Tag Archives: defend against ddos

How Boston Children’s Hospital Hit Back at Anonymous

Hackers purportedly representing Anonymous hit Boston Children’s Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That – and a little bit of luck – kept patient data safe. On March 20, Dr. Daniel J. Nigrin, senior vice president for information services and CIO at Boston Children’s Hospital, got word that his organization faced an imminent threat from Anonymous in response to the hospital’s diagnosis and treatment of a 15-year-old girl removed from her parent’s care by the Commonwealth of Massachusetts. The hospital’s incident response team quickly convened. It prepared for the worst: “Going dark” – or going completely offline for as long as the threat remained. Luckily, it never came to that. Attacks did occur, commencing in early April and culminating on Easter weekend – also the weekend of Patriot’s Day, a Massachusetts holiday and the approximate one-year anniversary of the Boston Marathon bombings – but slowed to a trickle after, of all things, after a front-page story about the incident ran in The Boston Globe . No patient data was compromised over the course of the attacks, Nigrin says, thanks in large part to the vigilance of Boston Children’s (and, when necessary, third-party security firms). The organization did learn a few key lessons from the incident, and Nigrin shared them at the recent HIMSS Media Privacy and Security Forum. As Anonymous Hit, Boston Children’s Hit Back As noted, the hospital incident response team – not just the IT department’s – planned for the worst. Despite that fact that the information Anonymous claimed to have, such as staff phone numbers and home addresses, is the stuff of “script kiddies,” Nigrin says Children’s took the threat seriously. Attacks commenced about three weeks after the initial March 20 warning. Initially, the hospital could handle the Distributed Denial of Service (DDoS) attacks on its own. Anonymous changed tactics. Children’s responded. The hackers punched. The hospital counterpunched. As the weekend neared, though, DDoS traffic hit 27 Gbps – 40 times Children’s typical traffic – and the hospital had to turn to a third-party for help. The attacks hit Children’s external websites and networks. (Hackers also pledged to hit anyone linked to Children’s – including the energy provider NStar, which played no role in the child custody case at all but sponsors Children’s annual walkathon.) In response, Nigrin took down all websites and shut down email, telling staff in person that email had been compromised. Staff communicated using a secure text messaging application the hospital had recently deployed. Internal systems were OK, he says, so Children’s electronic health record (EHR) system, and therefore its capability to access patient data, wasn’t impacted. In contrast to this internal transparency, Children’s, at the urging of federal investigators, didn’t communicate anything externally. Nonetheless, word got to The Boston Globe , which ran its front-page story on April 23. Nigrin, again, prepared for the worst. He didn’t have to. After the article came out, the Twitter account @YourAnonNews took notice, urging hackers to stop targeting a children’s hospital. Attacks continued, but at a much smaller clip. 6 Quick Tips for Beating Back Hackers In reflecting on the Anonymous attack, Nigrin offers the following security lessons that Boston Children’s learned. DDoS countermeasures are crucial. “We’re not above these kinds of attacks,” Nigrin says. Know which systems depend on external Internet access. As noted, the EHR system was spared, but the e-prescribing system wasn’t. Get an alternative to email. In addition to secure testing, Children’s used Voice over IP communications. In the heat of the moment, make no excuses when pushing security initiatives. Children’s had to shut down email, e-prescribing and external-facing websites quickly. “Don’t wait until it’s a fire drill,” Nigrin says. Secure your teleconferences. Send your conference passcode securely, not in the body of your calendar invite. Otherwise, the call can be recorded and posted on the Internet before you even hang up, he says. Separate signals from noise. Amid the Anonymous attack, several staff members reported strange phone calls from a number listed as 000-000-0000. At the time, it was hard to tell if this was related, and it made the whole incident that much harder to manage. Above all, Nigrin says healthcare organizations need to pay attention to the growing number of security threats the industry faces. “There are far more than we have seen in the past,” he says. Source: http://www.cio.com/article/2682872/healthcare/how-boston-childrens-hospital-hit-back-at-anonymous.html

Read the original:
How Boston Children’s Hospital Hit Back at Anonymous

Hackers launch DDoS attack on Obamacare website server, user data safe

In what could be another jolt for US President Barack Obama’s dream project ‘Obamacare health insurance program’, a government cybersecurity team last week discovered that an unknown hacker or a group of hackers tried to peep into a computer server supporting the HealthCare.gov website by apparently uploading malicious files. The Centers for Medicare and Medicaid Services, the lead Obamacare agency, on Thursday briefed about the intrusions to top congressional staff. “The first incidence of breach occurred on July 8”, Aaron Albright, CMS spokesman, said. According to Albright, the main objective of the hackers was not to steal personal data but to launch a distributed denial of service (DDoS) attack against other websites. In a DDoS attack, the malwares trying to communicate with the website makes the computers with internet-connectivity so overwhelmed that they fail to handle legitimate requests and lead to crash. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” Albright said. Albright also shed out speculations that the attack would adversely impact on the second round of enrollment period, which begins on November 15, for the health coverage under the Obamacare. Meanwhile, the CMS’s parent agency – Office of Inspector General of the Department of Health and Human Services- and the HHS leadership have been notified of the attack and sources say investigation is under process. The Department of Homeland Security spokesperson said that the affected server has been forensically preserved by its Computer Emergency Readiness Team (US-CERT). The agency, which is also responsible in investigating cyber attacks, said that they had identified the malware designed to launch the DDoS attack and extracted them. Source: http://www.wallstreetotc.com/hackers-launch-ddos-attack-on-obamacare-website-server-user-data-safe/28570/

Original post:
Hackers launch DDoS attack on Obamacare website server, user data safe

Hackers upload malicious files on the Obamacare website to launch a DDoS Attack

Read this article:
Hackers upload malicious files on the Obamacare website to launch a DDoS Attack

Anti-Piracy Outfit Denies launching DDoS attacks on Anime Sites

The effects of a DDoS attack that crippled NYAA, one of the largest anime torrent sites, continue today with fingers being pointed at everyone from the Japanese government to an anti-piracy group working with anime distributors. Subtitling site HorribleSubs, which was also affected, has its own ideas. Distributed Denial of Service or DDoS attacks are a relatively common occurrence in the file-sharing community and something that many sites are subjected to throughout the course of a year. They disrupt service and can often cost money to mitigate. Those carrying out the attacks have a variety of motives, from extortion and blackmail to “the lulz“, and a dozen reasons in between. Often the reasons are never discovered. During the past few days several sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, although all now appear to be back online. A far more serious situation has played out at NYAA.se, however. The site is probably the largest public dedicated anime torrent index around and after being hit with an attack last weekend it remains offline today. The attack on NYAA had wider effects too. NYAA and leading fan-subbing site HorribleSubs reportedly shared the same hosting infrastructure so the DDoS attack took down both sites. That’s significant, not least since at the end of August HorribleSubs reported that their titles had been downloaded half a billion times. As the image above shows it now appears that HorribleSubs has recovered (and added torrent magnet links) but the same cannot be said about NYAA. The site’s extended downtime continues with no apparent end in sight. This has resulted in a backlash from the site’s fans and somewhat inevitably accusatory fingers are being pointed at potential DDoS suspects. As far-fetched as it might sound, one of the early suspects was the Japanese government itself. The launch of a brand new anti-piracy campaign last month in partnership with 15 producers certainly provided a motive, but a nation carrying out this kind of assault seems unlikely in the extreme. Quickly, however, an announcement from HorribleSubs turned attentions elsewhere. “Chill down. It’s not just us. Every famous anime sites [are] getting DDoS attacks, but that doesn’t mean this is the end,” the site’s operator wrote on Facebook. “We have located where DDoS are coming from. It’s from ?#?Crunchyroll? and ?#?Funimation? Employees.” Funimation is an US television and film production company best known for its distribution of anime while Crunchyroll is a website and community focused on, among other things, Asian anime and manga. While both could at least have a motive to carry out a DDoS, no evidence has been produced to back up the HorribleSubs claims. That said, HorribleSubs admits that its key motivation is to annoy Crunchyroll. “We do not translate our own shows because we rip from Crunchyroll, FUNimation, Hulu, The Anime Network, Niconico, and Daisuki,” the site’s about page reads, adding: “We aren’t doing this for e-penis but for the sole reason of pissing off Crunchyroll.” Shortly after, attention turned to anti-piracy outfit Remove Your Media (RYM). The company works with anime companies Funimation and Viz Media, which includes the sending of millions of DMCA notices to Google. The spark came when the company published a tweet (now removed) which threatened to send “thousands” of warning letters to NYAA users once the site was back online. This doesn’t seem like an idle threat. A few weeks ago the company posted a screenshot on Twitter containing an unredacted list of Comcast, Charter and CenturyLink IP addresses said to have been monitored infringing copyright. Due to the NYAA downtime, RYM later indicated it had switched to warning users of Kickass.to. This involvement with anime companies combined with the warning notice statement led to DDoS accusations being directed at RYM. TorrentFreak spoke to the company’s Eric Green and asked if they knew anything about the attacks. “The short answer is No. In fact we were waiting for [NYAA] to go back online to begin monitoring illegal transfers again. Sorry to disappoint but we had no involvement,” Green told TF. Just a couple of hours ago RYM made a new announcement on Twitter, stating that the original tweet had been removed due to false accusations. “Nyaa post deleted due to all the Ddos libel directed at this account. Infringement notices continue to ISPs, for piracy, regardless of tracker,” they conclude. Although it’s impossible to say who is behind the attacks, it does seem improbable that an anti-piracy company getting paid to send notices would do something that is a) seriously illegal and b) counter-productive to getting paid for sending notices. That said, it seems likely that someone who doesn’t appreciate unofficial anime sites operating smoothly is behind the attack. Who that might be will remain a mystery, at least for now. Source: http://torrentfreak.com/anti-piracy-outfit-denies-ddosing-anime-sites-140904/

FBI probe into hack and DDoS attacks on banks

THE Federal Bureau of Investigation is probing a computer-hacking attack on JPMorgan Chase and as many as four other banks, in what people familiar with the probe described as a significant breach of corporate computer security. The timing and extent of the hacking attacks wasn’t immediately clear, though cybersecurity experts began probing the possible JPMorgan breach earlier this month, according to people familiar with the investigation. Source: http://www.theaustralian.com.au/business/wall-street-journal/fbi-probe-into-hack-attacks-on-banks/story-fnay3ubk-1227040501221?nk=a9c75ab55e6d5171cc79455c78c5564d#

Link:
FBI probe into hack and DDoS attacks on banks

Anonymous Hacked Ferguson Police Servers and Launched a DDOS Attack

Police officers in Ferguson, Missouri have been forced to communicate via text message after Anonymous launched a DDOS attack against the city’s servers shutting them down, following the murder of Michael Brown. On top of that, private servers of the Ferguson police department were hacked to get personal information. Both peaceful and violent protests have taken place in response to the atrocity in Ferguson. Last Thursday, anonymous performed a DDoS attack on Ferguson servers. The attack was in reaction to the murder of 18 year old, Michael Brown, an African American teenager who was killed unjustly by white policemen. Law enforcement officials said recently that the FBI has taken an immense interest in the investigation of hacking attempts directed at the personal computers and online accounts of police officers who are part of the department responsible for the murder. CNN and other mainstream media outlets, in affiliation with three policeman, who’s names are undisclosed, have reported the police as victims of a ‘cyber attack’, suggesting that anonymous is to blame for the violent demonstrations that took place in Ferguson, avoiding the clear fact that the PD of Ferguson are responsible, and a reaction like this is to be expected in result to the killing of an innocent person. This is of no surprise that corporately funded news outlets would be hesitant to speak negatively of the police. In reality, despite the propaganda that the 1% will spew forth, it is organizations like Anonymous that are fighting for freedom, unrestricted by the fascist regulations of a fear-mongering governing body, we can fight for peace using whatever means possible. Source: http://anonopsofficial.blogspot.ca/2014/08/anonymous-hacked-ferguson-police.html

Originally posted here:
Anonymous Hacked Ferguson Police Servers and Launched a DDOS Attack

DDoS attack downs Twitch on news of Amazon acquisition

Just hours after Amazon announced a $970m deal to acquire Twitch, the live video platform for gamers was taken offline temporarily by a distributed denial of service (DDoS) attack. Twitch is the latest in a string of online gaming platforms to be hit by DDoS attacks that have been linked to several groups, including Lizzard Squad, jihadist group Islamic State, and Anonymous. At the weekend, Sony’s PlayStation Network was knocked offline and several others experienced disruptions, including Microsoft’s Xbox Live and Blizzard’s Battle.net. DDoS attacks are commonly used by competitors or activists to take services offline using a variety of techniques that make services impossible to reach. The reason for the DDoS attack on Twitch is unknown, but industry pundits have speculated that it may be linked to concerns about the acquisition by Amazon. Commenting on the weekend disruptions, Dave Larson, CTO at Corero Network Security, said the drivers for launching DDoS attacks are far ranging and difficult to pinpoint in many cases. “Anyone can become a victim at any time and, as the attacks continue to become stronger, longer and more sophisticated, businesses that rely on their online web applications as a revenue source cannot become complacent,” he said. Larson said the latest DDoS attacks underscore the importance of including a DDoS first line of defence as a component of network security architecture. Lancope chief technology officer TK Keanini said that while DDoS was once a resource held by a few of the elite groups on the net, this method of attack is now available to anyone as it is offered as a service. “If you know where to look, and you have some crypto currency in hand, just point and shoot,” he said. According to Keanini, any business connected to the internet is likely to be targeted by a DDoS attack at some point. “But game networks have to work harder than most to remain secure as they are incredibly attractive targets. “Not only are they high profile, with any disruption making the news, but given all the in-game commerce, credit card and personal information is kept up to date and can be monetised by these cyber criminals,” he said. Source: http://www.computerweekly.com/news/2240227573/DDoS-attack-downs-Twitch-on-news-of-Amazon-acquisition

See the original post:
DDoS attack downs Twitch on news of Amazon acquisition

Popcorn Time Hit By Massive DDoS Attack

A major fork of the popular Popcorn Time project is currently being subjected to a massive DDoS attack. The whole project has been hit, from the site hosting its source through to its CDN, API and DNS servers. The team tells TorrentFreak that the attack amounts to 10Gbps across their entire network. Every year sees periods when sites in the file-sharing sector are subjected to denial of service attacks. The attackers and their motives are often unknown and eventually the assaults pass away. Early in 2014 many torrent sites were hit, pushing some offline and forcing others to invest in mitigation technology. In May a torrent related host suffered similar problems. Today it’s the turn of the main open source Popcorn Time fork to face the wrath of attackers unknown. TorrentFreak spoke with members of the project including Ops manager XeonCore who told us that the attack is massive. “We are currently mitigating a large scale DDoS attack across our entire network. We are currently rerouting all traffic via some of our high bandwidth nodes and are working on imaging and getting our remaining servers back online to help deal with the load,” the team explain. The attack is project-wide with huge amounts of traffic hitting all parts of the network, starting with the site hosting the Popcorn Time source code. Attack on the source code site – 980Mbps Also under attack is the project’s CDN and API. The graph below shows one of the project’s servers located in France. The green shows the normal traffic from the API server, the blue represents the attack. Attack on the France API server – 931Mbps Not even the project’s DNS servers have remained untouched. At one point two of three DNS servers went down, with a third straining under almost 1Gbps of traffic. To be sure, a fourth DNS server was added to assist with the load. Attack on the Dutch DNS server – peaking at 880Mbps All told the whole network is being hit with almost 10Gbps of traffic, but the team is working hard to keep things operational. “We’ve added additional capacity. Our DNS servers are currently back up and running but there is still severe congestion around Europe and America. Almost 10Gbps across the entire network. Still working on mitigating. API is still online for most users!” they conclude. Nobody has yet claimed responsibility for the attack and it’s certainly possible things will remain that way. Only time will tell when the attack will subside, but the team are determined to keep their project online in the meantime. Source: http://torrentfreak.com/popcorn-time-hit-by-massive-ddos-attack-140814/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29

Irish Domains hit with denial of service attack

Web-hosting company Irish Domains was the target of a distributed denial of service (DDoS) attack on Friday, incapacitating numerous websites of its client companies. The company said that it had seen “a significant slowdown” on several services following the DDoS attack, whereby an online service is made unavailable by overwhelming it with traffic from multiple sources. The company said the slowdown was affecting email and web for some sites, adding that it “had experienced a 30x increase in inbound network connections”. “We are implementing some countermeasures to divert unwanted traffic but we expect disruption to service to continue for another while,” Irish Domains said. Brightwater Recruitment and Sherry Fitzgerald were among the companies that use the web hosting services services of Irish Domains and thus experienced issues with their sites. There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. Source: http://www.irishtimes.com/business/sectors/technology/irish-domains-hit-with-denial-of-service-attack-1.1891838

Continue reading here:
Irish Domains hit with denial of service attack

Amazon cloud infested with DDoS botnets

Security researchers have found yet another exploit on the Amazon cloud computing platform through the Elasticsearch distributed search engine tool. According to analysis, hackers are able to gain access to the search engine to deploy a battalion of botnets on Amazon cloud. The vulnerability should be a cause of alarm and, therefore, merits the attention of enterprises because it could manipulate Amazon cloud platforms in an attempt to launch distributed denial of service attacks against hundreds of thousands of websites. Amazon cloud users can a representational state transfer API to search various documents through Elasticsearch, an open-source search engine server built based on Java. It is more popular among cloud environments for its distributed architecture that enables multiple nodes. Researchers found security issues on the versions 1.1.x of Elasticsearch because its API scripting lacks a mechanism to authenticate access and a sandbox security infrastructure. Therefore, anyone, including hackers, can penetrate Elasticsearch just so easy. After that, attackers could carry out several malicious activities using Elasticsearch’s scripting capability such as carrying out arbitrary code on the server. As of now there is no patch coming from the developers of Elasticsearch. Nonetheless, versions 1.2.0 and up are safe from being exploited by hackers. New offshoots of Mayday Trojan for Linux has been spotted over the past week and the malware already launched DDoS attacks against targets DNS amplification. A Mayday variant was reported to be running on an Amazon server that has been compromised through the Elasticsearch exploit, though there are other platforms that could have been potentially manipulated. However, the Mayday variant did not resort to DNS amplification on the compromised EC2 instances. Instead it was used to launch attacks by flooding several websites with UDP traffic. As a result, many regional banking institutions in the United States and electronics companies in Japan had to transfer their IP addresses to DDoS mitigation service vendors. The Amazon EC2-run virtual machines were also reported to have been attacked by hackers through a CVE-2014-3120 exploit in the 1.1.x versions of Elasticsearch. Researchers observed that many commercial enterprises still use those versions. According also to security researchers, attackers have changed proof-of-concept exploit code for CVE-2014-3120 to install a Web shell developed based on Perl. A Web shell is a script that enables hackers to deploy Linux shell commands backdoor through the Web. The script was then further manipulated to download a fresh variant of the Mayday DDoS botnet. Amazon has already notified its customers about the issue. Source: http://www.techwalls.com/amazon-cloud-infested-ddos-botnets/

See more here:
Amazon cloud infested with DDoS botnets