Tag Archives: ddos-defense

Russia’s Zvezda television channel website comes under DDoS attack

The channel’s technical experts managed to partially restore the website’s operation, but it is still not working properly Russia’s Zvezda television channel website came under a DDoS attack on Friday. “The Zvezda channel’s website came under a massive DDoS attack. Its first round occurred at 14:00 Moscow time, making the website inaccessible to users,” the channel said in a statement. The channel’s technical experts managed to partially restore the website’s operation, but it is still not working properly. Source: http://en.itar-tass.com/non-political/747331

Read the original post:
Russia’s Zvezda television channel website comes under DDoS attack

FBI probe into hack and DDoS attacks on banks

THE Federal Bureau of Investigation is probing a computer-hacking attack on JPMorgan Chase and as many as four other banks, in what people familiar with the probe described as a significant breach of corporate computer security. The timing and extent of the hacking attacks wasn’t immediately clear, though cybersecurity experts began probing the possible JPMorgan breach earlier this month, according to people familiar with the investigation. Source: http://www.theaustralian.com.au/business/wall-street-journal/fbi-probe-into-hack-attacks-on-banks/story-fnay3ubk-1227040501221?nk=a9c75ab55e6d5171cc79455c78c5564d#

Link:
FBI probe into hack and DDoS attacks on banks

Anonymous Hacked Ferguson Police Servers and Launched a DDOS Attack

Police officers in Ferguson, Missouri have been forced to communicate via text message after Anonymous launched a DDOS attack against the city’s servers shutting them down, following the murder of Michael Brown. On top of that, private servers of the Ferguson police department were hacked to get personal information. Both peaceful and violent protests have taken place in response to the atrocity in Ferguson. Last Thursday, anonymous performed a DDoS attack on Ferguson servers. The attack was in reaction to the murder of 18 year old, Michael Brown, an African American teenager who was killed unjustly by white policemen. Law enforcement officials said recently that the FBI has taken an immense interest in the investigation of hacking attempts directed at the personal computers and online accounts of police officers who are part of the department responsible for the murder. CNN and other mainstream media outlets, in affiliation with three policeman, who’s names are undisclosed, have reported the police as victims of a ‘cyber attack’, suggesting that anonymous is to blame for the violent demonstrations that took place in Ferguson, avoiding the clear fact that the PD of Ferguson are responsible, and a reaction like this is to be expected in result to the killing of an innocent person. This is of no surprise that corporately funded news outlets would be hesitant to speak negatively of the police. In reality, despite the propaganda that the 1% will spew forth, it is organizations like Anonymous that are fighting for freedom, unrestricted by the fascist regulations of a fear-mongering governing body, we can fight for peace using whatever means possible. Source: http://anonopsofficial.blogspot.ca/2014/08/anonymous-hacked-ferguson-police.html

Originally posted here:
Anonymous Hacked Ferguson Police Servers and Launched a DDOS Attack

Eve Online Servers Knocked Offline Due to DDoS Attacks

Eve Online, the space-based videogame with over half a million active players, has been forced offline for more than 12 hours due to a series of cyber attacks against a cluster of its servers located in London. According to the Eve Online Status Twitter account, the first signs of trouble were seen at around 8pm on Thursday, 21 August, and by 11pm the Icelandic-based CCP Games which develops the game had confirmed the problem was due to a series of distributed denial of service (DDoS) attacks. DDoS attacks are a common tool used by criminals to flood servers with traffic in order to knock them offline and unavailable to anyone trying to access them. Some had apparently linked the offline status of the game to the recent activity of the Bardarbunga volcano in Iceland which is on the verge of erupting, however CCP Games explicitly ruled this out. The problem is affecting the Tranquility server cluster, which all Eve Online players connect to in order to play the game. This cluster of servers is based in London. Even the Eve Online wiki is inaccessible as it too is seemingly hosted on the Tranquility server. An update from CCP Games on Twitter at 8am on Friday, 22 August, simply saying: “Tranquility is currently under heavy load again” and pointing player to a forum thread. However this thread also appears to be offline at the time of publication. DDoS attacks are often used by unscrupulous companies in order to knock rivals offline for a sustained period of time, with many cyber-criminals renting out DDoS services for as little as £5-an-hour. Eve Online is a massively multiplayer online game set in the fictional world of New Eden where players pilot customisable spaceships through a galaxy of over 7,500 star systems. The game is also unique in that its developers create the structure of New Eden but then handed over control of what happens in the game to the players. The rest is a virtual world where corporations and alliances hold huge power and where huge battles can cost the equivalent of over $300,000 in real world money. Source: http://www.ibtimes.co.uk/eve-online-servers-knocked-offline-due-ddos-attacks-1462180

Continue Reading:
Eve Online Servers Knocked Offline Due to DDoS Attacks

Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

A CHINESE TROJAN , one of the few to be written for the Linux operating system, has seemingly made the jump to Windows. First reported in May by Russian anti-malware software house Dr Web, the original malware known as “Linux.Dnsamp” is a Distributed Denial of Service (DDoS) Trojan, which, according to the company blog, transfers between Linux machines, altering the startup scripts, collecting and sending machine configuration data to the hackers’ server and then running silently waiting for orders. Now it appears that the same hackers have ported the Trojan to run in Windows as “Trojan.Dnsamp.1? The Windows version gains entry to the system under the guise of a Windows Service Test called “My Test 1?. It is then saved in the system folder of the infected machine under the name “vmware-vmx.exe”. When triggered, just like its Linux counterpart, the Trojan sends system information back to the hackers’ central server and then awaits the signal to start a DDoS attack or start downloading other malicious programs. Fortunately, the vast majority of the attacks using this method were aimed at other Chinese websites, which were attacked 28,093 times, but Dr Web warns that US websites came second with nine percent of attacks. Although the threat of malware is an everyday hazard to most computer users, to find an attack on Linux is much rarer, and to find any kind of malware that has been ported from one operating system to another is almost unheard of. In June, RSS reader service Feedly, note app Evernote and streaming music service Deezer all suffered DDoS attacks. Google is working on Project Shield, an initative designed to help smaller web servers fight off DDoS attacks. Source: http://www.theinquirer.net/inquirer/news/2361245/chinese-linux-trojan-makes-the-jump-to-windows

Follow this link:
Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

Popcorn Time Hit By Massive DDoS Attack

A major fork of the popular Popcorn Time project is currently being subjected to a massive DDoS attack. The whole project has been hit, from the site hosting its source through to its CDN, API and DNS servers. The team tells TorrentFreak that the attack amounts to 10Gbps across their entire network. Every year sees periods when sites in the file-sharing sector are subjected to denial of service attacks. The attackers and their motives are often unknown and eventually the assaults pass away. Early in 2014 many torrent sites were hit, pushing some offline and forcing others to invest in mitigation technology. In May a torrent related host suffered similar problems. Today it’s the turn of the main open source Popcorn Time fork to face the wrath of attackers unknown. TorrentFreak spoke with members of the project including Ops manager XeonCore who told us that the attack is massive. “We are currently mitigating a large scale DDoS attack across our entire network. We are currently rerouting all traffic via some of our high bandwidth nodes and are working on imaging and getting our remaining servers back online to help deal with the load,” the team explain. The attack is project-wide with huge amounts of traffic hitting all parts of the network, starting with the site hosting the Popcorn Time source code. Attack on the source code site – 980Mbps Also under attack is the project’s CDN and API. The graph below shows one of the project’s servers located in France. The green shows the normal traffic from the API server, the blue represents the attack. Attack on the France API server – 931Mbps Not even the project’s DNS servers have remained untouched. At one point two of three DNS servers went down, with a third straining under almost 1Gbps of traffic. To be sure, a fourth DNS server was added to assist with the load. Attack on the Dutch DNS server – peaking at 880Mbps All told the whole network is being hit with almost 10Gbps of traffic, but the team is working hard to keep things operational. “We’ve added additional capacity. Our DNS servers are currently back up and running but there is still severe congestion around Europe and America. Almost 10Gbps across the entire network. Still working on mitigating. API is still online for most users!” they conclude. Nobody has yet claimed responsibility for the attack and it’s certainly possible things will remain that way. Only time will tell when the attack will subside, but the team are determined to keep their project online in the meantime. Source: http://torrentfreak.com/popcorn-time-hit-by-massive-ddos-attack-140814/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29

DDoS attack takes down Cirrus Communications

Fixed wireless broadband provider Cirrus Communications has experienced a distributed denial of service (DDoS) attack that incapacitated half its network. Cirrus provides wireless networks to business, apartment complexes, residential colleges and military bases. The company says it is a last mile provider and prides itself on “competitive pricing … in metropolitan data centres to remote or broadband constrained areas,” an “ability to deliver high bandwidth where organisations need it” and an “Its ability to connect multiple locations for organisations on a breakthrough economic basis.” But over the last day, those services have not been available to all customers, as CEO Eric Heyde told The Register the company yesterday experienced a DDoS attack that took down “more than 50 per cent” of its network and that it experienced “struggles” in the wake of the event. “We are very close to full recovery,” Heyde told The Reg . “We’ve only got a couple of per cent of the network down at present.” [15:30 AEST – Ed} Heyde said the attack hit Cirrus’ core network, rather than the radio equipment on the edge. “It’s too early to say where the attack came from,” he added, and declined to offer further comment on the attack’s origins. Reg readers have suggested the attack has disrupted communications to other carriers that use Cirrus’ services. Source: http://www.theregister.co.uk/2014/07/30/ddos_takes_down_cirrus_communications/

Continued here:
DDoS attack takes down Cirrus Communications

‘Political’ DDoS Attacks Skyrocket in Russia

Commercial hackers in Russia are giving way to politically motivated cyber criminals targeting ideological enemies, a new study said Wednesday. The most powerful DDoS attacks on Russian websites in the first six months of 2014 were triggered by the political crisis in Ukraine, digital security company Qrator Labs revealed. February’s Olympic Games in Sochi also prompted a spike in DDoS attacks, said the study, as reported by Bfm.ru news website. Hacker attacks in Russia have generally decreased in quantity, but have become more powerful compared with the first six months of 2013, the report said. About 2,700 distributed denial-of-service (DDoS) attacks occurred during the first six months of 2014, compared with 4,400 over the same period last year, Bfm.ru said. But the number of powerful attacks upward of 1 Gbps increased five times to more than 7 percent of the total, the report said, citing Qrator Labs digital security company. Some of the attacks peaked at 120 to 160 Gbps, the report said. Attack time also grew significantly, with DDoS strikes lasting up to 91 days, compared with 21 days in the first half of 2013. Average botnet size tripled from 136,000 to 420,000 machines per attack. This indicates ideological motivation on behalf of the attackers, who, unlike criminal hackers attacking websites for money, have more time at their disposal, Qrator Labs was quoted as saying. The media made the list of prime DDoS targets along with payment systems and real estate websites. Last season, Forex websites and online stock exchanges accounted for the “absolute majority” of the attacks, the study said, without providing exact figures. Source: http://www.themoscowtimes.com/news/article/political-ddos-attacks-skyrocket-in-russia/503226.html

DDoS Attack Puts Code Spaces Out of Business

Days after Feedly and Evernote were briefly forced offline by hackers demanding a ransom payment, a code-hosting service was run out of business by a similar scheme. CodeSpaces.com closed its doors this week, following a security breach that began with a distributed denial-of-service (DDoS) attack, and ended 12 hours later after an attempt to extort money from the company. No stranger to DDoS attacks, Code Spaces thought it could handle the situation, but the situation quickly spiraled out of control. On Tuesday, an unauthorized person—not believed to be employed by the site—gained access to Code Spaces’s Amazon EC2 control panel. When the team fought back, the hacker deleted “most of our data, backups, machine configurations and offsite backups,” the company said. “Code Spaces will not be able to operate beyond this point,” an online notice said, citing the price of resolving the issue, as well as the expected cost of refunding paying customers. This week’s attack “will put Code Spaces in [an] irreversible position both financially and in terms of ongoing credibility.” “All that we have to say at this point is how sorry we are to both customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” the company said. Users can expect more details once Code Spaces sorts out its customers’ needs. Those who have stored data on the site can email support@codespaces.com with an account URL, and if you’re lucky, some remaining crumbs will be returned. For more, watch PCMag Live in the video below, which the Code Spaces dilemma. It’s been a banner month for DDoS attacks: Evernote suffered a blow last week, but was back on its feet within a few hours. Feedly wasn’t so lucky, however. The RSS service was hit twice in two days, though the company promised user data remained safe. Similarly, Ancestry.com just recovered today from a three-day bout of DDoS, in which the site was overloaded with traffic and crashed. No user information was compromised. Source: http://www.pcmag.com/article2/0,2817,2459765,00.asp

Anonymous takes aim at World Cup sponsors

Hactivist group Anonymous has announced plans to launch a DDoS attack on the sponsors of the football World Cup, which opens in Brazil later this month. Reuters – interviewing Che Commodore, a masked member of Anonymous – says that preparations for the distributed denial of service attack are now under way. “We have a plan of attack. We have already conducted late-night tests to see which of the sites are more vulnerable – this time we are targeting the sponsors of the World Cup,” he said. The main sponsors of the World Cup include Adidas, Budweiser, Coca Cola and Emirates Airlines. Reuters quotes Che Commodore as claiming that a test attack earlier this week allowed Anonymous to break into the Brazilian Foreign Ministry’s server and access dozens of confidential documents, as well as steal several email accounts. The newswire adds that in response to the claims, a Foreign Ministry official told Reuters that 55 email accounts were accessed and the only documents that were obtained were attached to emails and those from the ministry’s internal document archive. Can Anonymous carry out its threat? Tim Keanini, CTO with Lancope, says that, regardless of threat profile, an event of this magnitude must have a heightened level of readiness to a physical or cyber security related event. “By the time a group like this makes a public announcement, much of the infiltration phase has already been done. These threat actors are smart and they don’t start to show their cards until they are well into the operational phase of their campaign,” he explained. Keanini said that events like the World Cup require hundreds of interconnected businesses and every one of those businesses need to be prepared. “If your business is connected to the Internet you should be prepared for cyber security events because it is likely to have already happened, you just don’t have the tools and technique to detect it,” he noted. Sean Power, security operations manager with DOSarrest, meanwhile, said that Anonymous is a face that any hacktivist can masquerade behind. “The composition of a team from one OP to the next will vary greatly – with a predictable effect on the sophistication of the attack. That being said, under normal operation any event as much in the public eye should be wary of DoS attacks, if threats have already been levied, that concern should be increased, not dismissed out of hand,” he explained. Ryan Dewhurst, a senior engineer and web security specialist with RandomStorm, told SCMagazineUK.com that Anonymous has already stated that they used targeted phishing emails to install malware on victim’s machines and gain access to government documents. “I believe they will use a mixture of both sophisticated and non-sophisticated attacks. However, they have also stated that they will be carrying out Distributed Denial of Service (DDoS) attacks against the World Cup sponsors,” he said. “Anonymous’ DDoS attacks, in the past, have worked by getting many Anonymous members to run software, most likely their infamous Low Orbit Ion Cannon (LOIC) tool, which attempts to flood their target with an overwhelming amount of traffic. The LOIC tool is most likely being run by the majority of the group members who have less technical skill, whereas the more sophisticated attacks are most likely carried out by the most skilled members of the group which would be fewer in number,” he added. Dewhurst says that Anonymous – if indeed it is this group and not another group of hacktivists using its name – are always going to go for the easiest targets, as these are also the least risky for them to attack, while still achieving their goals. “If their less risky methods are unsuccessful they will begin to increase the sophistication of the attack, however this also increases the risk of them eventually being caught,” he explained. David Howorth, Alert Logic’s vice president, say there are lessons that can be learned from Anonymous’ latest campaign, which means that companies should review their security practices assuming an attack could take place. IT security professionals, he advises, must be vigilant and ensure that all employees are aware of the company’s internal security policy and best practices, practice good password security, as well as making sure that all systems and applications are up-to-date and patched. “Make sure you have expertise that can monitor, correlate and analyse the security threats to your network and applications across your on-premise and cloud infrastructure 24×7 for continuous protection – this should be done now, as the hackers are already testing the vulnerabilities in the infrastructure in preparation for their attacks,” he went on to say. Source: http://www.scmagazineuk.com/anonymous-takes-aim-at-world-cup-sponsors/article/349934/

Read the article:
Anonymous takes aim at World Cup sponsors