Tag Archives: defend against ddos

OpTrump: Anonymous declares war on Donald Trump with DDOS attack following Muslim ban speech

Hacktivist group Anonymous has continued to add to its list of targets, with controversial US presidential candidate Donald Trump the latest in the crosshairs. Following Trump’s radical speech stating he wanted to ban Muslims from entering the US, Twitter accounts linked to the group declared war. The OpTrump campaign launched last night (9 December) with the first piece of business taking down Trump’s website www.trumptowerny.com for several hours by hitting it with a DDOS (distributed-denial-of-service) attack, which crashed the site. One Twitter user posted a picture of the hack, claiming the site was “almost down”. Anonymous posted a video online in response to Trump’s comments and warned of the repercussions of his words. “Donald Trump, it has come to our attention that you want to ban all Muslims from entering the United States. This policy is going to have a huge impact. This is what Isis wants. The more Muslims feel sad the more Isis feels they can recruit them. The more the United States appears to be targeting Muslims, not just radical Muslims you can be sure Isis will be putting that on their social media campaign,” said a masked member of the hacktivist group. While Anonymous has yet to officially claim responsibility for the DDOS attack, Twitter users showed full support of the group and its campaign. In the grand scheme of things this was a fairly tame attack, as the website is still running as normal at the time of writing, but it did serve as a digital slap to show this could be the first of many targeted operations against Trump. Anonymous is also busy taking on Islamic State by organising an official Isis Trolling Day called “Day of Rage” on 11 December, where it is encouraging an uprising of social media users to post content mocking the terror group. They issued a list of actions in a statement that includes reporting accounts of Isis sympathisers, posting mocking photos and use mocking hashtags. There will also be organised demonstrations held around the world. Source: http://www.ibtimes.co.uk/optrump-anonymous-declares-war-donald-trump-ddos-attack-following-muslim-ban-speech-1532739

Read more here:
OpTrump: Anonymous declares war on Donald Trump with DDOS attack following Muslim ban speech

Mysterious hackers attempting to bring down entire internet by DDoS-ing critical servers

Mysterious hackers are yet again trying to bring down the entire internet by bombarding crucial servers that support it with a gigantic, sustained distributed denial of service (DDoS) attack, which has caused webpages to load slowly in some locations. There are 13 internet root name servers in the world that run the internet, and these servers are responsible for helping your web browser to locate top-level domains such as .com, .org, .net or any country-specific top level domains like .uk, .fr, .sg, .de, .ae and .cn. The servers function as a sort of internet address book and they make up what is known as the domain name system (DNS) system. The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). DDoS attack sent 5 million queries per second The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). “The incident traffic saturated network connections near some DNS root name server instances. This resulted in timeouts for valid, normal queries to some DNS root name servers from some locations.” You might think that the servers would be knocked offline by that much traffic, but no, they were saved by the root server operators having enough additional servers on standby that were able to balance the load of traffic. Although the sustained cyberattack resulted in some real queries from users surfing the web timing out in some locations, there were no complaints that end-users were having severe internet problems, so the root server operators believe that the attack would have been “barely perceptible” and all anyone would have seen was a slight delay in loading webpages in some web browsers. The root name server operators also stated that since IP source addresses can be easily spoofed and the traffic flooded multiple anycast websites, it is impossible to trace the traffic back to its source, so we have no idea who was behind this. Only a government could have this much clout However, if you use logic, it would take a really powerful entity like a country’s government to have the resources to sustain a coordinated cyberattack that lasted 48 hours and was able to keep flooding the root name servers consistently with a high level of traffic at five million queries a second. This is not the first time this has happened either – on 21 October 2002 a DDoS attack campaign attacked the 13 root name servers for one hour, and on 6 February 2007 a DDoS attack was sustained for 24 hours. In the first incident, the attackers didn’t have enough traffic to fully flood the servers and take them offline, while the second incident saw two root servers suffer badly, while another two servers experienced heavy traffic. So who could it be? Is it a foreign government, a terrorist group or cybercriminals? Who knows, but they seem to be getting better at it. Source: http://www.ibtimes.co.uk/mysterious-hackers-are-trying-bring-down-entire-internet-by-ddos-ing-critical-servers-1532762    

Visit link:
Mysterious hackers attempting to bring down entire internet by DDoS-ing critical servers

Abe’s official website latest to come under possible cyber attack by Anonymous

Japanese Prime Minister Shinzo Abe may have had his official website attacked by the ‘hacktivist’ Anonymous group, local media reported Thursday. According to Japan’s public NHK broadcaster, Abe’s official website has been inaccessible since early on Thursday, with the international group of clandestine hackers knows as Anonymous allegedly posting a message on Twitter claiming responsibility for the cyber attack on the site. Abe’s top spokesperson, Chief Cabinet Secretary Yoshihide Suga, said the government had been informed about the possible breach to the prime minister’s site by Anonymous, but in a press conference earlier Thursday declined to comment specifically as to whether the attack had been carried out by Anonymous. The possible attack by Anonymous is the latest in a series of cyber attacks on Japanese websites, including most recently last month on the website of Japan’s Health, Labor and Welfare Ministry, which went down for three days after the group, according to its Twitter post, disabled the site by flooding it with enough data to crash its servers. As with the latest case, the Tokyo Metropolitan Police have been on high alert, although the government is either unaware or is remaining tight-lipped about the motive for the recent attacks, according to sources close to the matter Thursday. The group also took aim at Japan on Oct. 10 this year, when both Narita and Chubu airports in the east of the country, came under DDoS attacks with Anonymous saying on Twitter the attacks were a part of their campaign against Japan’s controversial dolphin hunting practice. The town of Taiji in southeastern Japan where the drive hunts take place saw its official website also taken down earlier in the year with police concluding that the hactivist group was responsible. The Japan National Tourism Organization and Japan’s Fishermen’s Union’s websites have also suffered DDoS attacks, for Japan’s continued dolphin hunts, it has been reported. Prior to these, in 2012, the government was also subjected to a series of cyber attacks by Anonymous following the implementation of new ant-piracy laws by the government, which outline stiff fines and jail terms for those downloading copyrighted content. The group highlight the fact that content suppliers were pressuring Internet Service Providers (ISPs) to implement surveillance technology in an unprecedented move that some felt impinged on privacy laws. As a result, the Finance Ministry, Supreme Court, the then ruling Democratic Party of Japan and Liberal Democratic Party of Japan all saw their sites attacked at the time, some with specific pages defaced. Source: http://www.ecns.cn/2015/12-10/192047.shtml

Read more here:
Abe’s official website latest to come under possible cyber attack by Anonymous

DNS Root Servers Hit by DDoS Attack

Unknown parties carried out a large-scale DDoS attack on the Internet’s DNS root servers, causing slight timeouts for four nodes, more exactly on the B, C, G, and H servers, RootOps reports. There were two different attacks, one launched on November 30 that lasted 160 minutes (from 06:50 to 09:30 UTC), and a second, shorter one on December 1 that lasted only one hour (from 05:10 to 06:10 UTC). RootOps, the DNS root server operators, are reporting that the attacks were valid DNS queries addressed towards one domain in the first attack, and to a different domain on the second day. Each attack blasted up to five million queries per second per DNS root name server. RootOps has no hopes to catch the culprit, since IP source addresses can be easily spoofed, and the source IP addresses used in the DDoS attack were very well spread and randomized across the entire IPv4 address space. The DDoS didn’t cause any serious damage, but a mere delay for some users making DNS queries via their browser, FTP, SSH, or other clients. DNS protocol’s design  saves the day “The DNS root name server system functioned as designed, demonstrating overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers,” said the DNS root server operators, referring to the fallback system employed by DNS servers. Because of the way DNS is constructed, on a mesh-like structure like the Internet itself, if one server does not respond, other servers intervene and provide a DNS query result. The DNS root server operators did not speculate on the reasons this massive attack was carried out against their infrastructure but did say this was not the result of a reflected DDoS attack. RootOps recommended that ISPs that don’t want to allow DDoS attacks that use IP address spoofing to be carried from their network should implement Source Address Validation and the BCP-38 specification. Source: http://news.softpedia.com/news/dns-root-servers-hit-by-ddos-attack-497363.shtml

Read this article:
DNS Root Servers Hit by DDoS Attack

Unknown Copycat Using Armada Collective Name for DDoS-for-Bitcoin Extortions

Cyber-crime syndicates are moving in, pushing script kiddies out of the picture, expect more large-scale attacks After the success of DDoSing outfits like DD4BC and Armada Collective, an unknown copycat that’s using the Armada Collective name but asking for astronomical payments has appeared. A report from Recorded Future, a real-time threat intelligence protection company, shows that DDoS-for-Bitcoin extortion schemes are here to stay, with more and more attacks being launched solely for this reason. DD4BC have launched a new type of extortion scheme This trend can be tracked down to an Akamai report released over the summer that documented the actions of a hacking group known as DD4BC (DDoS 4 Bitcoin). This group launched DDoS attacks on companies around the world, requesting small payments in Bitcoin for each target. The group’s scheme was a simple one. They would send threatening emails to business owners, saying they would launch powerful DDoS attacks if a ransom was not paid in due time to a specific Bitcoin wallet. To prove their point, a small 15-minute DDoS was launched to showcase their capabilities. DD4BC’s scheme proved to be extremely lucrative and allowed them to rack up Bitcoin over the past year in over 140 DDoS attacks. The group was active since late 2014 and suddenly stopped its activity after the Akamai report was released, probably to avoid getting caught by law enforcement authorities alerted to their scheme. Enter Armada Collective Soon after, the first DD4BC copycat arose, in the form of the Armada Collective hackers, carrying out DDoS attacks on small businesses in Switzerland. They then expanded to email providers, and their name became known around the world in the famous ProtonMail incident. The incident is very well documented in one of our previous stories , but we’ll give you a small summary. Basically, Armada Collective followed the DD4BC regular tactics, sending an email and launching a small 10-15 Gbps DDoS attack on ProtonMail. Armada Collective returning ransom to ProtonMail As soon as the attack ended, ProtonMail revealed what happened, and more serious attacks took place, with ProtonMail paying the ransom in the end. Armada Collective denied any involvement and even went as far as to return the ProtonMail ransom, putting the blame on a state-sponsored actor with capabilities that far exceeded its own. Enter the unknown copycat But something else happened recently that made the Recorded Future team stop and ponder about the bigger picture, and that’s the DDoS-for-Bitcoin attacks on three major Greek banks . With DD4BC and Armada Collective always launching small-scale attacks and requesting modest ransoms (the equivalent of a few thousand dollars), this new group attacking Greek banks does not fit the bill. While the attacks of DD4BC and Armada Collective seem to be the work of script kiddies, the ones that brought down ProtonMail and the three major Greek banks were massive in scale. Coupled with the fact that this new group also requests ransoms in the order of millions of dollars, there are clear signs that they are a copycat that’s trying to remain hidden by passing as Armada Collective (as stated in the email sent to the Greek banks). With the number of DDoS-for-Bitcoin attacks on the rise, this type of cyber-threat is about to evolve from the work of script kiddies to the normal MO of larger cyber-criminal syndicates.

Continue reading here:
Unknown Copycat Using Armada Collective Name for DDoS-for-Bitcoin Extortions

Sputnik Türkiey website became the target of a DDoS attack

Access to the site was blocked for an hour due to a distributed denial-of-service (DDoS) attack carried out by unknown perpetrator(s). The website’s IT specialists managed to quickly deal with the attack and Sputnik Türkiye has already resumed operations. The resources of Rossiya Segodnya International Information Agency, including the Sputnik website and newswire, had already become a target for a major DDoS attack in October, when the agency’s websites and mailing services were unavailable to users for two hours. DDoS attacks are caused by a large number of Internet users or software programs simultaneously sending requests to a website until it exceeds its capacity to handle Internet traffic. Source: http://sputniknews.com/middleeast/20151208/1031410680/sputnik-turkey-ddos-attack.html

View article:
Sputnik Türkiey website became the target of a DDoS attack

UK research network Janet still being slapped by DDoS attack

DNS services appear to be targeted, switching may work Members of UK’s academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. Janet first came under a Distributed Denial of Service (DDoS) attack yesterday, and the same attack has continued through to today forcing much of the academic community offline. Initially, Jisc’s engineers and security teams identified the cause as a DDoS attack and worked to identify the source of the assault and implement blocks. However, after some suggestions of network stabilisation, further problems were seen. Janet reported that it would cease providing updates on its Twitter page following the attack, as the information seemed to be providing the attackers with hints about how to adjust their attacks. For those who find Janet’s DNS services sluggish to respond, it may be possible to work around the issue by switching to Google Europe’s DNS. Boffins from various field have somehow managed to take to Twitter to share their woes about the outage. Vision and Office 365 are also being reported as offline. The Register understands no ransom notice has been delivered to Jisc as of writing. DDoS-for-ransom attacks are almost always preceded by the ransom request, as an early payment saves the attackers money. Source: http://www.theregister.co.uk/2015/12/08/uk_research_network_janet_ddos/

View original post here:
UK research network Janet still being slapped by DDoS attack

Warnings over Node.js flaw that could lead to DoS attacks

TheNode.js Foundation has revealed a couple of bugs within its JavaScript software that could lead to major denial of service attacks against websites using the code. The issues affects versions of Node.js from version 0.12 up to version 5. In a bulletin issued by the Foundation, the popular server-id JavaScript platform has two vulnerabilities. One covers “a high-impact denial-of-service vulnerability” while the other is a “low-impact V8 out-of-bounds access vulnerability.” V8 is the JavaScript engine developed by Google and used by Node.js. The DoS issue is labelled as CVE 2015-8027, while the access problem is identified as CVE-2015-6764. According to the bulletin, the first bug could allow a hacker to launch a denial of service. The second bug could enable a hacker to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The issues were disclosed last week with patches due to be released yesterday. However, the Foundation announced that it will now delay releasing the patches until Friday. It said this was because of dependencies on OpenSSL, which itself has been found to contain further vulnerabilities. “Node.js versions v0.10.x and v0.12.x depend on OpenSSL v1.0.1 and versions v4.x (LTS Argon) and v5.x depend on OpenSSL v1.0.2,” stated an advisory on the Node.js website. “As the Node.js build process statically links OpenSSL into binaries, we will be required to release patch-level updates to all of our actively supported versions to include the upstream fixes. While we are unaware of the exact nature of the OpenSSL vulnerabilities being fixed, we must consider it likely that Node.js releases will be required in order to protect users.” It said the move to Friday was “unfortunate” but has to take into account of “the possibility of introducing a vulnerability gap between disclosure of OpenSSL vulnerabilities and patched releases by Node.js and therefore must respond as quickly as practical.” “Please be aware that patching and testing of OpenSSL updates is a non-trivial exercise and there will be significant delay after the OpenSSL releases before we can be confident that Node.js builds are stable and suitable for release,” the organisation said. Wim Remes, strategic services manager EMEA at Rapid7, said vulnerabilities in Node.js “impacts organisations across verticals, from ecommerce websites, over healthcare organisations, to critical infrastructure.” “Hackers will leverage any vulnerability that allows them to gain control over a target. Denial of Service vulnerabilities are mostly used for targeted hacktivism or extortion purposes. The out-of-bounds access vulnerability, as it provides direct access to an infrastructure, would be a welcome tool in the arsenal of any digital criminal,” he said. “With access to part of the infrastructure, an attacker can pivot further through the infrastructure, destroy information, exfiltrate information, install spying software, etc.  A vulnerability that provides direct access is the first tool an attacker needs to achieve their goals.” Remes added that in this case patching is about the only thing an organisation can do. “There are obviously ways to stop attacks using Web Application Firewalls or Intrusion Prevention Systems but given the severity of the issues, I would definitely recommend to prioritise patching. Additionally, making sure that any system which doesn’t need to be on the internet is not reachable by external users is something that makes sense too,” said Remes. Source: http://www.scmagazineuk.com/warnings-over-nodejs-flaw-that-could-lead-to-dos-attacks/article/457205/

See more here:
Warnings over Node.js flaw that could lead to DoS attacks

Greek Banks Hit by DDoS Attacks, Hackers Ask for Bitcoin Ransoms to Stop

Armada Collective, the hackers that launched DDoS attacks on ProtonMail, are back and are targeting several Greek banks, using the same DDoS-for-Bitcoin extortion scheme. Unlike the ProtonMail debacle, when the secure email provider agreed to pay the hackers’ ransom, this time around, bankers contacted local law enforcement, as Greek newspaper Kathimereini is reporting. The attacks started on Thursday, November 26, and continued through this week. Three unnamed Greek banks were targeted, and Armada Collective hackers asked for 20,000 Bitcoin ($7,210,000 / €6,790,000) from each of them. Yanni Koutsomitis, Eurozone analyst and managing director at Imperial Media, said that, on Monday, Greek authorities brought in FBI specialists to help with the investigation and countering the cyber-attack. During the DDoS on ProtonMail, after the initial attacks that convinced ProtonMail management to pay the ransom, subsequent DDoS attacks grew in intensity. Armada Collective denied responsibility for the subsequent attacks, which were many times stronger than the early ones. Many believed the hackers’ explanation and suspected that a state-sponsored actor quietly got on the line and was taking revenge on the secure email provider labeled as “NSA-proof.” The attacks on the Greek banks now confirm that Armada Collective is a serious threat and has the power to cripple an entire nation’s financial institution. Previous Armada Collective targets include Hushmail, Runbox, and a few Internet Service Providers from Switzerland. None of them paid the ransom. Source: http://news.softpedia.com/news/greek-banks-hit-by-ddos-attacks-hackers-ask-for-bitcoin-ransoms-to-stop-496966.shtml

Read this article:
Greek Banks Hit by DDoS Attacks, Hackers Ask for Bitcoin Ransoms to Stop

Tux Machines Again Faces DDoS Attacks

The popular website Tux Machines has evidently fallen victim to a DDoS attack that made the site unavailable for part of the day on Friday. The announcement of the attack was initially made in a blog notice posted on the site late Friday morning GMT which opened with the line “Tux Machines has been mostly offline this morning.” According to the blog post, the attack was at first thought to have been initiated by the Chinese web services company Baidu, but a later update indicated that turned out not to be the case. “…Baidu was [not] at fault but botmasters who used ‘Baidu’ to masquerade themselves, hiding among some real and legitimate requests from Baidu (with Baidu-owned IP addresses).” At this time, it’s not known who’s behind the attack. Roy Schestowitz, who with his wife Rianne publishes both Tux Machines and the politically oriented FOSS blog site Techrights, told FOSS Force, “We’ve suspected EPO seeking revenge, which makes sense for Techrights, not Tux Machines.” EPO refers to the European Patent Office which recently threatened Schestowitz with civil action over an article which claimed the EPO purposefully gives priority to patent applications from large corporations. This isn’t the first time the outspoken Schestowitz’s sites have come under DDoS attacks. In September and October of 2014, both sites came under a crippling attack that lasted for several weeks and which left both sites unreachable for long stretches of time. Indications are that this current attack isn’t nearly as damaging, although Schestowitz said that he and his wife had been working to keep Tux Machines functional throughout the weekend. Many websites use the services of a content delivery network (CDN), in part as protection against all but the most robust DDOS attacks. Schestowitz told us that no CDN is used by either of his sites. “I wrote a lot about this before,” he said. “Performance, Tor, privacy issues, JavaScript and so on. So no, CDNs are out of the question.” We sent Tux Machines an email this morning to determine the current status but have not received a reply. However, at the time of publication the site was responsive, as was Techrights. Source: http://fossforce.com/2015/11/tux-machines-again-face-ddos-attacks/

More:
Tux Machines Again Faces DDoS Attacks