Anonymous, the nebulous online activist group that uses hacking to further causes it supports, has threatened a major blackout of Chinese and Hong Kong government websites, and to leak tens of thousands of government email address details. The group, under the banner of ‘Operation Hong Kong’ or ‘#OpHongKong’ and ‘#OpHK’ on Twitter, said on Friday it will launch a mass effort against Chinese government servers to bring down their websites via Distributed Denial of Service (DDoS) attacks on Saturday. DDoS attacks attempt to cripple networks by overwhelming them with Internet traffic. “Here’s your heads up, prepare for us, try to stop it, the only success you will have will be taking all your sites offline,” an Anonymous statement posted online said. “China, you cannot stop us. You should have expected us before abusing your power against the citizens of Hong Kong.” Demonstrations in Hong Kong have seen the use of tear gas, violent clashes and mass disruptions to business and traffic as people campaign for the right to democratically elect the Asian financial hub’s leader. Hong Kong’s refusal so far to negotiate with protesters, and a police reaction that many labelled as heavy-handed, has sparked widespread condemnation that has now spread to Anonymous, which often campaigns for civil liberties by attacking people or institutions it sees as opponents of those rights. “If this is true, it will show that the Chinese government is a victim of internet hacking,” said Foreign Ministry spokesman Hong Lei at a daily news briefing. “ China has consistently stressed our opposition to all internet hacking attack activities. We rebuke the acts of this organisation.” The Chinese government’s Hong Kong Liaison Office also said its website had been attacked twice on Wednesday and Thursday, blocking visitors to the site for a time. “This kind of internet attack violates the law and social morals, and we have already reported it to the police,” it said, adding that the website was running normally again. Among the websites Anonymous said it would target are those of China’s Ministry of Public Security, the Ministry of Defence, Ministry of Justice and Hong Kong police. “Prepping for massive DDoS attacks, Database dumps, etc… Will be destroying #China Government,” wrote one Anonymous participant on Twitter. China’s Defence Ministry, in a statement sent to Reuters, said its website was subject to numerous hacking attacks every day from both home and overseas. “We have taken necessary steps to protect the safe operation of the Defence Ministry website,” it added. The State Internet Information Office, China’s internet regulator, declined to comment. The Ministry of Public Security declined to immediately comment by telephone. The Hong Kong Police Force was not available for immediate comment. The Ministry of Justice said it was not aware of the threat from Anonymous, and that its website wasn’t its responsibility to maintain. The Legal Network Media Beijing Company, which maintains the Ministry of Justice site, said it had not had official notice about any attack, nor had it detected any attacks on the website so far. “If there are future hacking attacks, we have confidence they can be resolved,” said a technician at the company who gave his surname as Zhong. Source: http://uk.reuters.com/article/2014/10/10/uk-china-hongkong-internet-idUKKCN0HZ0KY20141010
See the original article here:
.Anonymous threatens China, Hong Kong authorities with website blackout for DDoS attacks
Various defense strategies can be invoked to defend against DDoS attacks. Many of these depend upon the intensity of the attack. We discuss some of these in this article. Mitigation Strategies Some protection from DDoS attacks can be provided by firewalls and intrusion-prevention systems (systems that monitor for malicious activity). When a DDoS attack begins, it is important to determine the method or methods that the attacker is using. The web site’s front-end networking devices and the server’s processing flow may be able to be reconfigured to stop the attack. UDP Attacks UDP (User Datagram Protocol) attacks send a mass of UDP requests to a victim system, which must respond to each request. One example is a ping attack. It is an enormous influx of ping requests from an attacker that requires the victim server to respond with ping responses. Another example of a UDP attack is when the Internet Control Message Protocol (ICMP) must be used by the server to return error messages. The messages may indicate that a requested service is unavailable or that a host or router cannot be reached. An attacker may send UDP messages to random ports on the victim server, and the server must respond with a “port unreachable” ICMP message. Mitigation Strategy In the case of a UDP attack, the firewall could be configured to reject all UDP messages. True, this would prevent legitimate use of UDP messages, such as pings sent by monitoring services to measure the uptimes and response times of the web site. However, to be shown as failed by a monitoring service is much better than actually being down. SYN Attacks In a SYN attack, a mass of connection requests are sent to the victim server via SYN messages. Typically, the victim server will assign connection resources and will respond with SYN ACK messages. The server expects the requesting client to complete the connections with ACK messages. However, the attacker never completes the connections; and the server soon runs out of resources to handle further connection requests. Mitigation Strategy In this case, the server connection facility could be reconfigured so that it did not assign connection resources until it received the ACK from the client. This would slightly extend the time required to establish a connection but would protect the server from being overwhelmed by this sort of an attack. DNS Reflection Attack A DNS reflection attack allows an attacker to send a massive amount of malicious traffic to a victim server by generating a relatively small amount of traffic. DNS requests with a spoofed victim address are sent to multiple DNS systems to resolve a URL. The DNS servers respond to the victim system with DNS responses. What makes this sort of attack so efficient is that the DNS response is about 100 times as large as the DNS request. Therefore, the attacker only needs to generate 1% of the traffic that will be sent to the victim system. DNS reflection attacks depend upon DNS open resolvers that will accept requests from anywhere on the Internet. DNS open resolvers were supposed to have been removed from the Internet, but 27 million still remain. Mitigation Strategy A defense against DNS reflection attacks is to allow only DNS responses from the domain of the victim server to be passed to the server. Mitigation Services Given a sufficiently large DDoSattack, even the steps mentioned here may not protect a system. If nothing else, the attack can overwhelm the bandwidth of the victim’s connection to the Internet. In such cases, the next step is to use the services of a DDoS mitigation company with large data centers that can spread the attack volume over multiple data centers and can scrub the traffic to separate bad traffic from legitimate traffic. Prolexic, Tata Communications, AT&T, Verisign, CloudFare, and others are examples of DDoS mitigation providers. These services will also monitor the nature of the attack and will adjust their defenses to be effective in the face of an attacker that modifies its strategies as the attack progresses. Legality DDoS attacks are specifically outlawed by many countries. Violators in the U.K. can serve up to ten years in prison. The U.S. has similar penalties, as do most major countries. However, there are many countries from which DDoS attacks can be launched without penalty. With respect to the Spamhaus attack described in Part 1, the CEO of CyberBunker, a Dutch company, was arrested in Spain and was returned to the Netherlands for prosecution. Summary Companies must prepare for the likelihood of losing their public-facing web services and must make plans for how they will continue in operation if these services are taken down. This should be a major topic in their Business Continuity Plans. For instance, in the case of the bank attacks described in Part 1, many banks made plans to significantly increase their call center capabilities to handle customer services should their web sites be taken down by a DDoS attack. DDoS attacks are here to stay. They are motivated by too many factors – retaliation, political statements, aggressive competitors, ransom – and are fairly easy to launch. Botnets can be rented inexpensively. There are even sophisticated tools available on the darknet to launch significant attacks. The defenses against DDoS attacks are at best limited. The ultimate defense is to subscribe to a DDoS mitigation service that can be called upon when needed. Source: http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services-part-3-defending-against-ddos-attacks/