Monthly Archives: June 2015

AINA Brought Down By Massive DDoS Attack

AINA’s website was the target of a massive distributed denial of service attack (DDOS) which made the site unavailable for more than one week. The attack was launched on June 8 and continued until yesterday. The source of the attack is unknown. A DDOS attack floods a site with hundreds of thousands of requests, which overloads the system and forces it to shut down. The attack is launched from computers which have been infected with malware, without the knowledge of their owners. A DDOS attack is difficult to defend against because of the very nature of the internet. A website is by definition designed to respond to requests. Any website can be brought down by such an attack. Source: http://www.aina.org/news/20150617135759.htm

See original article:
AINA Brought Down By Massive DDoS Attack

Canadian Government Websites Inaccessible Following DDoS attack

Around 1:30 pm ET on Tuesday afternoon, Canadian government websites became inaccessible due to a denial-of-service attack, The Globe and Mail reported. The attack affected industry, employment, national resources, fisheries and oceans, justice, labor, foreign affaisr, environment and transportation related websites. A denial-of-service attack, sometimes called a DOS attack, occurs when hackers flood a website with traffic, essentially leaving it unusable to normal users hoping to browse the site. It is unclear why Canada’s government websites faced this attack or who the hackers are. Source: http://www.newsweek.com/canadian-government-websites-inaccessible-following-denial-service-attack-344002

Link:
Canadian Government Websites Inaccessible Following DDoS attack

DDoS Attack on Voat due to Reddit

Voat was just a small Reddit knock-off before last week — but now it’s becoming overloaded as people threaten to leave the bigger site So many people are leaving Reddit that its closest competitor crashed and had to ask for donations to stay up. Many users of the site protested and left when last week it banned five subreddits for harassment. And since, users have been making good on threats to leave the site — going instead to a Swiss clone of the site, Voat. That site look almost exactly the same as Reddit, and features many of the same communities. But it is committed to a rule of “no censorship” — previously Reddit’s attitude, but  one that it has moved away from as it has attempted to reduce the harassment and abuse on the site. So many people have moved to the Swiss knock-off that it has been down entirely many times since the Reddit bans. In response, the site asked for donations in bitcoin to pay for extra technology to keep the site up. That doesn’t seem to have worked, and the site says that it is now under a distributed denial of service attack, where users send a flood of requests to a website to take it down. But despite the problems, the site now has more than twice as many users as it did late last mnth, according to the site’s Twitter account. It had over 96,000 registered users last night, it said — far from the 172 million unique visitors that went to Reddit in the last month, but up many times over recent weeks. Voat’s founder said that the site was “not ready for such a huge influx of new users” and that it hadn’t “prepared for such a large and sudden increase either”. “We are sorry to see Reddit change like this, in this way, in such an accelerated fashion,” Atko wrote. “We would have never anticipated such events.” Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/reddit-alternative-breaks-because-so-many-people-leave-site-after-harassment-scandal-10321474.html

Read More:
DDoS Attack on Voat due to Reddit

Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

Lack of some elementary security measures can risk your router’s security and this has stemmed to grow into a large-scale denial-of-service (DDoS) attacks using these hacker-controlled routers. A web security firm Incapsula has discovered a new router based botnet Mr Black while investigating some DDoS attacks against its customers since this December. Hackers exploited routers’ negligent security measures to launch these attacks all over the world. According to this report published by the security firm, the routers made by Ubiquiti Networks had DDoS malware installed on them. The routers were not hacked due to some vulnerability in the hardware. Instead, it happened because of the deployment of the router in an insecure manner that exposed their management interfaces using the default credentials over SSH and HTTP. The routers that were inspected were found to have 4 versions of Mr Black, a DDoS program and altogether thirty-seven variations of Mr Black were detected. Other DDoS programs included DoFloo, Mayday and Skynet (a remote sensing tool). In some earlier versions of the report, Incapsula said that it believed that the hacktivist group Anonymous was one of the few groups those used the compromised routers. It is yet not clear that why Anonymous was highlighted in the report, but it is certain that few people who call themselves “Anonymous” were using the routers. The original article on the Daily Dot was edited to remove the fact that botnet directs to irc (dot) anonops (dot) com. Total 40,269 different IP addresses were detected from 1,600 ISPs spread across 109 countries. The main affected countries were Thailand (64%), Brazil (21%), United States (4%) and India (3%). To control these routers, 60 servers were hacked and majority of these were in China and the U.S. To save themselves from the DDoS attacks, users must make sure that their routers’ management interfaces aren’t exposed over HTTP or SSH to the internet. They can also use some tools available to scan their router’s IP for open ports and change their default login credentials. With inputs from Anon.hq Source: http://omdpatel.blogspot.tw/2015/06/anonymous-hijacks-thousands-of-insecure.html

Read more here:
Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

DD4BC Shifts Focus to Businesses, Continues DDoS Attack

Cybercriminals and extortionists demanding Bitcoin as ransom is on the rise these days. Due to the easy of transfer and pseudonymity associated with Bitcoin transactions, it has become the currency of choice for them. We have been hearing about ransomware, hacking incidents where sensitive data is stolen from computers and even extortion by threatening to physically harm an individual, the only common factor in all these cases is the ransom, to be paid in Bitcoin. There is one such cybercriminal group called DD4BC who have made it a regular habit to launch Distributed Denial of Service (DDoS) attacks on the websites belonging to Scandinavian companies. Once they launch an initial DDoS attack, they will blackmail these companies to pay about 40 bitcoins to avoid further attacks on their IT infrastructure. In most cases, the group sends out emails to the targeted firm within hours of launching the first DDoS attack. These emails, demanding ransom in Bitcoins also promises the victims that it is a one-time thing and if they pay the ransom, DD4BC will not attack them again. DD4BC also claims in the mail that even though they do bad things, they are going to keep their word. It is surprising that the group which was targeting European banks and financial institutions all these days has suddenly shifted their target to businesses in Scandinavia. Recently DD4BC allegedly tried to extort money from Bitalo Bitcoin Exchange – 1 BTC in exchange for information on how to prevent DDoS attack. But the plan seemed to backfire when the CEO of the Exchange, Martin Albert announced a bounty of 100 BTC for information about the person/people behind DD4BC. Among the list of Bitcoin sites targeted by DD4BC includes CEX.io and Bitcoin sports book Nitrogen Sports. Recently an Australian company was hacked into by unidentified perpetrators. They allegedly stole sensitive data, asking for ransom. They have also threatened to harm family members of one of the top officials from that company. Source: http://www.livebitcoinnews.com/dd4bc-shifts-focus-to-businesses-continues-ddos-attack/

Read More:
DD4BC Shifts Focus to Businesses, Continues DDoS Attack

DDoS attacks are a growing digital threat to freedom of expression in Latin America

The media and Latin American journalists are starting to experience firsthand what until recently seemed to be the exclusive concern of US, European or Asian media outlets: cyberattacks.? This type of online criminal activity, known as Distributed Denial of Service (DDoS), is the other side of technological advances that aim to maximize flow of information online.? Cybercrime legislation is backward and broken in Latin America, where the lack of a culture of information security or economic resources of journalists and media outlets ensures that attacks are successful.? One of the most recent cases occurred in Mexico, where minutes after publishing an investigation about the alleged responsibility of federal police in extrajudicial executions of several young people in Apatzingan, a town in the state of Michoacan, the Aristegui Noticias site was out of services for hours, a victim of a DDoS attack.? The Knight Center for Journalism in the Americas consulted Robert Guerra, an expert on cyber security and Internet freedom, and Luis Horacio Najera, a Mexican journalist and expert in the field, on the consequences of these attacks for media companies.? “The main consequence of a cyber attack in the context of Latin America is the reduction of critical spaces that encourage debate or the exposure of misconduct and abuse of power, like corruption,” Guerra said. Guerra, founder of Privaterra, an organization based in Canada that advises private companies and NGOs on data privacy, believes that “any attack, whether cyber or physical, deteriorates freedom of expression and of the press in the country where it occurs.” In the context of countries like Mexico, where media workers are victims of assassinations, kidnappings and threats, this “silent war” on the Internet is presented as a new alarm when speaking about freedom of expression and of the press. Momentary “blackouts” of online media affect the flow of information, the legitimacy of the company and its journalists, and also cause adverse economics effects for the media companies which base their income in online advertising. “The attacks almost always occur as a result of some publication, that is to say they are more reactive than proactive,” Guerra said of the Latin American case. “The freedom of the press is vulnerable not only when a journalist is killed or a broadcaster is exploited.” In fact, in the 2014 Annual Report of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights (CIDH), at least four cases of these attacks on media in Mexico were reported. “With the changes in technology and ways of doing journalism, cyber attacks will become more frequent because they attack the legitimacy of the journalist, and also affect the publication of news. Therefore, all attacks and threats should be condemned with the same intensity,” Guerra added. In addition to clear legislation, the region also lacks information on how and where these attacks occur, as well as statistics on their targets and consequences. In 2000, one of the companies specializing in digital security solutions, Arbor Networks, joined Google Ideas (an Internet research and conflict solution implementation think tank) to create a map that tracks digital attacks happening around the world, in real time. The aim was to create a tool for identifying these anonymous attacks: What is the origin of the attack, its target, and the duration and type of attack? It also aimed to analyze trends. Looking at the map, you can see that the peak of the cyber attacks in Latin America happened in December 2014. “It’s very interesting to see that most of the attacks are concentrated in a few countries in the region and that they are the result of specific moments in those countries,” Guerra said. “In the case of Guatemala, a reason for the attacks may be that at that time people were discussing the results of the International Commission Against Impunity in Guatemala. In the case of Peru, the second round of December 2014 regional elections may have influenced events.” What is a DDoS attack? At the technical level, a DDoS attack occurs when millions of simultaneous requests are sent to a single server in order to make it collapse. It is a targeted, deliberate action using hundreds of connected computers to make a simultaneous attack.? In an interview with the Knight Center, Hector Jara, founder and director of Enfinity, a Panamanian cybersecurity and information safety management company, explained the concept with an analogy. “Imagine a highway where a few cars circulating at high speeds and the traffic is fluid. As you add more and more cars, the driving pace slows and traffic is less fluid. If we continue to add cars, you will reach a point where the highway is saturated and cannot meet the demand, and the cars will be stopped. The same thing happens with connections to a website. The number of connections that it can respond to is limited, and if it makes more and more connection, at some point it will be saturated. The more capacity the organization has, this is more difficult to achieve – we think of Google Facebook, among others – but the limit always exists.” Jara also explained how criminal organizations use other types of attacks – for example phishing – through which they infect computers of ordinary users. “These infected computers are known as zombies , and can be controlled and used by these organizations to launch other attacks, such as DDoS. In fact these organizations assemble networks of zombie computers (known as botnets ) that they then ‘rent’ for non-sanctioned purposes”. The cybersecurity expert said that in addition to political purposes and censorship attacks, other attacks are related to digital protest. For example, the term Hacktivism is a new form of protest increasingly being used. One of the latest examples of the use of technology as a means of social protest was during the removal of former President Fernando Lugo of Paraguay when attacks on public bodies were made and one of them closed access to the official website of the Presidency. Asked about possible actions against these attacks, Jara explained that “while we can design a communications architecture in a way that can protect against these attacks – for example there are technological tools such as Web Application Firewalls and services such as CloudFlare , which can mitigate the impact and in some cases completely limit it – by the nature of the attack, if those interested in launching the attack had enough resources and time, it is likely that the would force a site out of operation.” While in the United States DDoS attacks are considered crimes and are punishable under the penal code, this has not been shown to combat the situation. The question is what can legislation achieve regarding this issue. Experts agree that international cooperation is key to fighting cybercrime. In 2014, Mexico hosted the “Workshop on legislation on cybercrime in Latin America”, organized to support Latin American countries in developing legislation on cyber crime, in accordance with international standards proposed in the “Budapest Convention “. During the meeting, possible reforms to criminal law of the participating countries and constitutional reforms in telecommunications were debated. While Argentina, Chile, Colombia, Costa Rica, Mexico, Paraguay and Peru have expressed their interest in joining the treaty, Dominican Republic and Panama have already completed this process. “Most regional legislation concerning information security have been poorly, and in many cases have been motivated by local public security crisis,” said Guerra of Privaterra. “So, from the start, these are deficient laws that in many cases secretly seek to impact civil society through censorship and criminalization of social networking activity.” Guerra also said it is not possible to speak of general solutions in Latin America, but that “each region has its own dynamics, and accordingly, legislation should create or strengthen legal counter methods to give tools for protection to civil society. These tools should be autonomous and independent of government.” Meanwhile, Jara noted that while regulations should establish a legal framework that protects personal information and data, in the case of journalists, these professionals should take measures to protect such data. “Because of the work, they may be a target of criminal organizations and sometimes governments. If they also have blogs or personal pages, they should ensure the safety of them, as a vulnerable site also becomes the focus of attack, ” Jara said. Source: https://knightcenter.utexas.edu/blog/00-16118-ddos-attacks-are-growing-digital-threat-freedom-expression-latin-america

Read More:
DDoS attacks are a growing digital threat to freedom of expression in Latin America

FBI Links Chinese Government to DDoS Attacks on US Websites

The FBI says it has credible evidence to link the Chinese government to attackers who leveraged two Chinese telecom companies and the Baidu search engine to carry out recent distributed denial of service (DDoS) attacks targeting unnamed U.S. websites. The FBI issued a confidential Flash Alert to U.S. companies alleging that the Chinese government sanctioned activities in which Internet traffic was “manipulated to create cyber attacks directed at U.S.-based websites” using man-in-the-middle (MitM) techniques. “Analysis by the U.S. government indicated that Internet traffic which originated outside China, was intercepted and modified to make unsuspecting users send repeated requests to U.S.-based websites,” the Flash Alert reportedly said. “The malicious activity occurred on China’s backbone Internet infrastructure, and temporarily disrupted all operations on the U.S.-based websites.” Analysis of the attacks revealed that malware was injected into the browsers of users when web traffic reached China Unicom or China Telecom networks – both state-owned telecommunications companies – “at the same points in these routes that censor traffic for the Chinese government.” “The location of the [man-in-the-middle] system on backbone networks operating censorship equipment indicates that the [man-in-the-middle] attack could not have occurred without some level of cooperation by the administrators of these systems,” the Alert said. “The malicious Javascript would direct the unsuspecting user’s browsers to make repeated requests to targeted U.S.-based websites.” While the FBI Flash Alert did not specify which company’s websites were attacked, it is likely that the popular web-based software developers collaboration platform GitHub was among those targeted. Researchers from the University of California at Berkeley, the University of Toronto, and Princeton recently published details of a powerful Chinese MitM tool dubbed the “Great Cannon,” which was used in DDoS attacks targeting websites operated by the anti-censorship project GreatFire.org, and later connected to the attacks on GitHub. “Specifically, the Cannon manipulates the traffic of ‘bystander’ systems outside China, silently programming their browsers to create a massive DDoS attack,” the researchers said. “The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users.” GitHub was likely targeted because GreatFire.org had begun to mirror some content on the platform. The attacks against GreatFire employed the same techniques as those seen in the GitHub attack, which leveraged hijacked Internet traffic. “The web browser’s request for the Baidu javascript is detected by the Chinese passive infrastructure as it enters China. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user’s browser to continuously reload two specific pages on GitHub.com,” analysis of the attack revealed. This analysis aligns with details of the GreatFire.org attacks which was released previously. “Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyber-attacks against GreatFire.org’s websites. Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks,” officials at GreatFire.org said. “Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code.” GreatFire.org said it has conclusive evidence that the Chinese government using the nation’s infrastructure to conduct the attacks, and had previously published a detailed report, which was further backed up by the analysis provided by the university researchers. “We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the Great Cannon,” the researchers wrote. “The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.” Source: http://en.hackdig.com/06/23256.htm  

See the article here:
FBI Links Chinese Government to DDoS Attacks on US Websites

Cost to launch DDoS attack from botnets for hire

Could you pass up a $40,000 return on a $20 investment? Odds are you couldn’t if you enjoy wreaking havoc on a business. New research released today by Incapsula shows distributed denial of service (DDoS) assaults continue to be expensive nuisances for online businesses — and that the attacks can be launched from botnets-for-hire for around $38 a month. A DDoS attack costs a business $40,000 per hour in terms of lost business opportunities, loss of consumer trust, data theft, intellectual property loss and more, Incapsula estimates. When you consider top attacks last for days and that half of all targets are repeatedly hit, it’s easy to see how quickly costs escalate. A Lot for a Little “What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month. This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes,” the security firm noted in its 2015 DDoS Threat Landscape Report (registration required). Last year Incapsula reported a 240 percent increase in DDoS activity. This year, although DDoS activity is still rising, Incapsula highlighted shifts in the methods, length and types of attacks. Incapsula defines an attack as a persistent DDoS event against the same target (IP address or domain). It is preceded by a quiet (attack free) period of at least 10 minutes and succeeded by another such period of the same duration or longer. The study differentiates between network layer and application layer attacks. These definitions refer to the Open Systems Interconnection model (OSI Model), which conceptualizes the process of data transmission by segmenting packets into seven layers. Network layer attacks target the network and transport layers (OSI layers 3 and 4), while application layer attacks target OSI layer 7. The analysis is based on data from 1,572 network layer and 2,714 application layer DDoS attacks on websites using Imperva Incapsula services from March 1 through May 7. “Assaults against network infrastructures continue to grow in size and duration. Those aimed at applications are both long in duration and likely to be repetitive. The upshot for organizations of all sizes is that simply weathering the storm is no longer a viable strategy — the impact will be big, durable and likely recurring,” the report notes. On That Depressing Note Here are a few of the report’s key findings: Once a target, always a target: 20 percent of websites are attacked more than five times DDoS attacks can last a long time: While 71 percent of all network layer attacks last under three hours, more than 20 percent last more than five days Some attacks are exceptionally long: The longest attack was 64 days DDoS for hire is more readily available than ever: Botnet-for-hire fingerprints are on roughly 40 percent of all attacks Five countries create most DDoS botnet traffic : 56 percent of DDoS bot traffic emerged from China, Vietnam, US, Brazil and Thailand What’s a Botnet-for-Hire? Opportunistic cybercriminals have the botnet-for-hire business model, a subscription scheme that provides each user with limited access to the botnet resources (usually for a cumulative duration of no more than 60 minutes per month). “During these short periods, individuals with little or no DDoS skill are able to execute assaults using one of the few available scripts (which are reminiscent of our definition of attack vectors),” the report notes. The average cost to rent-a-botnet for an hour each month through a DDoS subscription package is around $38, with fees as low as $19.99. The takeaway: It costs very little to bring down a website. “Perhaps putting a price tag on the damage caused by such services will bring more public attention to their activity, and to the danger posed by the shady economy behind DDoS attacks,” the report notes. Source: http://www.cmswire.com/information-management/you-can-bring-down-a-website-for-38/

Continue Reading:
Cost to launch DDoS attack from botnets for hire