Five Russian banks that experienced a distributed denial of service (DDoS) attack Sept. 26 believed to have been aimed at starting a bitcoin-related panic had been warned in advance by the General Directorate of Security and Information Protection of the country’s Central Bank. The regulatory body’s deputy director, Artyom Sychev, was quoted by The CoinTelegraph as saying the attackers were likely trying to cause panic and destabilization rather than collect a bitcoin ransom. The early warning helped the banks fend off the attack, although they did receive threatening letters in the aftermath. The CoinTelegraph also quoted a Central Bank official saying that the letters said, “To prevent such acts in the future, the attackers are asking to send only 50 BTC to their Bitcoin wallet.” Source: http://www.scmagazine.com/ddos-attacks-on-russian-banks-reportedly-aimed-at-causing-bitcoin-panic/article/442842/
View article:
Early warning helped five Russian banks ward off DDoS attacks
Internet users Wednesday night protested the plans for a single gateway by attacking and bringing down the main websites of the prime minister, the Defence Ministry and the Ministry of Information and Communication Technology. Communications experts said “denial of service” attacks flooded the three sites, effectively making them impossible to access. The sites began to recover early Wednesday. The three sites went offline at about 10pm Wednesday, after netizens warned they intended to attack, and the government said such attacks would be treated as violations of the Computer Crime Act. The ICT deputy permanent secretary, Somsak Khaosuwan, claimed his ministry’s site did not crash because of an attack, but because it was overloaded by visitors monitoring the planned attack. Sites affected as of early Wednesday were the main government information website thaigov.go.th, the ICT ministry’s site at mict.go.th and the defence ministry’s website, mod.go.th. By early Wednesday, however, only the MICT site remained inaccessible, possibly because authorities had actually taken it offline. Warnings on Wednesday afternoon from credible sources in the Thai hacking community said they planned to attack government websites to protest the recent disclosure of government plans to reduce internet access to a single gateway, controlled by CAT Telecom Co. It appeared that the government site takedowns were by internet users, who answered calls on social media to go on online and continuously click refresh, causing overloads on the three targeted sites. The simultaneous denial-of-service attack works like normal attacks by over-exceeding a website’s capacity to handle internet traffic. But whereas normal attacks are carried out by a program or bot, Wednesday night’s protest was carried out by thousands of online users. After the secret plan was accidentally disclosed by a government press release, authorities sent out Deputy Prime Minister Prajin Junthong to try to spin the plan. He said that the single gateway initiative was only a proposition and that no “firm decisions have been made.” Critics of the plan idea contend it will take away freedom of information, with some even comparing it to the tightened grip of a communist country. A change.org petition opposing the single gateway initiative passed 100,000 signatures as of Wednesday. Source: http://www.bangkokpost.com/news/security/714432/single-gateway-protest-halts-government-websites 
A Reddit user has uncovered a covert method of carrying DDoS attacks on 4chan’s infrastructure using images hosted on Imgur, via Reddit. According to Reddit user rt4nyp, who discovered the vulnerability, every time an Imgur image was loaded on the /r/4chan sub-reddit, over 500 other images were also loaded in the background, images hosted on 4chan’s CDN. Since traffic on 4chan is quite huge as is, getting some extra connections from Reddit pushed 4chan’s servers over the edge, crashing them several times during the day. Additionally, 8chan, a smaller 4chan spin-off, was also affected and suffered some downtime as well. Malicious code was being loaded with Imgur images Reddit user rt4ny was alerted that something was amiss when he noticed that Imgur images on Reddit were loaded as inlined base64 data. Taking a closer look at the base64 code, he observed that a small piece of JavaScript code was added at the end, which had no business being there. This code secretly stored the “axni” variable in the browser’s localStorage, which was set to load another JavaScript file from “4cdns.org/pm.js.” This is not 4chan’s official CDN, but a domain registered to closely resemble the real deal, which was taken down in the meantime. When refreshing the original image that loaded the “axni” variable, the malicious code would not be loaded again, a measure taken to avoid detection. Additionally, also to avoid detection, the JS file stored on “4cdns.org/pm.js” could not be loaded directly in the browser. Loading 500+ 4chan images inside a hidden iframe Analyzing the pm.js file, rt4ny found that it loaded an iframe outside the user’s view with the help of some clever CSS off-screen positioning tricks, inside which the hundreds of 4chan images were being loaded, along with a 142 KB SWF file. Imgur was contacted about this issue, and fixed it on the same day. “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur,” said the Imgur team. “From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.” It’s a sad day for humanity when we see hackers combine the three best sites on the Internet to find cat GIFs into such wicked and immoral ways. Source: http://news.softpedia.com/news/hackers-used-imgur-to-launch-ddos-attacks-on-4chan-492433.shtml