Tag Archives: defend against ddos

Amex Website Victim of DDoS Attack

Cyber attacks have become an alarming problem in recent months. Threats from China have been the main concern in America, but now a new type of hacker has surfaced. A group of Islamic internet hackers launched a distributed denial of service attack on the American Express website, temporarily shutting down the site for a few hours. As expected, this did not go over well with American Express cardholders. In a DDOS attack, site visitors are infected with a Trojan virus that redirects them to a site of the creator’s choice. Once a certain number of people visit that target site, the original site shuts down. The hackers were able to make this work successfully, but American Express’s security team quickly corrected the problem. Nevertheless, it shows how vulnerable American business is right now to Internet hackers. The hackers claimed that much of their motivation came from the YouTube video, Innocence of Muslims. Since its publication, that video has enraged the Islamic community and fueled their hatred of Americans. The cyber hackers vowed to continue their efforts until it was removed from the internet. The original video was in English, but there are now versions in Arabic, French, Spanish and other languages. It has been blocked in Indonesia, Saudi Arabia, Egypt and other Muslim states. The video was actually removed once before because of a slew of hate mail going towards the original uploader. It was re-posted shortly thereafter and has since received close to two million views. American Express is now taking extra precautions to ensure that similar events do not happen in the future. Source: http://www.lowcards.com/amex-website-hacked-islamic-attackers-11690

Read the original:
Amex Website Victim of DDoS Attack

Top Banks Offer New DDoS Attack Details

Increasingly, U.S. banking institutions are reluctant to acknowledge – much less discuss – the ongoing distributed-denial-of-service attacks against their online services. Perhaps that’s because they’re concerned that consumers will panic or that revealing too much about the attacks could give hacktivists information they could use to enhance their DDoS abilities. But in recent regulatory statements, the nation’s largest banks are candid about DDoS attacks and their impact. In their annual 10-K earnings reports, filed with the Securities and Exchange Commission, seven of the nation’s top 10 financial services institutions provide new details about the DDoS attacks they suffered in 2012. In its report, Citigroup even acknowledges that DDoS attacks have led to unspecified losses. Citigroup , which filed its 10-K report March 1, notes: “In 2012, Citi and other U.S. financial institutions experienced distributed-denial-of-service attacks which were intended to disrupt consumer online banking services. While Citi’s monitoring and protection services were able to detect and respond to these incidents before they became significant, they still resulted in certain limited losses in some instances as well as increases in expenditures to monitor against the threat of similar future cyber-incidents.” The bank also points out that these attacks are being waged by powerful adversaries. “Citi’s computer systems, software and networks are subject to ongoing cyber-incidents, such as unauthorized access; loss or destruction of data (including confidential client information); account takeovers; unavailability of service; computer viruses or other malicious code; cyber-attacks; and other events,” Citi states. “Additional challenges are posed by external extremist parties, including foreign state actors, in some circumstances as a means to promote political ends.” When contacted by BankInfoSecurity , Citi and other institutions did not comment further about DDoS attacks or the information in the 10-K reports. These banks, as well as other U.S. financial institutions, are now in the midst of the third wave of DDoS attacks attributed to the hacktivist group Izz ad-Din al-Qassam Cyber Fighters – a group that has claimed since September that its attacks are being waged to protest a YouTube movie trailer deemed offensive to Muslims. ‘Technically Sophisticated’ In their 10-K reports, Citi, as well as JPMorgan Chase & Co. , Bank of America , Goldman Sachs Group , U.S. Bancorp , HSBC North America and Capital One acknowledge suffering from increased cyber-activity, with some specifically calling out DDoS as an emerging and ongoing threat. HSBC North America, in its 10-K report filed March 4, notes the global impact of DDoS on its customer base. “During 2012, HSBC was subjected to several ‘denial of service’ attacks on our external facing websites across Latin America, Asia and North America,” the bank states. “One of these attacks affected several geographical regions for a number of hours; there was limited effect from the other attacks with services maintained. We did not experience any loss of data as a result of these attacks.” And U.S. Bank, in its 10-K filed Jan. 15, describes DDoS attacks as “technically sophisticated and well-resourced.” “The company and several other financial institutions in the United States have recently experienced attacks from technically sophisticated and well-resourced third parties that were intended to disrupt normal business activities by making internet banking systems inaccessible to customers for extended periods,” U.S. Bank reports. “These ‘denial-of-service’ attacks have not breached the company’s data security systems, but require substantial resources to defend and may affect customer satisfaction and behavior.” U.S. Bank reports no specific losses attributed to DDoS, but it states: “Attack attempts on the company’s computer systems are increasing, and the company continues to develop and enhance its controls and processes to protect against these attempts.” Other DDoS Comments Here is what the other institutions reported about DDoS attacks suffered in 2012: Chase: “The firm and several other U.S. financial institutions continue to experience significant distributed denial-of-service attacks from technically sophisticated and well-resourced third parties which are intended to disrupt consumer online banking services. The firm has also experienced other attempts to breach the security of the firm’s systems and data. These cyber-attacks have not, to date, resulted in any material disruption of the firm’s operations, material harm to the firm’s customers, and have not had a material adverse effect on the firm’s results of operations.” BofA: “Our websites have been subject to a series of distributed denial of service cybersecurity incidents. Although these incidents have not had a material impact on Bank of America, nor have they resulted in unauthorized access to our or our customers’ confidential, proprietary or other information, because of our prominence, we believe that such incidents may continue. Although to date we have not experienced any material losses relating to cyber-attacks or other information security breaches, there can be no assurance that we will not suffer such losses in the future.” CapOne: “Capital One and other U.S. financial services providers were targeted recently on several occasions with distributed denial-of-service attacks from sophisticated third parties. On at least one occasion, these attacks successfully disrupted consumer online banking services for a period of time. If these attacks are successful, or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services online. In addition, a breach or attack affecting one of our third-party service providers or partners could impact us through no fault of our own. Because the methods and techniques employed by perpetrators of fraud and others to attack, disable, degrade or sabotage platforms, systems and applications change frequently and often are not fully recognized or understood until after they have been launched, we and our third-party service providers and partners may be unable to anticipate certain attack methods in order to implement effective preventative measures. Should a cyber-attack against us succeed on any material scale, market perception of the effectiveness of our security measures could be harmed, and we could face the aforementioned risks. Though we have insurance against some cyber-risks and attacks, it may not be sufficient to offset the impact of a material loss event.”   No Mentions of Attacks Among the top 10, the only institutions that do not specifically reference DDoS in their 10-K reports are Morgan Stanley, Bank of NY Mellon and Wells Fargo , a bank that has recently suffered significant online outages. Wells Fargo spokeswoman Sara Hawkins tells BankInfoSecurity that the bank’s online and mobile-banking channels were inaccessible for portions of the day on April 4, when it saw “an unusually high volume of website and mobile traffic … which we believe is a denial of service attack.” Reporting Protocol Doug Johnson , who oversees risk management policy for the American Bankers Association, says banking institutions are required to report all suspicious cyber-activity either through their filings with the SEC or in the Suspicious Activity Reports to the Financial Crimes Enforcement Network , a bureau of the U.S. Department of the Treasury. All financial institutions, regardless of size, must report SARs to FinCEN, an agency that collects, analyzes and shares financial intelligence. However, only companies with more than $10 million in assets are required to file reports with the SEC. Banking institutions are required to report cyber-attacks in their SEC filings, Johnson says. “Online banking platforms, obviously, are extremely important to banking retail consumers, and so that would be one of those systems which would be very important to report on a suspicious activity report,” Johnson says. “One thing that is also very important to do is to go and have that conversation with your primary federal regulator, at the field level, to find out what you would do, as an institution, for generalized security breach reporting.” Breach reporting requirements vary from state to state, Johnson adds. For protection against your eCommerce site click here . Source: http://www.bankinfosecurity.com/top-banks-offer-new-ddos-details-a-5667/p-3  

See more here:
Top Banks Offer New DDoS Attack Details

Anonymous launches massive cyber assault on Israel

Hacktivist group Anonymous has launched a second massive cyber attack against Israel, dubbed #OpIsrael. The collective threatens to “disrupt and erase Israel from cyberspace” in protest over its mistreatment of Palestinians. Dozens of Israeli websites were unavailable as of early Sunday. In a video message posted on YouTube, Anonymous said that on April 7, “e lite cyber-squadrons from around the world have decided to unite in solidarity with the Palestinian people against Israel as one entity to disrupt and erase Israel from cyberspace.” Addressing the Israeli government, the group stated: “Y ou have NOT stopped your endless human right violations. You have NOT stopped illegal settlements. You have NOT respected the ceasefire. You have shown that you do NOT respect international law.” Earlier on Saturday, an Anonymous affiliated group identifying itself as The N4m3le55 cr3w announced that they “have gathered 600 websites and 100 plus servers we will be attacking” throughout Israel. The list includes banks, schools, businesses and a host of prominent government websites. “That is just our targets,” the group warned. “We cannot speak on what the rest of Anonymous will be attacking but we can guarantee it will be in the 1000?s.” The massive cyber attack falls on the eve of Holocaust Memorial Day. Anonymous has accused the Israeli government of mistreating its own citizens, violating treaties, attacking its neighbors, threatening to shut down the Internet in Gaza and ignoring “repeated warnings ” about human rights abuses. “The estimations are that [the cyber-attacks] will reach an unusual level that we have never seen before,” Deputy Information Security Officer Ofir Cohen said in an e-mail sent to Knesset employees on Thursday, The Jerusalem Post reported. Cohen added that the E-government – the Israeli government’s information security body – and the Knesset’s internet service provider (ISP) are working to block the attack. On Wednesday, thousands of Israeli Facebook users were infected by a virus, although its effects at this point appear to be minimal. On Friday, Israeli radio reported that scores of large organizations had closed their websites to shield them from hacker attacks. Despite the impending threat, Lior Tabansky, a fellow at the Yuval Ne’eman Workshop for Science, Technology, and Security of Tel Aviv University, told the Times of Israel that distributed denial of service (DDos) attacks, which work by overwhelming targeted servers with traffic which stems from multiple systems, are the only tool at the hackers’ disposal. “Unless they have names and passwords, [DDoS] is really their only attack strategy. Unfortunately, there is little a company can do to stop it, but it is not the major cyber-threat many people, especially in the media, believe it to be. It’s more of an annoyance, and if they do manage to intimidate sites into submission, the victory will be one of public relations.” However, other experts have warned that the hackers may attempt to deploy malware such as “Trojan horses”, which can steal information and harm host computer systems. Anonymous launched the first ‘OpIsrael’ cyber-attacks in November 2012 during Operation Pillar of Defense, an eight day Israeli Defense Force (IDF) incursion into the Gaza s trip. Some 700 Israeli website suffered repeated DDos attacks, which targeted high-profile government systems such as the Foreign Ministry, the Bank of Jerusalem, the Israeli Defence Ministry, the IDF blog, and the Israeli President’s official website. The Israeli Finance Ministry reported an estimated 44 million unique attacks on government websites over a four day period. Following ‘OpIsrael,’ Anonymous posted the online personal data of 5,000 Israeli officials, including names, ID numbers and personal emails. The group also took part in an attack in which the details of some 600,000 users of the popular Israeli email service Walla were released online. Source: http://rt.com/news/opisrael-anonymous-final-warning-448/

Read More:
Anonymous launches massive cyber assault on Israel

Mt. Gox under largest DDoS attack as bitcoin price surges

The largest bitcoin exchange said Thursday it is fighting an intense distributed denial-of-service attack it believes is intended at manipulating the price of virtual currency, which has seen volatile price swings in the past few days. Mt. Gox, which is based in Tokyo, said the attacks have caused its worst trading lags ever and caused error pages to be displayed to traders, according to a post on Facebook. By its own calculation, 80 percent of the bitcoin trades in U.S. dollars are executed on Mt. Gox’s trading platform and 70 percent of all trades in other currencies. The lag of six or seven seconds before a trade is executed “is not acceptable,” said Gonzague Gay-Bouchery, marketing for Mt. Gox, in a phone interview. But he cautioned that Mt. Gox’s trading platform isn’t like those of the New York Stock Exchange or the Nasdaq. The price surge, which saw bitcoin hit as much as US$142 per coin on Wednesday, has caused malicious opportunists to try and game the system, according to Mt. Gox. Attackers have waited until bitcoin’s price hits a high, sell their bitcoins and then start a DDoS attack that destabilizes the exchange. They hope bitcoin holders will panic and sell, causing the price to drop. The attackers can then buy the cheaper bitcoins and try the attack again when the price floats higher. The latest DDoS attack started last night Japan time and intensified around 5 a.m. this morning, Gay-Bouchery said. Mt. Gox uses a Florida-based security vendor, Prolexic, to fend off attacks, but “they have been slower than usual to catch what happened,” he said. Gay-Bouchery said he wasn’t sure when the attacks would subside. He warned bitcoin traders not to panic or invest more money than they’re willing to lose. Traders should also use Mt. Gox’s options for two-factor authentication in order to prevent their accounts from being hacked. Mt. Gox is in the midst of a major technical overhaul of its exchange. Gay-Bouchery said Mt. Gox is rebuilding its trading platform from the ground up. The system is in testing now, but Mt. Gox hopes to have it live by the end of the year. “It takes a lot of time to make something bulletproof,” he said. “We cannot release something half-baked.” The trading platform will be separated from the front-end website, which will make it immune from the problems it has faced in the last few days, he said. Mt. Gox doesn’t release much information on its systems in order not to tip off hackers. Mt. Gox has seen a surge in people applying to trade on its platform. In 2012, between 9,000 to 11,000 people signed up per month, Gay-Bouchery said. In January, those numbers doubled, and in February, the numbers tripled. The exchange saw more than 60,000 people sign up in March, which has caused delays in verifying accounts. Mt. Gox will raise trading limits if people supply identification to comply with anti-money laundering rules. The exchange is also working with external companies to streamline the verification process and beefed up its internal account verification team to more than 20 people. “I really would like to stress that people trust us with a lot of money right now,” Gay-Bouchery said. “We want to do everything by the book. We may appear slow in many respects but we are taking our time to do it right.” For DDoS protection click here . Source: http://www.networkworld.com/news/2013/040413-mt-gox-under-largest-ddos-268385.html?page=1

See the article here:
Mt. Gox under largest DDoS attack as bitcoin price surges

Lessons Learned in Historic DDoS Attack on Spamhaus

The DNS amplification vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data. When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims’ servers — and possibly spill over and clog the Net. What is the aftermath of the massive Distributed Denial of Service attacks recently on the anti-spam Spamhaus organization? As the largest such attack in history, the digital assault on Spamhaus slowed network performance in some regions of Europe and elsewhere, raised alarms about whether the Net could reach a breaking point, and has become a historic event that could mark a turning point. According to reports in The New York Times and elsewhere, a key figure in the attacks appears to be Sven Olaf Kamphuis, who is associated with CyberBunker, the Dutch hosting facility where the attacks originated. After the Europe-based Spamhaus put CyberBunker on its spam blacklist, because of what Spamhaus said were substantial streams of spam e-mails coming from that hosting facility, the DDoS attacks began. Kamphuis maintains a Facebook page, in which he champions hosting services such as CyberBunker for providing open Net access, and he rails against Spamhaus for acting like an arbitrary authority. Like ‘The Mafia’ CyberBunker has said it will allow customers to host anything except “child porn and anything related to terrorism.” Spamhaus is backed by a variety of e-mail services, and experts have testified in court that many e-mail services would be rendered useless by the flood of spam if not for the organization’s efforts. But this massive wave of DDoS attacks — in which Web servers are overwhelmed by a flood of bogus traffic — broke some boundaries, according to Garth Bruen, an adviser to the consumer-oriented Digital Citizens Alliance. Bruen told USA Today that the attacks from CyberBunker were like “the kind of things we saw the mafia do to take control of neighborhoods 50 years ago.” He added that what was particularly “troubling” is that CyberBunker is a commercial ISP “working with shadowy figures in undisclosed locations.” Open DNS Resolvers The attacks have highlighted some ongoing weaknesses in the Internet’s infrastructure . Key among these are open Domain Name System resolvers, which allow attackers to engage in so-called DNS amplification. One of the weaknesses of open resolvers is that they do not authenticate a sender’s address before replying. This vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data . When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims’ servers — and possibly spill over and clog other parts of the Net. DNS servers are critical to the Internet as they translate alphanumeric-based Web addresses like “www.google.com” into the numeric IP addresses that computers can understand. The Spamhaus attacks reportedly utilized more than 30,000 unique DNS resolvers. There are efforts, such as the Open DNS Resolver Project, to convince DNS administrators to implement source address validation, among other actions, to eliminate open DNS resolvers as a Net-wide weakness. There are also calls for IT departments and individual PC owners to make a greater effort to scan their computers for signs of malware that could be hijacking their machines into becoming part of a botnet. Additionally, the Electronic Frontier Foundation and others have offered tips to small businesses on how to cope with DDoS attacks, if their sites become one of the direct or indirect targets. For DDoS protection click here . http://www.cio-today.com/story.xhtml?story_id=0020002HERPO&page=2

More:
Lessons Learned in Historic DDoS Attack on Spamhaus

iMessage DDoS attacks foreshadow a bigger threat

Over the last couple of days, a group of iOS developers has been targeted with a series of rapid-fire texts sent over Apple’s iMessage system. The messages, likely transmitted via the OS X Messages app using a simple AppleScript, rapidly fill up the Messages app on iOS or the Mac with text, forcing a user to constantly clear both notifications and messages. In some instances, the messages can be so large that they completely lock up the Messages app on iOS, constituting a ‘denial of service’ (DoS) attack of sorts, even though in this case they appear to be a prank. Obviously, if the messages are repeated an annoyingly large volume but don’t actually crash the app, they’re still limiting the use you’ll get out of the service. But if a string that’s complex enough to crash the app is sent through, that’s a more serious issue. The attacks hit at least a half-dozen iOS developer and hacker community members that we know of now, and appear to have originated with a Twitter account involved in selling UDIDs, provisioning profiles and more that facilitate in the installation of pirated App Store apps which are re-signed and distributed. The information about the source of the attacks was shared by one of the victims, iOS jailbreak tool and app developer iH8sn0w. “On Wednesday night my private iMessage handle got flooded with “Hi” and “We are anonymous” bulls**t,” iH8sn0w tells us. He immediately disabled that iMessage email and began tracking the sending email domain’s current ownership. iH8sn0w shared a proof-of-concept AppleScript with us that demonstrates just how easy it is to set up a recurring message that could saturate a person’s iMessage queue with items that would need to be cleared or read before any actions could be taken. Another iOS developer targeted, Grant Paul, shared some additional details about the attacks. “What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” Paul says. The second part of that, he explains, is that if a user sends a ‘complex’ text message using unicode characters that force a browser to render ‘Zalgo’ text, or simply uses a message that is enormous in size, them the Messages app will eventually crash as it fails to display it properly. This will effectively ‘break’ the Messages app on iOS by forcing it to close and stop it from re-opening because it can’t render that text.” The ‘send a big message to crash the app’ method has been known for a while, as we were able to locate a month-old public posting that detailed an accidental triggering of this. The solutions involve playing around with sending a regular message, then locking the phone and activating the message notification until you’re able to time it right to delete the message thread that’s causing the problem. This is the way that Paul was able to finally delete the complex text that was causing him problems. Several of the developers we spoke to noted that multiple ‘throwaway’ emails were being used to send the spam, so while a simple ‘block’ option might work for a casual spammer, they wouldn’t work for a determined harasser. iH8sn0w notes that there is a possibility that Apple will notice these bursts of messages and block the repetitive spamming. This appears to be the only real solution as Apple does not currently allow you to block a specific iMessage sender. Once your iMessage ID is out there, you’re unable to stop people from using it. And since the latest version of iOS unifies your phone number and emails, there’s a strong possibility that if a person can ferret out your email, they can spam you with this annoying or disruptive technique. The only recourse right now is to disable that iMessage handle entirely. And if they get your phone number, it’s likely you’ll have to turn off iMessage entirely, because you can’t just change your phone number at the drop of a hat. Thankfully, this doesn’t seem to be a widespread practice, but it’s not that hard to figure out, and the only real solution will be the introduction of a block setting for Messages and better spam detection by Apple. We have informed Apple about the technique used in these cases but it has not responded with more information. We will update the article if it does so. Source: http://thenextweb.com/apple/2013/03/29/imessage-denial-of-service-prank-spams-users-rapidly-with-messages-crashes-ios-messages-app/

Continued here:
iMessage DDoS attacks foreshadow a bigger threat

DDoS Attack Strikes American Express site

American Express confirms it was hit by a distributed-denial-of-service attack that disrupted online-account access for about two hours during the late afternoon on March 28. AmEx spokeswoman Amelia Woltering says the card brand is still investigating the attack. She did not confirm whether the strike was linked to Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group that’s been targeting U.S. banking institutions since mid-September. But that group claims credit for this attack, as well as an unconfirmed attack against Bank of America, according to updates posted to a blog and on Twitter March 28. “The Bank of America and American Express have gotten out of reach today due to Izz ad-Din al-Qassam group’s attacks,” the blog posting says. “The Qassam group’s attacks to these banks have caused the banks to be unable to offer service to their customers and this [will] lead to their protests.” The attack began about 3 p.m. ET on March 28, Woltering says, and caused intermittent disruptions. She says there is no evidence to suggest that customer data or account information was exposed or compromised during the attack. “Our site experienced a distributed-denial-of-service (DDoS) attack for about two hours on Thursday afternoon,” AmEx says in a statement. “We experienced intermittent slowing on our website that would have disrupted customers’ ability to access their account information. We had a plan in place to defend against a potential attack and have taken steps to minimize ongoing customer impact.” Big Week for DDoS The attack comes just days after news of the Spamhaus DDoS attack , which caused a ripple effect that adversely affected online activity.   That attack saw unprecedented traffic of 300 gigabytes per second, three to five times greater than the biggest attacks against U.S. banks, says Dan Holden, an online security expert for DDoS-mitigation provider Arbor Networks. Still, the European attack – a strike against The Spamhaus Project , a Geneva-based not-for-profit organization dedicated to fighting Internet spam operations – is not believed to be related to the attacks on U.S. banks. “The DNS reflection attacks [like the one used against Spamhaus] can consume a great deal of bandwidth, but they are different than what we’ve seen against the banks,” Holden says. “These guys would not be able to do the sophisticated, targeted attacks that are being launched against U.S. banks.” The attacks against U.S. banks, experts say, are much more complex and sophisticated, and their intensity has escalated in the last week. Earlier this week, TD Bank and Keybank confirmed their online banking sites had been hit by DDoS attacks, and industry experts say hacktivists’ attacks waged during this so-called third campaign are becoming increasingly sophisticated. Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group taking credit for attacks against U.S. banking institutions, in an update posted to the online forum Pastebin on March 26, says it most recently targeted BB&T, PNC Financial Services Group, JPMorgan Chase & Co., Citibank, U.S. Bancorp, SunTrust Banks, Fifth Third Bancorp, Wells Fargo & Co., and others. Since Feb. 25, when the group launched its third phase of DDoS attacks , weekly updates have appeared on Pastebin on Mondays and Tuesdays about previous-week targets. The hacktivist group says its attacks are in protest of a YouTube movie trailer deemed offensive to Muslims. For DDoS protection click here . Source: http://www.bankinfosecurity.com/ddos-strikes-american-express-a-5645

Read this article:
DDoS Attack Strikes American Express site

Wells Fargo warns of ongoing DDoS attacks

Wells Fargo warned on Tuesday that its website is being targeted again by a distributed denial-of-service (DDOS) attack. The bank said most of its customers were not affected. “For customers who are having difficulty accessing the site and mobile banking, we encourage them to try logging on again as the disruption is usually intermittent,” Wells Fargo said in a statement. Wells Fargo is one of several large U.S. banks that have been targeted by cyberattacks in the past six months. A group claiming responsibility for the attacks, the Izz ad-Din al-Qassam Cyber Fighters, said Wells Fargo is being targeted due to the continued availability online of a video clip that denigrates Islam. The 14-minute trailer, available on YouTube, caused widespread protests last September in predominantly Muslim countries. Google restricted viewing in countries including India, Libya and Egypt but kept it available in most countries because it didn’t violate the company’s guidelines. The Izz ad-Din al-Qassam Cyber Fighters wrote on Pastebin on Tuesday that it was also targeting Citibank, Chase Bank, SunTrust and others. The group drew up a mock invoice, calculating the cost to a bank of a DDOS attack at about US$30,000 per minute. It contained a formula for how much the banks should lose based on the number of times the offensive video has been watched. The group did not spell out how the attacks would cost the banks money or why it was attacking those banks. For DDoS protection click here . Source: http://www.itworld.com/security/349835/wells-fargo-warns-ongoing-ddos-attacks

Continued here:
Wells Fargo warns of ongoing DDoS attacks

Seal with Clubs goes down due to DDoS Attack

Bitcoin poker site, Seals with Clubs, was twice targeted by a Distributed Denial of Service (DDoS) attack this weekend – forcing it offline for three days. It is not known why the US-facing poker site was targeted for the DDoS attacks – in which multiple computer systems overload a single web site with incoming traffic – or who was responsible. The first attack started on Thursday evening (local time) when the site became inaccessible to regular players while those who were already logged in found that their games stalled and then the site crashed. Seal with Clubs´ CEO Bryan Micon was quick to re-assure players on the site that no accounts had been compromised and the Seals with Clubs Twitter account kept clients up to date with the progress of “Seal Team 6” as the site battled to get the software transferred to a new data centre. However, shortly after getting up and running on Sunday, Seals with Clubs was hit by a second, smaller DDoS attack which knocked out all the Sunday feature tournaments on the site. Protection Implemented Against Further Attacks [The first attack] was a large DDoS, very sophisticated and quite powerful enough to knock everything off, get an IP blackholed, all that good stuff, Micon said in a statement to PokerFuse.com. We have quickly, in the middle of the weekend, changed datacenters and have a new, beefier setup with all of our data intact and a sick DDoS protection layer. New software has also been integrated into the Seals with Clubs downloadable client to add further protection, and players have been advised that they will have to update their existing software to enable them to play on Seals with Clubs. An update to the Seals with Clubs Android App is also expected later today (Monday). The Seals are Back By late Sunday evening, Seals with Clubs was back online and saw more than 300 players on the cash game tables with several low-value tournaments under way. Due to the change of data centres, players who recently deposited into their accounts may have to wait until Monday to see the funds appear in the cashier; however facilities for getting Bitcoin funds out of players´ accounts are operating normally with withdrawal requests dealt with in a matter of hours. Players who were involved in poker tournaments at the time of the DDoS attack have been told that they will receive “generous refunds” in respect of their tournament buy-ins. Source: http://www.pokernewsreport.com/seal-with-clubs-gets-battered-in-ddos-attack-12029

Read more here:
Seal with Clubs goes down due to DDoS Attack

Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

The website of non-profit spam fighter Spamhaus is online again after a huge DDoS attack knocked it offline on Sunday, but attackers are continue to target another anti-spam sites that help ISPs combat spam from infected IP addresses. Spamhaus, which provides several anti-spam DNS-based blocklists and maintains the “register of known spam operations”, came under a huge DDoS attack on Sunday, which knocked its web server and mail server offline until Wednesday. Spamhaus spokesperson Luc Rossini on Monday denied a report that Anonymous was behind the attack and pointed to a “Russian criminal malware gang” as the source. On Tuesday Spamhaus sought cover from the attack with DDoS protection provider CloudFlare, which today reported the attack on Spamhaus reached a peak of about 75 gigabits per second. The attackers used a cocktail of DDoS attack methods, but the primary one that helped generate that volume of traffic was a “reflection attack”, according to Matthew Prince, CloudFlare’s CEO. “The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers,” Prince explained, noting that 30,000 open DNS resolvers were recorded in the attack, which used spoofed IP addresses CloudFlare had issued to Spamhaus. “The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers’ requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.” Source: http://www.cso.com.au/article/456917/anti-spam_spamhaus_up_again_after_75gbps_ddos_attack/

Read the original:
Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks