Monthly Archives: August 2015

Six teens arrested in UK for using hacking group’s paid DDoS service

Six teenagers were arrested by British police on suspicion of attacking websites, the country’s National Crime Agency (NCA) announced on Friday. The teenagers were users of the hacking group Lizard Squad and used the Lizard Stresser tool, software that allowed them to pay to take websites offline for up to eight hours at a time, according to an NCA statement. The tool works by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users. Those arrested in the operation coordinated by NCA were all teenage boys aged from 15 to 18, while two other suspected users of Lizard Stresser were arrested earlier this year, the NCA said. The suspects are thought to have maliciously deployed Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous, the NCA also said. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers, according to the NCA. Lizard Squad became a well-known hacking group last year after it claimed responsibility for taking down the PlayStation Network and Xbox Live. The group later launched the Lizard Stresser tool. “By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit. Officers are also visiting some 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks. A third of the individuals identified are under the age of 20, according to the NCA. “One of our key priorities is to engage with those on the fringes of cyber criminality to help them understand the consequences of cyber crime, and how they can channel their abilities into productive and lucrative legitimate careers,” said Adams. Source: http://www.globalpost.com/article/6638281/2015/08/28/six-teens-arrested-uk-using-hacking-groups-paid-ddos-service

See the original article here:
Six teens arrested in UK for using hacking group’s paid DDoS service

BitTorrent patches reflective DDoS attack security vulnerability

A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks. The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks. According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem — which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request. Successful distributed denial-of-service (DDoS) and DRDoS attacks launched against websites flood domains with traffic, often leaving systems unable to cope with the influx and resulting in legitimate traffic being denied access to Web resources. The team said in a paper (.PDF) documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable. On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to “mitigate the possibility of such an attack.” Francisco De La Cruz, a software engineer from the uTorrent and BitTorrent team, wrote a detailed analysis of the attack and the steps the company has taken to reduce the risk of this vulnerability. The vulnerability lies within libµTP, a commonly used tool which can detect network congestion and automatically throttle itself — a useful feature when BitTorrent clients are being used on home networks. However, the way libµTP handles incoming connections allows reflectors to accept any acknowledgement number when receiving a data packet, which opens the doorway to traffic abuse. The success of a DRDoS relies on how much traffic an attacker can direct towards a victim, known as the Bandwidth Amplification Factor (BAF). The higher the BAF, the more successful the attack. In order to reduce the BAF ratio and mitigate the security issue, BitTorrent engineers have ensured a unique acknowledgement number is required when a target is receiving traffic. While this can still be guessed, it would be difficult and time-consuming to do so for a wide pool of victims. De La Cruz said: “As of August 4th, 2015 uTorrent, BitTorrent and BitTorrent Sync clients using libµTP will now only transition into a connection state if they receive valid acknowledgments from the connection initiators. This means that any packets falling outside of an allowed window will be dropped by a reflector and will never make it to a victim. Since the mitigation occurs at the libµTP level, other company protocols that can run over libµTP like Message Stream Encryption (MSE) are also serviced by the mitigation.” Regarding BTSync, BitTorrent says the severity of the vulnerability — even before recent updates were applied to the protocol — mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol’s design ensures that peers in a share are limited — keeping the potential attack scale down. According to the BitTorrent executive, the protocol therefore would “not serve as an effective source to mount large-scale attacks.” Averill commented: “This is a serious issue and as with all security issues, we take it very seriously. We thank Florian for his work and will continue to both improve the security of these protocols and share information on these updates through our blog channels and forums.” Source: http://www.zdnet.com/article/bittorrent-patches-reflective-ddos-attack-security-vulnerability/

Read the original post:
BitTorrent patches reflective DDoS attack security vulnerability

NCA arrests six Lizard Squad users after gaming firms, retailers targeted

Officers also visiting 50 addresses for a quiet word The National Crime Agency has arrested six users of a Lizard Squad DDoS attack tool, which had been used against a national newspaper, a school, gaming companies, and a number of online retailers.…

Continue reading here:
NCA arrests six Lizard Squad users after gaming firms, retailers targeted

NCA arrests six Lizard Squad users after gaming firms, retailers targetted

Officers also visiting 50 addresses for a quiet word The National Crime Agency has arrested six users of a Lizard Squad DDoS attack tool, which had been used against a national newspaper, a school, gaming companies, and a number of online retailers.…

Read more here:
NCA arrests six Lizard Squad users after gaming firms, retailers targetted

Spooks, plod and security industry join to chase bank hacker

Perp known as ‘DD4BC’ has some serious heat on his or her tail, with worse to come A group of security boffins have joined police and intelligence spooks in a clandestine mission to identify those behind distributed denial of service (DDoS) extortion attacks against major banks.…

More:
Spooks, plod and security industry join to chase bank hacker

81% of healthcare organizations have been compromised

Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…

Excerpt from:
81% of healthcare organizations have been compromised

DARPA wants to take the sting out of DDoS attacks

While posing a minor inconvenience compared to other more malicious cyberattacks, distributed denial of service attacks post enough of a threat that the Defense Advanced Research Projects Agency nonetheless is looking for innovative approaches to mitigate their effects.  The Extreme DDoS Defense (XD3) program is looking to the private sector for “fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions,” according to a recent broad agency announcement. While this BAA does not include detection and mitigation of DDoS-related malware on hosts or networked devices, DARPA listed five technical areas for which contractors can submit responses that focus on lessening the effect of DDoS attacks and improving recovery time.  For example, the solicitation seeks proposals to: Devise and demonstrate new architectures that physically and logically disperse these capabilities while retaining (or even exceeding) the performance of traditional centralized approaches.   Develop new cyber agility and defensive maneuver techniques that improve resilience against DDoS attacks by overcoming limitations of preconceived maneuver plans that cannot adapt to circumstances and exploring deceptive approaches to establish a false reality for adversaries.   Produce a response time of 10 seconds or less from attacks and at least a 90 percent recovery in application performance compared with hosts that do not have XD3 capabilities. DARPA believes XD3 concepts can be leveraged by the military, commercial network service providers, cloud computing and storage service providers and enterprises of all sizes. Given the threat and array of targets DDoS attacks pose, XD3 BAA responses will consider a wide range of network and service contexts, such as enterprise networks, wide?area networks, wireless networks, cloud computing and software-defined networks, to name a few. The response date is Oct. 13, 2015, and the proposers day will be held on Sept. 2, 2015. Source: http://gcn.com/articles/2015/08/26/darpa-xd3-ddos.aspx

See more here:
DARPA wants to take the sting out of DDoS attacks

The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

DDoS attacks are often seen as a global phenomenon that affects ISPs and large datacentres. But the daily damage is done by much smaller attacks on vulnerable, sometimes poorly defended resources such as websites belonging to well-known organisations. The UK has had more than its fair share of such attacks with hacktivism and occasionally extortion the main motivations. Here we chart some of the worst attacks that have affected UK organisations in recent years. DoS attack on CMP Media (UBM) – 1998 Proof that simple denial of service (DoS) attacks (if not DDoS) are far from new, a disgruntled magazine subscriber decided to barrage the email server and fax machines of the UK tech publisher CMP Media (later sold to UBM) with enough traffic to cut the company off from the world for most of two days. The ISP identified the likely culprit but in 1998 denial of service attacks were a civil rather than criminal matter and remained so until 2006. LulzSec ‘”Tango down” DDoS attacks – 2011 The group that gave the Anonymous movement its UK brand, the small collection of mainly British youths that hid behind the LulzSec moniker loved their DDoS. Several big UK organisations were targeted but the attack that downed the Serious Organised Crime Agency (SOCA) website in June 2011 was probably the last straw. Alleged UK GCHQ DoS attack on Anonymous – 2011 In 2014 Britain hater and anti-NSA campaigning journalist Glenn Greenwald alleged that GCHQ Joint Threat Research Intelligence Group (JTRIG) unit launched DDoS attacks to disrupt chatrooms used by hacktivists from Anonymous and LulzSec. It was pointed out that this was really a targeted DoS attack and not an indiscriminate DDoS. Attack on the BBC by Iran – 2012 Downplayed at the time but what hit the Beeb on 2 March 2012 was anything but for those on the receiving end. Downed the BBC’s email server for a while, disrupted its Persian Service (hence the blame being attributed to Iran, which hates the Service’s output) and even overloaded its exchange with large numbers of phone calls. DDoS attack on Oxford and Cambridge universities – 2012 A single 20-year old individual – later imprisoned for a range of cybercrimes – was blamed for the DDoS attacks on Oxford and Cambridge University that disrupted their websites for a period of days in 2011 and 2012. It was never clear why the named man attacked the universities but the ease with which one person could cause so much trouble for large institutions was noted at the time. DDoS on 123-reg domain registrar – 2012 A sign that DDoS attacks could take on even big Internet-facing businesses, in May 2012 the UK’s largest domain registrar was hit with enough traffic to take its site down for a reported 15 minutes with further problems throughout the day. Rivals were also targeted as crybercriminals tested their latest techniques against well-defended businesses. Spamhaus 325Gbps super-DDoS – 2012 The massive 325Gbps DDoS attack on UK anti-spam organisation Spamhaus remains probably the second or third largest of all time and was even ridiculously said to have ‘slowed the Internet’. Later blamed on Dutch national Sven Kamphuis, the Spamhaus attack was the first to use a technique called DNS amplification to such sensational effect. Julian Assange hacktivists turn on MI5 – 2012 Wikileaks’ founder Julian Assange was briefly a focus for anti-corporate rage, and his pursuit by the UK, the US and Sweden over rape allegations promoted a series of hacktivist DDoS attacks in late 2012. Predictable they might have been but also surprisingly successful – MI5’s public website was put out of action for several hours. Manchester casino extortion attack – 2013 A rare publicised example of DDoS in the service of extortion, the attack on a Manchester-based online casino came after the business refused to pay the owner refused to hand over half the business to Polish nationals Piotr Smirnow and Patryk Surmacki. The pair were eventually arrested at Heathrow Airport tying to leave the country and later jailed. Raspberry Pi Foundation DDoS – 2013 Not everyone likes the Raspberry Pi people it seems including a “lone sociopath” with issues. The individual concerned launched a flurry of bizarre grudge DDoS attacks on its website, with some success. The attacker even targeted a group of teens working on a 48-hour Python hackathon using RaspBerry Pis. The Foundation beat the attacks with the help of an understanding ISP. Carphone Warehouse data breach DDoS – 2015 In July 2015, major UK smartphone retailer Carphone Warehouse suffered a serious data breach which, it later transpired, might have been aided using a DDoS ‘distraction’ attack. Up to one in five DDoS incidents are later found to be part of a data theft snatch in which IT staff are occupied fending off the DDoS, giving attackers more opportunity to sneak in and out. Mumsnet DDoS attack by @DadSecurity – 2015 Who would attack a site as apparently innocuous as Mumsnet? In what must rank as the oddest ideological attack of recent times, a campaign group called ‘@DadSecurity’ is suspected of doing just that as part of a wider campaign of nuisance that included having an armed police team dispatched to the house of founder Justine Roberts. Came after earlier data breach in 2014. Source: http://www.techworld.com/picture-gallery/security/uks-12-worst-ddos-attacks-hacktivism-extortion-plain-malice-3623767/#12

Continue reading here:
The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

Teen nabbed after attacks on UK government and FBI sites

His lawyers claim that their client was only on the “periphery” of a conspiracy to take down UK government and FBI sites, but a UK teen who didn’t mind boasting online about those crimes now faces the possibility of jail time. Charlton Floate, 19, of Solihull, England, already admitted to three counts of computer misuse under the Computer Misuse Act and three counts of possessing prohibited images at Birmingham Crown Court. The attacks took place in January 2013, when Floate and a team of other cyber criminals crippled government sites with deluges of digital traffic sent from malware-infected computers. Such computers are often called zombie computers, and they’re widely used in botnets to gang up on sites with what’s known as a distributed denial of service (DDoS) attack. The gang managed to knock out the UK’s Home Office site – a heavily used site that provides information on passports and immigration among other things – for 83 minutes. The group also took down an FBI site – that allowed users to report crime – for over five hours. The prosecutor, Kevin Barry, reportedly said that in November 2012, Floate carried out two test runs, remotely attacking the computers of two men in the US. Floate uploaded a sexually explicit video to YouTube to “mock and shame” one of his victims, and he “taunted” the other victim about having control of his computer. Modest, he was not – Floate also reportedly bragged about the government site attacks on Twitter and on a forum frequented by hackers. Judicial officer John Steel QC rejected Floate’s legal team’s contention that he was on the “periphery” of the cyber gang, saying that evidence pointed to his actually being central to the crimes, including organizing the attacks. He said Floate was “clearly a highly intelligent young man”, who had become an expert in computer marketing, had written a book on the subject, and succeeded in taking down an FBI.gov website – what he called the “Holy Grail” of computer crime: A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved. He was the person who instituted such attacks and assembled the tools and personnel for doing so. The Holy Grail it may be but in this case I beg to differ about how successful Floate was in getting his hands on it. A DDoS attack isn’t a form of sophisticated lock picking, it’s just a noisy way to board the door shut from the outside. Floate may well be bright but he stumbled once, and that’s all that investigators needed. Namely, he used his own IP address – he worked out of his mother’s home – to check up on how the attacks had gone. Police traced the address to Floate’s mother’s home, where they seized Floate’s computer and mobile phone. They also found evidence that he’d tried to recruit others into the gang and that he’d discussed possible weaknesses in certain websites as well as potential future targets – including the CIA and The White House. Sentencing was adjourned until 16 October, pending a psychiatric report. Floate is currently remanded on conditional bail. Steel said he hadn’t yet made up his mind about sentencing but added there’s “clearly potential for an immediate custodial sentence” and that Floate “should be mentally prepared for it.’ Source: https://nakedsecurity.sophos.com/2015/08/24/teen-nabbed-after-attacks-on-uk-government-and-fbi-sites/

Read more here:
Teen nabbed after attacks on UK government and FBI sites