Tag Archives: ddos-attacks

Sony Pictures not using Amazon Web Services to DDoS illegal file-sharing websites

Reports this week claimed Sony Pictures were carrying out denial of service attacks against certain websites which were sharing files stolen in the devastating cyber-attack against the studio. The sources speaking to Recode said that Sony Pictures was using Amazon Web Services’ (AWS) cloud computing infrastructure in Tokyo and Singapore to flood websites which are sharing the files illegally, but this claim has now been denied by the company involved. A spokesperson for AWS has however categorically denied that this is the situation, telling IBTimes UK : AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS. It is unclear if Sony Pictures is carrying out the attacks suggested by the sources speaking to Recode, and simply using another computing infrastructure, or if the studio is not actually carrying out these attacks at all. Martin McKeay, who works with cloud services provider Akamai, told ITSecurity Guru that there could be some truth in the speculation: “It has the potential for being true and not utterly impossible to be some truth to this, and I don’t think it is utterly impossible that they are doing it through some third party who is doing this via AWS,” he said. “There are some systems out there for doing load testing and some of them can be done through AWS and can generate traffic like that, but what is more likely is that they are feeding the torrent sites with false information and causing a DDoS in that way.” Tim Erlin from Tripwire told IBTimes UK that if there is truth to the rumour, it could spell even more trouble for Sony Pictures: “Taking the step to ‘hack back’ against perceived legitimate targets, based on their own assessment of guilt, presents a myriad of potential legal problems. If Sony manages to disrupt, intentionally or accidentally, a legitimate service in the process, they may be adding to their problems, rather than improving the situation.” Sony Pictures has not commented on these reports, but the company is still trying to get its systems back fully under its control since the studio was attacked by a group of mysterious hackers called Guardians of Peace almost three weeks ago. “ The movie of terrorism” The group, which claims to have stolen “tens of terabytes” of information from Sony Pictures, released the latest tranche of stolen documents on Wednesday. Along with releasing copies of Sony Pictures’ films, the leak includes personal and financial information of thousands of the company’s employees, internal emails from executive discussing high profile stars like Angelina Jolie and films like Jobs, the Steve Jobs biopic. The leaked data has also included highly sensitive information on actors’ salaries and the amount of money that it is being paid by Netflix for its films. Source: http://www.ibtimes.co.uk/sony-pictures-not-using-amazon-web-services-ddos-illegal-file-sharing-websites-1479230

AbleGamers’ weird weekend of porn stars, charity and a worries over a DDoS attack [correction]

AbleGamers believe they became the target of a DDoS attack over the weekend after the charity founders declined to accept funds from porn star Mercedes Carrera because of her connection to the GamerGate movement, according to the gaming and disability charity. But Carrera tells Polygon she had nothing to do with the issues the site ran into over the weekend and that while she is a GamerGate supporter the live stream adult cam show is not connected to GamerGate. “In fact, I was unaware any of this was happening until checking my social media on Sunday,” she said. The disagreement started out as an offer by Carrera to help raise funds for AbleGamers, a website dedicated to gaming and disability. “I chose AbleGamers as I have become friendly with some disabled gamers and wanted to support the mission of providing alternatives in gaming for those who are not fully abled,” Carrera told Polygon. “I see the value in disabled gamers having an opportunity to experience a variety of actions they may not have access to in day to day life.” AbleGamers officials said they were initially open to the idea. “As a sex positive organization, our immediate response was ‘Absolutely,’” according to a post on AbleGamers. “We would be honored to be chosen.” But a thread about the fundraiser on Reddit raised concerns for AbleGamers. “In doing our due diligence we discovered the event organizer was putting together a GamerGate stream that would ‘for now’ be ‘a charity stream’ because they ‘cannot mention that it is a GG stream as it might shy away BZ (Brazzers) and others,’” reads a statement from the organization. According to a message on its official website, AbleGamers “became concerned by the lack of transparency in the original emails having made no mention of GamerGate. We became further alarmed as the post continued adding ‘GamerGate [h]as just weaponized porn.’” Carrera said that AbleGamers emailed the coordinators of the event and said they didn’t want to receive money from the fundraising because of what they read on the Reddit thread, including someone writing that “GamerGate had weaponized porn”. After announcing it would no longer be involved in the charity event, the AbleGamers website began having technical issues, according to site officials. AbleGamers representative Steven Spohn told Polygon that a DDoS attack was confirmed by the website’s host. “When we released our statement, we figured it was traffic,” says Spohn. “Our server is ‘charity level’ which means cheap and no DDoS protection. “When we started getting ‘cannot connect to service’ on the webpage, we called Liquid Web. Three different phone representatives said that it was in fact a DDoS. We relayed the information to our audience as it was happening. Our website is on a cloud server, sandboxed away from others. “So, were we?” Spohn continues. “Our host says so. Could they be wrong? Sure. If LW tells us three techs and their top admin were wrong, then we’ll agree we weren’t [victims of a DDoS attack]. Until then I’m sticking to we were DDoS attacked around 1pm Eastern on Sunday for about 30 minutes.” Carrera is adamant she had nothing to do with the issues, something she goes into in more detail in an open letter on Destructoid. She also said that the fundraiser has never been connected with GamerGate. “The live stream cam show adult content event happening January 2 is not connected to GamerGate,” she said. “However, as I have come out in support of GamerGate’s mission of ethics in journalism and resistance to censorship, it is not surprising that the two became conflated on Reddit. However the show itself is not intended to be a GamerGate sanctioned event. ” She added that the fundraiser is still happening and that a partnership is in the works for who will be the recipient of the money raised. Source: http://www.polygon.com/2014/12/9/7358899/ablegamers-gamergate-mercedes-carrera-ddos

Follow this link:
AbleGamers’ weird weekend of porn stars, charity and a worries over a DDoS attack [correction]

1&1 goes titsup, blames lengthy outage on DDoS attack

UK hosting company 1&1 went titsup late on Tuesday night and struggled to recover this morning, after claiming it had been the victim of a Distributed-Denial-of-Service (DDoS) attack. The website collapsed shortly before 10pm yesterday, and it has taken 1&1 a full 12 hours to get its service back up and running. Readers who told the Reg about the outage said that the service had been flaky for several hours before it keeled over. 1&1 blamed the downtime on a DDoS attack in a tweet. However, although the website appeared to be returning to normal, 1&1 had yet to update its customers about the status of its system at time of writing. Customers were still griping about the mysterious outage this morning. Indeed, 1&1 was tight-lipped about the cause of the service disruption on its status page, which made no mention of a system security breach. Last month, Fasthosts blamed a five-hour outage it had suffered on a DDoS attack. Source: http://www.theregister.co.uk/2014/12/10/1_and_1_hosting_firm_claims_ddos_attack_downs_website/

Carbon Poker Crash and Possible DDoS Attacks Highlight Need for Legalization

Recent happenings at what was considered one of the more reliable and trustworthy offshore online poker rooms, Carbon Poker, is simply furthering the case for regulated online poker in the United States. Anyone calling for a ban of online gambling in the U.S. should pay particular attention to what has taken place at Carbon Poker over the past couple weeks, as these are the types of online poker operators that will survive a federal online gambling ban. If Sheldon Adelson gets his way, regulated sites like WSOP.com would be forced to shut down and sites like Carbon would continue to fill the void. In the past couple weeks the site experienced several significant problems that have left many players concerned about the safety of their accounts and their personal information, as well as with the overall integrity of the games at the site. Server crash leads to data breach The first issue occurred during one of the biggest tournament days in Carbon Poker’s history. On November 23, the Main Event of the Carbon Poker Online Poker Series, along with dozens of other tournaments at the site, were running when the Carbon Poker servers’ crashed, bringing everything to a screeching halt. Site-wide server crashes are rare, but they do happen. Unfortunately for Carbon, this was not a typical server crash, which is bad enough in its own right. According to multiple reports by poker players on social media sites and on the poker forums, the server crash not only caused widespread disconnections, but also caused hole cards to change mid-hand for players still able to log in and play, and even more worrisome, customers were inexplicably able to gain access to other players’ accounts when they tried to log back on to the site. Players reported that this first of its kind (to my knowledge) technical glitch, not only allowed them access to other Carbon Poker’s players accounts, but they were capable of gambling with those funds (including players that were active on the site when the servers crashed), as well as being able to see the accountholders sensitive personal information. A DDoS superuser? As concerning as the server crash and data breach were, things got even worse this weekend when, after several days of unexplained and consistent disconnect issues, widespread rumors began to take hold that targeted DDoS attacks were behind the ongoing technical issues, and were being used to win pots. Following pages of frustration over the ongoing disconnects, the DDoS rumors took hold with an out of left field (something that is not uncommon on 2+2) accusation: I found the hacker that is disconnecting the server. He builds big pots and once he min-raises he crashes the server and scoops the pot. His username is L4ss3m4jj4n. He did it to me a few times and took quite a bit from me at PLO. I then followed him and watched him do it to others. I emailed support so lets see what happens.” And from there it escalated: “Guys, I would normally say this is just somebody coming up with a wild conspiracy theory, but this is serious, everybody should open up this table, it’s table 24 in the $215/125k, something is super super fishy about the way L4ss3m4jj4n is playing, every disconnect has benefited him so far, it seems too obvious if you watch it for a few of the disconnects.” “second time i’m witnessing him betting in big pot and a disconnect taking place.” “Kh8s9d7h board he checks, phat1cat bets 1888 into 3750, l4ss3m4jj4n minraises to 3776 and disconnect.” In addition to the forum gossip, the potential DDoS superuser was also discussed/mentioned on social media by well-known poker players and poker commentators. Click here and also here. As the story began to unfold, over 100 players started monitoring this person’s play as it was being live-streamed on Twitch.com, and at the same time were furiously contacting Carbon Poker customer support en masse to have something done about the situation. You can read a good summary (for those that can’t handle 200 pages of 2+2 posts) of what took place at Carbon Poker/Merge Gaming here. It should be stated, that whether this was a concerted DDOS attack by some nefarious player(s), or if the sites are simply experiencing ongoing technical issues is unclear. What is clear is that unregulated sites make it much harder for players to be treated fairly and properly compensated when these things occur. It also shows the inability of players on unregulated sites to take their grievances to a regulatory body that oversees the site. The important takeaway is, if these types of issues are occurring at Carbon Poker, considered one of the top unregulated online poker sites still serving the U.S. market, what is happening at the other, more suspect, operators? Source: http://www.pokerupdate.com/news/networks-and-rooms/12083-carbon-poker-crash-and-possible-ddos-attacks-highlight-need-for-legalization/

See the original post:
Carbon Poker Crash and Possible DDoS Attacks Highlight Need for Legalization

Fort Lauderdale Website Under DDoS Attack Again

The City of Fort Lauderdale announced Wednesday that it may have to disconnect its Internet service at different points due to another attempt at a denial of service attack on the city’s website. Fort Lauderdale recently saw its home page and the website for Mayor Jack Seiler both go through denial of service attacks at the hands of Anonymous. The hacker collective launched the DDoS attack to try to change the homeless feeding ordinance and other city rules. The Anonymous DDoS attack lasted for several hours during the first attack which kept the home page inaccessible for several hours. The city said Wednesday that it is working with its Internet Service Provider to mitigate risk and safeguard the system. However, the city said there may be service interruptions and intermittent website performance due to the possible new attack. Source: http://www.nbcmiami.com/news/local/Fort-Lauderdale-Website-Under-Attack-Again-284672121.html

Read the original post:
Fort Lauderdale Website Under DDoS Attack Again

Summary of DDoS Attacks this Holiday Season

A number of high-profile distributed denial-of-service (DDoS) attacks have taken place over the past few days, and it is expected that more will occur as we draw closer to the holidays. The attacks began early last week when a hacker who is associated with Anonymous orchestrated a DDoS attack against the websites for the Supreme Court of Canada and the Ottawa Police Forces. The DDoS attack was preceded by a hack against the City of Ottawa, during which the attacker replaced the website’s homepage with an image of a dancing banana. According to the hacker who has claimed responsibility for the attacks, the DDoS campaign was meant to respond to the arrest of a teen that had allegedly made more than 30 emergency 9-1-1 calls across North America. The hacker believes the teen was framed and is trying to help him clear his name. Following a busy Thanksgiving weekend, which included the Sony breach, Cyber Monday saw a DDoS attack against DNSimple, a domain management provider. The attack, which lasted approximately 12 hours, sustained traffic of up to 25Gbps and about 50 million packets per second sent to DNSimple’s servers. Finally, a DDoS attack launched on Tuesday by Lizard Squad, a group well known for this type of attack, succeeded in bringing down the servers at Blizzard Entertainment, a gaming enterprise known for the popular World of Warcraft computer game franchise. Just a day earlier, Lizard Squad had succeeded in using a DDoS campaign to bring down Xbox Live, much to the frustration of shoppers who had purchased the gaming console on Cyber Monday. The attacks on the Canadian government websites, DNSimple, and Blizzard Entertainment suggest that high-volume DDoS attacks are on the rise. In fact, Verisign, a Virginia-based security firm, has been tracking this trend throughout the third quarter. Over the course of its investigation, it has noted an increase of as much as 60 percent quarter-on-quarter in 2014 for some companies. Researchers at Verisign recommend that companies invest in advanced DDoS protection solutions. This is especially true as we approach the holidays, for this type of attack spikes around this time of year. And with Lizard Squad preparing for additional DDoS attacks, their advice could not be more perfectly timed. It looks like it’s going to be a busy holiday season. Source: http://www.tripwire.com/state-of-security/top-security-stories/ddos-attacks-ramp-up-for-the-holidays/

See the article here:
Summary of DDoS Attacks this Holiday Season

The Conversation hit by DDoS Attack

Academia-meets-journalism website the Conversation was hit by a denial of service hacker attack this morning, preventing it from posting new articles or sending its daily email for around eight hours. The cyber attack was targeted at the site’s domain name server DNSimple and affected hundreds of sites across the world. It is believed to be related to the Cyber Monday sales which were going on in the US and UK at the time. In a note in today’s newsletter, sent at 2pm as opposed to the regular 6am, managing editor Misha Ketchell wrote: “Apologies for the long delay in sending today’s newsletter. Our website has been down since shortly after 6am thanks to a “denial of service” attack on our domain name server, DNSimple. “If that’s got you scratching your head, you’re not alone. A denial of service attack is easy enough to understand: it’s where malevolent hackers inundate a server with so many requests it ceases to function. “What’s confounding is why anyone would do something so pointless. In this case we think we’ve been caught up in a targeted attack to coincide with the Cyber Monday sales events in the US, as David Glance explains here. “For now the worst appears to be over and we are working on ways to ensure it doesn’t happen again. Thanks for your patience.” DNSimple is still currently experiencing issues across some of its domains due to the attacks, which are explained in more detail in a piece on The Conversation. Source: http://mumbrella.com.au/conversation-hit-denial-service-hackers-morning-265908

Link:
The Conversation hit by DDoS Attack

DDoS attack takes down X-Box Live, FBI warns businesses of new hacking threats

Cyber Monday appears to be a good time for cyber attacks. A group calling itself Lizard Squad said it has taken down Xbox Live. The outage started Monday night and has gamers complaining that they can’t access their systems. The group posted a message to Twitter Monday evening: Cyber Monday appears to be a good time for cyber attacks. A group calling itself Lizard Squad said it has taken down Xbox Live. The outage started Monday night and has gamers complaining that they can’t access their systems. The group posted a message to Twitter Monday evening: The group appears to have launched a DDOS (distributed denial-of-service attack), a fairly common way to take a site offline. Gaming sites said the Lizard Squad has been attacking gaming services for several months, including Play Station, Destiny and several EA games. The group made similar threats to bring the sites down at Christmas. Meanwhile, the FBI is warning businesses that hackers are using malicious software to launch a series of attacks on the U.S. Over the weekend, Sony Pictures Entertainment was hacked, resulting in five films, including the company’s new version of “Annie” being leaked online. The FBI sent out a confidential five-page memo to businesses Monday warning of the possibility of similar attacks, CNBC reported. The Sony attack is believed to have come from North Korea, which had threatened retribution for an upcoming film about its leader Kim John-un. North Korea has complainedthe film, “The Interview” – which includes a plot to assassinate the leader – was state-sponsored “terrorism.” North Korea has appealed to the United Nations to stop distribution of the film. The FBI is investigating the attack. Source: http://www.al.com/news/index.ssf/2014/12/ddos_attack_takes_down_x-box_l.html

SK Internet down after DDoS Attack

SK Broadband, one of the largest providers of broadband Internet access in Korea, was attacked by the Distributed Denial-of-Service (DDoS) over the weekend, disconnecting its Internet services for about an hour. DDoS is a kind of cyberattack in which multiple compromised systems are used to target a single network or a machine and make it unavailable to users. On Saturday at 10:55 a.m., the traffic on SK Broadband’s DNS server soared up to 15 million packets per second (PPS), from its usual average of about 1 million PPS. PPS refers to the number of database transactions performed per second. The Ministry of Science, ICT and Future Planning said it blocked the cyberattack on SK Broadband and a smaller attack on LG U+ with the help of the Korea Internet Security Agency (KISA) and was able to normalize the service in 70 minutes. SK Broadband users near Seocho and Dongjak distrcts in southern Seoul were without Internet from 10:55 a.m. until 12:05 p.m. on Saturday. There was also a mild attack on LG U+, the nation’s third-largest mobile carrier, but it did not have a noticeable effect on the carrier or its users, according to the ministry. The investigative team at the Science Ministry has confirmed 1,030 Internet Protocol addresses used in the DDoS attack and is analyzing the SK’s DNS server log. SK Broadband said it is planning to collect and analyze the malware codes used in the attack after it identified zombie PCs among the users. “It’s not the first time that a mobile carrier has been attacked by DDoS. We are investigating where the attack came from and the exact causes,” said Lim Young-seok, a manager at SK Broadband. “It could take a month, as in the case of previous cyberattacks on banks.” However, information security companies suggested that the DDoS attack on the mobile carrier and the Internet service provider could be a prelude to a larger cyberattack. Increased malware activity was recorded ahead of massive cyberattacks on three Korean television stations and a bank on March 20 and a June 25 attack on the Blue House website. Bitscan, a local securities company, warned that malicious links are at their most active point this year. “As malwares hover between wired and wireless networks, PCs and mobile devices that are vulnerable to cyberattacks will likely see huge damages,” said a spokesman for Bitscan. Source: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2997940

Continue reading here:
SK Internet down after DDoS Attack

Sony Pictures Entertainment Disabled by Cyber Attack

The company’s corporate networks and email were taken offline following the attack. Variety reports that all Sony Pictures Entertainment employees were advised on Monday, November 24, 2014, not to connect to corporate email or corporate networks following a breach by hackers calling themselves “Guardians of Peace,” or #GOP. Deadline.com reports that Sony Pictures’ computers were still down worldwide as of the following day, November 25, 2014. According to The Verge, company computers were defaced with a message stating, “Hacked By #GOP.” “Warning: We’ve already warned you, and this is just a beginning,” the message adds. “We continue till our request be met. We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.” Below the message was a list of five links to zip files allegedly containing stolen data. A Reddit post examining the zip files reports that they contain several files named “private key,” along with Excel files named “passwords” and PDF files named “Diaz, Cameron – Passport.pdf” and “Angelina Jolie passport.pdf.” Another poster found what appears to be weekly Excel files backups of a 1Password database. In an email sent to The Verge, a GOP hacker claimed they were assisted by insiders at Sony, stating, “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in,” the hacker added. HyTrust vice president Michele Borovac told eSecurity Planet by email that this appears to be yet another example of a massive insider breach. “While it’s possible that the statements made by the attacker are just bluster, the reality is that privileged user credentials can give a hacker the keys to the kingdom,” she said. “Organizations must take steps to gain control and maintain visibility over these administrative ‘super user’ accounts if they want to prevent — or at least contain — these types of attacks,” Borovac added. A Courion survey recently found that IT managers are overconfident about their ability to prevent insider breaches, while a SpectorSoft survey found that 61 percent of IT professionals say they’re unable to deter insider threats. A recent eSecurity Planet article offered advice on how to defend against such threats. Incapsula security researcher Ofer Gayer told eSecurity Planet that the Sony attack is a hard blow for the company, particularly coming so soon after Sony’s networks were taken offline by a DDoS attack in August 2014. “As we’ve seen, these attacks can have a devastating effect on a company, its employees and its clients,” Gayer said. “Releasing private data (dubbed ‘d0xing’ in internet slang) or losing it all completely takes a dangerous step forward from plain old data theft, and as these types of attacks gain popularity, CISOs will be under heavier pressure to prevent them.” Source: http://www.esecurityplanet.com/network-security/sony-pictures-entertainment-disabled-by-cyber-attack.html

More:
Sony Pictures Entertainment Disabled by Cyber Attack