The website for CSIS, the Canadian Security Intelligence Service, appears to have gone down again — less than 24 hours after a suspected rogue hacker took the site down in a so-called denial of service attack. The website for Canada’s spy agency went offline shortly after 9 a.m. ET Tuesday. While the cause is still unknown, when the website went down Monday night, sources told CTV’s Mercedes Stephenson that a rogue hacker who had previously launched attacks on several municipal and police websites, had claimed responsibility for the CSIS attack. A denial-of-service attack is not technically a hack into the site, but the attack does prevent Internet users from accessing the website. “Experts I’ve spoken to say it is very hard to stop this kind of attack,” Stephenson told CTV News Channel Tuesday morning. “The level of sophistication and the number of ways they are attacking one website at one time to send it offline is very hard to prevent.” She says sources tell her that the hacker isn’t attempting to steal information in these attacks. “This is all about trying to embarrass the government, intelligence agencies and the police,” she said. The hacker is trying to draw attention to the controversial Bill C-51, as well as the case of an Ottawa teen who was charged in an alleged “swatting” incident. The hacker believes the teen was framed, sources tell CTV. A spokesperson for the Ministry of Public Safety and Emergency Preparedness, acknowledged in a statement Monday night that the CSIS website had gone “temporarily offline.” “No information has been breached. We are taking cybersecurity very seriously,” spokesperson Jean-Christophe de Le Rue said. The same hacker was previously connected to hacking group Anonymous, but appeared to be operating alone on Monday, sources said. The person believed to be responsible tweeted out several messages about the CSIS website Monday, including: “I’m deciding if I should let CSIS back online and hit another government website, or if I should keep it offline for a while.” Less than two weeks ago, several government websites — including ServiceCanada.gc.ca and Parl.gc.ca — were hit by a denial of service attack. Anonymous claimed responsibility. Source: http://www.ctvnews.ca/canada/csis-website-goes-down-again-1.2447166
Tag Archives: defend against ddos
Protests or profiteering? Whether it’s Anonymous, the Cyber Caliphate or Cyber Berkut, the hack remains the same
“Hacktivism” has been around since the Cult of the Dead Cow in the 1980s; only the names have changed. Where we once heard about Chaos Computer Club and the Legion of Doom, we now have high-profile examples like Anonymous, Anti-Sec and Lulzsec. This is not a comparison – 35 years ago it was mostly demonstrations and denials of service. Now, attacks have become exponentially more intrusive and destructive. With this escalation in damages comes a new name. Cyber terrorism is a term that the media has been using quite frequently. There have also been countless articles on the so-called Cyber Caliphate, Cyber Berkut, and even various disparate groups of “cyber freedom fighters” around the world. Is changing “hacktivism” to “terrorism” the government and media’s way of upping the ante on hacking? Indeed, what is the difference between hacktivism and cyber terrorism, if there is one? After all, they both seek out pretty much the same targets. They both have a singular purpose, in its simplest definition – to cause damage to an entity, organisation or group. So what sets these two categories of hackers apart? Is the answer in their motivation? Can we really view one as “good,” and the other “bad”, or is it simply a matter of personal opinion? Anonymous Anonymous is a loose association of activist networks that has an informal and decentralised leadership structure. Beginning in 2003, on the bulletin board 4Chan, Anonymous began to recruit and train young people interested in hacking for a cause. Throughout the years, they have run cyber attacks, mostly distributed denial of service (DDoS) attacks, against the financial, healthcare, education, religious organisations, oil, gas and energy industries – pretty much everything. They have also earned a spot on that distinguished list of attackers who have targeted consumer electronics giant Sony. Anonymous has really changed the nature of protesting. In 2013, Time magazine listed it as one of the top 100 influential “people” in the world. Supporters have called the group “freedom fighters” and even compared them to a digital Robin Hood. Others, however, consider them little more than cyber terrorists. In the public’s eye, it depends on their motivation, following and targets. The bottom line: This could either be a case of malicious activity masked by political motivation, or pure malicious activity. Cyber Berkut Cyber Berkut is a modern group of hacktivists and claims its name from the Ukrainian special police force “Berkut”, formed in the early 1990s. This pro-Russian group made a name for itself by conducting DDoS attacks against the Ukrainian government and Western corporate websites conducting business in the region. The group has also been known to penetrate companies and attempting to retrieve sensitive data. Following a heist, they would post on public-facing pastebin sites or their own non-English website, which includes a section called “BerkutLeaks”. Cyber Berkut was most recently credited for attacks against the Chancellor of the German Government, NATO, Polish websites and the Ukrainian Ministry of Defence. The group has been compared to Anonymous based on its methods of protest and political targets. Viewed as passionate about its targets, Cyber Berkut has a clear agenda. However, the group’s ideology in no way diminishes the amount of intended damage that might be inflicted on potential victims. Cyber Caliphate Cyber Caliphate, as the name implies, is a hacker group that associates with the Islamist terrorist group ISIS. It has attacked many different government and private industry entities, and claims responsibility for multiple website defacements and data breaches. The group has hacked various websites and social media accounts, including those of military spouses, US military command, Malaysia Airlines, Newsweek and more. Indeed, Cyber Caliphate is hungry for media attention. This raises the question: does Cyber Caliphate believe in its stated cause, or is this just opportunistic hacking under the cover of a cause for media attention? What if the group is just looking for fame and fortune? What if the group is not a group at all, but the work of one or two people collaborating with different contributors for specific targets? Motive doesn’t matter Is this really cyber terrorism, hacktivism or just another set of hackers trying to get famous by jumping on the media’s hot topic of the month? In some cases, it may seem romantic when people claim to be fighting for a cause – rather than more nefarious intent, or even just for a laugh. But the fact remains that cyber attacks are cyber attacks, whether they are motivated by politics, money or a distorted idea of fame. The key to fighting back – after ensuring that your organisation’s security is up to snuff – is threat intelligence. Threat intelligence gathering is the key to keeping up with the actions of these groups and their potential targets with impartial, straightforward news, gathered by specialists. Staying abreast of potential hacktivist attacks requires a proper investment in intelligence groups with the proper tools, people, processes and other resources to deliver up-to-date information. And not just about the groups, but the techniques they might be using. Information sharing among intelligence groups from different industries and countries also will help expedite the reverse engineering of malicious code and assist in the building of signature content and correlation logic that is deployed to our security technologies. So once attacks are observed globally, defences can be quickly built, detection logic integrated – and information disseminated to the security specialists on the front line who may be all that stands in the way of the kind of corporate meltdown that nearly sank Sony Pictures in December last year. Source: http://www.computing.co.uk/ctg/opinion/2414910/protests-or-profiteering-whether-its-anonymous-the-cyber-caliphate-or-cyber-berkut-the-hack-remains-the-same
See the original post:
Protests or profiteering? Whether it’s Anonymous, the Cyber Caliphate or Cyber Berkut, the hack remains the same
DDoS Attacks Target Financial Firms and Broker Dealers
FINRA memo June 19, 2015 announces: An increasing number of member firms have been subjected to DDoS attacks originating from a cyber-criminal group called DD4BC. The latest in ongoing efforts by cyber criminals to extort money and disrupt practices for online business. The cyber-crime group DD4BC is one of the most active at DDoS attacks on industry’s, asking for ransom payments in exchange for the return of website service. Many businesses do not understand what a DDoS attack is and how they occur. Nor, do they understand what to do if they become subject to an attack. Ransom demands for large firms can be several thousand if not hundreds of thousands of dollars in BitCoin. The danger in paying the ransom to DDoS blackmailers is that it encourages them to attack. In some cases the attackers will make repeated attacks and repeated blackmail demands. FINRA is notifying financial and securities firms to be on the lookout for these types of attacks and be prepared with a plan in place to mitigate damages and reduce business disruption. Attacks on FINRA Member firms and Financial Services The DDoS attacks FINRA is cautioning about render a website or network unavailable for its intended users by sending an overwhelming number of incoming messages to the website, causing the site to “fail to load” or show as “unsecure” when legitimate users try to access it. Cyber Crime Group DD4BC makes extortion demands on targeted systems The end goal for DD4BC criminals in these attacks is extortion. DD4BC criminals will first send a firm an email announcing their plan to target the website with a DDoS attack. They further state, the attack can be avoided by paying ransom in BitCoin. To prove they are serious, DD4BC initiates a minor attack, with a threat of more attacks if the ransom is not paid within 24 hours. A bounty on the DD4BC cyber crime group The Bitcoin community and other firms are fighting back. A recent threat to Bitalo.com (a bitcoin exchange firm) resulted in Bitalo offering a reward of 100 times the amount DD4BC had asked for. Other firms have also pledged “would be blackmailed” bitcoin rewards for information leading to the arrest and conviction of DD4BC criminals. What to do if faced with an attack: A firms first point of contact in the event of attack is the local FBI office, Cyber Crimes division. The FBI works diligently in tracking and capturing these cyber criminals. The earlier they have information about an attack, the better their chances are at locating the criminals and alerting other firms to danger. Additionally, FINRA is asking that financial firms notify the SEC and FINRA. They will use this information to identify the extent of industry attacks and help firms stop these crimes. Prepare in advance for an Attack: Most DDoS attacks start as a sharp spike in traffic. Familiarize yourself with typical inbound traffic statistics for your website by auto-generating reports to monitor traffic on a daily and weekly basis. Work with your website host to “overprovision” band-width for your website. This can often be done for very little additional cost. And, while it is not likely to prevent damage from an attack, it could add a few minutes of lead time. Also, many host companies can set up alerts to notify you if there is a sudden spike in band width usage. What is your response plan: Prevention is the best strategy. Have your system evaluated for best practices before an attack starts. If you need help there are DDoS mitigation firms that specialize in securing IT systems to detect, monitor, and block attacks. Determine where your system is weak and make changes to improve security. Have a contingency plan in place to reach customers if the firm’s website is unavailable. Alternative communication methods include customer service phone support and cloud based communication portals. Maintain email and VOIP phone service on a different server than your website. DDoS attacks tend to cripple everything on the server. Segregating digital data through separate network connection hosts adds a layer of protection for confidential email lists and customer data. What to do if you are under attack: Call your website hosting company or ISP to let them know of what’s happening. They may be able to make routing adjustments to your traffic and prevent malicious traffic from making it in to your website. DDoS mitigation and monitoring services can also provide assistance. If needed, website hosts and ISP’s can direct you to a company that specializes in scrubbing data and diverting traffic when under DDoS attack. If the attack is lasting a relatively long time, direct your site to a hosted “We Are Down “ landing page for customers. Use the page to provide customers with alternative ways to reach your firm. This will bring confidence to your customers and save them the frustration of multiple unsuccessful attempts to reach your company online. Source: http://www.finracompliance.com/ddos-attacks-target-financial-firms-and-broker-dealers/
Continue reading here:
DDoS Attacks Target Financial Firms and Broker Dealers
DDoS Attacks Have Graduated to Extortion
There are things in this world that are far less enjoyable than having your website knocked offline to be certain. That being said, it can have a massive impact to your day or that of a company trying to make a living by selling their wares online. I remember early on one of the first large scale distributed denial of service (DDoS) attacks to launch was aimed at the White House. This was an attack that was expected at the time to be a withering assault that could reduce the White House website to a pile of molten “cyber” in the guise of what was dubbed a “virtual sit-in”. This took place in May 1998. There was concern at the time since this was not something that people had really given a lot of thought to at the time. But, in the end the web server had it’s IP address changed. It was that simple. The attackers had planned to attack not the domain name but, the IP address that was associated with the site. Simple presto change-o and the problem was fixed. These days it isn’t that simple to avoid becoming the victim of a distributed denial of service attack. There are different manner of DDoS attacks that can victimize a website. The vast majority of DDoS attacks are designed to overwhelm a site at the infrastructure level. The idea being to render the website and it’s resources unusable to the customers and the company or organization that run the site. This is cyber security equivalent of having a bully sit on your chest and say “stop hitting yourself, stop hitting yourself”. These type of attacks invariably lead to bragging on the part of the instigators. There seems to be an innate inability on the part of these attackers to keep their mouths shut. They seem to be incapable of just launching the attacks and want to be giving recognition for their endeavors. This frequently leads to them getting some press cycles and then a visit from the local constabulary. Assuredly not their desired outcome. This sort of media whoring plays well with much of the press as it provides a morbidly curious pubic with some level of insight into the instigators. When you drive by an accident on the side of the highway most of will slow down to look. It is human nature. So too is our apparent fascination with these attackers. What once began as an attacker defacing a website, later graduated to launching DDoS attacks. Now, those very attackers have demonstrated that they are no longer satisfied with press exposure. Now we see evidence of attacks being launched for money. Case in point is a crew that have been dubbed DD4BC for their pattern of launching attacks in a bid to collect bitcoin. We first saw them in 2014 when they ran trial run attacks against various websites. The curious point at the time was that they demanded a paltry sum from their victims. They were kicking the tires on their new machine. How this type of extortion attack would work is that they would launch a small burst of traffic against an intended victim and email them to ask them to look at their logs. This was a step to demonstrate that they were serious. The proverbial “look at my gun” approach that has worked for bank robbers for decades. The DD4BC crew would demand money and in the event the website operators failed to cave in to their demands they would launch their attack. As time progressed the cost to stop the attack would rise. I sincerely hope that no one has in fact paid the ransom that they demanded. This would only encourage them to launch more attacks. Also, for any site that would pay their demands this would provide them no guarantees that the attackers wouldn’t return to demand more money. Attackers have evolved with the times and so to should website operators. The need to have a web site that is designed to fail is clear. If you come under attack today, how will you scale? How will you defend your website? Telling them to go away or you will taunt them again simply won’t suffice. Source: http://www.huffingtonpost.com/dave-lewis2/ddos-attacks-have-graduat_b_7639516.html
More here:
DDoS Attacks Have Graduated to Extortion
Polish Planes Grounded After Airline Hit With DDoS Attack
Roughly 1,400 passengers were temporarily stranded at Warsaw’s Frederic Chopin airport over the weekend after hackers were purportedly able to modify an entire airline’s flight plans via a distributed denial of service (DDoS) attack. On Sunday someone was able to infiltrate the computer system of the Polish airline LOT and successfully cancel 10 of the carrier’s flights. A dozen other flights were reportedly delayed, according to Reuters. Many passengers were able to board the flights — destined for Munich, Hamburg, Dusseldorf, and Copenhagen, among other cities — later in the day and regular service was resumed Monday according to LOT spokesman Adrian Kubicki. The airline insists that at no point was the safety of any ongoing flights at risk, nor were any other airports affected, but stressed that the attack could be a sign of things to come. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” Kubicki warned, adding that authorities were investigating the attack. LOT’s chief executive Sebastian Mikosz reiterated Kubicki’s sentiments in a press conference on Monday. “This is an industry problem on a much wider scale, and for sure we have to give it more attention,” Mikosz said, “I expect it can happen to anyone anytime.” Kubicki claimed the attack may have been the result of a distributed denial of service attack on Monday and that LOT experienced something he called “a capacity attack” that overloaded the airline’s network. While technical details around the incident have been scant, several security researchers agree it could be cause for alarm. Ruben Santamarta, a principal security consultant for IOActive has called the security of planes into question before and based on the statement given by LOT’s spokesman believes the airline may have fallen victim to a targeted attack. “Initially, it seems that flight’s plan couldn’t be generated which may indicate that key nodes in the back office were compromised,” Santamarta said Monday. “On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.” Last summer at Black Hat Santamarta described how aircraft — including passenger jets – along with ships, oil rigs, and wind turbines could be compromised by exploiting its embedded satellite communications (SATCOM) equipment. Andrey Nikishin, Director of Future Technology Projects at Kaspersky Lab, believes there could be two stories behind the hack. The incident could’ve come as a result of human error, or an electrical or hard drive malfunction, Nikishin claims, or perhaps stem from a “more Hollywood style scenario” wherein the attack is a precursor to a bigger, more significant disruption. “Warsaw airport is fairly small compared to Schiphol (Amsterdam) or Heathrow (London) and, depending on the time of day, there are only around 11 flights taking off every hour. ” “What if the incident was just a training action or reconnaissance operation before a more massive cyber-attack on a much busier airport like Charles de Gaulle in Paris or JFK in New York?” Nikishin said. “Regardless of the reason and the threat actors, we can see how our life depends on computers and how vulnerable to cyber-threats national critical infrastructure objects have become.” Earlier this year security researcher Chris Roberts made headlines by getting removed from an American Airlines flight and questioned by the F.B.I. after he claimed he was able to compromise its onboard infrastructure. Roberts told the F.B.I. that he managed to hack into several planes’ in-flight entertainment systems nearly 20 times from 2011 to 2014 although most airlines have refuted these claims. Source: https://threatpost.com/polish-planes-grounded-after-airline-hit-with-ddos-attack/113412
Read More:
Polish Planes Grounded After Airline Hit With DDoS Attack
AINA Brought Down By Massive DDoS Attack
AINA’s website was the target of a massive distributed denial of service attack (DDOS) which made the site unavailable for more than one week. The attack was launched on June 8 and continued until yesterday. The source of the attack is unknown. A DDOS attack floods a site with hundreds of thousands of requests, which overloads the system and forces it to shut down. The attack is launched from computers which have been infected with malware, without the knowledge of their owners. A DDOS attack is difficult to defend against because of the very nature of the internet. A website is by definition designed to respond to requests. Any website can be brought down by such an attack. Source: http://www.aina.org/news/20150617135759.htm
See original article:
AINA Brought Down By Massive DDoS Attack
Canadian Government Websites Inaccessible Following DDoS attack
Around 1:30 pm ET on Tuesday afternoon, Canadian government websites became inaccessible due to a denial-of-service attack, The Globe and Mail reported. The attack affected industry, employment, national resources, fisheries and oceans, justice, labor, foreign affaisr, environment and transportation related websites. A denial-of-service attack, sometimes called a DOS attack, occurs when hackers flood a website with traffic, essentially leaving it unusable to normal users hoping to browse the site. It is unclear why Canada’s government websites faced this attack or who the hackers are. Source: http://www.newsweek.com/canadian-government-websites-inaccessible-following-denial-service-attack-344002
Link:
Canadian Government Websites Inaccessible Following DDoS attack
DDoS Attack on Voat due to Reddit
Voat was just a small Reddit knock-off before last week — but now it’s becoming overloaded as people threaten to leave the bigger site So many people are leaving Reddit that its closest competitor crashed and had to ask for donations to stay up. Many users of the site protested and left when last week it banned five subreddits for harassment. And since, users have been making good on threats to leave the site — going instead to a Swiss clone of the site, Voat. That site look almost exactly the same as Reddit, and features many of the same communities. But it is committed to a rule of “no censorship” — previously Reddit’s attitude, but one that it has moved away from as it has attempted to reduce the harassment and abuse on the site. So many people have moved to the Swiss knock-off that it has been down entirely many times since the Reddit bans. In response, the site asked for donations in bitcoin to pay for extra technology to keep the site up. That doesn’t seem to have worked, and the site says that it is now under a distributed denial of service attack, where users send a flood of requests to a website to take it down. But despite the problems, the site now has more than twice as many users as it did late last mnth, according to the site’s Twitter account. It had over 96,000 registered users last night, it said — far from the 172 million unique visitors that went to Reddit in the last month, but up many times over recent weeks. Voat’s founder said that the site was “not ready for such a huge influx of new users” and that it hadn’t “prepared for such a large and sudden increase either”. “We are sorry to see Reddit change like this, in this way, in such an accelerated fashion,” Atko wrote. “We would have never anticipated such events.” Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/reddit-alternative-breaks-because-so-many-people-leave-site-after-harassment-scandal-10321474.html
Read More:
DDoS Attack on Voat due to Reddit
Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools
Lack of some elementary security measures can risk your router’s security and this has stemmed to grow into a large-scale denial-of-service (DDoS) attacks using these hacker-controlled routers. A web security firm Incapsula has discovered a new router based botnet Mr Black while investigating some DDoS attacks against its customers since this December. Hackers exploited routers’ negligent security measures to launch these attacks all over the world. According to this report published by the security firm, the routers made by Ubiquiti Networks had DDoS malware installed on them. The routers were not hacked due to some vulnerability in the hardware. Instead, it happened because of the deployment of the router in an insecure manner that exposed their management interfaces using the default credentials over SSH and HTTP. The routers that were inspected were found to have 4 versions of Mr Black, a DDoS program and altogether thirty-seven variations of Mr Black were detected. Other DDoS programs included DoFloo, Mayday and Skynet (a remote sensing tool). In some earlier versions of the report, Incapsula said that it believed that the hacktivist group Anonymous was one of the few groups those used the compromised routers. It is yet not clear that why Anonymous was highlighted in the report, but it is certain that few people who call themselves “Anonymous” were using the routers. The original article on the Daily Dot was edited to remove the fact that botnet directs to irc (dot) anonops (dot) com. Total 40,269 different IP addresses were detected from 1,600 ISPs spread across 109 countries. The main affected countries were Thailand (64%), Brazil (21%), United States (4%) and India (3%). To control these routers, 60 servers were hacked and majority of these were in China and the U.S. To save themselves from the DDoS attacks, users must make sure that their routers’ management interfaces aren’t exposed over HTTP or SSH to the internet. They can also use some tools available to scan their router’s IP for open ports and change their default login credentials. With inputs from Anon.hq Source: http://omdpatel.blogspot.tw/2015/06/anonymous-hijacks-thousands-of-insecure.html
Read more here:
Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools
DD4BC Shifts Focus to Businesses, Continues DDoS Attack
Cybercriminals and extortionists demanding Bitcoin as ransom is on the rise these days. Due to the easy of transfer and pseudonymity associated with Bitcoin transactions, it has become the currency of choice for them. We have been hearing about ransomware, hacking incidents where sensitive data is stolen from computers and even extortion by threatening to physically harm an individual, the only common factor in all these cases is the ransom, to be paid in Bitcoin. There is one such cybercriminal group called DD4BC who have made it a regular habit to launch Distributed Denial of Service (DDoS) attacks on the websites belonging to Scandinavian companies. Once they launch an initial DDoS attack, they will blackmail these companies to pay about 40 bitcoins to avoid further attacks on their IT infrastructure. In most cases, the group sends out emails to the targeted firm within hours of launching the first DDoS attack. These emails, demanding ransom in Bitcoins also promises the victims that it is a one-time thing and if they pay the ransom, DD4BC will not attack them again. DD4BC also claims in the mail that even though they do bad things, they are going to keep their word. It is surprising that the group which was targeting European banks and financial institutions all these days has suddenly shifted their target to businesses in Scandinavia. Recently DD4BC allegedly tried to extort money from Bitalo Bitcoin Exchange – 1 BTC in exchange for information on how to prevent DDoS attack. But the plan seemed to backfire when the CEO of the Exchange, Martin Albert announced a bounty of 100 BTC for information about the person/people behind DD4BC. Among the list of Bitcoin sites targeted by DD4BC includes CEX.io and Bitcoin sports book Nitrogen Sports. Recently an Australian company was hacked into by unidentified perpetrators. They allegedly stole sensitive data, asking for ransom. They have also threatened to harm family members of one of the top officials from that company. Source: http://www.livebitcoinnews.com/dd4bc-shifts-focus-to-businesses-continues-ddos-attack/
Read More:
DD4BC Shifts Focus to Businesses, Continues DDoS Attack