The University of Georgia was the victim of a cyberattack Sunday night which blocked all Internet access for everyone on campus using the school’s network. The DDoS — distributed denial of service — attack came from outside UGA’s network, and began about 6:10 p.m., according to an email sent Monday by Timothy Chester, UGA’s vice president for information technology. A DDoS attack floods a target’s computer network with traffic, leaving the victim’s use of its websites and computer systems unavailable. During the incident, the university’s entire 20 gigabytes per second of Internet capacity was saturated with outside network traffic, which blocked access campus users. UGA purchases its Internet connectivity through a nonprofit consortium, called Southern Crossroads, which is operated by Georgia Tech. School officials worked with Southern Crossroads to isolate the attack and began blocking it about 10 p.m., Chester’s message said. The attack ended shortly after that. As of Monday morning, officials had found no evidence that systems or data maintained by UGA had been compromised. Colleges and universities have increasingly been the target of these types of cyberattacks. Last year, Rutgers University students requested tuition refunds after the school experienced its fifth DDoS attack in a year. Arizona State University was also hit by a DDoS attack in April, blocking access to its Internet network a week before final exams. Some campuses are not currently equipped to identify DDoS attacks, and may not have a method for effectively mitigating them, industry experts say. “I personally regret that many of you experienced a disruption as you were preparing homework, getting ready for class or doing other University work and I offer my apologies,” Chester said to the campus community in the message. UGA plans to review the incident with federal, state and local law enforcement, and work with the University System of Georgia on reducing the risks of these types of attacks in the future. Source: http://www.ajc.com/news/news/local-education/university-of-georgia-hit-by-cyberattack/nqtN9/
Read the original post:
University of Georgia hit by DDoS Attack
Staminus Communications Inc ., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data. Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday. “Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable,” Staminus wrote to its customers. “Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for full recovery.” Staminus now says its global services are back online, and that ancillary services are being brought back online. However, the company’s Web site still displays a black page with a short message directing customers to Staminus’s social media pages. Meanwhile, a huge trove of data appeared online Thursday, in a classic “hacker e-zine” format entitled, “Fuck ’em all.” The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The authors of this particular e-zine indicated that they seized control over most or all of Staminus’s Internet routers and reset the devices to their factory settings. They also accuse Staminus of “using one root password for all the boxes,” and of storing customer credit card data in plain text, which is violation of payment card industry standards. Staminus so far has not offered any additional details about what may have caused the outage, nor has it acknowledged any kind of intrusion. Several Twitter accounts associated with people who claim to be Staminus customers frustrated by the outage say they have confirmed seeing their own account credentials in the trove of data dumped online. I’ve sent multiple requests for comment to Staminus, which is no doubt busy with more pressing matters at the moment. I’ll update this post in the event I hear back from them. It is not unusual for attackers to target Anti-DDoS providers. After all, they typically host many customers whose content or message might be offensive — even hateful — speech to many. For example, among the company’s many other clients is kkk-dot-com, the official home page of the Ku Klux Klan (KKK) white supremacist group. In addition, Staminus appears to be hosting a large number of internet relay chat (IRC) networks, text-based communities that are often the staging grounds for large-scale DDoS attack services. Source: https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/