Author Archives: Enurrendy

Can a DDoS attack on Whitehouse.gov be a valid protest?

A software engineer wants to take down the Whitehouse.gov site to oppose Trump’s inauguration When Donald Trump is inaugurated as the U.S. President on Friday, Juan Soberanis intends to protest the event — digitally. His San Francisco-based protest platform is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service attack, an illegal act under federal law. But Soberanis doesn’t see it that way. “It’s the equivalent of someone marching on Washington, D.C,” he said on Monday. “Civil disobedience has been part of the American democratic process.” Soberanis’s call to action is raising eyebrows and highlights the isssue of whether DDoS attacks should be made a legitimate form of protest. Under the Computer Fraud and Abuse Act, sending a command to a protected computer with the intent to cause damage can be judged a criminal offense. But that hasn’t stopped hacktivists and cyber criminals from using DDoS attacks to force websites offline. In 2013, the U.S. charged 13 people affiliated with the hacktivist group Anonymous for launching DDoS attacks on government entities, trade groups and law firms. Typically, hackers launch such attacks by using several servers, or huge numbers of infected PCs called botnets, to flood their targets with an overwhelming amount of traffic. Soberanis’s protest effort is simpler. He’s hoping that millions of individuals join his protest by visiting Whitehouse.gov and continually refreshing the page. “There’s nothing illegal,” he said. “We are just a large group of people, making a GET request,” he said, referring to the HTTP request method to access a web page. Soberanis, who works as a software engineer, created his Protester.io platform about a month ago to encourage activism. It currently has no funding, but the site managed to gain a bit of buzz last week. The PR Newswire public-relations service circulated a press release from Protestor.io, only to retract it later after realizing the release was calling for a “take down” of Whitehouse.gov. “There’s also been some detractors,” he said. “They support Trump and have a very different viewpoint.” Soberanis isn’t the first to argue that DDoSing can be a form of legitimate protest. Briefly in 2013, a failed online petition was posted on the White House’s website about the same subject. It argued that DDoSing a website was not a form of hacking, but a new way for protesting. “Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website,” the petition said. Some agree and think that DDoS attacks, in certain scenarios, can work as a valid form of protest. Laws like the Computer Fraud and Abuse Act are “over broad” and “chilling” political speech, said Molly Sauter, author of The Coming Swarm, a book that examines DDoS attacks used in activism. A DDoS attack on Whitehouse.gov — a site designed more for public relations than for operations – also wouldn’t disrupt any major government activities, Sauter said. Taking it down could be seen as “more or less like protesting outside on the street,” she said. “Now, is that going to be successful?” she asked. “Frankly, it’s not likely that the Whitehouse.gov site wouldn’t have DDoS protection.” But others think a DDoS attack on the Whitehouse.gov is still a crime. Making it legal would open a can of worms, they say. “If they can do this to Whitehouse.gov with impunity now, can they also do it to Exxon without worry of legal troubles?” said Mark Sauter (no relation to Molly Sauter), a former U.S. Army officer who consults security and tech companies. He questions why protestors like Soberanis are resorting to DDoS attacks when they can publish their own websites or speech against Trump. Source: http://www.csoonline.com/article/3158826/security/can-a-ddos-attack-on-whitehousegov-be-a-valid-protest.html

Originally posted here:
Can a DDoS attack on Whitehouse.gov be a valid protest?

DDoS Attacks: A Threat to Businesses and Consumers

Distributed Denial of Service (DDoS) attacks are a growing concern for businesses and consumers alike. These attacks are on the rise along with all forms of cyber-attack. According to Kapersky, “43% of businesses experienced data loss in the past year due to a cyber-security incident.” While DDoS attacks threaten the reputation and the bottom line for businesses, they also threaten consumers. In many cases a DDoS attack is launched as a decoy to hide the real intentions of the hacker – to steal corporate intellectual property and financial data, as well as consumer data. DDoS attacks have been a factor in some of the largest data breaches. Dave Larson of Infosecurity Magazine reports that “in a large proportion of data breaches reported over the last few years, DDoS attacks have been occurring simultaneously, as a component of a wider strategy; meaning hackers are utilizing this technique in a significant way.” At its core a DDoS attack uses hundreds and sometimes thousands of computers to flood the business website with large volume of internet traffic to overwhelm the host server. When this happens the website often stops functioning for a period of time. Sometimes hackers will continue to randomly attack a website until the business pays a ransom – much like ransomware that targets individuals. There are three major types of DDoS attacks available to a hacker. Volumetric: Most common. Sends a large amount of internet traffic to the host server simultaneously. Amplification: Sends a high volume of traffic using large packets of data. Requires fewer “zombie” or compromised computers to accomplish the same task as a volumetric DDoS attack. Resource Depletion: Makes multiple requests through multiple ports or entry points into the targeted server until its capacity is exceeded. To find out more about these types of DDoS attacks, go to Defending Your Network against DDoS Attacks. There are a number of hardware and software tools to help defend against such attacks, but the primary methods of defense are knowledge, detection, and training. Businesses should analyze how their networks and the systems attached to that network interact with the internet to uncover and fix vulnerabilities before they are exploited by hackers. Train IT employees to recognize the hallmarks of a DDoS and other cyber-attacks, so they can react quickly. Train all employees to recognize and immediately report any unusual activity on any system connected to the internet. Train all employees to question unusual emails or texts requesting W-2’s, other personnel data, or corporate financial information. Develop specific rules for employees regarding usage of social media and the types of corporate information that can be shared online. A recent study has shown that social engineering is a precursor to 66% of cyber-attacks. Source: 7 Ways to Make Yourself Hack-Proof. For more information on Decoy DDoS attacks, check out DDoS attacks: a perfect smoke screen for APTs and silent data breaches. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to bbb.org. Source: http://whnt.com/2017/01/15/ddos-attacks-a-threat-to-businesses-and-consumers/

More:
DDoS Attacks: A Threat to Businesses and Consumers

DDoS prevention as part of a robust I.T. Strategy

A decade ago the idea of loss prevention (LP) had been limited to the idea of theft of merchandise. With the advent of online retailing, retailers have discovered that loss must be viewed more broadly to “intended sales income that was not and cannot be realized” [Beck and Peacock, 28]. While Beck and Peacock regard malicious loses such as vandalism as part of sales that cannot be realized, Distributed Denial of Service (DDoS) attacks certainly could fit with that definition. Unlike other kinds of LP, where the attempt of the thief is to conceal their activities, a DDoS attack is designed for maximal visibility so the purpose of the attack is to deny the target customer’s access, and especially susceptible are businesses that have online payment gateways [Gordon, 20] which today includes many business and non-profit entities. Particularly problematic for CIOs is that the nature of DDoS attacks is constantly changing. Many of these attacks occur at networking layers below the application level, which means for the CIO that buying an off-the-shelf software product is unlikely to provide an effective countermeasure [Oliveira et al, 19]. Of course, the determination of financial impact is an important consideration when weighing allocations of the IT security budget. While it is clear that the “loss of use and functionality” constitutes true losses to a company [Hovav and D’Arcy, 98], estimating a potential loss encounters difficulties given the lack of historical data and a perceived risk to putting an exact figure upon security breach losses. This presents a problem for the CIO because of the need to show ROI on security investments [Hovav and D’Arcy, 99]. Yet, a successful DDoS attack has the potential to cost a company millions of dollars in real financial losses from the direct costs of work time, equipment leases, and legal costs to the indirect costs, such as, loss of competitive advantage and damage done to the company’s brand. The direct cost of “a more complex breach that affects a cross-section of a complex organization” can often exceed £500,000 (624,000 USD) and does not include additional five or six figure fines if government regulatory agencies are involved [Walker and Krausz, 30]. If the CIO cannot buy an off-the-shelf software product to prepare against a DDoS attack, how does the CIO develop an I.T. security strategy that is appropriate to this specific threat? While this is by no means an exhaustive list: here are a few approaches that one can take that may help to developing an effective I.T. strategy that can deal with the DDoS threat. (1) Accept that developing an I.T. strategy effective against mitigating loss caused by DDoS requires resources, but your business is worth protecting. (2) Remember that the purpose of technology is to connect your business to people [Sharif, 348], and that connectivity is itself an asset that has real value. (3) Developing effective business partners can help you ensure business continuity. These partnerships could be with consultants, alliance partnerships that have successfully dealt with DDoS attacks, or businesses that specialize in dealing with this kind of security issue. Bibliography Beck, Adrian, and Colin Peacock. New Loss Prevention: Redefining Shrinkage Management. NY: Palgrave Macmillan, 2009. Gordon, Sarah, “DDoS attacks grow,” Network Security (May 2015), 2, 20. Horvav, Anat, and John D’Arcy, “The Impact of Denial-of-Service attack announcements on the market value of firms,” Risk Management and Insurance Review 6 (2003), 97-121. Oliveira, Rui André, Nuno Larajeiro, and Marco Vieira, “Assessing the security of web service frameworks against Denial of Service attacks,” The Journal of Systems and Software 109 (2015), 18-31. Sharif, Amir M. “Realizing the business benefits of enterprise IT,” Handbook of Business Strategy 7 (2006), 347-350. Walker, John, and Michael Krausz, The True Cost of Information Security Breaches: A Business Approach. Cambrigdeshire, UK: IS Governance Publishing, 2013. David A. Falk, , Ph.D. Director of IT DOSarrest Internet Security

Visit link:
DDoS prevention as part of a robust I.T. Strategy

Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

National PR service circulates—then pulls—release highlighting campaign to crash government website BY: Morgan Chalfant January 14, 2017 4:56 am A leading public-relations service blasted and then removed a news release this week highlighting a campaign to protest the inauguration of Donald Trump by crashing WhiteHouse.gov. PR Newswire, a global news-release distribution service, circulated a release on Thursday highlighting a campaign launched by Protester.io, a digital protest organizing platform, to “take down” the White House website next Friday in protest of Trump’s inauguration. “On January 20th, hundreds of thousands of Americans are going to Washington, DC to march in protest of the inauguration of Donald Trump. Millions more around the country will be joining the cause from home. If you can’t make it to Washington DC on inauguration day, you can still participate by occupying whitehouse.gov online,” the release read. “Why is it important to participate? Isn’t this just another election? We haven’t lost our democracy yet, but it is most definitely under threat. The only way we’re going to defend and revive our democracy is by mobilizing.” Protester.io describes itself as a platform that helps individuals “organize protests like a crowdfunding campaign.” A description of the Inauguration Day protest on its website, named “Occupy WhiteHouse.gov,” instructs interested parties to go to the White House website on Jan. 20 and refresh the page as often as possible throughout the day. The page also includes instructions for protesters to “automate” page refresh so that their computers do this automatically. “When enough people occupy www.WhiteHouse.gov the site will go down. Please join us and stand up against this demagogue who is threatening our democracy and our security,” the protest page states. Shortly after blasting the news release, PR Newswire issued a correction, changing the headline of the release from “Protester.io Launches Campaign to Take Down WhiteHouse.gov on Inauguration Day” to “Protester.io Launches Campaign to Voice Your Opinion at WhiteHouse.gov on Inauguration Day.” Later, the news-release service removed the press release entirely. PR Newswire was purchased by Cision, a global public relations software company based in Chicago, for $841 million from British business events organizer UBM in 2015. PR Newswire is based in New York and distributes public relations messages for companies largely located in the United States and Canada, according to the New York Times. When contacted, a spokesman for Cision confirmed to the Washington Free Beacon that the original release had been modified and later removed entirely “after further evaluation.” “The issuer modified the original release at our request, but after further evaluation, we ultimately decided to remove the release in its entirety and have requested that the rest of our network remove the content as well,” Stacey Miller, director of communication for Cision, wrote in an email Friday afternoon. An organizer for the protest did not respond to a request for comment. Federal investigators have probed what are called distributed denial of service, or DDoS, attacks, which block users from websites by overloading them with traffic. Such attacks brought down Twitter, Spotify, and Amazon last October, prompting investigations by the FBI and Department of Homeland Security. It is unclear whether the planned “Occupy WhiteHouse.gov” protest campaign would constitute a DDoS attack. Attempts to reach the FBI on Friday were unsuccessful. Several protests have been organized around Inauguration Day, including the “Women’s March on Washington” that is expected to draw some 200,000 women to the nation’s capital on Jan. 21, the day following Trump’s inauguration. Fox News reported that protesters are also planning to blockade security checkpoints at the inauguration and organize a “dance party” outside the home of Vice President-elect Mike Pence. Source: http://freebeacon.com/culture/protest-aims-take-whitehouse-gov-inauguration-day/

View post:
Protest Aims to ‘Take Down’ WhiteHouse.Gov on Inauguration Day

DDOS attacks intensify in EMEA

Distributed denial-of-service (DDOS) attacks in the Europe, Middle East and Africa (EMEA) region witnessed an uptick in the last quarter and are set to intensify in 2017. This is according to a report issued by F5 Networks, which revealed data from its Security Operations Centre (SOC), highlighting the growing scale and intensity of cyber attacks in the region. DDOS attacks have been around since at least 2000. These attacks refer to a situation in which many compromised machines flood a target with requests for information. The target can’t handle the onslaught of requests, so it crashes. Consultancy firm Deloitte also expects cyber attacks to enter the terabit era in 2017, with DDOS attacks becoming larger in scale, harder to mitigate and more frequent. F5 Networks points out that in 2016 to date, it has handled and mitigated 8 536 DDOS instances. The company notes that one of the attacks featured among the largest globally – a 448Gbps user datagram protocol (UDM) and Internet control message protocol (ICMP) fragmentation flood using over 100 000 IP addresses emanating from multiple regions. It explains the incident highlights a growing trend for global co-ordination to achieve maximum impact, with IP attack traffic stemming largely from Vietnam (28%), Russia (22%), China (21%), Brazil (15%) and the US (14%). “The EMEA Security Operations Centre has been experiencing rapid growth since launching in September last year, and it is entirely driven by the explosion of attacks across the region, as well as businesses realising they need to prepare for the worst,” says Martin Walshaw, senior engineer at F5 Networks. In Q1 (October – December), the SOC experienced a 100% increase in DDOS customers, compared to the same period last year. F5 Networks says UDP fragmentations were the most commonly observed type of DDOS attack in Q1 (23% of total), followed by domain name system reflections, UDP floods (both 15%), syn floods (13%) and NTP reflections (8%). “Given the rise and variety of new DDOS techniques, it is often unclear if a business is being targeted,” Walshaw says. “This is why it is more important than ever to ensure traffic is being constantly monitored for irregularities and that organisations have the measures in place to react rapidly. “The best way forward is to deploy a multi-layered DDOS strategy that can defend applications, data and networks. This allows detection of attacks and automatic action, shifting scrubbing duties from on-premises to cloud and back when business disruption from local or external sources is imminent at both the application and network layer.” Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=158643

Read More:
DDOS attacks intensify in EMEA

Three ways retailers can safeguard against cybercrime

Chinese New Year is always a shopping boom time in town. People are generous in spending on food, decorations, and fashion during the important cultural festival. While retailers are focused on ensuring that they successfully take advantage of spikes in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks? Avoiding a cyber-crime catastrophe Thanksgiving officially kicks off the biggest shopping period of the year globally. The period through to Chinese New Year may be a sales bonanza, but it’s also a period of high vulnerability that criminals exploit to maximize the threat to a retailer’s business. Along with gaming and finance companies, retailers are popular targets because they store sensitive data that thieves can use for financial gain. Additionally, DDOS attacks are often used to distract organizations so that even more costly web application attacks can take place at the same time. But the truth is no industry is immune and the threat is increasing in its relentlessness. With Chinese New Year sales accounting for a sizeable chunk of most retailers’ revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under a load of peak volumes, it might not take much of a straw to break the camel’s back. The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack. Retailers face a growing threat Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers. This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers to printers and digital video recorders — as long as they’re connected to the internet. The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, most likely, gearing up for bigger things. Asia is not immune and Hong Kong is a prime target According to a recent report by Nexusguard, DDoS attacks increased 43 percent in Q2 to 34,000 attacks in the Asia-Pacific region and 83 percent worldwide. The largest increase was seen in Hong Kong, where attacks rose an astonishing 57 percent. China, which saw a 50% increase in attacks, is the number one target in the region. According to the report, over the course of a month, a Chinese website was attacked 41 times. The fact is, that every company needs to pay this issue serious attention and put effective plans in place. Prevention is the better than the cure There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result. So how can retailers defend themselves against the threat of an attack? Organizations have to use a combination of measures to safeguard against even the most determined DDoS attack. This include: 1. Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge 2. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently 3. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organizations want to protect. Chinese New Year is a critical period for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it. Source: http://www.enterpriseinnovation.net/article/three-ways-retailers-can-safeguard-against-cybercrime-512090779

Read the original post:
Three ways retailers can safeguard against cybercrime

Crims shut off Ukraine power in wide-ranging anniversary hacks

Phishing, denial of service, and remote exploitation part of hacking banquet Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December.…

See the article here:
Crims shut off Ukraine power in wide-ranging anniversary hacks

Dark DDoS: hacker tools and techniques – the challenges faced

In 2017 has the cyber landscape changed? What are the objectives of hackers? What are their methods? The variety of attacks used has increased, so how can you mitigate the risk? Hackers can have many different possible objectives. For instance, they may aim to interrupt business, corrupt data, steal information – or even all of these at the same time. To reach their goals, they continuously look for any vulnerability – and will use any vulnerability – to attack. They’re getting increasingly smarter and always looking for more, faster and easier ways to strike. Furthermore, their attacks are no longer designed simply to deny service but to deny security. The initial service denial attack is often used as a camouflage to mask further – and potentially more sinister – activities. These include data theft, network infiltration, data exfiltration, networks being mapped for vulnerabilities, and a whole host of other potential risks. These types of attacks are often referred to as ‘Dark DDoS’ because of initial smokescreen attack which acts to distract organisations from the real breach that’s taking place. In a large proportion of recent data breaches, DDoS (distributed denial of service attacks) have been occurring simultaneously – as a component of a wider strategy – meaning hackers are utilising this technique in a significant way. According to a report by SurfWatch Labs, DDoS attacks rose 162% in 2016. SurfWatch Labs claims this is due to the increasing use of IoT devices and the attacks on the KrebsOnSecurity.com and on domain name provider, Dyn – believed to be some of the biggest DDoS attacks ever recorded. Last year, France was also hit by one of the largest DDoS attacks when hosting company, OVH, was targeted through 174,000 connected cameras. Today’s hackers have developed a high variety of DNS attacks that fall into three main categories: Volumetric DoS attacks An attempt to overwhelm the DNS server by flooding it with a very high number of requests from one or multiple sources, leading to degradation or unavailability of the service. Stealth/slow drip DoS attacks Low-volume of specific DNS requests causing capacity exhaustion of outgoing query processing, leading to degradation or unavailability of the service. Exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. Often DNS threats are geared towards a specific DNS function (cache, recursive & authoritative), with precise damage objectives. This aspect must be integrated into the DNS security strategy to develop an in-depth defence solution, ensuring comprehensive attack protection. The list below of the most common attacks aims to emphasise the diversity of the threats and details the extent of the attack surfaces: Volumetric attacks Direct DNS attacks Flooding of DNS servers with direct requests, causing saturation of cache, recursion or authoritative functions. This attack is usually sent from a spoofed IP address. DNS amplification DNS requests generating an amplified response to overwhelm the victim’s servers with very large traffic. DNS reflection Attacks using numerous distributed open resolver servers on the Internet to flood victim’s authoritative servers (usually combined with amplification attacks). NXDOMAIN Flooding of the DNS servers with non-existing domains requests, implying recursive function saturation. Stealth/slow drip DoS attacks Sloth domain attacks Attacks using queries sent to hacker’s authoritative domain that very slowly answers requests – just before the time out, to cause victim’s recursive server capacity exhaustion. Phantom domain attack Attacks targeting DNS resolvers by sending them sub-domains for which the domain server is unreachable, causing saturation of cache server capacity. Random subdomain attack (RQName) Attacks using random query name, causing saturation of victim’s authoritative domain and recursive server capacity. Exploits Zero-Day vulnerability Zero-day attacks take advantage of DNS security holes for which no solution is currently available. DNS-based exploits Attacks exploiting bugs and/or flaws in DNS services, protocol or on operating systems running DNS services. DNS tunnelling The DNS protocol is used to encapsulate data in order to remotely control malware or/and the exfiltration of data. Protocol anomalies DNS Attacks based on malformed queries, intending to crash the service. DNS cache poisoning Attacks introducing data into a DNS resolver’s cache, causing the name server to return an incorrect IP address and diverting traffic to the attacker’s computer. The DNS landscape security is continuously moving and DNS attacks are becoming more and more sophisticated, combining multiple attack vectors at the same time. Today’s DDoS attacks are almost unrecognisable from the simple volumetric attacks that gave the technique its name. In 2017, they have the power to wreak significant damage – as all those affected by the Dyn breach last year will testify – they are far more sophisticated, deceptive and frequent. To keep ahead of these threats, today’s security solutions must continuously protect against a family of attacks rather than a limited list of predefined attacks that must be frequently updated or tuned. Source: http://www.information-age.com/securing-website-content-management-system-123463910/

Read the original post:
Dark DDoS: hacker tools and techniques – the challenges faced

How the application landscape is impacting IT organizations

Accelerating cloud adoption is creating increased demand for security application services including WAF, DNSSEC, and DDoS protection, according to F5 Networks. As an increase in application services often requires additional resources, respondents also indicated a shift toward DevOps methodologies to gain operational efficiencies through automation and programmability. This need for scalability replaces speed to market as the prime driver of DevOps adoption. “This past year, not a week went by without some hack or vulnerability … More ?

Original post:
How the application landscape is impacting IT organizations

Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it

The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge. And it’s a mystery who’s behind it. Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since site’s inception.” A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable. But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy. The site is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said. “The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.” Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his site as a news destination not controlled by corporate interests or politicians. And he’s had great success. SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most-trafficked media publishers in the US. According to analytics posted to the site, the Drudge Report has amassed about 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels. It’s a high-prized target, one that now sees itself under attack by an unknown culprit. Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].” “Attacking coming from ‘thousands’ of sources,” he wrote on Twitter. “Of course none of them traceable to Fort Meade…” Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his site came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda. “Maybe they think this is a proportional counterattack to Russia,” tweeted Sharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?” Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s site would be a blatant violation of the Constitution — as well as generally improbable. “If Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.” “Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.” DeMott, however, posited that another nation-state could be the potential culprit. “It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.” Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods. “I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.” Chris Weber, the cofounder of Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it. “It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the site was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange. Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder. Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his site. But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report. And without a group taking credit, it may be impossible to determine the culprit. “Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.” Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party. “There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.” Arora added: “It’s not just a technology question. It’s also a motive question.” Source: http://www.businessinsider.com/hackers-ddos-drudge-report-2017-1

See the article here:
Someone is trying to take down the Drudge Report, and it’s a mystery who’s behind it