Tag Archives: ddos-defense

DDoS ransom notes: why paying up will get you nowhere

DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed If a large man stopped you on a street corner and told you that if you hand him five dollars, he won’t punch you in the face, what would you do? First you would sarcastically think to yourself welcome to New York, because that’s where this would happen. Following that, you could say no. You could try to run. You could try to defend yourself. But with a matter of moments to think about it, you’d probably just hand over the five dollars. It doesn’t feel good to give money to an unethical person to stop him from doing a terrible thing to you, but hey, face punch averted. Three days later, there he is again. Same offer only now its ten dollars. He already knows you don’t want to be punched in the face and he also knows you don’t seem to have any other plan for dealing with his threats. Handing over that first five dollars set you up to keep being victimised. A DDoS ransom note has a similar strategy behind it. The difference is that you don’t have mere seconds to make your decision. Forewarned is forearmed, so get your shield up. DDoS attack motivations A DDoS attack is a distributed denial of service attack, which is an attack that seeks to deny the services of a website, network, server or other internet service to its users by interfering with an internet-connected host. While victims of this kind of attack may throw their hands up in the air and ask why me, it isn’t necessarily a rhetorical question. Many people assume DDoS attacks stem from business rivalries, or are an attempt to gain a competitive advantage. In some cases this is true, but it’s far from being the only reason for DDoS attacks. DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted. The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies. Whether it’s a turf war between online groups, websites being randomly targeted for DDoS experiments, a challenge to see what attackers are capable of, or hacktivist groups trying to gain attention (the Lizard Squad, anyone?), a lot of the reasons for DDoS attacks can be summed up to just being a jerk on the internet. DDoS ransom notes no exception Speaking of jerks on the internet. For about as long as DDoS attacks have been a thing, so too have DDoS attack extortion attempts. ‘We have a botnet army prepared to take down your site. You have 24 hours to pay us $1000.’ This sort of ransom note is typically followed by a warning shot low-level DDoS attack, just so you know the attackers are capable of what they’re threatening. A year ago, even a few months ago, these DDoS ransom notes were largely attributed to low-level cyber criminals, or kids trying to make some easy cash. But the recent actions of DD4BC, a high-level hacking group responsible for some high-level extortions on bitcoin companies, have shown us that this isn’t true. DD4BC have been threatening 400+ Gbps DDoS flood attacks. While their actual attacks have been shown to be much smaller scale application layer DDoS attacks, peaking at about 150 requests per second accompanied by network layer attacks maxing out at 40 Gbps, these attacks would still be enough to take down most small to medium-sized websites. DD4BC have been attempting to extort bitcoin and gaming companies since November of 2014. Lately they seem to have begun targeting the payment industry as well. How to respond when you receive a DDoS ransom note Thank your mom for all that just ignore it advice she gave you growing up, because one of the best responses here is definitely no response. If you pay the ransom, not only are you out that money, but you’ve also identified your website as one that has no professional DDoS protection. That will put you on the exploitable victim list with a big exclamation mark after your name. Some companies have decided that they’re not content with merely ignoring the ransom demands. One of DD4BC’s first publicised extortion attempts was against the Bitalo Bitcoin exchange, who not only refused to capitulate, but slapped a big ol’ bounty on DD4BC’s head. That bounty was added to by another bitcoin company, Bitmain, in March. Another high-profile website, meetup.com, also went public with their fight against a blackmail-related DDoS attack in March 2014. Ignoring these DDoS ransom notes or actively fighting back against would-be extortionists is unequivocally what your organisation should do in the event that you receive one. However, to do either of these things absolutely requires that you have professional DDoS protection. You don’t poke the bear unless you know it can’t get out of its cage. If that means onboarding protection as soon as you get a note, then so be it. A better plan is to have professional DDoS mitigation in place before you ever land on the list of some hacking group. Blackmail is just one of many reasons DDoS attacks take place, and DDoS attacks are getting stronger and more devastating all the time. Source: http://www.information-age.com/technology/security/123459804/ddos-ransom-notes-why-paying-will-get-you-nowhere

Read this article:
DDoS ransom notes: why paying up will get you nowhere

New Jersey Online Gaming Sites Hit by DDoS Attacks

Online gaming sites in New Jersey were rocked by a wave of distributed denial of service attacks (DDoS) last week, according to the New Jersey Division of Gaming Enforcement (DGE). At least four sites were knocked offline for around half an hour by the cyberattacks, David Rebuck, DGE director, said, although he declined to name them. The disruption was followed by a ransom demand, to be paid in bitcoin, and the threat of further more sustained attacks, he added. DDoS attacks are used by cyber criminals to flood the bandwidth of an internet site rendering it temporarily nonoperational. Online gambling has been a target for such criminals since the early days of the industry, although this is the first time that any attacks have been reported against the regulated US markets. However, last September, when Party / Borgata attempted to stage the most ambitious tournament series the regulated space had seen, the Garden State Super Series, major disruption forced the main event to be cancelled. “Known Actor” Suspected It was assumed that the technical difficulties were the result of a relatively new infrastructure bending under the weight of an uncommon influx of players, but it seems possible that there were more sinister forces at work. Cyber attackers typically strike at times when traffic is highest in order to maximize disruption, and a well-publicized event like the Garden State Super Series would have been an irresistible target. Rebuck’s assertion that law enforcement is now hunting a “known actor” in relation to the attacks, a suspect who has “done this before” would appear to confirm, at least, that New Jersey has been subject to a prior attack. Recent Attacks on Offshore Market Hackers have certainly disrupted unlicensed US-facing poker sites in recent times. Two months after the Garden Super Series, the Winning Poker Network (WPN) attempted to stage a similarly ambitious online tournament with $1,000,000 guaranteed. The event had attracted 1,937 players with 45 minutes of late registration still remaining, before it was derailed by a suspected cyberattack. An on screen-message relayed the news to players as the tournament was abandoned four and a half hours in, following a spate of disruptions. The tournament was canceled and buy-in fees refunded to all participants. On November 23, the Carbon Poker Online Poker Series was severely interrupted by poor connectivity issues, and the site has experienced intermittent problems several times since, although no official word on the disruptions has been forthcoming from .Carbon Poker. “It sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner,” cybersecurity expert Bill Hughes Jr, told the Press of Atlantic City of the incident last week. “It appears that the system worked here.” Source: http://www.cardschat.com/news/new-jersey-online-gaming-sites-hit-by-ddos-attacks-13472#ixzz3fFdK5Vbd

More:
New Jersey Online Gaming Sites Hit by DDoS Attacks

DDoS Wars: The Network Strikes Back

It’s time your IT department rebelled against the cybercrime empire, says Srinivasan CR, VP of global product management, data centre services at Tata Communications Distributed Denial of Service (DDoS) attacks have been making a lot of headlines in the last year – particularly through the work of the Lizard Squad, the cyber criminals behind the attacks that caused major network outages for global corporations such as Microsoft, Sony and Malaysian Airlines. While only the severest attacks affecting some of the highest profile businesses might make the news, cyber criminals are launching new DDoS attacks on a daily basis. Large enterprises such as carriers and online retailers – who rely on the web to sell their products and services and to engage with their customers – are often under relentless bombardment. Furthermore, the financial and reputational implications of DDoS attacks are growing in significance. Companies face the threat of not only losses inflicted by operational downtime, but also of extortion from the more recent phenomenon of ‘ransom attacks’. Attack of the Clones – Forming a Botnet Army DDoS attacks rely on hijacked devices that cyber criminals add to their army, bombarding a weakness in a network. Infected devices are turned into robots, called botnets, which add network traffic to the attack. This is akin to recruiting an army of clones formed by specific computers, ports or services on the target system, entire networks or network and system components. The most common type of DDoS attack involves flooding the target with external communications requests. Eventually, the attack will build enough momentum to bring the network to a standstill, as it can no longer deal with the wave of requests. It is comparable to a global ticketing website crashing on the day Beyoncé tour tickets go on sale due to unmanageable traffic demand. Both scenarios can lead to significant financial losses and damage client and customer relationships, as mission critical systems and business operations grind to a halt. One of the reasons DDoS protection is climbing higher up the IT agenda is that this form of cyber attack is growing in sophistication. By exploiting vulnerabilities in unprotected networks and a range of connected devices, including smartphones and tablets, DDoS attackers are able to grow their botnets at an alarming rate. This increases the scale and power of an attack and reduces the likelihood of an effective counter attack from the victim’s network. This also gives cyber criminals more control over the timing of an attack. For example, staging a successful attack at a crucial time when a business simply cannot afford for its networks to fall over gives attackers far more leverage. Furthermore, while DDoS attacks are not, strictly speaking, to be confused with hacking, which involves infiltrating a network rather than simply choking it into submission, the two can be combined to devastating effect. A successful DDoS attack can render the network operator powerless to protect their systems, making them more susceptible to a full-scale network breach. Consequently, there have recently been examples of companies effectively being held to ransom under the threat of a DDoS attack in exchange for sums of bitcoin and other forms of extortion. Organisations such as carriers, online retailers and financial service platforms are heavily reliant on their global online presence to do their day-to-day business and remain profitable. Therefore, the threat of a powerful DDoS attack, particularly around a significantly busy trading period, gives cyber criminals additional leverage, which may persuade the target organisation to hand over significant sums to avoid being attacked. A New Hope – Scrubbing the Network Clean Given the nature of DDoS attacks, the best form of defence is attack. Rather than waiting for attacks to hit your network and relying on the ability of your security system to stand up to them, best practice is to anticipate them, and deal with them in real-time. This process is known as scrubbing. Designated scrubbing centres take care of the heavy lifting when it comes to mitigating and breaking up attacks. Scrubbing ensures the network layers act as the first line of defence. Incoming traffic is monitored and cleansed in real-time. Clean traffic is then routed into the network, whereas traffic that is considered threatening is routed back to the source. This approach means that legitimate traffic always gets through, and malicious traffic is mitigated at the source rather than near the target network, so it does not choke bandwidth. For example, Tata Communications has 15 scrubbing centres across the globe. A team of skilled engineers monitor attacks close to the botnet and DDoS heatmap. The attack is broken down in manageable chunks rather than tackled when it has gathered too much momentum. Yet, scrubbing should only be considered the first line of defence. IT managers also have monitoring proxy services, network and web application firewalls, VPN protection and securing virtual gateways to think about. Ideally, these should be delivered as part of a comprehensive managed security service. This can be achieved by delivering security services from the cloud, giving IT managers greater flexibility and choice in terms of the services and pricing models available to them. Providing security as a managed service with cloud-based solutions such as Distributed Denial of Service as a Service (DDoSaaS), Firewall as a Service (FwaaS), Virtual Private Network as a Service (VPNaaS) and Security Information and Event Management as a Service (SIEMaaS) has numerous benefits for businesses. As well as the peace of mind of knowing that all aspects of security are being proactively managed by a team of dedicated experts, a managed security service also gives IT managers a single point of contact for their security needs. This removes the administrative strain of multiple contracts, and the prospect of being passed around the houses when trying to solve a problem. Keeping the Peace – Neutralising the DDoS Threat DDoS attacks are becoming increasingly sophisticated and malicious, as cyber criminals hold businesses to ransom, threatening to bring corporate networks down for days or even for weeks. Yet, best practice to fight DDoS follows common security rules of thumb. As with any type of cyber threat, enterprises should expect to be hit by a DDoS attack, so preventative measures are key. Protecting the network is a living, breathing operation – you need to constantly seek out the next DDoS wave on the network and strike back before your business comes under attack. Source: http://www.techweekeurope.co.uk/security/ddos-wars-network-strikes-back-171925

Anonymous DDoS UAE banking websites

Several UAE banks were hit by a co-ordinated cyber attack, known in the trade as a distributed-denial-of-service (DDoS) attack, on Tuesday, crippling e-banking operations and websites, and leaving the unnamed institutions fearing further assaults, Arabian Business’ sister websiteITP.net has reported. German systems integrator Help AG, which played a central role in the clean-up for one of the victims, told the website that the DDoS attack, which has been linked to cyber group Anonymous, happened on the last day of the month as the attackers sought to wreak maximum disruption during the banks’ busiest period. Help AG cited “sources in the market” who report “widespread” incidents in the UAE financial sector. A DDoS attack uses tens, sometimes hundreds, of thousands of computers to synchronise a bombardment of packet-traffic on a server. In the absence of sophisticated mitigation solutions, servers can be brought down and services brought to a halt. “Picking the last day of a month is a very wise choice from the attackers, as it is a widely known fact that the last three days of a calendar month are the busiest ones in the financial industry, as a lot of money is changing hands in the form of salaries, mortgage and loan payments,” Nicolai Solling, director of technology services, Help AG, told ITP.net by email. Help AG’s systems identified hundreds of thousands of packets per second sustained for a number of hours on one UAE-based financial services institution. The attacks, the company said, were “not sophisticated in form”, but “followed very much the usual pattern of Anonymous, meaning application-level depletion attempts”. “Typically this is in the form of ‘get’ requests on the Web layer, which then tries to exhaust the Web servers, unfortunately something that often is too easy to achieve,” Solling explained. Anonymous is a global movement with no clear leadership, although it has spawned specific cyber groups such as LulzSec that perform co-ordinated campaigns on high-profile targets. This week’s attack was part of what the group calls #OpArabia. At the time of writing, the group listed several targets in Saudi Arabia, Egypt and the UAE on justpaste.it. Help AG did not disclose the identity of any victims, but the National Bank of Abu Dhabi (NBAD) was featured prominently on the list. “Help AG has for a period been aware of a number of threats on the region posed from Anonymous,” Solling said. Source: https://en-maktoob.news.yahoo.com/anonymous-cyber-hackers-hit-uae-banking-websites-112413582.html

View article:
Anonymous DDoS UAE banking websites

DDoS Attackers Exploiting ’80s-Era Routing Protocol

Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1). An outdated and long-forgotten routing protocol is the latest weapon in a wave of distributed denial of service (DDoS) attacks executed via home and small business routers in the past two months. Akamai Technologies’ Prolexic Security Engineering & Research Team (PLXsert) today issued a threat advisory warning of a surge in DDoS attacks using the Routing Information Protocol version one (RIPv1) to wage DDoS reflection and amplification attacks. The 27-year-old routing protocol, which allows routers in a small network to share route information, has since been updated with a newer more secure version, but the older version 1 remains in use in many small office/home office router models. While some 2,000 SOHO routers so far have been used in this new attack campaign, Akamai also found around 53,000 routers with RIPv1 enabled and vulnerable to the very same attack, mostly Motorola Netopia 2000 and 3000 series devices in the US. The main ISP running those RIPv1-enabled routers was AT&T. Sponsor video, mouseover for sound The biggest attack spotted so far: around 12 gigabits-per-second. “That was just using a limited number of resources [routers],” says Jose Arteaga, senior security researcher with Akamai PLXsert. “We found a good number of devices available with this protocol open. Our concern there is if malicious actors continue to scan or incorporate more devices in this attack, attacks can grow to be quite large. They could reach 100-gig or more.” Artiago says there’s been no specific industry targeted in the attacks at this time, and the attacks are originating mostly out of Europe and most likely a DDoS-for-hire operation, he says. The main sources include the Russian Federation (39%), China (19%), and 15% in Germany and Italy. Unlike its successor RIPv2, RIPv1 doesn’t have an authentication feature, so routers communicating via RIPv1 aren’t vetted and authenticated, leaving them open to abuse. This isn’t the first time RIPv1 has been abused for a DDoS attack. The PLXsert team spotted similar attacks nearly two years ago but those attacks basically exploited it for a query flood, not a reflection attack, where traffic is redirected from an “innocent” device to a target on the network, Arteaga says. RIPv1 Not Resting In Peace The good news is that RIPv1 is not enabled by default on enterprise-grade routers. So why is it left open on some SOHO routers? “Could be an ISP enabling it for some reason or another, but it shouldn’t be” available, he says. It also may be useful in a very small business network, he says, but that comes with this risk of abuse by malicious actors. The common denominator in most of today’s DDoS attacks is the use of the UDP protocol. More than 56% of all DDoS attacks abuse UDP, according to DDoS security vendor Incapsula. Of those, 8% use a protocol popular among Internet of Things devices, SSDP (Simple Service Discovery Protocol) used in gaming consoles and printers, for example. “A common theme with these attacks is they are obviously taking advantage of UDP … there is no way [for a victim router] to refuse that request” because it’s a connectionless protocol, Akamai’s Arteaga says. It’s up to the ISPs offering these devices to block port 520 used by UDP, which then would prevent any reflection attacks, he says. And small businesses should use the more secure RIPv2 instead of version 1. Bottom line: DDoS isn’t going away, and attackers are constantly looking for new ways to abuse equipment on the Internet as weapons to attack their targets. “It has constantly increased in activity,” says David Fernandez, manager of the PLXsert team. “DDoS has not gone away.” Source: http://www.darkreading.com/perimeter/ddos-attackers-exploiting-80s-era-routing-protocol/d/d-id/1321138

DDoS Attacks Target Financial Firms and Broker Dealers

FINRA memo June 19, 2015 announces: An increasing number of member firms have been subjected to DDoS attacks originating from a cyber-criminal group called DD4BC. The latest in ongoing efforts by cyber criminals to extort money and disrupt practices for online business. The cyber-crime group DD4BC is one of the most active at DDoS attacks on industry’s, asking for ransom payments in exchange for the return of website service. Many businesses do not understand what a DDoS attack is and how they occur. Nor, do they understand what to do if they become subject to an attack. Ransom demands for large firms can be several thousand if not hundreds of thousands of dollars in BitCoin. The danger in paying the ransom to DDoS blackmailers is that it encourages them to attack. In some cases the attackers will make repeated attacks and repeated blackmail demands. FINRA is notifying financial and securities firms to be on the lookout for these types of attacks and be prepared with a plan in place to mitigate damages and reduce business disruption. Attacks on FINRA Member firms and Financial Services The DDoS attacks FINRA is cautioning about render a website or network unavailable for its intended users by sending an overwhelming number of incoming messages to the website, causing the site to “fail to load” or show as “unsecure” when legitimate users try to access it. Cyber Crime Group DD4BC makes extortion demands on targeted systems The end goal for DD4BC criminals in these attacks is extortion. DD4BC criminals will first send a firm an email announcing their plan to target the website with a DDoS attack. They further state, the attack can be avoided by paying ransom in BitCoin. To prove they are serious, DD4BC initiates a minor attack, with a threat of more attacks if the ransom is not paid within 24 hours. A bounty on the DD4BC cyber crime group The Bitcoin community and other firms are fighting back. A recent threat to Bitalo.com (a bitcoin exchange firm) resulted in Bitalo offering a reward of 100 times the amount DD4BC had asked for. Other firms have also pledged “would be blackmailed” bitcoin rewards for information leading to the arrest and conviction of DD4BC criminals. What to do if faced with an attack: A firms first point of contact in the event of attack is the local FBI office, Cyber Crimes division. The FBI works diligently in tracking and capturing these cyber criminals. The earlier they have information about an attack, the better their chances are at locating the criminals and alerting other firms to danger. Additionally, FINRA is asking that financial firms notify the SEC and FINRA. They will use this information to identify the extent of industry attacks and help firms stop these crimes. Prepare in advance for an Attack: Most DDoS attacks start as a sharp spike in traffic. Familiarize yourself with typical inbound traffic statistics for your website by auto-generating reports to monitor traffic on a daily and weekly basis. Work with your website host to “overprovision” band-width for your website. This can often be done for very little additional cost. And, while it is not likely to prevent damage from an attack, it could add a few minutes of lead time. Also, many host companies can set up alerts to notify you if there is a sudden spike in band width usage. What is your response plan: Prevention is the best strategy. Have your system evaluated for best practices before an attack starts. If you need help there are DDoS mitigation firms that specialize in securing IT systems to detect, monitor, and block attacks. Determine where your system is weak and make changes to improve security. Have a contingency plan in place to reach customers if the firm’s website is unavailable. Alternative communication methods include customer service phone support and cloud based communication portals. Maintain email and VOIP phone service on a different server than your website. DDoS attacks tend to cripple everything on the server. Segregating digital data through separate network connection hosts adds a layer of protection for confidential email lists and customer data. What to do if you are under attack: Call your website hosting company or ISP to let them know of what’s happening. They may be able to make routing adjustments to your traffic and prevent malicious traffic from making it in to your website. DDoS mitigation and monitoring services can also provide assistance. If needed, website hosts and ISP’s can direct you to a company that specializes in scrubbing data and diverting traffic when under DDoS attack. If the attack is lasting a relatively long time, direct your site to a hosted “We Are Down “ landing page for customers. Use the page to provide customers with alternative ways to reach your firm. This will bring confidence to your customers and save them the frustration of multiple unsuccessful attempts to reach your company online. Source: http://www.finracompliance.com/ddos-attacks-target-financial-firms-and-broker-dealers/

Continue reading here:
DDoS Attacks Target Financial Firms and Broker Dealers

Polish Planes Grounded After Airline Hit With DDoS Attack

Roughly 1,400 passengers were temporarily stranded at Warsaw’s Frederic Chopin airport over the weekend after hackers were purportedly able to modify an entire airline’s flight plans via a distributed denial of service (DDoS) attack. On Sunday someone was able to infiltrate the computer system of the Polish airline LOT and successfully cancel 10 of the carrier’s flights. A dozen other flights were reportedly delayed, according to Reuters. Many passengers were able to board the flights — destined for Munich, Hamburg, Dusseldorf, and Copenhagen, among other cities — later in the day and regular service was resumed Monday according to LOT spokesman Adrian Kubicki. The airline insists that at no point was the safety of any ongoing flights at risk, nor were any other airports affected, but stressed that the attack could be a sign of things to come. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” Kubicki warned, adding that authorities were investigating the attack. LOT’s chief executive Sebastian Mikosz reiterated Kubicki’s sentiments in a press conference on Monday. “This is an industry problem on a much wider scale, and for sure we have to give it more attention,” Mikosz said, “I expect it can happen to anyone anytime.” Kubicki claimed the attack may have been the result of a distributed denial of service attack on Monday and that LOT experienced something he called “a capacity attack” that overloaded the airline’s network. While technical details around the incident have been scant, several security researchers agree it could be cause for alarm. Ruben Santamarta, a principal security consultant for IOActive has called the security of planes into question before and based on the statement given by LOT’s spokesman believes the airline may have fallen victim to a targeted attack. “Initially, it seems that flight’s plan couldn’t be generated which may indicate that key nodes in the back office were compromised,” Santamarta said Monday. “On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.” Last summer at Black Hat Santamarta described how aircraft — including passenger jets – along with ships, oil rigs, and wind turbines could be compromised by exploiting its embedded satellite communications (SATCOM) equipment. Andrey Nikishin, Director of Future Technology Projects at Kaspersky Lab, believes there could be two stories behind the hack. The incident could’ve come as a result of human error, or an electrical or hard drive malfunction, Nikishin claims, or perhaps stem from a “more Hollywood style scenario” wherein the attack is a precursor to a bigger, more significant disruption. “Warsaw airport is fairly small compared to Schiphol (Amsterdam) or Heathrow (London) and, depending on the time of day, there are only around 11 flights taking off every hour. ” “What if the incident was just a training action or reconnaissance operation before a more massive cyber-attack on a much busier airport like Charles de Gaulle in Paris or JFK in New York?” Nikishin said. “Regardless of the reason and the threat actors, we can see how our life depends on computers and how vulnerable to cyber-threats national critical infrastructure objects have become.” Earlier this year security researcher Chris Roberts made headlines by getting removed from an American Airlines flight and questioned by the F.B.I. after he claimed he was able to compromise its onboard infrastructure. Roberts told the F.B.I. that he managed to hack into several planes’ in-flight entertainment systems nearly 20 times from 2011 to 2014 although most airlines have refuted these claims. Source: https://threatpost.com/polish-planes-grounded-after-airline-hit-with-ddos-attack/113412

AINA Brought Down By Massive DDoS Attack

AINA’s website was the target of a massive distributed denial of service attack (DDOS) which made the site unavailable for more than one week. The attack was launched on June 8 and continued until yesterday. The source of the attack is unknown. A DDOS attack floods a site with hundreds of thousands of requests, which overloads the system and forces it to shut down. The attack is launched from computers which have been infected with malware, without the knowledge of their owners. A DDOS attack is difficult to defend against because of the very nature of the internet. A website is by definition designed to respond to requests. Any website can be brought down by such an attack. Source: http://www.aina.org/news/20150617135759.htm

See original article:
AINA Brought Down By Massive DDoS Attack

DDoS Attack on Voat due to Reddit

Voat was just a small Reddit knock-off before last week — but now it’s becoming overloaded as people threaten to leave the bigger site So many people are leaving Reddit that its closest competitor crashed and had to ask for donations to stay up. Many users of the site protested and left when last week it banned five subreddits for harassment. And since, users have been making good on threats to leave the site — going instead to a Swiss clone of the site, Voat. That site look almost exactly the same as Reddit, and features many of the same communities. But it is committed to a rule of “no censorship” — previously Reddit’s attitude, but one that it has moved away from as it has attempted to reduce the harassment and abuse on the site. So many people have moved to the Swiss knock-off that it has been down entirely many times since the Reddit bans. In response, the site asked for donations in bitcoin to pay for extra technology to keep the site up. That doesn’t seem to have worked, and the site says that it is now under a distributed denial of service attack, where users send a flood of requests to a website to take it down. But despite the problems, the site now has more than twice as many users as it did late last mnth, according to the site’s Twitter account. It had over 96,000 registered users last night, it said — far from the 172 million unique visitors that went to Reddit in the last month, but up many times over recent weeks. Voat’s founder said that the site was “not ready for such a huge influx of new users” and that it hadn’t “prepared for such a large and sudden increase either”. “We are sorry to see Reddit change like this, in this way, in such an accelerated fashion,” Atko wrote. “We would have never anticipated such events.” Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/reddit-alternative-breaks-because-so-many-people-leave-site-after-harassment-scandal-10321474.html

DDoS attacks are a growing digital threat to freedom of expression in Latin America

The media and Latin American journalists are starting to experience firsthand what until recently seemed to be the exclusive concern of US, European or Asian media outlets: cyberattacks.? This type of online criminal activity, known as Distributed Denial of Service (DDoS), is the other side of technological advances that aim to maximize flow of information online.? Cybercrime legislation is backward and broken in Latin America, where the lack of a culture of information security or economic resources of journalists and media outlets ensures that attacks are successful.? One of the most recent cases occurred in Mexico, where minutes after publishing an investigation about the alleged responsibility of federal police in extrajudicial executions of several young people in Apatzingan, a town in the state of Michoacan, the Aristegui Noticias site was out of services for hours, a victim of a DDoS attack.? The Knight Center for Journalism in the Americas consulted Robert Guerra, an expert on cyber security and Internet freedom, and Luis Horacio Najera, a Mexican journalist and expert in the field, on the consequences of these attacks for media companies.? “The main consequence of a cyber attack in the context of Latin America is the reduction of critical spaces that encourage debate or the exposure of misconduct and abuse of power, like corruption,” Guerra said. Guerra, founder of Privaterra, an organization based in Canada that advises private companies and NGOs on data privacy, believes that “any attack, whether cyber or physical, deteriorates freedom of expression and of the press in the country where it occurs.” In the context of countries like Mexico, where media workers are victims of assassinations, kidnappings and threats, this “silent war” on the Internet is presented as a new alarm when speaking about freedom of expression and of the press. Momentary “blackouts” of online media affect the flow of information, the legitimacy of the company and its journalists, and also cause adverse economics effects for the media companies which base their income in online advertising. “The attacks almost always occur as a result of some publication, that is to say they are more reactive than proactive,” Guerra said of the Latin American case. “The freedom of the press is vulnerable not only when a journalist is killed or a broadcaster is exploited.” In fact, in the 2014 Annual Report of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights (CIDH), at least four cases of these attacks on media in Mexico were reported. “With the changes in technology and ways of doing journalism, cyber attacks will become more frequent because they attack the legitimacy of the journalist, and also affect the publication of news. Therefore, all attacks and threats should be condemned with the same intensity,” Guerra added. In addition to clear legislation, the region also lacks information on how and where these attacks occur, as well as statistics on their targets and consequences. In 2000, one of the companies specializing in digital security solutions, Arbor Networks, joined Google Ideas (an Internet research and conflict solution implementation think tank) to create a map that tracks digital attacks happening around the world, in real time. The aim was to create a tool for identifying these anonymous attacks: What is the origin of the attack, its target, and the duration and type of attack? It also aimed to analyze trends. Looking at the map, you can see that the peak of the cyber attacks in Latin America happened in December 2014. “It’s very interesting to see that most of the attacks are concentrated in a few countries in the region and that they are the result of specific moments in those countries,” Guerra said. “In the case of Guatemala, a reason for the attacks may be that at that time people were discussing the results of the International Commission Against Impunity in Guatemala. In the case of Peru, the second round of December 2014 regional elections may have influenced events.” What is a DDoS attack? At the technical level, a DDoS attack occurs when millions of simultaneous requests are sent to a single server in order to make it collapse. It is a targeted, deliberate action using hundreds of connected computers to make a simultaneous attack.? In an interview with the Knight Center, Hector Jara, founder and director of Enfinity, a Panamanian cybersecurity and information safety management company, explained the concept with an analogy. “Imagine a highway where a few cars circulating at high speeds and the traffic is fluid. As you add more and more cars, the driving pace slows and traffic is less fluid. If we continue to add cars, you will reach a point where the highway is saturated and cannot meet the demand, and the cars will be stopped. The same thing happens with connections to a website. The number of connections that it can respond to is limited, and if it makes more and more connection, at some point it will be saturated. The more capacity the organization has, this is more difficult to achieve – we think of Google Facebook, among others – but the limit always exists.” Jara also explained how criminal organizations use other types of attacks – for example phishing – through which they infect computers of ordinary users. “These infected computers are known as zombies , and can be controlled and used by these organizations to launch other attacks, such as DDoS. In fact these organizations assemble networks of zombie computers (known as botnets ) that they then ‘rent’ for non-sanctioned purposes”. The cybersecurity expert said that in addition to political purposes and censorship attacks, other attacks are related to digital protest. For example, the term Hacktivism is a new form of protest increasingly being used. One of the latest examples of the use of technology as a means of social protest was during the removal of former President Fernando Lugo of Paraguay when attacks on public bodies were made and one of them closed access to the official website of the Presidency. Asked about possible actions against these attacks, Jara explained that “while we can design a communications architecture in a way that can protect against these attacks – for example there are technological tools such as Web Application Firewalls and services such as CloudFlare , which can mitigate the impact and in some cases completely limit it – by the nature of the attack, if those interested in launching the attack had enough resources and time, it is likely that the would force a site out of operation.” While in the United States DDoS attacks are considered crimes and are punishable under the penal code, this has not been shown to combat the situation. The question is what can legislation achieve regarding this issue. Experts agree that international cooperation is key to fighting cybercrime. In 2014, Mexico hosted the “Workshop on legislation on cybercrime in Latin America”, organized to support Latin American countries in developing legislation on cyber crime, in accordance with international standards proposed in the “Budapest Convention “. During the meeting, possible reforms to criminal law of the participating countries and constitutional reforms in telecommunications were debated. While Argentina, Chile, Colombia, Costa Rica, Mexico, Paraguay and Peru have expressed their interest in joining the treaty, Dominican Republic and Panama have already completed this process. “Most regional legislation concerning information security have been poorly, and in many cases have been motivated by local public security crisis,” said Guerra of Privaterra. “So, from the start, these are deficient laws that in many cases secretly seek to impact civil society through censorship and criminalization of social networking activity.” Guerra also said it is not possible to speak of general solutions in Latin America, but that “each region has its own dynamics, and accordingly, legislation should create or strengthen legal counter methods to give tools for protection to civil society. These tools should be autonomous and independent of government.” Meanwhile, Jara noted that while regulations should establish a legal framework that protects personal information and data, in the case of journalists, these professionals should take measures to protect such data. “Because of the work, they may be a target of criminal organizations and sometimes governments. If they also have blogs or personal pages, they should ensure the safety of them, as a vulnerable site also becomes the focus of attack, ” Jara said. Source: https://knightcenter.utexas.edu/blog/00-16118-ddos-attacks-are-growing-digital-threat-freedom-expression-latin-america