Monthly Archives: July 2015

Bitcoin Exchange OKCoin’s Statement After July DDOS Attacks

Last week, bitcoin exchange OKCoin suffered a DDOS (distributed denial of service) attack, preventing users from accessing the platform for a while. On the afternoon of the attack, the company’s significant resources capable of defending against such attacks were able to limit the impact on the Chinese platform’s K-line. However, another stronger attack was made later on in the same day, leading the tech team to immediately set in motion the emergency response plan of switching to a highly secure server and enacting counter CC attack measures. This took some time to take effect so some users still encountered problems when it comes to accessing the bitcoin exchange. Bitcoin Exchange Compensation In a statement published on its blog, OKCoin shared the details on why some customers still had login problems even if the emergency measures were put in place. The company also addressed questions regarding trades that have gotten executed even during the attack and speculations against price manipulation. In addition, OKCoin shared that they will carry out proportioned compensation according to the user’s realized losses. Starting today, the bitcoin exchange will begin contacting customers who suffered losses as a result of being unable to access OKCoin’s futures platform on July 10th from 17:00 to 17:19. Aside from that, OKCoin will fund the purchase of 1000 bitcoins, while also using 1000 bitcoins from the clawback and vicious attack insurance fund to together create a 2000 bitcoin incident compensation fund. The company has also pledged to hand over the logged actions related to the attacks to the national police for an investigation of the source of these attack. In the meantime, the bitcoin exchange also decided to remind customers of the inherent risks associated with trading cryptocurrencies. The company emphasized that the digital currency industry is still in its early stages and firms are still adjusting to potential criminal attacks as they go along. Source: http://www.newsbtc.com/2015/07/13/bitcoin-exchange-okcoins-statement-after-july-ddos-attacks/

More here:
Bitcoin Exchange OKCoin’s Statement After July DDOS Attacks

Envato Targeted by DDoS Attack, WordPress Theme Authors Report Major Decline in Sales

If you’ve attempted to access Themeforest or any other site on the Envato network lately, you may have encountered some down time. The company updated customers and community members today, attributing the technical difficulties to a DDoS attack: Since July 1, Envato has been the target of a sustained DDoS (distributed denial of service) attack. The attacker, whose motive and identity are unknown, has repeatedly flooded our servers with high levels of traffic, causing our services to be unavailable at various times. The most recent outage happened over the weekend when Envato Market was down for three hours on Friday and one hour on Sunday. This is a significant chunk of time for a market that paid out $224 million dollars to its members in 2014. The downtime has also impacted WordPress theme authors, who continue to dominate the Envato’s marketplace. According to Ben Chan, the company’s director of growth and revenue, 30 of the 31 sellers who make up the Power Elite wall of fame (selling $1 million+ worth of items) are WordPress product authors. The power of the WordPress economy on Envato is undeniable, but sales have taken a sharp decline in the past couple of months, even before the DDoS attack. According to PremiumWP, which cites reports from elite theme author Chris Robinson of Contempo and many others, sales have suddenly declined 50-70%. “Sales have declined over 70% starting from May with each passing day getting worse,” Robinson said in the members’ forum. “I’ve also spoken with other elite authors explaining the same thing. One example going from $1500/day to $700 – sure that’s still a great deal of money BUT what the hell is happening? “This isn’t just one or maybe twenty authors, it is marketplace wide affecting everyone. A marketplace wide decline in sales of this magnitude doesn’t just happen due to vacations, or other buyer factors. Going through the years of sales data (since 2008) this has never happened, I’ve personally gone from $2-3000/week to less than $700/week…that’s insane!” With new authors and products entering the market every day, the market share for established authors is slowly diminishing, but members are not convinced that this is the sole cause of the sharp drop in sales. FinalDestiny of TeoThemes, another author whose sales are declining, blames the one-size-fits-all theme products for gobbling up a greater slice of the market share. “Everybody is tired of these huge, monster multipurpose themes having the same price as normal themes, and that’s pretty much killing the marketplaces. But Envato couldn’t care less, as long as they get their share,” he said. In another thread, which ended up getting locked, there are 27 pages of comments from users speculating about why their sales have been dropping. Members cite seasonal buying fluctuations, piracy, Themeforest’s recent drop in Google search rankings, VAT and hidden price additions on checkout, and unfair pricing advantages for monster themes that claim to do everything, among other possible causes. In one thread, titled “More than 50% sales drop for most of the authors. Does TF care for Authors?“, an Envato community officer offered the following comment: We don’t really give sales updates over the forums other than to say your sales can go up and down for a multitude of reasons. Try not to assume the sky is falling every time the USA has a long weekend We have fast and slow periods throughout the year same as any business, and your portfolio will no doubt have peaks and valleys as well. This kind of generic reply has left theme authors scratching their heads, despite multiple threads in the forums popping up with concerns from those who are alarmed by the sudden drop. Many WordPress theme authors depend on Themeforest as their primary source of income. In one reply, the Aligator Studio seller sums up their concerns and frustration with the inability to convince Envato of the unusual circumstances that are affecting large numbers of sellers: We are not talking about valleys and peaks, we’re talking about a general traffic and sales fall, from New Year until now, especially after April. We’re not talking about regular ups and downs (sometimes steeper, sometimes not), due to longer weekends, summer holidays, and general and the usual stuff happening here in the last couple of years. It’s not a sky falling – it’s inability to pay our bills, we’re not fanatics that foresee the end of the world. Envato has yet to provide an official statement about the marketplace-wide decline in sales, apart from recognizing the network’s unavailability due to the recent DDoS attack. Source: http://wptavern.com/envato-targeted-by-ddos-attack-wordpress-theme-authors-report-major-decline-in-sales

View article:
Envato Targeted by DDoS Attack, WordPress Theme Authors Report Major Decline in Sales

New Reddit rival Voat hit by DDoS attack

A would-be rival to Reddit called Voat is getting media attention. Is that what led someone to launch a DDoS attack on Sunday? A group of disaffected users of the news site Reddit, often called the “front page of the internet,” recently migrated to a new community site called Voat. But in the wake of media attention for Voat, it appears another group decided to launch a Distributed Denial of Service attack in an attempt to take it offline. The attack, which began Sunday night, was confirmed on Twitter by Voat: The maintenance on our servers ended several hours ago, but we are still being hit with a layer 7 DDoS attack as Confirmed by CloudFlare. — Voat (@voatco) July 12, 2015 The tweet cites CloudFlare, a security company that can help sites manage DDoS attacks. Such attacks typically involve antagonists who harness botnets in order to direct massive amounts of traffic at a website’s servers, and knock it offline. The attack does not appear to have taken Voat’s website down for any length of time, though a message on its homepage says the incident has forced it to cut off access to the site from various apps: “In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimize our source code even further.” It’s unclear who is responsible for the DDoS attack, though some are suggesting (on Reddit and Voat naturally) that Reddit users may be involved. Although Voat is an obscure site (its attraction apparently lies in its reputation as a “troll haven”), its emergence – and the DDoS response to it – underscores once again the volatile, migratory nature of online communities. As my colleague Mathew Ingram explained, such communities can be “like an anthill, but one where there is no queen or recognized authority or even common purpose — one where all the ants wander around doing whatever they want, whether it’s building something beautiful or destroying things just for the sake of destroying them.” Source: http://fortune.com/2015/07/13/new-reddit-rival-voat-hit-by-ddos-attack/

Read the article:
New Reddit rival Voat hit by DDoS attack

UK teenager sentenced over ‘biggest’ web DDoS attack

A British teenager has been sentenced for his part in what was called the “biggest cyber attack in history”. The attack on anti-junk mail group Spamhaus in 2013 slowed the internet around the world. Seth Nolan Mcdonagh was sentenced at Southwark crown court to 240 hours of community service for the attack. Mcdonagh had already pleaded guilty to five charges but details could not be reported until today’s sentencing hearing by which time he had turned 18. The attack on Spamhaus – which tracks sources of junk mail messages, to help network administrators and law enforcement to block spam senders – began on 15 March 2013 and drew world-wide attention. It was a Distributed Denial of Service (DDoS) attack in which attackers bombarded servers with so many requests for data that they can no longer cope. This made them crash or stop working. Biggest attack ever seen Spamhaus called on anti-DDoS specialist Cloudflare for support which then led to further and heavier attacks. At its peak the attack was funnelling 300 gigabits of traffic every second to Spamhaus computers – the biggest DDoS attack ever seen at that time. The sheer volume of traffic caused problems for internet traffic internationally and particularly for LINX – the London Internet Exchange – which helps data hop from one network to another. The court heard the impact on the internet had been “substantial”. The NCA led the investigation into the attack on Spamhaus Mcdonagh, who used the hacker alias “narko”, was described as a “gun for hire” who took down websites for those willing to pay, although other individuals, the court heard, may also have been involved. Amongst other sites he targeted was the BBC on 24 February 2013, Sandip Patel QC for the prosecution said. The court also heard that more than £72,000 had been discovered in Mcdonagh’s bank account after his arrest in April 2013. Source code used in the attacks was also found on machines in his house in London. He also had in his possession 1,000 credit card numbers, apparently from German financial institutions. ‘Exceptional’ case Evidence presented in court revealed that Mcdonagh’s criminal activity started when he was 13. Ben Cooper, defending Mcdonagh, said his client had suffered from a severe mental illness at the time of the attack and had withdrawn from school, the wider world and even his own family. His family have since played a key role in supporting his recovery to the point where he is now completing his A-levels and hoping to go to university . Judge Pegden described the case as “exceptional” adding that the crimes were “serious” and “sophisticated and unprecedented in scope”. The judge did not impose a custodial sentence saying Mcdonagh’s rehabilitation since his arrest was “remarkable” and that he had shown “complete and genuine remorse”. He said there was virtually no risk of further harm or re-offending. Richard Cox, chief information officer at Spamhaus, thanked the UK’s National Crime Agency for the “enormous effort and resources” it had dedicated to investigating Mcdonagh. He said he hoped the case would make very clear the considerable benefit that can result from law enforcement working closely with industry. “We fully appreciate the difficult predicament with which the sentencing judge was faced, and hope that anyone considering similar attacks will take heed of his remarks, that in any other circumstances such criminality would have resulted in a custodial sentence,” he said. Source: http://www.bbc.com/news/technology-33480257

See the original article here:
UK teenager sentenced over ‘biggest’ web DDoS attack

Planetside 2, H1Z1, Everquest servers under DDoS attacks

Lizard Squad, the notorious hacking group, is claiming responsibility for DDoS attacks on game servers for Planetside 2, Everquest, H1Z1, and more. Planetside 2 and H1Z1 developer Daybreak has fallen victim to DDoS attacks on their servers. The attacks are perpetrated by Lizard Squad, and have affected the game’s websites, as well as servers players connect to. To understand why this is happening, we’ll have to go all the way back to August of last year, when a wide-range of DDoS attacks targeted a large number of gaming servers, among the affected was Daybreak Games (then Sony Online Entertainment). Members of the same hacking group then grounded the plane company president John Smedley was on, by tweeting a bomb threat to American Airlines. Fast forward to last week, the hacker responsible was convicted but managed to avoid jail time. Understandably, Smedley was not pleased, vowing to go after him in court. Which is more or less what sparked the attacks against his company’s servers. Source: http://www.vg247.com/2015/07/10/planetside-2-h1z1-everquest-servers-under-ddos-attacks/  

Continued here:
Planetside 2, H1Z1, Everquest servers under DDoS attacks

Telegram suffers from outage in Asia after DDoS attack

Messaging app Telegram appeared to have suffered from a two-hour outage today. The service has appeared to have gone down at about 4pm and was partially restored at about 5.30pm. However, some users are still experiencing difficulty accessing the instant messenger. Online service fault detector website downdetector.com received 7 alerts on failed connectivity issues. Based on comments received on the website, most of the service faults were reported in the Asia-Pacific region. “Telegram down. So I guess it’s not as stable as WhatsApp lah aite.” said twitter user @amin_aminullah. Meanwhile, Telegram tweeted that it was faced with a Distributed Denial of Service (DDoS) attack in India and the South-east Asia region. “An ongoing DDoS is causing connection issues for our users in India and South East Asia. We’re hard at work fighting back.” @telegram tweeted. According to Wikipedia, a DDoS attack takes advantage of some property of the operating system or applications on the victim’s system. In turn, it enables an attack to consume resources of the victim, possibly crashing it. A growing number of Malaysians have switched over to Telegram as an alternative to popular messaging services such as WhatsApp and WeChat. Source: http://www.nst.com.my/node/91658

Continue reading here:
Telegram suffers from outage in Asia after DDoS attack

DDoS ransom notes: why paying up will get you nowhere

DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed If a large man stopped you on a street corner and told you that if you hand him five dollars, he won’t punch you in the face, what would you do? First you would sarcastically think to yourself welcome to New York, because that’s where this would happen. Following that, you could say no. You could try to run. You could try to defend yourself. But with a matter of moments to think about it, you’d probably just hand over the five dollars. It doesn’t feel good to give money to an unethical person to stop him from doing a terrible thing to you, but hey, face punch averted. Three days later, there he is again. Same offer only now its ten dollars. He already knows you don’t want to be punched in the face and he also knows you don’t seem to have any other plan for dealing with his threats. Handing over that first five dollars set you up to keep being victimised. A DDoS ransom note has a similar strategy behind it. The difference is that you don’t have mere seconds to make your decision. Forewarned is forearmed, so get your shield up. DDoS attack motivations A DDoS attack is a distributed denial of service attack, which is an attack that seeks to deny the services of a website, network, server or other internet service to its users by interfering with an internet-connected host. While victims of this kind of attack may throw their hands up in the air and ask why me, it isn’t necessarily a rhetorical question. Many people assume DDoS attacks stem from business rivalries, or are an attempt to gain a competitive advantage. In some cases this is true, but it’s far from being the only reason for DDoS attacks. DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted. The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies. Whether it’s a turf war between online groups, websites being randomly targeted for DDoS experiments, a challenge to see what attackers are capable of, or hacktivist groups trying to gain attention (the Lizard Squad, anyone?), a lot of the reasons for DDoS attacks can be summed up to just being a jerk on the internet. DDoS ransom notes no exception Speaking of jerks on the internet. For about as long as DDoS attacks have been a thing, so too have DDoS attack extortion attempts. ‘We have a botnet army prepared to take down your site. You have 24 hours to pay us $1000.’ This sort of ransom note is typically followed by a warning shot low-level DDoS attack, just so you know the attackers are capable of what they’re threatening. A year ago, even a few months ago, these DDoS ransom notes were largely attributed to low-level cyber criminals, or kids trying to make some easy cash. But the recent actions of DD4BC, a high-level hacking group responsible for some high-level extortions on bitcoin companies, have shown us that this isn’t true. DD4BC have been threatening 400+ Gbps DDoS flood attacks. While their actual attacks have been shown to be much smaller scale application layer DDoS attacks, peaking at about 150 requests per second accompanied by network layer attacks maxing out at 40 Gbps, these attacks would still be enough to take down most small to medium-sized websites. DD4BC have been attempting to extort bitcoin and gaming companies since November of 2014. Lately they seem to have begun targeting the payment industry as well. How to respond when you receive a DDoS ransom note Thank your mom for all that just ignore it advice she gave you growing up, because one of the best responses here is definitely no response. If you pay the ransom, not only are you out that money, but you’ve also identified your website as one that has no professional DDoS protection. That will put you on the exploitable victim list with a big exclamation mark after your name. Some companies have decided that they’re not content with merely ignoring the ransom demands. One of DD4BC’s first publicised extortion attempts was against the Bitalo Bitcoin exchange, who not only refused to capitulate, but slapped a big ol’ bounty on DD4BC’s head. That bounty was added to by another bitcoin company, Bitmain, in March. Another high-profile website, meetup.com, also went public with their fight against a blackmail-related DDoS attack in March 2014. Ignoring these DDoS ransom notes or actively fighting back against would-be extortionists is unequivocally what your organisation should do in the event that you receive one. However, to do either of these things absolutely requires that you have professional DDoS protection. You don’t poke the bear unless you know it can’t get out of its cage. If that means onboarding protection as soon as you get a note, then so be it. A better plan is to have professional DDoS mitigation in place before you ever land on the list of some hacking group. Blackmail is just one of many reasons DDoS attacks take place, and DDoS attacks are getting stronger and more devastating all the time. Source: http://www.information-age.com/technology/security/123459804/ddos-ransom-notes-why-paying-will-get-you-nowhere

Read this article:
DDoS ransom notes: why paying up will get you nowhere

New Jersey Online Gaming Sites Hit by DDoS Attacks

Online gaming sites in New Jersey were rocked by a wave of distributed denial of service attacks (DDoS) last week, according to the New Jersey Division of Gaming Enforcement (DGE). At least four sites were knocked offline for around half an hour by the cyberattacks, David Rebuck, DGE director, said, although he declined to name them. The disruption was followed by a ransom demand, to be paid in bitcoin, and the threat of further more sustained attacks, he added. DDoS attacks are used by cyber criminals to flood the bandwidth of an internet site rendering it temporarily nonoperational. Online gambling has been a target for such criminals since the early days of the industry, although this is the first time that any attacks have been reported against the regulated US markets. However, last September, when Party / Borgata attempted to stage the most ambitious tournament series the regulated space had seen, the Garden State Super Series, major disruption forced the main event to be cancelled. “Known Actor” Suspected It was assumed that the technical difficulties were the result of a relatively new infrastructure bending under the weight of an uncommon influx of players, but it seems possible that there were more sinister forces at work. Cyber attackers typically strike at times when traffic is highest in order to maximize disruption, and a well-publicized event like the Garden State Super Series would have been an irresistible target. Rebuck’s assertion that law enforcement is now hunting a “known actor” in relation to the attacks, a suspect who has “done this before” would appear to confirm, at least, that New Jersey has been subject to a prior attack. Recent Attacks on Offshore Market Hackers have certainly disrupted unlicensed US-facing poker sites in recent times. Two months after the Garden Super Series, the Winning Poker Network (WPN) attempted to stage a similarly ambitious online tournament with $1,000,000 guaranteed. The event had attracted 1,937 players with 45 minutes of late registration still remaining, before it was derailed by a suspected cyberattack. An on screen-message relayed the news to players as the tournament was abandoned four and a half hours in, following a spate of disruptions. The tournament was canceled and buy-in fees refunded to all participants. On November 23, the Carbon Poker Online Poker Series was severely interrupted by poor connectivity issues, and the site has experienced intermittent problems several times since, although no official word on the disruptions has been forthcoming from .Carbon Poker. “It sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner,” cybersecurity expert Bill Hughes Jr, told the Press of Atlantic City of the incident last week. “It appears that the system worked here.” Source: http://www.cardschat.com/news/new-jersey-online-gaming-sites-hit-by-ddos-attacks-13472#ixzz3fFdK5Vbd

More:
New Jersey Online Gaming Sites Hit by DDoS Attacks

Another malware building toolkit leaked, botnets already popping up

Another malware building toolkit has been leaked, allowing less tech-savvy crooks to generate a fully functional variant of the KINS banking Trojan and to inject its configuration code in a JPG file i…

Read More:
Another malware building toolkit leaked, botnets already popping up