS protection service: Top vendors in the field

WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

The WikiLeaks website came back online last Tuesday after being down for almost a week due to Distributed Denial of Service Attack (DDoS). The secret-leaking organization says it has been targeted by DDoS making its website inaccessible or sluggish for several days. The attack was said to have began at the beginning of August and has intensified to affect other affiliated sites. A group calling itself “AntiLeaks” claimed responsibility for the attacks following their post on Twitter saying that they were against Julian Assange’s intention to seek political asylum in Ecuador. DDoS attacks work by sending heavy amount of traffic to the servers of a website in the hopes to overload them and to force them to shut down. Such type of attack is the most common form of cyber attacks. According to Wiki Leaks, its servers have been flooded with 10 gigabits per second of fake traffic from thousands of different machines. Experts monitoring the issue noted that the amount of traffic is larger than the usual attacks seen in the past few years. AntiLeaks claim it has no ties to the United States government or any other governments tagged as enemies of WikiLeaks. Many people thinks the DDoS attacks on WikiLeaks was a response to the whistleblower website’s posting of documents showing how TrapWire works. TrapWire is a system being utilized in the US to counter terrorism by collecting and analyzing footages from security cameras and license plate readers around the country. Details about the counterterrorism surveillance system were revealed by Anonymous following an email hacking incident on security intelligence firm Stratfor. WikiLeaks released the documents obtained by Anonymous early this year. Observers believe that it’s a secret digital surveillance effort currently being used around the world. For fast protection for DDoS for your e-commerce website click here . Source: http://thedroidguy.com/2012/08/wikileaks-back-in-business-after-being-hit-by-a-week-of-hacking-attack/

Taken from:
WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

Bambuser Distributed Denial of Service ‘DDoS’ attack may be connected with Assange embassy stream

Bambuser came under a distributed denial-of-service attack on Thursday morning, possibly in connection with a user’s coverage of the Ecuadorian embassy where Wikileaks founder Julian Assange is holed up. The connection is not certain, but Bambuser’s Swedish proprietors say they had received threatening tweets just prior to the attack. Bambuser chief Jonas Vig told ZDNet that the DDoS took the service down for “almost an hour” and made it “hard to reach for another hour”. Bambuser lets people stream live video from their smartphones to the web. It has become very popular with activists and protestors, from the Occupy movement to Russia and Syria. The service has come under attack before, with the attacks generally coinciding with marches and protests that are being covered on Bambuser. The stream that appears to have solicited the DDoS is that of ‘citizen journalist’ James Albury, who has stationed himself outside the Ecuadorian embassy in London. Julian Assange has been inside the embassy since June, and the Ecuadorian government is set to announce its decision regarding his asylum bid later on Thursday. A diplomatic row erupted overnight, after Ecuador accused UK authorities of preparing to storm the embassy. Assange is wanted for questioning in Sweden over sexual coercion and rape allegations, and the UK wants to extradite him there under a European Arrest Warrant. Vig explained that the tweets Bambuser had received were not of the ‘tango down’ variety, but they did indicate that “it was someone aiming the attack directly at some specific users of ours”. “We still don’t want to speculate who was behind it, but there’s some indication it was directly aimed at blocking the streams from the embassy,” he added. “It was quite a serious attack,” Vig said. “We consider all DDoSes as serious.” A new anti-Wikileaks hacker, or group of hackers, called Antileaks has suggested on Twitter that he, she or they might be responsible for the DDoS. For fast DDoS protection against your e-commerce website click here . Source:

View the original here:
Bambuser Distributed Denial of Service ‘DDoS’ attack may be connected with Assange embassy stream

What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them

Never heard of a DDoS attack? Small companies that do business online ought to learn about this growing online threat — and figure out how they’ll respond should one ever hit them. Consider what happened to Los Angeles-based business-planning publishing and advisory company Growthink. Last September, a surprise flood of bogus traffic knocked its website off the internet for several days. Growthink turned to its hosting firm for help, only to have its website sidelined so other sites wouldn’t be collateral damage. It finally recovered by hiring a DDoS-protection firm, BlockDos, to filter out the bad traffic. Then it moved to a new hosting service, Rackspace, so it would be better prepared next time. “It was pretty intense,” says Kevin McGinn, Growthink’s IT director. “We had no idea why we were being singled out.” Growthink had suffered a “distributed denial-of-service” attack. In a DDoS attack, legitimate site visitors are denied access by hackers who immobilize the site either with a flood of bogus internet traffic or a surgical strike that exhausts the resources of a specific web application. Successful attacks can cripple business operations. Growthink estimates its website outage erased $50,000 in revenue. As Growthink discovered, it isn’t always clear who’s out to get you. Experts say e-commerce outfits and other businesses that rely heavily on the web for their livelihoods are most at risk. Smaller companies are most often attacked by unscrupulous competitors and extortionists, although disgruntled former employees, vandals and “hacktivists,” or hackers with a political agenda, are also known culprits. With both the number and ferocity of attacks rising, DDoS incidents are a growing threat. In the last year, CloudFlare, a San Francisco cloud-based web performance and security firm, said it has seen a 700 percent rise in DDoS traffic. Small companies are increasingly finding themselves in the crosshairs, experts say, as the cost of mounting attacks drops and large companies get better at stopping them. Attackers can rent “botnets” of 1,000 hijacked malware-infected home PCs capable of taking down sites of most small-to-medium-sized businesses for only $400 a week, according to Incapsula, a competitor to CloudFlare that’s a subsidiary of security firm Imperva, both of Redwood Shores, Calif. Even modest extortionists can profit. Australian e-commerce company Endless Wardrobe received an email in May demanding $3,500 via Western Union. When the firm didn’t comply, its site was knocked offline for a week by a torrent of bogus visits. The downtime cut revenue by at least the amount of the demanded ransom. Here are tips on how to survive if you find your business under a DDoS attack, too. Find a hosting service or ISP that will help. Many hosting services put large numbers of small websites on the same servers to boost efficiency. That’s fine until one site is attacked and the hosting company takes it offline so other customers on the server aren’t hurt as well. Check your contracts and speak with your hosting service or internet service provider, or ISP, to find out what it will do if you come under attack. Will it help you stop the attack and recover, and if so, at what cost? Will it send you a giant bill because an attack generated a ton of extra traffic to your site? A growing number of these service providers are offering security features, including DDoS protection, as a way to differentiate themselves in a crowded market. Such companies, which often employ technology from specialists such as Arbor Networks, include Firehost, Rackspace and iWeb. Hire Help. Companies that provide website acceleration services also often help fend off DDoS attacks. For instance, CloudFlare provides a free basic level of DDoS protection that it says will stop most attacks, and two tiers of service at $20 and $200 a month that can stop larger attacks. Incapsula includes DDoS protection as part of its Enterprise tier of service for an undisclosed fee. If you’re targeted with a highly sophisticated attack, however, you may want to consider hiring a DDoS-protection specialist, such as DOSarrest , a cloud-based security company based in Canada. Investigate ways to fortify your site. CloudFlare co-founder and CEO Matthew Prince suggests using nginx web server software — favored by the likes of Netflix and WordPress — because it can be more resistant to DDoS than other programs. He also recommends using the latest versions of your web software, such as WordPress and shopping carts, to prevent some application-based attacks. For fast protection DDoS protection for your e-commerce website click here . Source: http://www.entrepreneur.com/article/224099?cam=Dev&ctp=Carousel&cdt=13&cdn=224099

Continued here:
What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them