Tag Archives: copyright

Miscreant menaces Meetup, minuscule money mania mashed

$300 or the trendy website gets it … and the website got it Meetup.com has gone public with one of the most paltry ransom demands The Register has seen – but rather than pay up to end a distributed denial-of-service (DDoS) attack, the klatch organizer instead put up with its site being repeatedly hosed offline, we’re told.…

Read the original:
Miscreant menaces Meetup, minuscule money mania mashed

DDoS Attack! Is Regulation The Answer?

Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back. The scale, diversity, and magnitude of recent DDoS attacks have knocked enterprises back on their heels. Now they’re attracting attention from regulators. Intended or not, attackers are forcing a sea change. The question at hand is whether self-regulation will improve or if regulatory intervention is inevitable. Cloudflare’s recent analysis of a February 13 denial of service attack explains the most recent variation on a recurring DDoS attack theme, and in doing so illustrates that we’ve made little or no progress in mitigating root causes of DDoS: The attack was distributed , emanating from over four thousand servers and twelve hundred networks. The attack used reflection , a technique where the source IP address of query traffic is “spoofed.” All of the attacking hosts set the source IP address of queries to the IP address of the targeted host so that the responses will overwhelm the victim. The attack also used amplification , a technique where a small query results in a much larger response being transmitted in order to deplete the target’s resources more rapidly. There are also other similarities between this and prior DDoS attacks. The attacks exploit UDP-based services (DNS, chargen, and now NTP). They exploit the absence of anti-spoofing measures by ISPs or private networks, and they exploit the “open” operation of these services, taking advantage of open DNS resolvers, publicly accessible network time servers, and services that should be configured to respond only to clients within specific administrative domains. The takeaway is obvious: Services that run over UDP and are accessible in a public or open manner are targets for reflection or amplification attacks, and the ability to spoof IP addresses exacerbates this threat .    

Original post:
DDoS Attack! Is Regulation The Answer?

The rise of UDP-based DDoS attacks

The DDoS war is ramping up with the use of network time protocol (NTP) amplification to paralyse, not just individual organisation’s networks, but potentially large proportions of general internet traffic. The largest ever DDoS attack to date with a DNS amplification hit the anti-spam company, Spamhaus last year. This attack reached 300 Gbps, taking Spamhaus offline and also affecting the DDoS mitigation firm, CloudFare. With the volume of traffic that was going through peering exchanges and transit providers, the attack also slowed down internet traffic for everyone else. However, in the last couple of months these UDP amplification attacks seem to have moved on to NTP, taking advantage of an exploit available in older, unpatched NTP systems. These servers are usually used for time synchronisation and utilise the UDP protocol on port 123. Like DNS, they will respond to commands issued by any client to query certain information, unless they are properly secured. These attack styles are not new, but their historically infrequent usage and the potential for mass disruption means they warrant more attention. Coverage of these attack styles in both industry and mainstream press is to be welcomed in my opinion, because these attacks are relatively defensible and coverage will hopefully get more administrators to secure or patch their NTP servers. What is all the fuss about? DNS amplification attacks ramp up the power of a botnet when targeting a victim. The basic technique of a DNS amplification attack is to spoof the IP address of the intended target and send a request for large DNS zone files to any number of open recursive DNS servers. The DNS server then responds to the request, sending the large DNS zone answer to the attack target rather than the attacker, because the source IP was spoofed. The DNS amplification attack on Spamhaus saw request data (the data the attacker sent to the DNS servers) of roughly 36 bytes in length, while the response data (the data from the DNS server to the attack target) was around 3000 bytes, meaning the attackers increased the bandwidth used by 100x. Not only is that a large increase in attack bandwidth, but these packets from the DNS servers arrive at the target in a fragmented state due to their large size and have to be reassembled, which ties up the routing resources as well. NTP amplification attacks work by spoofing the IP of the attack target and sending a ’monlist’ command request to the NTP servers. This command will return the IP addresses of the last 600 clients that have used the NTP server to synchronise time. By issuing this command a small request packet can trigger much larger UDP response packets containing active IP addresses and other data. The volume of the response data is related to the number of clients that communicate with any particular NTP server. This means that a single request which consists of a single 64-byte UDP packet can be increased to 100 responses each, which contain the last 600 client IP addresses that have synchronised with the server. Each of those 100 responses will be a UDP packet of around 482 bytes which gives the attacker a bandwidth amplification of around 700x [482 bytes x 100 responses = 48200 bytes / 64 bytes = 753.125]. With this level of amplification available and several popular DDoS attack tools already including a module for abusing ’monlist’ we could be on for a new record in DDoS attack size this year unless the vulnerabilities are patched soon. For example, if DNS amplification created a 300 Gbps, then NTP amplification means we could potentially see a 2.1 Tbps (21,000 Gbps) attack. There is no network that could absorb an attack of that size; it would have an enormous knock-on effect on general Internet traffic as the Spamhaus attack did with peering points, transit providers and content delivery networks being overloaded. This isn’t to say that DNS and NTP are the only amplification attack methods. There are other amplification and reflection-style tactics as well and, while not as popular as more tried-and-true DDoS methods, they represent a real threat if you are not prepared for them. Fixing the problem The easiest way to fix this and remove your NTP servers from being an attack vector for a DDoS is to update your NTP servers to version 4.2.7 which removes the ‘monlist’ command. Otherwise you can disable query within your NTP server via a configuration change: nano /etc/ntp.conf [Your configuration file might be located elsewhere] #Restrict general access to this device Restrict default ignore Restrict xxx.xxx.xxx.xxx mask 255.255.255.255 nomodify notrap Noquery This change will prevent your NTP server from being used to launch DDoS attacks against other networks, but an update to the latest version is still recommended. Conclusion DDoS attacks have been around in one form or another since the very beginnings of the internet, but the motivations, as well as the scale of these attacks seem to have grown significantly. In the early days it was just extortion; a hacker would ask for payment to stop the attacks. Nowadays, some businesses may pay for competitors to be attacked, as a few hours offline could be worth millions. You also have DDoS being used as a method of political activism by groups such as Anonymous, as well as the potential for a government to use DDoS to disrupt another country’s infrastructure. Systems administrators need to ensure their systems are reviewed regularly for patches and known vulnerabilities. If systems are left unpatched then at best you can be used as a vector to attack another network or organisation, but at worst those vulnerabilities could be exploited to take your systems offline or steal your data. Source: http://blogs.techworld.com/industry-insight/2014/02/the-rise-of-udp-based-ddos-attacks/index.htm

Read more here:
The rise of UDP-based DDoS attacks

Cyber attacks ready to lay siege to 2014 World Cup

Brazilian hackers have issued threats to disrupt this summer’s FIFA World Cup and there are worries that the telecommunications infrastructure won’t be able to cope with the attacks. Reuters spoke to hacking groups headquartered in Brazil that are planning to attack the event due to the global exposure it will give them and they are confident of bringing down some of the largest sites involved with the tournament. “We are already making plans,” said an alleged hacker who goes by the name Eduarda Dioratto. “I don’t think there is much they can do to stop us.” Distributed denial of service [DDoS] attacks are reportedly the weapon of choice for Brazil’s hackers to target sites operated by FIFA and the Brazilian government as well as other sponsors and organisers.   “The attacks will be directed against official websites and those of companies sponsoring the Cup,” a hacker known as Che Commodore told Reuters over Skype.Some of the problems that could be exploited include overstrained networks, widespread use of pirated programming and little care taken to invest in online security. The same report also states that one of the “world’s most sophisticated cyber criminal communities” already operates in the country and it has already started to scupper ticket sales through phishing. “It’s not a question of whether the Cup will be targeted, but when,” said William Beer, a cybersecurity expert with the consultancy firm Alvarez & Marsal. “So resilience and response become extremely important.” FIFA has yet to comment on the issue and the country itself is confident that it is at least some way prepared for any attacks that are launched. “It would be reckless for any nation to say it’s 100 percent prepared for a threat,” said General José Carlos dos Santos, the head of the cyber command for Brazil’s army. “But Brazil is prepared to respond to the most likely cyber threats.” During the Confederations Cup 2013, the traditional dress rehearsal for the World Cup, the cyber command stopped over 300 cyber attacks and dos Santos added that the number will be “much higher” during the tournament proper. Source: http://www.itproportal.com/2014/02/26/cyber-attacks-ready-to-lay-siege-to-2014-world-cup/#ixzz2uZ9neK9Q

Read More:
Cyber attacks ready to lay siege to 2014 World Cup

Theresa May Home Office website DDoS attack: Man charged

A man is being charged with attacking websites belonging to the Home Office and the Home Secretary Theresa May. Mark Lynden Johnson, 43, from Stoke-on-Trent, is being charged with encouraging or assisting an offence under the Computer Misuse Act. He is due to appear at Birmingham Magistrates’ Court on 12 March. Both websites were taken offline during attacks between 15 and 18 June 2012, the Crown Prosecution Service (CPS) said. The websites were subjected to a Distributed Denial Of Service attack, also known as a DDoS attack, which prevented visitors accessing them, a CPS spokesperson said. A DDoS attack floods a webserver with so many requests that it can no longer respond to legitimate users. Source: http://www.bbc.co.uk/news/uk-england-stoke-staffordshire-26341874

Continue reading here:
Theresa May Home Office website DDoS attack: Man charged

Pony up: Botnet succesfully targets Bitcoin

Password-lifting network converted to cryptocoin-thievery Another $US200,000-plus worth of Bitcoins has been lifted, according to Trustwave, which has identified a new Pony botnet targeting crypto-currencies.…

See the original article here:
Pony up: Botnet succesfully targets Bitcoin

Apple Daily in Hong Kong and Taiwan hit by DDoS attack

Apple Daily said its websites for both Hong Kong and Taiwan were hit by DDoS attacks on Saturday. IP addresses reveal that attacks originated from China, Russia, and France, according to Michael Yung, CIO of Next Media, the parent company of Apple Daily. Starting 1pm on Saturday, traffic to the Next Media website became increasingly huge that access to Apple Daily and other contents of the firm was significantly slow, Yung said, adding that audiences could only view text content via the newspaper’s mobile app. The firm’s website was restored at 6pm after several hours of fixing, Next Media said. According to Yung, small-scale attacks to the Next Media website are frequent but much more severe ones come before the June 4 commemoration and July 1 protest every year. Next Media said the attack is an act of harming freedom of press and but that won’t stop the organization from defending it. While Anonymous reportedly confirms that the attack came from the mainland Chinese government, Next Media said the identity of the attacker remains unknown at the moment because IP addresses identified could be fake. There’s also speculation that the attack’s related to Sunday’s “Free Speech, Free Hong Kong” protest organized by the Hong Kong Journalists Association. The protest is a response to recent moves that are seen as compromising editorial independence and freedom of speech. Of late, Commercial Radio fired its outspoken host Li Wei Ling while Chinese-language newspaper Ming Pao replaced its existing chief editor with a Malaysian journalist who’s not known to the local community and media industry. Source: http://news.idg.no/cw/art.cfm?id=F7551BB6-DF9A-6D69-EBD70AD566B9147F

Continued here:
Apple Daily in Hong Kong and Taiwan hit by DDoS attack

Cyber attacks: preventing disruption to your website

 One of the largest ever cyber attacks took place this month and it has been cited that it was the shape of things to come.  But it is not all doom and gloom – there is plenty that businesses can do to prepare for the future. Start by thinking about the impact of your website being down for a day to three days and how it would affect current and prospective clients and the reputation of your brand.  Google  is usually the first port of call when checking out products and services, so chances are high that any disruption to your web experience won’t be favourably looked upon by prospects. Cyber criminals will often inject malware into legitimate websites with the goal of getting innocent users to click on it, which will automatically trigger a download and can lead to all sorts of problems for the user.  As the website owner, you may be completely unaware, but this is something that Google is cracking down on. If a website is spotted hosting malicious links, Google can blacklist it, meaning it will not show up in searches and it will temporarily remove it from the Google index, which badly affects SEO.  Browsers, such as Chrome, Firefox etc will also flag insecure or risky websites and that may scare away potential customers.  It may take weeks of effort to get removed from blacklists and re-indexed. If this wasn’t bad enough, the risk is actually two-fold.  There are some would-be attackers that will threaten to hold your website to ransom.  In this case, they will identify the holes in your website and blackmail you into paying them in order for them not to get your website blacklisted. The best way to avoid getting blacklisted, or indeed blackmailed, is to have the website checked for malware and other infections.  And it is also highly recommended to have your website scanned for known vulnerabilities. This will ensure that there are no “holes” that attackers can exploit to install malware or create watering holes for unsuspecting customers. Another issue to avoid falling victim to is a DDoS attack.  DDoS attacks bombard a website with so many external communication requests that it floods the system and overloads the server to such a point that it can no longer function, leaving the website paralysed and unable to transact business. Attacks of this nature are on the rise and it’s fair to predict that this year will be no exception to this trend.  The best start is to have a plan in place- whether it is a hardware solution  that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost. In addition, it’s worth noting that some good DDoS protection services will offer a caching component that will allow bursts of legitimate traffic to your website without negatively impacting on the server.  Because it will automatically balance the load coming in, it keeps the website available to handle large amounts of requests with no disruption to your user base. So, make sure you do your research when choosing the best option for your website. Bear in mind that, while you can get a protection service in an emergency situation, as with so many things, the best offense is a good defence, so businesses should make sure that they have a proactive DDoS solution in place to avoid disruption to your web presence. Top tips: 1) Run malware detection and anti-virus on your website to spot and clear any existing infections 2) Enlist the services of a vulnerability scanner to identify and fix any exploits in your website 3) Have proactive DDoS protection in place; either in the form of hardware or a managed service 4) Have load balancing in place to ensure your website can handle increases in transactions Source: http://www.itproportal.com/2014/02/21/cyber-attacks-preventing-disruption-your-website/

Read More:
Cyber attacks: preventing disruption to your website

MMO developer offering $14,000 reward for DDoS attack info

If you know a little thing or two about MMOs and a little more about DDOS attacks, you might be able to net yourself a near $15,000 bounty. Wurm Online, the MMO from Minecraft creator Markus Persson (no longer involved) and childhood friend Ralf Jansson, was hit by a DDOS attack yesterday and at the time of writing, it still remains down. Nobody so far has owned up to the attack, which was launched soon after a recent update. Presumably from the relative obscurity of the game, the DDOSer is a player, but there’s very little information on who they are or why they might have done it. However, in an attempt to find out more and ultimately catch and convict those responsible, the studio behind it, Code Club, is now offering a reward: “Shortly after today’s update we were the target of a DDOS attack and our hosting provider had to pull us off the grid for now,” it said in the announcement. “We will be back as soon as possible but things are out of our hands since their other customers are affected. As we wrote in a previous news post we are planning on changing hosting anyways which should improve things for the future. We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.” DDOS attacks against large games has become more common over the past few years, since it usually garners a lot of attention and understandably annoys a lot of gamers. However the purpose beyond attention getting is often unclear, since it rarely impacts anyone more than the players. So what about it guys? Anyone here think they could track down a DDOSer? Source: http://megagames.com/news/mmo-developer-offering-14000-reward-ddos-info

Continue Reading:
MMO developer offering $14,000 reward for DDoS attack info

Second Anonymous member sentenced for role in DDoS attack

The U.S. District Court, Eastern District of Wisconsin, has sentenced Jacob Wilkens to 24 months of probation and ordered him to pay $110,932.71 in restitution for his role in a distributed denial-of-service (DDoS) attack against Koch Industries. Wilkens pled guilty to intentionally causing damage to a protected computer by assisting other members of the hacktivist collective Anonymous in launching a DDoS attack on the servers of Angel Soft bathroom tissue, based in Green Bay, in February and March of 2011. The attacks against Koch Industries were said to have lasted three days and resulted in several hundred-thousand dollars in losses. For his role in the same attack, Christopher Sudlik was ordered earlier this month to pay the same in restitution, as well as being sentenced to 36 months of probation and 60 hours of community service. Source: http://www.scmagazine.com/second-anonymous-member-sentenced-for-role-in-ddos-attack/article/334490/

More:
Second Anonymous member sentenced for role in DDoS attack