Prolexic Technologies exposed weaknesses in the command and control (C&C) architecture of the Dirt Jumper DDoS Toolkit family that could neutralize would-be attackers. The Dirt Jumper family of toolki…
Excerpt from:
Critical vulnerabilities in popular DDoS toolkit exposed
Cybercrooks are now offering to launch cyberattacks against telecom services, with prices starting at just $20 a day. Distributed denial of attacks against websites or web services have been going on for many years. Attacks that swamped telecoms services are a much more recent innovation, first starting around 2010. While DDoS attacks on websites are typically launched from botnets (networks of compromised Windows PCs under the control of hackers), attacks on telecom lines are launched using attack scripts on compromised Asterisk (software PBX) server. Default credentials are one of the main security weaknesses used by hackers to initially gain access to a VoIP/PBX systems prior to launching voice mail phishing scams or running SIP-based flooding attacks, say researchers. Telecoms-focused denial of service attacks are motivated by the same sorts of motives as a DDoS on a website. “Typical motives can be anything from revenge, extortion, political/ideological, and distraction from a larger set of financial crimes,” a blog post by Curt Wilson of DDoS mitigation experts Arbor Networks explains. Many of the cybercrime techniques first seen while crooks blitzed websites with junk traffic are being reapplied in the arena of flooding phone lines as a prelude to secondary crimes, according to Arbor. “Just as we’ve seen the Dirt Jumper bot used to create distractions – by launching DDoS attacks upon financial institutions and financial infrastructure at the same time that fraud is taking place (with the Zeus Trojan, or other banking malware or other attack technique) – DDoS aimed at telecommunications is being used to create distractions that allow other crimes to go unnoticed for a longer period.” Arbor details an array of services offered by hackers, some of which offer to flood telephones (both mobile and fixed line) for $20 per day. The more cost-conscious would-be crooks can shop around for a service that offers to blitz lines for $5 an hour, the price offered in another ad spotted by the ASERT security research team. As well as blitzing phone lines, other attacks against a targeted organisation’s VoIP system or SIP controllers are possible. Poorly configured VoIP systems can be brought down even by something as simple as a port scan, Wilson notes. “In such cases, an attacker could bring down an organisations’ phone system quickly if they were able to reach the controller. The benefits of proactive security testing can help identify such brittle systems ahead of time, before an attacker might latch onto the vulnerability. “Any system is subject to availability attacks at any point where an application layer or other processor-intensive operation exists as well as the networks that supply these systems via link saturation and state-table exhaustion. Telecommunications systems are no exception to this principle, as we have seen. Clearly, there is money to be made in the underground economy or these services would not be advertised,” Wilson concludes. For fast protection against your e-commerce website click here . Source: http://www.theregister.co.uk/2012/08/02/telecoms_ddos/
Visit link:
Distributed Denial of Service ‘DDoS’ crooks: Do you want us to blitz those phone lines too TDoS?
The whistle-blowing website Wikileaks is back online after being disrupted by a denial of service (DDoS) attack for more than a week.
Read the article:
Wikileaks back up after attack
A college student arrested last year for alleged involvement in distributed denial-of-service (DDoS) attacks waged by Anonymous appeared publicly here Saturday on a panel discussing the hacktivist collective and online civil liberties. Mercedes Haefer, an undergraduate student at the University of Nevada Las Vegas who was indicted in July 2011 with 13 others for alleged conspiracy to commit DDoS attacks against PayPal’s website, spoke out briefly about her case in the panel session entitled “Anonymous and the Online Fight for Justice.” “I am charged with conspiracy to DDoS,” Haefer said during the panel discussion, noting that she found the charges “amusing.” She would not comment on the specific circumstances that led to her arrest. Anonymous talk at Def Con focused more on online civil liberties and activism, and came amid the backdrop of a screening of “We Are Legion” documentary held at the famed hacker conference. It was a far cry from last year’s Def Con, where some members donned their signature Guy Fawkes masks, while others shouted down speakers during a question-and-answer session on a panel about building a “better” Anonymous. Legal experts on Saturday’s panel pointed to a disparity in sentencing for physical activism versus hacktivism. Marcia Hoffman, a senior staff attorney at the Electronic Frontier Foundation, says the penalty for online civil disobedience is severe. “I’m not talking spending the night in jail. Federal hacking law [prescribes] up to 10 years in prison: That’s an incredibly harsh penalty,” Hoffman says. “It’s disconcerting that young people flexing their political muscle get 10 years in prison for [a] first-time offense.” Whether DDoS should be considered a legitimate form of protest was also debated. “Under certain circumstances, DDoS is protected political speech and should be afforded First Amendment rights,” said criminal defense attorney Jay Leiderman, who is representing Christopher Doyon, an alleged member of Anonymous who goes by the handle “Commander X.” Leiderman said an interview today that Commander X’s case and the PayPal case are classic examples of how some DDoS attacks should be treated as free speech. In the former, Commander X and others camped out for months in front of the Santa Cruz, Calif., courthouse protesting a crackdown on homeless people sleeping in the streets. “In the wake of more arrests, he and a small number of people allegedly DDoS’ed the County of Santa Cruz, slowing its server for 18 minutes,” he says. “That use of DDoS is a classic form of political speech, where the government is ignoring you and [you] get their attention in a nonharmful and noninvasive way with something to let them know you are out there.” Josh Corman, who has been researching Anonymous and, along with Brian Martin writing a series on “Building A Better Anonymous,” says the DDoS-as-free-speech argument made by the panel was interesting. Corman says he sees the disparity in a $250 fine for physical civil disobedience and a 10-year prison sentence for the digital equivalent. “I can see a reasonable argument that this is a legitimate form of free speech … I can see the disparity in the law there. Maybe they have a case there, but I’ll let people smarter than me decide,” Corman says. “[But] then I realize what a massive distraction that [argument] was.” The free speech DDoS argument distracts from the more malicious activity some members of Anonymous have conducted, he says. “And all of that drowns out the potentially noble” activity, he says. The bottom line is that DDoS doesn’t really accomplish what the hacktivists want it to, anyway, he says. “It doesn’t have any lasting damage at all. It’s a tool of fear” and is noisy, but hasn’t effected the type of change in the targeted organizations that the hacktivists had intended, Corman says. Sony, for example, suffered “orders of magnitude more” in financial losses from the massive earthquake in Japan than from the more than 21 DDoS attacks waged against it, he says. Meanwhile, Haefer offered a little insight into how Anonymous operates: In response to a question about how an Anonymous plan to out Mexican government officials with ties to drug cartels didn’t materialize, she said sometimes the intentions are there, but action may not be “feasible at that time.” “A lot of times where people start up an op with the intention of trying to do something, and someone will jump the gun and say, ‘We’re going to [f’ing] do it,’ and sometimes it’s not always possible with the people we have around and their lives” and other commitments, she said. At A Crossroads Corman says a small group of Anonymous members should define what free speech online means, and a find a better way to protest than DDoS attacks, he says. “I can envision truly noble online activism as transformative as a civil rights movement,” he says. Corman and others at an earlier panel at Def Con urged the security community to be aware and speak out about privacy and freedom concerns at the upcoming World Conference on International Telecommunications (WCIT-12) meeting. Experts say the meeting could result in the potential restructuring and governance of the Internet that could ultimately hamper user access and freedoms. The security community could be doing more to carry the torch here as a more formal means for Internet activism, he says. “The original Def Con crowd could be a force of organized chaos that keeps the peace actively or passively,” Corman says. And Anonymous, meantime, is at a crossroads, according to Corman. “Several [of them] are ready to engage on what a better Anonymous might look like,” he says. For fast DDoS protection against your website click here to view DOSarrest services. http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240004684/indicted-college-student-speaks-up-about-her-case-anonymous.html
View original post here:
Indicted College Student Speaks Up About Her Case for involvement of distributed denial-of-service (DDoS) attacks
For the last several months, Tablet Magazine’s servers have been coming under recurring distributed denial-of-service attacks, or DDoS attacks . Yesterday we suffered two major attacks, the first around 1:30 p.m., shortly after we posted Michael C. Moynihan’s explosive article about the further dishonesty of Jonah Lehrer, the author and New Yorker writer. The Lehrer story brought us an unprecedentedly large legitimate traffic load. Some commentators and observers speculated that that’s what brought us down. It’s true that the rush of readers coming to the Lehrer story was much larger than normal, but I am assured by our IT team that we had more than sufficient bandwith and server memory to handle it. Notably, for several midafternoon hours, when we were not under attack, we served extraordinarily high traffic loads uneventfully. Our IT team strongly believes that what we were experiencing—and have been for some time—are sophisticated attacks specifically targeting Tablet, not just run-of-the-mill Internet-as-Wild-West hijinks. It is possible that whoever is out to get us seized on a moment when we had high publicity and high server demand to attack. It sounds a little paranoid, granted, but as the saying goes, just because you’re paranoid doesn’t mean they’re not out to get you. The romantic in me hopes it’s the Iranians. Meantime, we’re doing what we can to keep the site up, and we apologize for our no-doubt maddening unreliability. And if you’re a DDoS-mitigation expert who’s eager for some pro-bono work, you know where to find us. Source: http://www.tabletmag.com/scroll/107948/on-tablet%E2%80%99s-server-outages
Follow this link:
Tablet’s Server Outages due to Distributed Denial of Service ‘DDoS’ attack
21-year-old could face five years in a Hong Kong slammer Hong Kong police have arrested a 21-year-old man after he apparently bragged on Facebook of his intent to disrupt several government web sites.…
See the article here:
Alleged Anon arrested for planning gov DDoS attacks
Family First’s anti gay marriage website is back up and running after an “unprecedented attack” took out the website’s host servers. “Protect Marriage” was launched by Family First yesterday, but minutes later was removed from the web when it became the immediate target of a “large-scale denial of service attack” according to the site’s webhost. Family First director Bob McCroskrie said the website was dedicated to opposing Labour MP Louisa Wall’s Marriage Equality Bill, which was pulled from the ballot last week and had sparked heated debate from both sides. While the site was reinstated a couple of times yesterday, its Christchurch-based webhost had to eventually pull the site completely because hackers had overwhelmed their servers so much it affected every other website hosted by the company. Family First’s own website was also hosted by the company and has also been pulled. A message is now reading the domain for familyfirst.org.nz has been suspended. Family First has reinstated the site with an international hosting company that had larger servers and tighter security measures. “It is disappointing that some opponents in the marriage debate are unwilling to have robust debate and are resorting to desperate – but failed – attempts to shut us down,” McCroskrie said. “We are also disappointed that our web host company was targeted with offensive emails simply because they were a Christchurch business that we wanted to support and who were willing to host some of our websites.” Meanwhile, US band Train have tweeted they are working on getting their music video “Marry Me” removed from the site, but it still featured on the site’s homepage today. Train caught wind their song was being used by Family First after a Twitter user alerted the band their song was being used on an “anti gay marriage website”. A user named @Mikey_J_S6 tweeted the band last night saying: “Why does your music video appear on a homophobic lobby group’s website?”. Train responded saying “Didn’t know. Getting it off asap. Tnx 4 tip”. McCroskrie said they had not yet heard from Train, but if they were asked to take the song down they would. “We’re not going to go by some post on Twitter, but if the band contact us then we will certainly take it down.” Latest tweets would suggest it is now in the hands of Sony, who were working to get the video off the website. At a Victoria University debate on the issue at the weekend, Wall said she expected a significant amount of vitriol directed her way and had already received nasty emails from those who opposed it. “But you know what, I just send them back some love because that is what this is all about.” Wall, who is the bill’s leader, said the point of it was to put human rights at the forefront of discussion. “It’s not about friction or conflict, it’s about having rational conversations and engagements with people and bringing back at the end of the day to a very personal level.” Both Wall and fellow Labour MP Charles Chauvel, who got married to his partner in Canada where the laws would allow, were expecting “dirty tactics” to arise from minority sectors. “While I’m confident and hopeful about us having the numbers to get this legislation through, there will be bitter opposition to it from a minority, but a vocal and sometimes nasty minority,” Chauvel said. For DDoS protection, contact DOSarrest a result of five years of research, experimentation and mitigation of malicious traffic. In the last four years, we have formed a dedicated team of network security specialists, network engineers and developers focused on mitigating DoS/DDoS attacks. Solving the DDoS problem is like a never ending cat and mouse game with attackers. Click Here to Contact Us! Source: http://www.stuff.co.nz/national/7385038/Family-First-site-back-online-after-attack
View original post here:
Family First site back online after Distributed Denial of Service ‘DDoS’ attack
A severe DDoS attack has brought down one of the most famous BitTorrent trackers. Demonoid has been inaccessible to its millions of users for more than a day and is expected to remain offline for quite some time. The tech admin of the troubled BitTorrent tracker told TorrentFreak that the issues at hand are not easy to fix, and suggests that aside from the DDoS there might have been an attack from another angle. Demonoid is one of the biggest torrent sites around, and has been for more than half a decade. Over the years the site has had its fair share of downtime, sometimes disappearing for months on end. Yesterday, a million plus Demonoid users noticed that they could no longer access the site. Instead of the usual welcome screen users were confronted with a “server busy” message, suggesting that the BitTorrent tracker is facing technical difficulties. TorrentFreak got in touch with the tech admin of the site who informed us that they are in serious trouble. Demonoid was overloaded by a DDoS attack which hit the server hard, resulting in a series of problems that may take a while to address. “It started as a DDoS but then it caused a series of problems. These problems need to be fixed before the site can go back up, and it’s a complicated fix this time,” the Demonoid admin told TorrentFreak. Aside from the DDoS assault, Demonoid’s server may also have been compromised by another attack. “There might have been an attack from another angle, an exploit of sorts, but it’s hard to tell right now without a full check of everything,” the admin says. While Demonoid is determined to return to its full glory, it might take a while before the site is up and running again. After an exodus of staff earlier this year there is only one person available to work on server issues, so progress is slow. “Our human resources became limited in the last few months. All tech issues are handled just by me now and there is no one else to take the job,” the admin told us, adding that his time is also limited by real life issues that take priority. “I’ll fix the site as soon as possible, but it might be a while this time,” the admin says. In recent years Demonoid has been in the cross-hairs of several anti-piracy outfits. It was pressured to move out of Canada by the CRIA and most recently the MPAA and RIAA reported Demonoid as a “rogue site” to the U.S. Government. However, there is no indication that the current attacks at Demonoid are anti-piracy related. For the millions of Demonoid users there’s no other option than to wait, once again. For fast DDoS protection click here . Source: http://torrentfreak.com/demonoid-to-suffer-prolonged-downtime-after-ddos-attack-120727/
Read More:
Demonoid Faces Prolonged Downtime After Distributed Denial of Service ‘DDoS’ attack
This year has seen distributed denial of service (DDoS) attackers increase the power of DDsS attacks massively, according to figures exclusively shown to TechWeekEurope. DDoS attacks see servers overwhelmed with traffic, causing a target’s website to go down. All kinds of organisations use DDoS attacks, from hacktivists like Anonymous to private companies wanting to stymie competition, and figures have shown they are upping their efforts. The average size of an attack went up 27 percent in 2012, hitting 1.56Gbps in June, compared to 1.23Gbps in 2011, second quarter data from anti-DDoS vendor Arbor Networks showed. June’s average attack speed was 82 percent up on the same month in 2011. There was also a return to growth in super-powered hits, with a 105 percent rise in the proportion of DDoS attacks measuring in at over 10Gbps. Between 2011 and 2010 that proportion was down 34 percent. Multi-vector DDoS attacks Arbor told TechWeekEurope that attackers were increasingly combining big volumetric attacks with stealthy application-level attacks, which are harder to identify due to a lower level of traffic. “We are still seeing a lot of the more stealthy application layer attacks going on out there, although now they are quite often accompanied by a volumetric attack. Attackers have learned that by generating application and volumetric attacks (multi-vector ) at the same time they can take sites and services down, and keep them down, for longer periods,” said Darren Anstee, solutions architect at Arbor. “Using multiple vectors makes it more difficult for operational security teams to figure out exactly what is going on, as different parts of the attack can impact different areas of infrastructure. Application layer attacks target the application servers, state-exhaustion attacks target firewalls, load balancers etc.” Despite the rise in DDoS power, the highest powered attacks have hit something of a plateau. The biggest monitored attack so far this year came in at 100.84Gbps, lasting 20 minutes, where 2011’s record of 101.394Gbps has not yet been surpassed in 2012. “It does appear that on the Gigabit per second side of things, right at the top end, attacks sizes may have plateaued. Why? It could be that 100Gbps of attack traffic is ‘all’ that is required to take down anything that has been targeted thus far, or, we could have reached some kind of limitation in some of the tools,” Anstee said. For the first time, the port used for Xbox Live connections (port 3074) showed up on Arbor’s findings, taking up 0.76 percent of attacks. Port 80, used by the HTTP protocol, is the prime target for DDoSers, with 29 percent of strikes hitting it in Q2. “There are unfortunately quite a lot of attacks between on-line gamers (this is multiplayer online gaming, rather than gambling). These attacks are used either to give one player an advantage over another, or avenge a defeat,” Anstee added. Botnets are a major part of the problem, as TechWeekEurope’s recent investigation into the underground DDoS market found. Law enforcement and industry firms continue to work with one another on knocking down botnets, as seen in last week’s effort to kill off super-spammer Grum. But most believe arrests are needed to truly counter the rise of malicious networks. For fast DDoS protection click here . Source: http://www.techweekeurope.co.uk/news/ddos-attacks-power2012-86926
Visit link:
Super-Charged Distributed Denial of Service ‘DDoS’ attack Spike In 2012
Miscreants offer to down mobe and fixed line services for $20 a day Cybercrooks are now offering to launch cyberattacks against telecom services, with prices starting at just $20 a day.…
Read More:
DDoS crooks: Do you want us to blitz those phone lines too?