Tag Archives: copyright

Stack Overflow goes down for an hour on Sunday due to DDoS attack

Stack Overflow went out for about an hour on Sunday morning due to a DDoS attack, TechCrunch reported. Stack Overflow is a question and answer website focused on coding that programmers, both professional and amateur, rely on. Stack Exchange, the parent firm of Stack Overflow, told TechCrunch that the site went down because of a DDoS attack on its network provider. According to Webopedia, a DDoS attack or Distributed Denial of Service is a kind of DOS attack “where multiple compromised systems-which are usually infected with a Trojan-are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.” Stack Exchange added that the issue has already been “partially mitigated” and the platform is already operational. A 100% free site that does not require any registration, Stack Overflow allows anybody to ask and answer a question. Users vote on the best answers and they then go up to the top. Posts about the outage began to hit micro-blogging site Twitter and Hacker News at about 11 am Pacific Time Sunday. The notes, often humorous, of programmers served as a testament to the importance of the platform to a lot of people, the report said. Some of the Twitter posts about the outage featured in the TechCrunch report included one from Adam (@adamjstevenson) which said, “Stack Overflow being down reminds me how badly I need Stack Overflow in my life.” Another one came from pickett (@pickett) which said “Well, stackoverflow is down.  Might as well pack it in and take the day off.” Vineet Shah (@vineetshah), meanwhile, posted “Came to work on a Sunday and Stack Overflow is down EVERYBODY PANIC.” Source: http://www.vcpost.com/articles/21665/20140216/stack-overflow-goes-down-for-an-hour-sunday-due-to-ddos-attack.htm

See more here:
Stack Overflow goes down for an hour on Sunday due to DDoS attack

Largest ever DDoS attack

CloudFlare said that the attack was close to 400Gbps in size, making it bigger than last year’s DDoS attack against anti-spam outfit Spamhaus, which was measured at just over 300Gbps. Confidentiality stopped CloudFlare from revealing the identify of the customer under attack, and there were few details on how many other companies had been affected. The DDoS attack did, however, seem to pose a bigger threat on European networks, with French hosting outfit OVH later reporting that it had fended off a 350Gbps attack. It’s not known if the same attacker was responsible.   Company CEO Matthew Prince responded to the news by saying on Twitter that “someone’s got a big, new cannon” and the attack was the “start of ugly things to come”.   While the size of this attack is likely to draw the headlines, it’s worth noting that hackers carried out the DDoS attack by using NTP reflection and amplification techniques, which are increasing common for overwhelming target servers by sending more data packets than switches can support.   The attack technique has been seen in relatively recent hacks against online gaming services like Steam, League of Legends and Battle and essentially aims to push big traffic to the target’s Network Timing Protocol (NTP) server.   In this instance, attackers used NTP reflection to exploit a weakness in the UDP-based NTP, which connects to the Internet to synchronise clocks on machines. The hackers then spoofed the IP address of the target, and sent DNS queries to open DNS resolvers that will answer requests from anywhere. As a result, overwhelming levels of traffic were sent back to the NTP server. CloudFlare has a detailed blog post on NTP reflection attacks.   Martin McKeay, senior security advocate at Akamai Technologies, told SCMagazineUK.com that this method of attack troubles unpatched DNS servers, and said that is attractive to attackers because it can reflect huge traffic back to the target. He added that it’s also favourable to the attacker because UTP is “easily spoofed” and because it’s hard for victims to see who is behind the intrusion.   “The main reason for using NTP as an attack tool is that it increases traffic by 100 or 200 percent. It’s a great reflection index and makes for a very effective tool if you’re an attacker.   “At 400Gbps, it’s conceivable that the attack is being run by a small botnet outputting 20Gbps to 30Gbps of traffic,” he added.   McKeay, and other industry commentators, have advised IT administrators to patch and upgrade their NTP servers in light of this attack, although the Akamai exec admitted that some can assume that NTP servers are safe.   “NTP servers are often stable and so haven’t often been looked at before. [IT departments] are having to now.”   IT administrators are advised, in light of this attack, to patch and upgrade their NTP servers and to check management rights.   Speaking recently to SCMagazineUK.com , Visiting Professor John Walker, of Nottingham Trent University, warned that DDoS attacks will continue to be a big threat in 2014, and added that, since company divisions struggle to get their heads around the issue, the firm itself struggles to establish an effective defence strategy.   “Since they see the issue solely from their perspective, they cannot hope to develop an effective strategy to deal with this security problem,” he said at the time.   A previously unknown division of the UK Government was recently accused of launching DDoS attacks against hactivisim groups such as Anonymous and LulzSec, while a report from the end of last year revealed that most UK companies ignore DDoS threats. Source: http://www.scmagazineuk.com/cloudflare-spots-largest-ever-ddos-attack/article/333480/

Follow this link:
Largest ever DDoS attack

Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE

Researcher allegedly blocked after he went public A security consultant who works for Telefonica has turned up a bug in how Snapchat handles authentication tokens, which enables a denial-of-service attack against users’ phones.…

Read More:
Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE

Snapchat Vulnerability Could Lead To iPhone DDoS Attacks

A cyber security researcher has discovered a vulnerability within the Snapchat mobile app that makes it possible for hackers to launch a denial-of-service attack that temporarily freezes a user’s iPhone. Jaime Sanchez, who works as a cyber-security consultant for Telefonica, a major telecommunications company in Spain, said he and another researcher found a weakness in Snapchat’s system that allows hackers to send thousands of messages to individual users in a matter of seconds. Sanchez said he and the fellow researcher discovered the glitch on their own time. Flooding one user with so many messages can clog their account to the point that the Snapchat app causes the entire device to freeze and ultimately crash, or require that the user perform a hard reset. Snapchat is a popular mobile app for iPhone and Android devices that allows users to send each other photo and video messages that disappear a few seconds after they are opened by their recipients. Every time a user attempts to send a message through Snapchat, a token, which is a code made up of letters and numbers, is generated to verify their identity. Sanchez, who wrote about his security findings on seguridadofensiva.com (in Spanish), said a flaw within Snapchat’s system allows hackers to reuse old tokens to send new messages. By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, he said. Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account. He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself. (See the video above.) Launching a denial-of-service attack on Android devices doesn’t cause those smartphones to crash, but it does slow their speed. It also makes it impossible to use the app until the attack has finished. Sanchez said he has not contacted Snapchat about the vulnerability because he claims the Los Angeles startup has no respect for the cyber security research community. He says Snapchat earned that reputation by ignoring advice in August and on Christmas Eve from Gibson Security, a security group that predicted a flaw within the app could be used to expose user data. On New Year’s Eve, another group exploited that vulnerability and exposed the user names and phone numbers of nearly 5 million Snapchat users. “They warned Snapchat about issues — about the possible dump of database — and Snapchat didn’t care,” he said. The Times asked Snapchat if it knew of the vulnerability claimed by Sanchez. Snapchat said it was not aware of the problem. “We are interested in learning more and can be contacted at security@snapchat.com,” a Snapchat spokeswoman wrote in an email reply. Source: http://www.latimes.com/business/technology/la-fi-tn-snapchat-shut-down-iphone-20140207,0,3127301.story#axzz2sixJmHSh

Read the original:
Snapchat Vulnerability Could Lead To iPhone DDoS Attacks

Snowden documents show British digital spies use viruses and ‘honey traps’

JTRIG active intelligence unit boasts of bugging and burgling At the start of this week, documents released by whistleblower Edward Snowden detailed DDOS attacks on chatrooms by a British online intelligence unit dubbed the Joint Threat Research Intelligence Group (JTRIG). Now he has released a new trove showing that JTRIG is about much more than purely online annoyances.…

View article:
Snowden documents show British digital spies use viruses and ‘honey traps’

The UK allegedly targeted Anonymous and LulzSec hacktivists via a DDOS attack, documents show

The UK allegedly created a spy unit that, other than mounting attacks on cyber enemies, also targeted hacktivists Anonymous and LulzSec, NBC News reports, citing documents taken from the US National Security Agency by whistleblower Edward Snowden. The Government Communications Headquarters Communications (GCHQ) — the UK’s intelligence service — launched a DDOS attack to scare away 80 percent of the users of Anonymous Internet chat rooms, according to the documents. NBC News notes that this makes the British government “the first Western government known to have conducted such an attack.” The British reportedly aimed the DDOS attack against IRC chat rooms where criminal hackers were believed to have been concentrated, after authorities were alarmed by a spate of hacking attacks in 2011, when online hackers wreaked havoc across the Internet, bringing down websites on a purported crusade of righteousness. The victims included the UK. A GCHQ spokesperson emphasized in a statement to NBC News that it carried out its work “in accordance with a strict legal and policy framework” and that its activities — which it didn’t elaborate on — were “authorized, necessary and proportionate.” Source: http://thenextweb.com/uk/2014/02/05/uk-allegedly-targeted-anonymous-lulzsec-hacktivists-via-ddos-attack-documents-show/#!uyXtM

More:
The UK allegedly targeted Anonymous and LulzSec hacktivists via a DDOS attack, documents show

The future of DDoS, and how to stay ahead of attacks

What’s new in the threat of DDoS attacks? This year there are a new kind of tactics, and I think we’ll see a rise in the new kinds of DDoS. The conventional understanding of DDos is one that involves volume and capacity. You’ll see massive waves of attackers coming at you. But what we’re starting to see is that while that’s still in play, there’s a much more sophisticated kind of attack starting to become more common – and that’s application layer attacks. You don’t need as much volume, and it’s very very hard to detect. DDoS attackers are now expending quite a lot of effort to spoof legitimate sessions. They’ll do a fair amount of reconnaissance on their target, identify where the weakness or vulnerabilities are – say, a login page. And they know that if they run 20, or 50 or maybe 100 concurrent sessions that login, it’ll lock up the backend database, rendering the site down. Ultimately that’s what the DDoS attacker wants to do. It’s a very crude intention, and in this way it’s relatively easy to do with a small amount of bandwidth. This method is much more sophisticated, it takes a lot more expertise, but you know how it is: once it becomes commonplace, it’ll be easy to access these tools and botnets, and these kinds of attacks will proliferate. Right now in the mitigation industry, a lot of companies are offering platforms that can deal with the traditional interpretation of DDoS, but I think the industry’s going to be challenged quite a bit to deal with the more sophisticated and more targeted kind of attacks.   Why are some sites more vulnerable than others? Ultimately every website is designed differently. If you talk to designers, you’ll find each of your guys has their own style, which can lead to a number of vulnerabilities, depending on the code, and how the php code has been implemented in the background. If you look at some of the website designs, they start off with the baseline config, they build up over time and don’t change the baseline coding. Then all of a sudden it’s like a Jenga tower. You hit the one holding up the bottom, and it’s all going to fall over. For instance one of the most common problems is when the way you entire data into the database isn’t sanitised well enough, you can throw in a whole series of commands that literally lock up the database. It’s a much smarter way of doing this, and it’s much harder to track. So how are security companies going to deal with that? The strategy right now is less preventing an attack, and more: how quickly can you respond? You need to analyse, parse, and create a quick, customised ruleset that’s very granular and can be applied to specific parts of the website – an element, or a UI for instance.   Are they managing to keep ahead of the threat? Well this is the problem: in any security initiative, be it DDoS, or the guys doing data theft, they have the upper hand. All they need is the one strike, and boom – the rest of the industry has to catch up. I think as a whole, the security industry is pretty good at catching up. But we’ll always be reacting. It’s easy to get into. DDoS is still the easiest way to cause havoc and attack an organisation. You can go and rent a botnet for a hundred bucks an hour or even less, now, and just fill a pipe as a crude way of trying to take a site down. It’s still effective, based on where the solution is hosted. It’s far easier than learning the skills necessary to pull off a data theft or something like that. Source: http://www.itproportal.com/2014/02/04/the-future-of-ddos-and-how-to-stay-ahead-of-attacks/

Visit link:
The future of DDoS, and how to stay ahead of attacks

Credit unions among industries that suffered more DDoS attacks in 2013

A growing number of data center outages are caused by distributed denial of service attacks. On a technical level, DDoS campaigns are much more complicated to address than other leading causes such as human error or IT equipment failure. Accordingly, they often cost hundred of thousands of dollars to resolve. Throughout 2013, credit unions were increasingly targeted by DDoS attacks that overwhelmed their websites with traffic and sometimes created distractions so that other threats could bypass IT security. Going into 2014, mitigating risk from DDoS through software and backup solutions will be the key to reducing the costs and consequences of IT outages. Report finds that DDoS, equipment failure among the leading causes of outages According to one think tank’s research, DDoS attacks accounted for only 2 percent of outages at 67 U.S. data centers in 2010. By 2013, the share had risen to 18 percent. Perpetrators have benefited from ongoing increases in network speeds and the growing complexity of IT infrastructure, both of which have made it much easier to generate massive amounts of fraudulent traffic. The resulting server and equipment failures have footed IT departments with some steep bills. Outages caused by DDoS attacks typically ran $822,000 apiece, far outpacing the $380,000 price tag for incidents attributable to human error. Equipment issues were the most expensive cause, with each event costing slightly under $1 million. While the length of data center outage has gone down over the past few years, related expenses have risen. The average 2013 incident lasted 86 minutes, but cost $690,204, or 37 percent more than in 2010. Credit unions have felt the impact of more frequent DDoS attacks The rise of DDoS attacks has affected IT operations at credit unions, which were targeted by several prominent campaigns in 2013. A $4 billion credit union in Pleasanton, Calif., and a $1.6 billion one in Austin, Texas, had online services knocked out for hours at a time in the wake of DDoS attacks. More specifically, cybercriminals have honed tactics that put financial institution computers through the motions until they become exhausted. For example, a DDoS attack may ask a site for password resets on thousands of spurious accounts, forcing the system to go through each request. Some DDoS incidents may be distractions that facilitate wire theft, but others are politically motivated. Credit unions may need better preparation against DDoS risk, especially since some simply rely on online banking providers or ISPs to protect data. Restore on reboot software can be easily deployed by IT administrators as part of an imaging solution, and it provides fine-tuned management of all office endpoints. Organizations can ensure that kiosks and cash dispensing services remain active even in the event of a crash or attack. Source: http://www.faronics.com/news/blog/credit-unions-among-industries-that-suffered-more-ddos-attacks-in-2013/

Read the article:
Credit unions among industries that suffered more DDoS attacks in 2013

DDoS Surges in Mobile and Data Centers

Distributed denial-of-service (DDoS) attacks against mobile networks and data centers are increasing significantly: mobile DDoS attacks alone have more than doubled last year, with nearly a quarter of respondents in a new study indicating that they have seen attacks impacting their mobile Internet infrastructure. In addition, more than 70% operating data centers reported DDoS attacks over the last year, up dramatically from the year before. According to Arbor Networks’ 9th Annual Worldwide Infrastructure Security Report (WISR), more than a third of responding data centers experienced attacks that exceeded total available internet connectivity, nearly double from the previous year. Staggeringly, about 10% saw more than 100 attacks per month. The report also found that DNS infrastructure remains vulnerable. Just over one-third experienced customer-impacting DDoS attacks on DNS infrastructure – an increase of a quarter over the previous year. “Despite a really high-profile year for DNS amplification attacks, including the largest attack ever monitored (Spamhaus), there are still a significant number of open DNS resolvers out there within the survey base,” said Andrew Cockburn, consulting engineer for Arbor’s carrier group, in a blog. “Fully 20% of our respondents do not restrict recursive lookups, which when extrapolated to the entire base of DNS resolvers, makes for rich pickings among those that are interested in launching this kind of attack.” He added that after the Spamhaus attack, which was very well-publicized, Arbor saw a large number of copycat attacks in the months following. “And despite this, the number of open resolvers stayed pretty consistent with last year’s survey,” he said. “I think that the increase in lack of internal organizations with specific responsibility for DNS infrastructure is partly to blame. Without a targeted and holistic approach to security, such organizations have no way to connect the dots between their decisions to leave a resolver open, and the associated security risks.” The report found that more than a quarter of respondents indicated that there is no security group within their organizations with formal responsibility for DNS security, up 19% from the previous report. Also, there’s been a dramatic rise in DDoS attack size in general. In all previous years of the survey, the largest reported attack was 100Gbps. This year, attacks peaked at 309Gbps, and multiple respondents reported attacks larger than 100Gbps. “Last year we saw eight times the number of attacks over 20Gbps when compared to 2012,” said Darren Anstee, solutions architect for EMEA at Arbor. “In short, attackers seem to have re-focused on utilizing large volumetric attacks to achieve their goals and this illustrates why layered DDoS defense is such an important message. “ Meanwhile, internal network, advanced persistent threats (APTs) and ubiquitous application-layer attacks continue to be everyday reality for IT departments too. The proportion of respondents seeing APTs on their networks has increased from 22% to 30% year over year – and respondents ranked botted hosts as their No. 1 concern. “The other key aspect of the results this year, from my perspective, relates to internal network threats,” Anstee said. “Over half of respondents this year indicated that they had seen botted/compromised hosts and or APTs on their internal networks during the survey period. This clearly shows that threats are getting inside networks, either around or through perimeter defenses. Organizations need to augment their security postures so that they can identify suspicious or malicious activities wherever they might occur on their networks.” The report also found that application-layer attacks are now common, with nearly all respondents indicating they have seen them during this survey period. There has also been continued strong growth in application-layer attacks targeting encrypted web services (HTTPS): these are up 17% over the previous year’s report. Source: http://www.infosecurity-magazine.com/view/36687/ddos-surges-in-mobile-and-data-centers/

Read the article:
DDoS Surges in Mobile and Data Centers

JP Morgan Chase and Bank of America targets for DDoS attacks

Major US financial firms JP Morgan Chase and the Bank of America have been targeted by a distributed denial of service (DDoS) attack, according to one hacktivist group. The European Cyber Army has claimed it waged the attack that disrupted online services for customers of the companies between 10:30am and 2:30pm on Tuesday (28 January). It is the latest in a long line of DDoS attacks that the group has admitted to, with the federal court system one organisation recently impacted. Reports suggest the group have also been responsible for disruptive online attacks in Asia, the Middle East and Europe. Both the Bank of America and JP Morgan Chase has refused to comment on the attack, but customers took to Twitter to complain about the outage to online services. Several executives at organisations that track DDoS activity confirm they saw indications two leading US banks were hit on Tuesday. The news of the DDoS attacks comes as Aleksandr Panin, the Russian programmer who created the SpyEye bank hacking tool, was successfully prosected in the US. Source: http://www.bobsguide.com/guide/news/2014/Jan/30/jp-morgan-chase-and-bank-of-america-targets-for-ddos-attacks.html

View post:
JP Morgan Chase and Bank of America targets for DDoS attacks