Tag Archives: ddos-defense

Hong Kong Protests: Anonymous Hackers Leak Chinese Government Data, Shutdown Websites

Hundreds of phone numbers, names, IP addresses and email addresses from Chinese government websites have been leaked online by the hacktivist collective Anonymous in support of pro-democracy protests in Hong Kong. Anonymous first threatened the attack last week through its ‘Operation Hong Kong’ affiliated branch, promising to leak government email address details and to shut down state websites through a Distributed Denial of Service (DDoS) attack. Over the weekend, shortly after a government statement condemning the threat of attack, personal details taken from the Ningbo Free Trade Zone in Zhejiang province and a job-search site were released by the group. “We cannot be with you on the streets. We cannot fight the police that are arresting you. But they cannot arrest an idea,” Anonymous said in a statement. “We have effectively hacked and shutdown government websites and their supporters. Some noticeable Chinese and Hong Kong government domains and networks have already acquired American services for their domains.” The group claims that such actions by the Chinese government prove that the attacks carried out “cannot be handled” and that the involvement of US-based providers prove that US corporations are complicit in supporting Beijing policy. The hacker group first announced its support for the pro-democracy protests in Hong Kong at the beginning of October, stating in a video at the time: “The time has come for democracy for the citizens of Hong Kong.” Five suspected members of Anonymous have since been arrested in the region in connection with hacking attacks. Due to the secretive nature of Anonymous, some security experts have said that it is difficult to prove that these attacks actually stem from them, rather than western governments. Protests in the former British colony started last month after Beijing decided it was to screen candidates for the first election in the territory in 2017. Source: http://www.ibtimes.co.uk/hong-kong-protests-anonymous-leaks-chinese-government-data-1469747

.Anonymous threatens China, Hong Kong authorities with website blackout for DDoS attacks

Anonymous, the nebulous online activist group that uses hacking to further causes it supports, has threatened a major blackout of Chinese and Hong Kong government websites, and to leak tens of thousands of government email address details. The group, under the banner of ‘Operation Hong Kong’ or ‘#OpHongKong’ and ‘#OpHK’ on Twitter, said on Friday it will launch a mass effort against Chinese government servers to bring down their websites via Distributed Denial of Service (DDoS) attacks on Saturday. DDoS attacks attempt to cripple networks by overwhelming them with Internet traffic. “Here’s your heads up, prepare for us, try to stop it, the only success you will have will be taking all your sites offline,” an Anonymous statement posted online said. “China, you cannot stop us. You should have expected us before abusing your power against the citizens of Hong Kong.” Demonstrations in Hong Kong have seen the use of tear gas, violent clashes and mass disruptions to business and traffic as people campaign for the right to democratically elect the Asian financial hub’s leader. Hong Kong’s refusal so far to negotiate with protesters, and a police reaction that many labelled as heavy-handed, has sparked widespread condemnation that has now spread to Anonymous, which often campaigns for civil liberties by attacking people or institutions it sees as opponents of those rights. “If this is true, it will show that the Chinese government is a victim of internet hacking,” said Foreign Ministry spokesman Hong Lei at a daily news briefing. “ China has consistently stressed our opposition to all internet hacking attack activities. We rebuke the acts of this organisation.” The Chinese government’s Hong Kong Liaison Office also said its website had been attacked twice on Wednesday and Thursday, blocking visitors to the site for a time. “This kind of internet attack violates the law and social morals, and we have already reported it to the police,” it said, adding that the website was running normally again. Among the websites Anonymous said it would target are those of China’s Ministry of Public Security, the Ministry of Defence, Ministry of Justice and Hong Kong police. “Prepping for massive DDoS attacks, Database dumps, etc… Will be destroying #China Government,” wrote one Anonymous participant on Twitter. China’s Defence Ministry, in a statement sent to Reuters, said its website was subject to numerous hacking attacks every day from both home and overseas. “We have taken necessary steps to protect the safe operation of the Defence Ministry website,” it added. The State Internet Information Office, China’s internet regulator, declined to comment. The Ministry of Public Security declined to immediately comment by telephone. The Hong Kong Police Force was not available for immediate comment. The Ministry of Justice said it was not aware of the threat from Anonymous, and that its website wasn’t its responsibility to maintain. The Legal Network Media Beijing Company, which maintains the Ministry of Justice site, said it had not had official notice about any attack, nor had it detected any attacks on the website so far. “If there are future hacking attacks, we have confidence they can be resolved,” said a technician at the company who gave his surname as Zhong. Source: http://uk.reuters.com/article/2014/10/10/uk-china-hongkong-internet-idUKKCN0HZ0KY20141010

See the original article here:
.Anonymous threatens China, Hong Kong authorities with website blackout for DDoS attacks

Telegram under 150Gbps DDoS attack

Cross platform messaging app Telegram has been a target of massive distributed denial of service (DDoS) attacks for two days in a row over the weekend with the largest in tune of 150Gbps. The DDoS attacks started on Saturday – September 27 – and according to Telegram the scale of the attack was in tune of tens of Gbps. “A DDoS attack on Telegram in progress, tens of Gigabitsec. Users in some countries may have connection issues. We’re working on it, folks!” tweeted Telegram. Prior to the official confirmation, users started complaining of connectivity issues as well as not being able to send messages successfully. These complaints were picked up by Telegram administrators and upon investigation they zeroed it down to DDoS attack. Telegram soon managed to recover from the attack, but DDoS perpetrators launched another massive attack and this time in tune of of 150Gbps. “Detecting a 150+ Gbit/s DDoS now, an attack three times as large as yesterday’s.” tweeted Telegram. Users are still complaining about connectivity issues and there has been no confirmation from Telegram on whether they have been able to resolve the issue or not. Source: http://www.techienews.co.uk/9718714/telegram-150gbps-ddos-attack/

Continued here:
Telegram under 150Gbps DDoS attack

DDoS Attacks Target Online Gaming Sites, Enterprises

DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps, according to NSFOCUS. A continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently has been revealed by the NSFOCUS 2014 Mid-Year Threat report. In parallel, high-volume and high-rate distributed denial of service (DDoS) attacks were on the upswing in the first half of 2014. DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50 percent DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16 percent. More than 2 percent of DDoS attacks were launched at a rate of over 3.2Mpps, according to the report. “The DDoS attack is a relatively easy attack method to be employed with noticeable effects among other network attacks. When online service is stopped, the impact and damage it causes is very apparent and straightforward,” Xuhua Bao, senior researcher at NSFOCUS, told eWeek. “Attacks with high frequency make it hard for attack’ targets to respond to instantly, increasing the difficulty of the defense level.” The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks. “Today, DDoS attack methods have become highly instrumental and resourceable. When an attacker plans to launch a DDoS attack on a specific target, there are plenty of DDoS attack tools and resources available online to be purchased and used,” Bao said. “With the rise of hacktavism in recent years, DDoS attacks have become a means of protesting or expressing your own opinion, which is widely used by some hacker groups.” The report revealed HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially. More than 90 percent of attacks detected lasted less than 30 minutes, an ongoing trend the report said indicates that latency-sensitive websites, such as online gaming, e-commerce and hosting service should be prepared to implement security solutions that support rapid response. The survey also indicated an increase in Internet service providers (ISPs), enterprises and online gaming sites as targets. Attacks targeting ISPs increased by 87.2 percent, while attacks on enterprises jumped by 100.5 percent and online gaming by 60 percent. “The online gaming industry has been a target of DDoS attacks and are mainly profit-driven. The nature of online gaming relies greatly on the Internet service and often there is a huge amount of money involved making them extremely sensitive to attacks,” Bao said. “When they are being attacked, there are obvious and direct economic losses, as well as the loss of the resources from players, which leads to malicious competition and extortion.” Source: http://www.eweek.com/small-business/ddos-attacks-target-online-gaming-sites-enterprises.html

See the article here:
DDoS Attacks Target Online Gaming Sites, Enterprises

Chain Radio Returns After A Massive DDoS Attack

Who’d have thought it would be such a chore to run a radio station? Chain Radio, which launched a at the end of July, and since then they’ve dealt with some major issues. Namely, they’ve been the subject of DDoS attacks for weeks, but it really caught up with them in the last week. Rockstar, the head of Chain Radio, made a post on their page talking about what they’ve had to deal with in order to get their site up and running again, and the challenges they’ve faced. Unlike many other sites in the world of Bitcoin land we are operating a fleet of streaming servers which can not be simply placed behind the protection of CloudFlare. When someone is attacking our servers we are in a constant state of battle blocking IP ranges, blocking specific IPs and trying to keep everything online. Nevertheless, Rockstar remained defiant in the face of adversity. “It costs us over a thousand dollars each month to keep this service online for our listeners and if the DDOS attacks continue it will likely cost even more,” he said. “That said, we are committed to seeing this project through and NOT letting a few jerks silence what we are doing and the community that we are creating.” As to the identity of those “few jerks” and their motives, it remains unknown. As of this writing, Chain Radio is back up and running. They’re running a non-profit operation, relying largely on donations from the community. They’re taking donations to help offset the cost of the project through their website. Source: http://thecoinfront.com/chain-radio-returns-after-a-massive-ddos-attack/

Continue reading here:
Chain Radio Returns After A Massive DDoS Attack

Struggles with iOS 8 upgrades, traffic surges mimic DDoS attacks

Users upgrading devices to iOS 8 are struggling with long waits – while networks are being flooded by traffic (NASDAQ:AAPL, NASDAQ:AAPL) Apple users are frustrated with difficulty in upgrading to iOS 8, as download times are painfully long. To make matters worse, some networks are being slammed by so much traffic, it’s almost like they are under distributed denial-of-service (DDoS) attack. Networking company Procera Networks found one CIS mobile network that saw its network traffic jump an incredible 4000 percent than normal – an astronomical traffic amount for non-video applications. Everything from Apple’s iPhone models to its smartwatch were criticized – but anytime there is a new iOS release, Apple fans quickly flock to download the latest operating system. However, after just a few days, adoption for iOS 8 has been slower than that of iOS 6 or iOS 7, according to analysts. The iOS 8 upgrade requires 5.8GB of storage space, forcing some users to delete photos, videos, and other data to free up space to upgrade. Source: http://www.tweaktown.com/news/40240/struggles-with-ios-8-upgrades-traffic-surges-mimic-ddos-attacks/index.html

Continued here:
Struggles with iOS 8 upgrades, traffic surges mimic DDoS attacks

The Escapist #GamerGate Forums Brought Down In DDoS Attack

Earlier this week, Milo Yiannopoulos of Breitbart London published an article containing emails between a group of video game journalists, all members of an email list called GameJournoPros. The Breitbart piece suggested collusion between these journalists to provide a specific spin on news during the early days of the Zoe Quinn scandal, which has now blossomed into the broader #GamerGate movement, and to clamp down on discussion of the topic across sites and forums. Yiannopolous also published the full exchange of emails, which provided a more nuanced look at the situation. In the emails various game writers discuss the Quinn scandal and how to approach it. Some suggest sending a note of solidarity, while others push back against this idea, citing the need for professional distance between journalists and their subjects. All told, it appears to be a largely civil conversation between professionals. But two moments in the thread ought to raise eyebrows. In one, writer Ryan Smith asks questions about where other writers and publications draw the line on writing about the private lives of subjects. He is quickly shouted down. More important is an exchange between Polygon writer Ben Kuchera and The Escapist’s Editor-in-Chief Greg Tito. Kuchera urges Tito to shut down The Escapist forum where the discussion of Quinn was occurring, but Tito refuses, arguing that a place for discussion is a healthy thing. “The conversation may be distasteful to some of us,” Tito writes in response to Kuchera and others, “but I don’t know if the answer is to delete the thread. The Escapist is not giving harassment a home, but allowing civil discussion on a matter that people are emotional about.” Since these emails took place, #GamerGate has been born and even the release of Bungie’s popular video game Destiny hasn’t dampened the voices on both sides. However, it appears that many forums where discussion of #GamerGate has been occurring have been clamping down. Both reddit and 4chan have been banning users and shutting down forums related to the topic. One of the only places outside of Twitter where any discussion has been occurring has been at The Escapist. This morning The Escapist came under a DDoS (denial of service) attack, according to the co-founder and GM of the site Alexander Macris. “A DDOS attack is currently underway against @TheEscapistMag. The attackers are specifically targeting the GamerGate forum thread,” Macris tweeted this morning. After a brief interlude the attacks began again, and eventually the publication was forced to take down the forums temporarily. The attack consists of “a large number of IP addresses targeted the GamerGate thread for reload many times per second.” At this point there is no information of the perpetrator of the attack though The Escapist is working to find out. The timing of the attack, following the revelations in the GameJournoPros emails, does raise questions. We will continue to follow this story and update as more information comes to light. If anyone has information about the attacks please don’t hesitate to reach out. Source: http://www.forbes.com/sites/erikkain/2014/09/20/the-escapist-forums-brought-down-in-ddos-attack/

Continued here:
The Escapist #GamerGate Forums Brought Down In DDoS Attack

5 most targeted industries for DDoS attacks

1. Gaming Gaming is the most-targeted industry, according to the report, accounting for more than 45% of total attacks. The industry, which includes any company related to online gaming or gaming-related content, is prone to attacks by motivated players seeking to gain a competitive advantage or by malicious actors seeking to steal personal data from players. The industry received a large percentage of infrastructure layer attacks and a fair percentage of application-layer attacks in Q2, including 46% of all NYN floods and 68% of GET floods. 2. Software and technology The software and technology industry, which includes companies that provide solutions such as SaaS and cloud-based technologies, was hit with the second-greatest number of attacks (22%), and was the most-frequently targeted with infrastructure-layer attacks. The report reveals that the most popular attack vectors against the software and technology industry were DNS and NTP reflection and amplification attacks, accounting for 33% and 26% respectively. SYN floods made up approximately 22% of attacks, and UDP floods accounted for 27%. 3. Media and entertainment The report reveals that the media and entertainment industry accounted for a smaller percentage of all attacks, at 15% in Q2. This marks a 39% decrease from last quarter. Despite this shift, the media and entertainment industry remains one of the most targeted industries for hackers. These attacks often offer higher visibility for malicious actors, with press coverage that helps campaign organizers reach out to supporters and recruit new participants. The media and entertainment industry was hit by mostly infrastructure attacks, including SYN floods (18%), UDP floods (25%) and UDP fragments (22%). 4. Financial services Major financial institutions, such as banks and trading platforms, were targeted in 10% of all attacks in Q2, according to the Prolexic report. Historically, financial institutions have been the target of many DDoS attacks, including those orchestrated by the group Izz ad-Din al Qassam Cyber Fighters (QCF), using the Brobot botnet. The report discloses that recent activity indicates a possible resurgence of the use of the Brobot botnet, but the financial sector did not experience many major attack campaigns this quarter. 5. Internet and telecom Including companies that offer internet-related services such as ISPs and CNDs, the internet and telecom industry was the fifth most-targeted industry in Q2, accounting for 4% of all attacks. Infrastructure-layer attack vectors were the most common, with 10% of all attacks as UPD floods, and 9% as UPD fragments. Internet and telecom was the target of 12% of all NTP flood attacks this quarter. Source: http://www.propertycasualty360.com/2014/09/12/5-most-targeted-industries-for-ddos-attacks?t=tech-management&page=6

Continue Reading:
5 most targeted industries for DDoS attacks

DDoS reflection/amplification attacks disrupting ISP networks

Attacks being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies Reflection/amplification distributed denial of service (DDoS) attacks have now become so large that entire ISP networks are getting disrupted, says a networking security expert. Arbor Networks senior security engineering & response team (ASERT) analyst Roland Dobbins told Computerworld Australia that DDoS attacks are being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies. “The main characteristic of these attacks is that they are huge. The biggest one we have seen so far was 400Gb/s. Because these attacks are so large, they fill up the pipes of Internet service providers [ISPs], the peering and transit links,” he said. According to Dobbins, the attacks are possible because many ISPs and enterprise networks have not implemented universal anti spoofing measures. “The way these [DDoS] attacks work is that the attacker will try to get control of a computer on a network that does not enforce IP source validation. [The attacker] spoofs the IP address of his target and sends a bunch of queries to a misconfigured server.” The misconfigured server answers these queries and “pummels” the target of the attack with unsolicited responses, he said. “It’s as if I called up 20 pizza parlours in Sydney, pretended to be someone else and ordered a lot of large pizzas to be delivered to that person.” The largest reflection/amplification DDoS attack recorded in Australia by Arbor Networks staff was 62Gb/s, he said. The attack, which took place in early 2014, appeared to be triggered by an online gaming dispute. “Since October 2013, there has been an explosion in these attacks that online gamers use. One player gets a grudge against another and decides to be unsportsman like and resort to a DDoS attack. It’s like using a nuclear weapon to solve a playground dispute,” he said. Dobbins had three tips for ISPs to avoid reflection/amplification DDoS attacks. The first was that ISPs should enforce anti-spoofing or source address validation at the edges of their network. “The second thing they [ISPs] can do is make sure they utilise flow telemetry analysis from routers and switches. This provides real time visibility into network traffic. When these attack floods traverse their network, they can detect it and trace it back [to the source] immediately,” he said. “The third thing they need to do is implement reaction and mitigation mechanisms. One of these is called an intelligent DDoS mitigation system [IDMS].” “If they have these reaction and mitigation tools to deal with this attack traffic, they will be in a much better position to deal with these events and minimise disruption,” said Dobbins. Source: http://www.computerworld.com.au/article/554558/ddos-reflection-amplification-attacks-disrupting-isp-networks-analyst/

Read the original post:
DDoS reflection/amplification attacks disrupting ISP networks

DDoS Attacks: Increasingly the Weapon of Choice

Distributed denial of service (DDoS) attacks are a method attackers favor for disrupting an organization’s operations by flooding the network with traffic, overwhelming available bandwidth, and making network resources unavailable. According to research from the Ponemon Institute, DDoS attacks accounted for 18 percent of data center outages in 2013, up from 2 percent in 2010. They found that such attacks are the most costly data-center attacks to mitigate, costing an average of $822,000 per outage, leading to problems such as business disruption, loss of revenues, and reduced productivity. However, the costs can be even higher for organizations that rely on their websites as their main sales vehicle, since the unavailability of those websites can lead to those organizations losing multiple millions of dollars in sales. According to Forrester Research, the average organization loses $27 million for a 24-hour outage, with business services and financial services institutions faring the worst. Despite the damage that DDoS attacks can do in and of themselves, they are often used as a smoke screen to divert resources into clearing up the disruption, leaving organizations unaware of other attacks happening simultaneously. Often, the real motivations are financial manipulation or a competitive takeout. In other cases, the motivations are ideological, looking to hurt or embarrass organizations. For example, in late 2012 to early 2013, 46 financial institutions in the United States were hit with over 200 coordinated and timed DDoS attacks. It is believed that the motivation for this campaign of attacks was to cause consumers to lose their trust in the retail banking system. However, organizations in any walk of life can be impacted, both in the private and public sector, and such attacks should be considered a top concern by any organization, especially as DDoS attacks are increasingly becoming a weapon of choice. Not only are DDoS attacks growing in number and affecting a wider range of organizations, but more tools are becoming available that make them easier to pull off. Whereas previously an attacker would have had to possess a fair degree of skill and recruit an army of computers into a botnet in order to create enough computing power to launch an attack, new attack methods require considerably fewer resources and less skill. DDoS attack kits are now readily available on the Internet for low prices, making the job of a relatively unskilled hacktivist much easier, and DDoS-as-a-service attacks are an increasingly common phenomenon, whereby attackers hire themselves and their botnets out to those wishing to launch attacks. Another recent development is the use of network time protocol amplification attacks, which use publicly available network time protocol servers, the real purpose of which is to provide clock-synchronization services over public networks. Using this method means that attackers no longer need to go through the effort of putting together a botnet to launch their attacks. Recently, there has also been a dramatic rise in mobile applications used in DDoS attacks, driven by the ease with which mobile apps can be downloaded. These apps allow any mobile user to join a DDoS attack if he or she wishes—for example, for an ideological cause with which he or she sympathizes. It is predicted that such attacks will increase dramatically. The tremendous growth in DDoS attacks in 2013 that continued, if not accelerated, in 2014 means that all organizations should beware of the consequences. Where they do not have the resources in-house to defend themselves, organizations should investigate the use of services that can divert traffic away from their networks while remediation measures are taken. While, on the one hand, there is a trend toward increasing complexity and sophistication of attacks, on the other hand, attacks are becoming easier to pull off by an ever-wider range of criminal actors. The DDoS attack landscape is set to become much more complicated, and many more organizations will become victims. All organizations should beware. Source: https://blogs.rsa.com/ddos-attacks-increasingly-weapon-choice/

More here:
DDoS Attacks: Increasingly the Weapon of Choice