Tag Archives: ddos-attacks

Israeli sites targeted by annual Anonymous ‘OpIsrael’ DDoS attacks

Israeli sites targeted by annual Anonymous ‘OpIsrael’ cyber attacks Hackers fail to bring down government websites, but successfully target sites belonging to musicians, organization for excellence in education and association of urologists. The “electronic Holocaust” promised by pro-Palestinian Anonymous hackers on Tuesday has yet to come, but it appears attempts to attack Israeli cyber targets continues. On Tuesday afternoon many Israelis received messages with Arabic text that says: “We’ll free the two holy mosques from the sons of the Jews.” Natalie Ben-Hemo from Lod received the message, which came from the number 007. “I imagined it must have something to do with the Anonymous attack and I checked on Google Translate what the message in Arabic means,” she said, saying her brother-in-law also received the message. Yavgeny Kogen from Kiryat Ata also received the message, “I realized they must’ve hacked one of the content providers of SMS messages and sent messages to everyone. Other than that, I haven’t come across other cyber attacks.” Overnight Monday, dozens of websites were brought down by pro-Palestinian hackers. Major government websites were targeted but were not brought down, including the sites for the Knesset, Education Ministry and the government portal. Most hacking attempts come in the form of a denial of service (DoS) attack, in which a website is inundated with requests for access, to the point that the site’s servers cannot cope and the site either functions extremely slowly or collapses altogether. Despite the largely failed attempt to bring down government websites, numerous private sites were brought down Tuesday, with many displaying the phrase “Hacked by Anonghost”. Among those hacked were the official sites for singers Shalom Hanoch and Ivri Lider, popular band Hadag Nachash, the Israeli Center for Excellence through Education, the Israeli Urological Association and others. In addition, hackers claimed to have also accessed a number of email accounts, and published the list of compromised sites and emails. They also claimed to have hacked the website of the court system, but that was working normally by Tuesday morning. The annual attack on Israeli websites, or “#OpIsrael”, is carried out by those identifying as Anonghost or Anonymous. The stated goal is to repay various groups and bodies in Israel for the country’s treatment of the Palestinians, by causing inconvenience and discomfort for Israeli citizens, which it says Israel does to the Palestinians. Every few months or so, hackers threaten to launch cyber attacks on Israeli sites. In many cases, hackers fail to carry out the attack, or cause minimal and temporary damage. In some cases, lists of Israeli user names and passwords for email and social media sites are distributed online, in order to scare Israeli internet users, but often they are old passwords. On April 7 last year, there was a small-scale cyber attack on Israel, but with no significant victims. Source: http://www.ynetnews.com/articles/0,7340,L-4644894,00.html “As we did many times, we will take down your servers, government websites, Israeli military websites, and Israeli institutions,” said a video message released recently, warning of the impending attacks. “We will erase you from cyberspace in our Electronic Holocaust.”

Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

Xbox boss Phil Spencer has been talking with his rivals to see how they can avoid a repeat of the Christmas Xbox Live and PSN downtime. It’s very rare for console manufacturers to work together on anything, but the DDoS attacks on Xbox Live and PSN over Christmas have been enough for Microsoft to initiate conversations with its two rivals. ‘I don’t think it’s great when PSN goes down,’ Spencer told Game Informer. ‘It doesn’t help me. All it does is put the fear and distrust from any gamer that’s out there, so I look at all of us together as this is our collective opportunity to share what we can about what we’re learning and how things are growing. Those conversations happen, which I think is great.’ He added that the Christmas attacks had been a ‘learning experience’ and that, ‘Our commitment to Xbox One customers is to make sure our service is robust and reliable’. Although Xbox Live seemed to recover more quickly from the attacks than Sony, and Nintendo weren’t affected at all, there is no easy defence against DDoS as they’re not really hacking (no data was stolen or accessed) and simply involve overloading a server with requests. As a result it’s not clear what defences Spencer was discussing with Sony and Nintendo, but it is good to know they’re at least talking. Source: http://metro.co.uk/2015/03/06/microsoft-sony-and-nintendo-collaborating-to-stop-ddos-attacks-5091159/

More:
Microsoft, Sony, and Nintendo collaborating to stop DDoS attacks

University servers not at risk for information breach during DDoS attacks

Last week, University servers were hit by a Distributed Denial of Service attack that led to the shutdown of Sakai and the Central Authentication system, rendering RUWireless inoperable for several days, as reported by The Daily Targum on Tuesday. During a DDoS, servers are flooded by requests from an external source. Bots, or hijacked computers, were programmed to inundate the University’s secure servers with requests for information. Many of these hijacked computers appeared to originate from outside of the United States. It is likely no University computers were co-opted into contributing to the attacks. A DDoS attack differs from a break-in in one key way –– a DDoS forces servers to shutdown, while a data breach is performed to steal or delete information. Notably, Sony has been broken into multiple times in the past few years, leading to theft of credit card and other private information. While some services, such as the Playstation Network in 2011, were disrupted, this was more of a byproduct caused by the hack. Stealing or deleting information was not a goal of the Rutgers attack. Hacking can be done by installing malware onto a server or by hunting down and exploiting weaknesses –– such as digital holes in a firewall. The methods of breaking into a system are different enough from those of a DDoS that they can be identified and dealt with. While both exploit vulnerabilities, the former does so subtly to gain access and control. A DDoS is less refined, and because of the nature of the Rutgers attacks, at no time was any private information vulnerable to theft. A series of emails sent by the Office of Information Technology and the Telecommunications Division explained that Sakai and CAS were taken offline to protect them and the University servers from the DDoS attacks, which continued through Sunday. These services were made available again to those using an on-campus network late Sunday, and to off-campus students again on Monday. Rutgers employs “DDoS mitigation” software that is designed to help detect and end attacks by noting how traffic patterns –– what computers request information –– change, including where traffic originates from. This notifies system administrators when an abnormally large number of atypical requests are being made. The Internet in general is structured so that information cannot easily be lost. Every tweet, picture, forum message, video and private piece of information remains online even if a user ostensibly deletes it. Rutgers has a vast, complicated network of servers, many different wireless networks and storage for all the information the University holds, both onsite and offsite, and backups for this data do exist in the unlikely event it is rendered unusable on one platform. The way the data is held also prevents changes being made to it once it is stored. Deleting this information would be difficult for a hacker and stealing it more so. Denying students the opportunity to study for exams, access their grades or contact their professors is much easier in comparison. While this denial caused, and can cause, a lot of harm in terms of productivity and even just keeping up with what’s happening at the University, it has less of an effect on any of the actual data stored here. Source: http://www.dailytargum.com/article/2015/04/u-servers-not-at-risk

Visit site:
University servers not at risk for information breach during DDoS attacks

Michigan High School Student Facing Charges After lauching DDoS attack on School Network

A student at Monroe High School in Monroe, Michigan, was recently caught conducting a distributed denial of service attack (DDoS), and Monroe Public Schools Superintendent Barry Martin says the district will be pressing charges. Over a period of two weeks, the unnamed student managed to take the network down for ten to fifteen minutes at a time during the school day. This had a heightened effect on the district, as modern-day high schools rely heavily on the Internet for administration as well as classroom instruction. “We are so reliant on the Internet that we can’t afford to have down time,” said Stephen McNew, the superintendent of the district in which the student attended school. No Sensitive Data Compromised Despite having success at being disruptive, an act that the student considered to be a prank, no sensitive documents, e-mails, or files were ever compromised, which should contribute greatly to his defense. Merely disrupting communications is far less of a crime than is stealing sensitive information about other students or private communications between staff members. “A Good Student” Barry Martin called the alleged hacker “a good student” in comments to the Monroe News but said that this act could not be tolerated, and charges would be filed. DDoS is a federal felony, but from the sounds of it, the FBI has not yet been involved in the case. It is taken very seriously when the targets are larger organizations or government institutions, and ordinarily those who are serious about conducting DDoS attacks are careful to cover their tracks. It is not yet evident how the student was found to be a suspect in the case, but in the town of roughly 20,000 people, the pool of likely suspects is rather slim. The profile would be a student with high grades and extreme computer aptitude. This would make the pool of likely suspects even smaller. The way that high schools often conduct such investigations, the student would have been brought in front of a police officer and interrogated until he confessed. Like as not, school officials would pretend to know already that he was guilty, and he would confess. Equally as likely, the student bragged about it to another student, who then turned him in. Another thing that the administrators said about the student was that he probably didn’t know the seriousness of what he was doing. This is in line with existing research that has concluded that adolescents are less likely to consider the consequences of their actions before taking them. Locals Have Mixed Feelings Many locals on the Monroe News Facebook page felt that a felony would be too stern a response for the gifted student’s prank. After all, in the end, the one thing he illustrated was that the school district had a weak network infrastructure that needs upgrading. Especially if, as administrators have said, they are extremely reliant on the Internet in daily teaching. Source: https://hacked.com/michigan-high-school-student-facing-charges-ddosing-school-network/

View post:
Michigan High School Student Facing Charges After lauching DDoS attack on School Network

Anonymous proxies now used in a fifth of DDOS attacks

The number of DDOS attacks using anonymous proxies has increased The number of distributed denial of service attacks using anonymous proxies has increased dramatically over the past year, according to a new research report, as attackers use these proxies to create an instant pseudo-botnet. Ofer Gayer, security researcher at Redwood Shores, CA-based Incapsula Inc., said he first spotted the trend about a year ago. Incapsula was working on creating a database of IP addresses spotted attempting malicious activity, and discovered that attackers were abusing anonymous proxies to turn a regular single-origin denial of service attack into a distributed denial of service attack with traffic flowing through thousands — or tens of thousands — different IP addresses. A year ago, fewer than 5 percent of DDOS attacks came through anonymous proxies. Today, the number is close to 20 percent, Gayer said. “The trend intensified over the past two months,” Gayer said. “Currently, 20 percent of all application-layer attacks are originating from these proxy servers.” Of those, nearly 45 percent came from the TOR network of anonymous routers, and, of those, 60 percent used the TOR Hammer DoS tool. On average, a single attacker would direct traffic from 1,800 different IP addresses, with 540,000 requests per instance. According to Incapsula product evangelist Igal Zeifman, what this means is that an attacker could be sitting at home, on a single computer, and route traffic to a list of anonymous proxies to create an instant botnet-style attack. All it takes is a proxy harvesting script and a publicly-available DOS toolkit. Anonymous proxies, or anonymizers, can serve a useful purpose, preventing identity theft, protecting search histories, avoiding geographical marketing and access restrictions, and allowing activists to bypass Internet censorship of repressive regimes. They also offer several benefits to DDOS attackers. First, they mask the source of an attack and help the attackers evade security measures based on access control lists. They also help the attacker avoid geo-blacklisting, since the attack can be spread among proxies in many different countries. Second, since each proxy is only passing along a small number of messages, it helps the attackers avoid counter-measures based on limiting the number of messages from a single source. Finally, proxies make slight changes to message headers. That helps the attackers avoid signature-based defenses. “You can Google to find several options to generate lists of these servers,” said Zeifman. “And these servers accept requests from anyone.” Each of the anonymous proxies can be used to forward a small amount of traffic, that, together, add up to enough to take down an application. “It’s like a thousand needles, stinging all at the same time,” said Zeifman. Since the attackers are going after application, not much traffic is required. “Very few server operators think about over-provisioning their CPUs,” he said. “Even a small overhead of 100 requests per second is enough to take down a dedicated server environment.” Source: http://www.csoonline.com/article/2903939/application-security/anonymous-proxies-now-used-in-a-fifth-of-ddos-attacks.html

Visit link:
Anonymous proxies now used in a fifth of DDOS attacks

DDoS attack temporarily blocks seattletimes.com

A denial-of-service attack, in which perpetrators flood a targeted website with requests that overwhelm the site’s servers, is believed to have caused Monday morning’s outage. A cyberattack took down The Seattle Times website for about 90 minutes Monday morning. Seattletimes.com was unavailable from about 8 a.m. to 9:30 a.m. as a result of a denial-of-service attack, company spokeswoman Jill Mackie said. “The Seattle Times website experienced technical problems Monday morning due to an external attack that appears to have targeted other sites,” Mackie said in a statement. “We continue to monitor the situation and apologize for any inconvenience this caused readers.” Denial-of-service attacks are designed to flood a website with requests, essentially overwhelming the site’s servers and preventing it from responding to other users. The result is a site that grinds to a halt or runs so slowly that it becomes unusable. Such attacks on their own aren’t designed to damage a target’s computer systems or steal files. The attacks, a fixture of Internet security threats for decades, have been blamed on culprits ranging from political operatives to young, tech-savvy hackers connected by social media. The ease with which such attacks could be orchestrated was illustrated in 2000 when a 15-year-old Canadian boy, working under the alias “Mafiaboy,” was able to temporarily bring down the websites of Yahoo, CNN and Amazon.com, among others. Mackie said The Seattle Times’ information technology staff believes Monday’s attack on the website was carried out by a cyberattack group that calls itself Vikingdom2015. The group is said to have targeted several government and media websites, including those of the Indiana state government and the Bangor (Maine) Daily News, with denial-of-service attacks. IBM security researchers said the group was formed from former members of the Team Cyber Poison hacker group, and began attacking websites this month. Source: http://www.seattletimes.com/business/technology/cyberattack-temporarily-blocks-seattletimescom/

View original post here:
DDoS attack temporarily blocks seattletimes.com

Rutgers Suffers Foreign DDoS Attack

On Monday morning, Rutgers University was still trying to recover from a distributed denial of service (DDoS ) attack that had been launched against it over the weekend, according to media reports. The attack, which began on Friday afternoon, interrupted Internet service for Rutgers students, faculty and staff, although no confidential information appears to have been leaked. The university’s Office of Information Technology (OIT) had managed to restore Internet service on campus as of Monday, although some services remained unavailable for users trying to access the systems from off-campus. On Sunday, Don Smith, Rutgers’ vice president of Information Technology, alerted students to the attack via e-mail. Attack Originated from Ukraine, China “The Rutgers University network has been under an extended distributed denial of service (DDOS) attack since Friday, Mar. 27,” the university wrote in a security briefing on its computing services Web site on Sunday. “Since the initial attack, there have been multiple follow-up attacks. OIT has been working to maintain access to the network and IT services around the clock since the attacks began, but as fast as one service is fixed another is targeted.” The FBI is investigating the attack, which is believed to have originated from China and the Ukraine, according to a report by the local New York NBC affiliate, citing a source at the university. The local Rutgers University police are also investigating the attack. In addition to causing Internet service to slow down or become completely unavailable, the attack also managed to take down the Rutgers homepage for 15 minutes over the weekend. The university’s Sakai platform, which is an online tool used by both students and faculty, was also unavailable for off-campus users as of Sunday afternoon. “Unfortunately, we have no ETA at this time for a permanent restoration of all affected services,” the university said on its Web site. “Normal service will be restored as soon as OIT is confident that the attacks are over.” Rutgers No Stranger to DDoS The attack is not the first the university has suffered. As recently as November, it experienced a similar DDoS attack that seemed to be timed to coincide with the period during which new students were registering for classes. During last year’s attack, the Rutgers network was shut down when a hacker flooded it with external communications requests. Like the most recent attack, the November attack is thought to have originated in Eastern Europe and China, according to a report on the Daily Targum, the university’s official student newspaper. Last year’s attack lasted only about 24 hours, however, unlike the current attack from which the school is still recovering. The day before the attack the school announced that it had been awarded $1.95 million by the federal government to develop a training program for the study of issues related to homeland security. Source: http://www.toptechnews.com/article/index.php?story_id=1320044NONV0

GitHub recovering from massive DDoS attacks

The attacks were aimed at two GitHub-hosted projects fighting Chinese censorship Software development platform GitHub said Sunday it was still experiencing intermittent outages from the largest cyberattack in its history but had halted most of the attack traffic. Starting on Thursday, GitHub was hit by distributed denial-of-service (DDoS) attacks that sent large volumes of Web traffic to the site, particularly toward two Chinese anti-censorship projects hosted there. Over the next few days, the attackers changed their DDoS tactics as GitHub defended the site, but as of Sunday, it appears the site was mostly working. A GitHub service called Gists, which lets people post bits of code, was still affected, it said. On Twitter, GitHub said it continued to adapt its defenses. The attacks appeared to focus specifically on two projects hosted on GitHub, according to a blogger who goes by the nickname of Anthr@X on a Chinese- and English-language computer security forum. One project mirrors the content of The New York Times for Chinese users, and the other is run by Greatfire.org, a group that monitors websites censored by the Chinese government and develops ways for Chinese users to access banned services. China exerts strict control over Internet access through its “Great Firewall,” a sophisticated ring of networking equipment and filtering software. The country blocks thousands of websites, including ones such as Facebook and Twitter and media outlets such as The Wall Street Journal, The New York Times and Bloomberg. Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects. The tracking code was written by Baidu, but it did not appear the search engine — the largest in China — had anything to do with it. Instead, Anthr@X wrote that some device on the border of China’s inner network was hijacking HTTP connections to websites within the country. The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing. “In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech,” Anthr@X wrote. GitHub has not laid blame for the attacks, writing on Saturday that “based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” The attackers used a wide variety of methods and tactics, including new techniques “that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” GitHub said. In late December, China cut off all access to Google’s Gmail service, after blocking Facebook’s Instagram app, and the phone messaging app Line. A month prior, it appeared many non-political sites supported by the U.S. content delivery network EdgeCast Network were blocked. EdgeCast may have been a casualty because its cloud services are often used to host mirror sites for ones that have been banned. Source: http://www.computerworld.com/article/2903318/github-recovering-from-massive-ddos-attacks.html

Originally posted here:
GitHub recovering from massive DDoS attacks

Indiana’s website taken out by DDoS in response to ‘religious freedom’ law

The state’s website was up and down for most of the early afternoon on Friday The state of Indiana is having a bad week. First, Governor Mike Pence signed a controversial “religious freedom” bill into law; earning the state a black eye for taking step backwards on civil rights. Now, twenty-four hours later, the state’s website was knocked offline by a group taking up another person’s protest against Religious Freedom Restoration Act. The group responsible for taking IN.gov offline has targeted 34 other state, local, tribal, and territorial government websites this month. Going by the name @YourVikingdom on Twitter, the group targeted Indiana’s website after another user suggested that a campaign against the state be mounted in response to recently enacted discriminatory law. Senate Bill 101, also known as the Religious Freedom Restoration Act, was surrounded by controversy in the days leading up to its signing. Businesses and organizations on both sides of the debate, including religious groups such as The Christian Church (Disciples of Christ) urged Gov. Pence to veto the bill. The problem most people have with the new law is that it opens the door for business owners to deny services to the LGBT community for religious reasons. The law, said to be nothing short of legalized discrimination, has caused business leaders to react, including Salesforce CEO Marc Benioff, who stated that employees and customers would no longer be sent to Indiana. Salesforce bought ExactTarget, an Indiana-based marketing software company, for $2.5B in 2013. “Today we are canceling all programs that require our customers/employees to travel to Indiana to face discrimination,” Benioff said via Twitter. There’s no way to prove it, but the DDoS attack against Indiana’s primary website might have been avoided. The group responsible has no real purpose. Despite their outlandish claims, the reality is they attack vulnerable infrastructures – or low-hanging fruit as it were – for fun. There is no cause for them to support, just their own amusement. All of their victims, especially the government websites, have little to no anti-DDoS protection. Indiana is no different. Yet, because of the backlash against Indiana over the ‘religious freedom’ law, @YourVikingdom took notice and flooded the website with traffic to the point that it collapsed. The site was able to recover, but the damage had already been done. Then again, the ‘religious freedom’ law might have been nothing more than an excuse. As low-hanging fruit, Indiana’s servers were always a possible target, especially given the established pattern set by @YourVikingdom. Indiana’s website was offline at 2:00p.m. EST, and recovered 45 minutes later, but remained sluggish for another half-hour while the Indiana Office of Technology worked to resolve the issue. Source: http://www.csoonline.com/article/2903314/business-continuity/indianas-website-taken-out-by-ddos-in-response-to-religious-freedom-law.html

Continue reading here:
Indiana’s website taken out by DDoS in response to ‘religious freedom’ law

GitHub Still Battling DDoS Attack

San Francisco-based GitHub was taken out with a denial of service attack Wednesday. Scripts from the Beijing-based Baidu sent traffic coming to a page operated by GreatFire and a page with Chinese-translations of The New York Times. As is the focus of DDoS attacks, GitHub’s availability was knocked out as a result of the traffic caused. In morning tweets during the attack, GitHub informed followers that the attack was still going and getting worse, but that they were on top of dealing with it. As of two hours ago GitHub states that the DDoS attack is still being worked on. Meanwhile Baidu has said that it had nothing to do with the attack intentionally. The Chinese search engine titan also says that it is working security specialists to find out the cause of things. The company made certain to state that its security hadn’t been compromised during the attack on GitHub. Speculation in tech and security circles say that the attack was a means of strengthening China’s methods of web censorship by taking out sites that could allow for users to get around it. Baidu was simply used as a means of amplifying the attack due to how sizable it is and the amount of traffic it can produce. Source: http://kabirnews.com/github-still-battling-ddos-attack/8495/

See more here:
GitHub Still Battling DDoS Attack