The New Zealand Couriers website was the victim of a ‘denial of service’ botnet attack late last week, believed to be from overseas. The ‘denial of service’ attack, which took place on Thursday November 7, was specifically aimed at preventing access to www.nzcouriers.co.nz and the online tools hosted on this page, and required intensive and malicious effort by an unknown group. Revealed through a customer email sent out by the company, NZ Couriers wrote: “We have sorted out the issues caused by this attack for the most part. “But there are some important pieces of information we wanted to make you aware of: • You may experience a longer wait time than usual when contacting our call centre, due to more people doing things over the phone that they would usually do through our website. We would encourage you in the first instance to try using our online tools as usual before calling through to book a courier, buy product, or track an item. • The issue was caused by a malicious attack, but no one who visits our website is at any sort of risk – this is not related to viruses or anything along those lines. • Traffic to www.nzcouriers.co.nz has been restricted to New Zealand and Australian based companies – so if you have a customer outside of this region, or if your company runs an offshore system then they may not be able to access this website. If this occurs, we do have a way to resolve this – simply contact us on 0800 800 841 and we’ll get the details from you required to sort this out. Admitting that there may be “some lingering issues over the next few days,” NZ Couriers claims these are likely to be sorted out within the next week. “New Zealand Couriers apologises for this interruption of service and we will continue to do everything in our power to deliver the same great service you have come to expect from us,” the company email concluded. Source: http://techday.com/netguide/news/nz-couriers-struck-down-by-dos-attack/173381/
Tag Archives: 6folds-marketing
Pro Afrikaans Action Group (Praag) under DDoS attack
Afrikaans language activist group Praag intends to lay criminal charges against people responsible for attacking its website, the group said on Thursday. Pro Afrikaans Action Group (Praag) founder Dan Roodt said the website and servers had been under a “distributed denial of service” (DDOS) attack, causing disruptions since Tuesday. He believed the attack was aimed at bankrupting Praag and its service provider through the consumption of bandwidth and damage to network infrastructure. “We are going to lay charges with the SA Police Service under the Electronic Communications and Transactions (ECT) Act 25 of 2002 for the DDOS attack against us, but also against those anonymous individuals slandering us on Facebook, social media, and in relation to potential advertisers on our site,” said Roodt. On Sunday, Rapport reported that Google had decided to stop channelling advertising to Praag, and this threatened the future of the website. Roodt told the paper that Praag made thousands of rands from advertising on its website, and would not be able to function without advertisers. He said Google told him that Afrikaans was not a recognised advertising language and it could channel advertisements only to the English version of the Praag website. Roodt, however, alleged that a woman who opposed Praag was behind the problem. He claimed the woman had started a “malicious and fanatical” Facebook group called “Speak Out Against the Website Praag”. In a letter she reportedly posted on the social media network, she accused Praag of being racist and of spreading hate speech, and shared the letter with companies she claimed were helping it spread this message by advertising on the website. On Thursday, Roodt said he had the backing of supporters to take on the attackers. “We will not be using the distasteful and underhanded techniques of our opponents but will be defending ourselves in an open, transparent and legal manner,” he said. Source: http://www.iol.co.za/news/crime-courts/charges-pending-after-praag-web-attack-1.1607313#.UoTwduLrKb4
View the original here:
Pro Afrikaans Action Group (Praag) under DDoS attack
3-Cyber attack “war game” tests London banks
* Exercise involved “fake foreign government attack”-source * Also involved “denial of service attack” – source * Event dubbed “Waking Shark II” * Bank of England has told banks to strengthen defences By Matt Scuffham and Joshua Franklin A cyber attack by a foreign government on financial markets played out in one of London’s historic halls on Tuesday in a “war game” simulation designed to test the City’s defences against online saboteurs. About 100 bankers, regulators, government officials and market infrastructure providers gathered to take part in a exercise dubbed “Waking Shark II” at Plaisterers’ Hall in the heart of Britain’s financial district. Regulators and companies are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific lenders. The Bank of England has told banks to strengthen their defences against cyber attacks. One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services. Tuesday’s five and a half hour event ran from 1200 GMT and involved simulations designed to test how well banks and other market players communicate and coordinate with authorities and each other, sources told Reuters. An industry source who attended said one of the simulations featured a cyber attack by a fake foreign government and a denial-of-service (DOS) attack, which makes network resources unavailable to users. The source described the test as a “productive exercise” which left participants better equipped to deal with a real-life attack. The finance ministry, Bank of England and the Financial Conduct Authority said the exercise had been “sustained and intensive”. “A thorough review of the lessons learned is underway to identify potential improvements to the resilience of the sector,” their joint statement added. A report will be published early in the new year. REAL CHALLENGE The event, one of the largest of its kind in the world, follows a similar large-scale simulation in New York this year dubbed “Quantum Dawn 2? and comes amid heightened fears over the threat from hacking and cyber attacks. “This is a good opportunity to iron out any flaws now before our cyber defences are tested in anger,” said Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team. Richard Horne, a partner at PricewaterhouseCoopers who specialises in cyber security, said the exercise was useful but the real challenge lay in co-ordinating across the industry to make sure a crisis scenario is never reached. “It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans,” Horne said. The investment banking industry itself played a key role in co-ordinating the exercise, along with the Bank of England, the Treasury and the Financial Conduct Authority (FCA) and follows a similar exercise two years ago, the sources said. Institutions involved in this year’s test included Barclays , BNP Paribas, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC, JP Morgan, LCH Clearnet, London Stock Exchange, Morgan Stanley, Nomura, Royal Bank of Scotland , SocGen, SWIFT and UBS, according to a source familiar with the matter. Source: http://www.reuters.com/article/2013/11/12/banks-wargame-idUSL5N0IX48C20131112
Read the original:
3-Cyber attack “war game” tests London banks
DDoS as dance: Anonymous hits the ballet
A new multimedia ballet, “HackPolitik,” fuses jarring, angular movements with electroacoustic music and video projection to interpret the activities of hacker collective Anonymous. Hacker collective Anonymous is going to the ballet. Take that in; it’s not often you’ll see Anonymous and ballet in the same sentence. The unusual pairing will take place November 15 and 16 at the Boston University Dance Theater, where the Juventas New Music Ensemble debuts “HackPolitik,” a new contemporary ballet based on the hacktivist group’s activities and personalities. The piece combines electroacoustic music, modern dance, and video projection to examine how the Internet impacts 21st century discourse and sometimes blurs the lines between activism and anarchy. Instead of pastel tutus, expect to see dancers in black and white, with dramatic face paint that evokes Guy Fawkes masks. And erratic, sometimes militant movements instead of fluid pirouettes. How do hacks on Twitter and LinkedIn accounts translate to physical movement? Neither the dance nor the music is neatly representative of things like Web site defacements, distributed denial-of-service attacks, and data theft, though they do aim to capture the mood of cyber insurgency. One scene, for example, opens with a soloist appearing to search for a way into something. Once she’s successful, the rest of the dancers join her with a series of advancing movements directed at one point in space that’s meant to represent the entity being attacked. “The movement interprets the initial culture of Anonymous as a crass, chaotic, and immature world out of which particular personalities and goals emerge,” choreographer Kate Ladenheim tells CNET. “For example, in the opening of the piece, we created a phrase that we lovingly refer to as the ‘f*@% you’ phrase. There are 10 examples of immature gestures/f*@%-you hand motions that are abstracted to become full bodied and then traveled through space in various ways.” This was Ladenheim’s take on trolling, memes, and the “all-around chaos of IRC and online message boards like 4chan.” The idea for “HackPolitik” came to Boston-based composer Peter Van Zandt Lane in late 2011, when some of Anonymous’ more high-profile politically driven cyberattacks grabbed the spotlight. Lane teaches a course at Brandeis University called “Protest and Propaganda in Music,” but hadn’t had much occasion to meld those interests with his creative work. “The idea of a ballet based on the global hacktivist movement excited me, as it was a way I could potentially pull these three spheres together,” he tells CNET. The two-act piece touches, among other things, on the December 2010 distributed denial-of-service attack on PayPal. It was organized in response to PayPal halting donations to the online leaked-documents clearinghouse WikiLeaks. Another of the ballet’s 10 scenes references Anonymous’ 2011 attack on HBGary Federal, a security firm trying to investigate the loosely organized global group. “The music, on its own, says…disorder, absurdity, cohesion/collaboration, militaristic triumph, humiliation, betrayal, etc.,” Lane says. “Choreography can connect these expressions a bit more concretely to the activities of Anonymous, but ultimately, the audience has to make connections themselves, between a generally abstract art form and the specific events that inspired them.” To create the ballet, Lane; Ladenheim, artistic director of NY-based contemporary dance company The People Movers; and conductor Lidiya Yankovskaya, artistic director of the Juventas New Music Ensemble, mined author Parmy Olson’s writings on Anonymous, which closely examine the global activist movement. Anonymous has supporters worldwide, as evidenced by this week’s “Million Mask March” in cities from Washington, D.C., to Tokyo to Sao Paulo, Brazil. Some pioneers of the hacktivist movement, however, have criticized Anonymous, saying its methods abridge free speech and hurt the cause . But “HackPolitik,” Lane insists, isn’t about taking sides. “For me,” he says, “the piece is less about answers, and more about bringing up questions on how we emotionally and artistically are able to respond to the influence of technology on our society.” Source: http://news.cnet.com/8301-17938_105-57611236-1/ddos-as-dance-anonymous-hits-the-ballet/
Taken from:
DDoS as dance: Anonymous hits the ballet
Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?
Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars. Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”. But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry. This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.” The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation. For protection against your eCommerce site click here . Source: http://defense-update.com/20131107_denial-service-ddos-cyber-attacks-using-logic-terror-threats.html
Read the original:
Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?
Anonymous Philippines hack and DDoS Government sites
Critics of the Aquino administration responsible for hacking government websites will be dealt with accordingly, Malacañang warned yesterday. “There are existing laws against hacking and proper action will be taken,” Press Secretary Herminio Coloma told a news briefing when sought for comment on the latest attacks on the websites of several government agencies by activist hacker group Anonymous Philippines. “There are sufficient avenues for free expression so there is no need to resort to illegal acts such as hacking of government websites,” Coloma said. He said that sentiments against the government could be aired in street protests. According to Coloma, there is enough “democratic space” where the public can air their grievances. More gov’t sites under attack Anonymous Philippines claimed it has stopped the operation of major government websites as hackers geared up for today’s “Million Mask March” in Quezon City. In a post on its Facebook page yesterday, the group said the websites of around 100 local and national government agencies – including that of the Official Gazette, Senate, House of Representatives and the National Bureau of Investigation – were “currently down.” With the exception of the Senate website (senate.gov.ph), a random check showed that most of the national government websites in the list were accessible as of yesterday afternoon. Despite having a security feature to mitigate attacks, the Official Gazette website (gov.ph) was temporarily inaccessible yesterday. In a phone interview with The STAR, Roy Espiritu of the Information and Communications Technology Office confirmed that a number of government sites have been under distributed denial of service (DDoS) attacks since Monday. However, he said that “critical” government websites are “secure.” Espiritu said government websites are currently in the process of migrating into more secure servers as mandated by Administrative Order 39, signed by the President in July, which establishes a Government Web Hosting Service. The service seeks to “ensure the government’s Internet presence around the clock under all foreseeable conditions.” Earlier, Espiritu said they are looking into the possibility of incorporating security measures to beef up the defenses of government websites. A DDoS attack is mounted to shut down an Internet site by flooding it with access requests and overload its server handling capabilities. Websites affected by successful DDoS attacks are inaccessible to legitimate users who wish to view their content. The Official Gazette website is protected from DDoS attacks by CloudFare, which offers security by checking the integrity of browsers and looking for threat signatures from users who wish to access the site. DDoS attacks are dependent on the number of people trying to access the website at the same time. Espiritu earlier said that even the most secure websites could be affected by such attacks. In 2010, the websites of Visa and MasterCard were affected by a DDoS attack mounted by supporters of whistle-blower organization WikiLeaks. DDoS attacks are different from hacking, which requires an Internet user to access the website using the password of a legitimate administrator. Investigation According to Espiritu, an investigation will be conducted to determine the people behind the attacks on government websites. He said the people behind the attacks may be charged under the e-Commerce law as the move to shut down the websites deprived the public of the information that they need from the government. On Monday, the website of the Office of the Ombudsman was defaced by people claiming to be members of Anonymous Philippines. The latest cyber attacks on government websites came amid issues involving alleged misuse of the Priority Development Assistance Fund and the Disbursement Acceleration Program of the legislative and the executive, respectively. In August, various government sites were hacked during the Million People March attended by thousands in Luneta. Previous incidents of attacks happened during the height of discussions on various issues such as the passage of the Cybercrime Prevention Law and the territorial dispute with China. Worldwide protest The Million Mask March is an event that will be held in various locations around the globe today “to remind this world what it has forgotten. That fairness, justice, and freedom are more than just words.” According to its official Facebook page, the march will cover various topics including government, education reform, constitutional rights, freedom, unity, drug abuse, respect for all, corruption, nutrition and health and violence among children, among others. Based on the events page of the Million Mask March-Philippines, over 1,000 Facebook users have confirmed attendance in today’s march. A post by an Anonymous member said participants will meet at the Quezon Memorial Circle at 8 a.m. to discuss the activities for the day. The march will start in front of the Sandiganbayan along Commonwealth Avenue to Batasang Pambansa. In a text message to The STAR, Quezon City department of public order and safety chief Elmo San Diego said they received no application for a permit to hold a rally or a march near Batasang Pambansa today. The Anonymous member reminded participants not to bring any form of weapon, adding that the event will be held to show the public’s reaction to the mishandling of the government committed by people in power. The Department of Science and Technology (DOST) Information and Communications Technology Office yesterday underscored the need to fast track efforts to set up a more secure government website hosting facility following the latest hacking of government websites. The websites of the Insurance Commission, Southern Philippines Development Authority, Optical Media Board and that of the local government units of Bolinao, Pasig City, Pateros and the municipality of Basnud, Oriental Mindoro were defaced by members of Anonymous Philippines. Source: http://www.philstar.com/headlines/2013/11/05/1253167/palace-act-vs-hackers
Read More:
Anonymous Philippines hack and DDoS Government sites
Extra Life DDoS Attack: Children’s Charity Extra Life Website Hit By DDoS During Annual Gaming Marathon
Extra Life — a charity organization dedicated helping Children’s Miracle Network Hospitals through an annual gaming marathon — has been hit with a Distributed Denial of Service (DDoS) attack. According to Escapist Magazine, Extra Life raises money for Children’s Miracle Network Hospitals by taking pledges and then playing games — anything from video games to board games and tabletop miniatures — for 25 hours straight. Extra Life was in the middle of this year’s event, which began at 8 a.m. today and ends at 8 a.m. on November 3, when their website suddenly went down. As a result, pledges could not be taken. News of the DDoS attack was confirmed with a statement on the Extra Life Facebook page by founder Jeromy “Doc” Adams: “We’ve discovered that the Extra Life website experienced a DDoS attack against our datacenter,” the statement reads. “I am not sure what kind of person would DDoS a charitable initiative. I am so sorry that you are going through this frustration today. Our entire team is purely heartbroken that someone would do this. But it has happened. As frustrating as this is for everyone involved, it pales in comparison to what the kids we’re trying to save go through. That reality, for me personally, is about the only thing keeping me somewhat calm right now. “I am very angry and very sorry,” the statement continues. “You deserve better than this. The kids deserve better than this. Extra Life has given a lot of us some of the happiest moments in our lives. This is not one of those moments. Please hang with us through this. It is important that we spread the word. Please get on every form of social media you can and tell your friends what happened. We can overcome this together.” After a few of hours of downtime, the Extra Life website was back online. Many took to Facebook to vent their outrage that hackers would choose to DDoS a charity organization. “I understand DDoS’ing a website of a corrupt business or government, but…Why would someone DDoS this?” one user wrote. “May whoever did this lose their shoes and have every child in their neighborhood strew Legos in their path forever,” another user commented. A DDoS attack takes place when hackers use an army of infected computers to send traffic to a server, causing a shutdown in the process. Source: http://www.ibtimes.com/extra-life-ddos-attack-childrens-charity-extra-life-website-hit-ddos-during-annual-gaming-marathon
Originally posted here:
Extra Life DDoS Attack: Children’s Charity Extra Life Website Hit By DDoS During Annual Gaming Marathon
Application-layer DDoS attacks are becoming increasingly sophisticated
The number of DDoS (distributed denial-of-service) attacks that target weak spots in Web applications in addition to network services has risen during the past year and attackers are using increasingly sophisticated methods to bypass defenses, according to DDoS mitigation experts. Researchers from Incapsula, a company that provides website security and DDoS protection services, recently mitigated a highly adaptive DDoS attack against one of its customers that went on for weeks and combined network-layer with application-layer—Layer 7—attack techniques. The target was a popular trading site that belongs to a prominent player in a highly competitive online industry and it was one of the most complex DDoS attacks Incapsula has ever had to deal with, the company’s researchers said in a blog post. The attack started soon after an ex-partner left the targeted company and the attackers appeared to have intimate knowledge of the weak spots in the target’s infrastructure, suggesting that the two events might be connected, the researchers said. The attack began with volumetric SYN floods designed to consume the target’s bandwidth. It then progressed with HTTP floods against resource intensive pages, against special AJAX objects that supported some of the site’s functions and against Incapsula’s own resources. The attackers then switched to using DDoS bots capable of storing session cookies in an attempt to bypass a mitigation technique that uses cookie tests to determine if requests come from real browsers. The ability to store cookies is usually a feature found in full-fledged browsers, not DDoS tools. As Incapsula kept blocking the different attack methods, the attackers kept adapting and eventually they started flooding the website with requests sent by real browsers running on malware-infected computers. “It looked like an abnormally high spike in human traffic,” the Incapsula researchers said. “Still, even if the volumes and behavioral patterns were all wrong, every test we performed showed that these were real human visitors.” This real-browser attack was being launched from 20,000 computers infected with a variant of the PushDo malware, Incapsula later discovered. However, when the attack first started, the company had to temporarily use a last-resort mitigation technique that involved serving CAPTCHA challenges to users who matched a particular configuration. The company learned that a PushDo variant capable of opening hidden browser instances on infected computers was behind the attack after a bug in the malware caused the rogue browser windows to be displayed on some computers. This led to users noticing Incapsula’s block pages in those browsers and reaching out to the company with questions. “This is the first time we’ve seen this technique used in a DDoS attack,” said Marc Gaffan, co-founder of Incapsula. The challenge with application-layer attacks is to distinguish human traffic from bot traffic, so DDoS mitigation providers often use browser fingerprinting techniques like cookie tests and JavaScript tests to determine if requests actually come from real browsers. Launching DDoS attacks from hidden, but real browser instances running on infected computers makes this type of detection very hard. “We’ve been seeing more and more usage of application-layer attacks during the last year,” Gaffan said, adding that evasion techniques are also adopted rapidly. “There’s an ecosystem behind cybercrime tools and we predict that this method, which is new today, will become mainstream several months down the road,” he said. DDoS experts from Arbor Networks, another DDoS mitigation vendor, agree that there has been a rise in both the number and sophistication of Layer 7 attacks. There have been some papers released this year about advanced Layer 7 attack techniques that can bypass DDoS mitigation capabilities and the bad guys are now catching on to them, said Marc Eisenbarth, manager of research for Arbor’s Security Engineering and Response Team. There’s general chatter among attackers about bypassing detection and they’re doing this by using headless browsers—browser toolkits that don’t have a user interface—or by opening hidden browser instances, Eisenbarth said. In addition, all malware that has man-in-the-browser functionality and is capable of injecting requests into existing browsing sessions can also be used for DDoS, he said. Layer 7 attacks have become more targeted in nature with attackers routinely performing reconnaissance to find the weak spots in the applications they plan to attack. These weak spots can be resource-intensive libraries or scripts that result in a lot of database queries. This behavior was observed during the attacks against U.S. banking websites a year ago when attackers decided to target the log-in services of those websites because they realized they could cause significant problems if users are prevented from logging in, Eisenbarth said. “We continued to see attackers launch those type of attacks and perform reconnaissance to find URLs that, when requested, may result in a lot of resource activity on the back end,” he said. More and more companies are putting together DDoS protection strategies, but they are more focused on network-layer attacks, Gaffan said. They look at things like redundancy or how much traffic their DDoS mitigation solution can take, but they should also consider whether they can resist application-layer attacks because these can be harder to defend against than volumetric attacks, he said. With application-layer attacks there’s an ongoing race between the bad guys coming up with evasion techniques and DDoS mitigation vendors or the targeted companies coming up with remedies until the next round, Gaffan said. Because of that, both companies and DDoS mitigation providers need to have a very dynamic strategy in place, he said. “I think we will continue to see an evolution in the sophistication of application-layer attacks and we will see more and more of them,” Gaffan said. They won’t replace network-layer attacks, but will be used in combination with them, he said. Having Layer 7 visibility is very important and companies should consider technologies that can provide that, Eisenbarth said. In addition to that, they should perform security audits and performance tests for their Web applications to see what kind of damage an attacker could do to them, he said. Source: http://www.pcworld.com/article/2056805/applicationlayer-ddos-attacks-are-becoming-increasingly-sophisticated.html
Link:
Application-layer DDoS attacks are becoming increasingly sophisticated
12 year old Quebec boy Anonymous Hacker Pleads Guilty to DDOS Attack on Government Websites
A 12-year-old Quebec boy is responsible for hacking several government and police websites during the student uprising in spring 2012, creating computer havoc and causing $60,000 damage, court heard Thursday. Some sites were out of service for up to two days and the boy did it in the name of the activist/hacktivist group Anonymous. The Grade 5 student from the Montreal suburb of Notre-Dame- de-Grâce, whose actions were not politically motivated, traded pirated information to Anonymous for video games, court was told. The boy appeared in youth court Thursday dressed in his school uniform and accompanied by his father. He pleaded guilty to three charges related to the hacking of the websites, including those of Montreal police, the Quebec Institute of Public Health, Chilean government and some non-public sites. Police estimate damage to the sites at $60,000 but a more detailed report will be produced in court when the boy is sentenced next month. The little hacker, whose name can’t be published and is said to have been involved with computers since the age of nine, contributed to the crash of some sites and accessed information belonging to users and administrators. He had even issued a warning to others: “It’s easy to hack but do not go there too much, they will track you down.” Court heard the boy used three different computer attacks, one which resulted in a denial of service to those trying to access the websites and flooded servers, making them ineffective. In another method he would alter information and make it appear as the homepage. His third tactic involved exploiting security holes in order to access database servers. “And he told others how to do it,” a police expert testified in Montreal on Thursday. While others were arrested in the scheme, it was the boy who opened the door to the website attacks, court heard. “He saw it as a challenge, he was only 12 years old,” his lawyer said. “There was no political purpose.” In 2000, a 15-year-old Montreal boy, know as Mafiaboy, did an estimated $1.7 billion in damage through hacking. He was sentenced to eight months in youth detention and subsequently received several job offers in cybersecurity. Source: http://www.torontosun.com/2013/10/25/que-boy-12-pleads-guilty-to-hacking-government-websites
Read More:
12 year old Quebec boy Anonymous Hacker Pleads Guilty to DDOS Attack on Government Websites
NSA site down due to alleged DDoS attack
The website for the United States National Security Agency suddenly went offline Friday. NSA.gov has been unavailable globally as of late Friday afternoon, and Twitter accounts belonging to people loosely affiliated with the Anonymous hacktivism movement have suggested they are responsible. Twitter users @AnonymousOwn3r and @TruthIzSexy both were quick to comment on the matter, and implied that a distributed denial-of-service attack, or DDoS, may have been waged as an act of protest against the NSA Allegations that those users participated in the DDoS — a method of over-loading a website with too much traffic — are currently unverified, and @AnonymousOwn3r has previously taken credit for downing websites in a similar fashion, although those claims have been largely contested. The crippling of NSA.gov comes amid a series of damning national security documents that have been disclosed without authorization by former intelligence contractor Edward Snowden. The revelations in the leaked documents have impassioned people around the globe outraged by evidence of widespread surveillance operated by the NSA, and a massive “Stop Watching Us” rally is scheduled for Saturday in Washington, DC. DDoS attacks are illegal in the United States under the Computer Fraud and Abuse Act, or CFAA, and two cases are currently underway in California and Virginia in which federal judges are weighing in on instances in which members of Anonymous allegedly used the technique to take down an array of sites during anti-copyright campaigns waged by the group in 2010 and 2011. In those cases, so-called hacktivsits are reported to have conspired together to send immense loads of traffic to targeted websites, rendering them inaccessible due to the overload.