Tag Archives: denial of service attack

Hackers Used Imgur to Launch DDoS Attacks on 4chan

A Reddit user has uncovered a covert method of carrying DDoS attacks on 4chan’s infrastructure using images hosted on Imgur, via Reddit. According to Reddit user rt4nyp, who discovered the vulnerability, every time an Imgur image was loaded on the /r/4chan sub-reddit, over 500 other images were also loaded in the background, images hosted on 4chan’s CDN. Since traffic on 4chan is quite huge as is, getting some extra connections from Reddit pushed 4chan’s servers over the edge, crashing them several times during the day. Additionally, 8chan, a smaller 4chan spin-off, was also affected and suffered some downtime as well. Malicious code was being loaded with Imgur images Reddit user rt4ny was alerted that something was amiss when he noticed that Imgur images on Reddit were loaded as inlined base64 data. Taking a closer look at the base64 code, he observed that a small piece of JavaScript code was added at the end, which had no business being there. This code secretly stored the “axni” variable in the browser’s localStorage, which was set to load another JavaScript file from “4cdns.org/pm.js.” This is not 4chan’s official CDN, but a domain registered to closely resemble the real deal, which was taken down in the meantime. When refreshing the original image that loaded the “axni” variable, the malicious code would not be loaded again, a measure taken to avoid detection. Additionally, also to avoid detection, the JS file stored on “4cdns.org/pm.js” could not be loaded directly in the browser. Loading 500+ 4chan images inside a hidden iframe Analyzing the pm.js file, rt4ny found that it loaded an iframe outside the user’s view with the help of some clever CSS off-screen positioning tricks, inside which the hundreds of 4chan images were being loaded, along with a 142 KB SWF file. Imgur was contacted about this issue, and fixed it on the same day. “Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur,” said the Imgur team. “From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.” It’s a sad day for humanity when we see hackers combine the three best sites on the Internet to find cat GIFs into such wicked and immoral ways. Source: http://news.softpedia.com/news/hackers-used-imgur-to-launch-ddos-attacks-on-4chan-492433.shtml

See the original post:
Hackers Used Imgur to Launch DDoS Attacks on 4chan

Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

A month before Pakistan’s ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai’s financial district. Two large private banks, a retail brokerage and a state-owned lender faced a cyberattack from hackers across the border that seriously slowed down all online customer transactions. In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as ‘distributed denial of service’ or DDoS. Spread across the world, hackers, either sympathetic to lost causes or indulging in the game of extortion, virtually ‘take over’ thousands of computers in diverse destinations before unleashing a DDoS strike. As computers that are hacked into start behaving as robots – or, ‘botnet’ in cyberparlance, the hackers divert traffic from these terminals to clog the systems of targets like banks and even e-commerce firms. A bank that is invaded may be unaware of the attack and even take a while to sense that customers are struggling to put through a simple net banking fund transfer or credit card payment. The July attack On that day in July, it was no different. The financial institutions received advisory on the DDoS attack from the government’s Computer Emergency Response Team (CERT). Also, there were alerts that more attacks could follow over the next few hours, said a cybercrime expert. Speaking to ET on condition of anonymity , one of the senior most officials in the government’s cybersecurity establishment said, “There was an attack but this was effectively countered. Often these things are done with the intention to blackmail … But we have the systems to handle it. There have been finance ministry and RBI instructions to banks for taking necessary measures to protect against DDoS strikes.” According to cybersecurity head in one of the largest Indian banks, since April there have been several advisories from government agencies like CERT and National Critical Information Infrastructure Protection Centre on DDoS. “In a DDoS attack, if a bank can block the bogus traffic diverted by a hacker for the first 15 minutes, then the attacker typically moves away to a weaker target. But if an institution is unable to resist, then the attacker may demand ransom. Rogue hackers in places like Nigeria and East Europe want to be paid in Bitcoin. Since Bitcoin is based on what is known as block-chain technology, fund transfers leave no trail.” Safety measures As precaution, no bank, to begin with, should depend on a single internet service provider (ISP), he said. “Besides, banks are beginning to invest in anti-DDOS high-end appliances. Some are carrying out mock drills to test the technology. Here, a flood of traffic is diverted to banks’ own websites to figure out whether the ISP and banks’ internal cybersecurity teams are adequately alert,” said the banker who refused to be named. Until a hack attack is obvious, companies in India typically keep such incidents under wrap as regulators do not insist on mandatory reporting of security breach. Some of the US-listed Indian entities are even more reticent: Since a cyberattack is rarely disclosed due to fear that it could scare away customers, it becomes more difficult to admit the breach later. In DDoS attack, including the current one, there is no data compromise or cash theft. “The timing of the event suggests that it could be handiwork of some of the Pakistani hackers who may be located in the US and Europe. Typically, they are active before big festivals or in the run up to Independence Day or Republic Day. They have a specific point to prove,” said an ethical hacker, who advises several companies and agencies on cybersecurity . Types of hackers According to him, there are three broad types of hackers, differentiated by motives. First, the financially motivated cybercriminal, who are usually from Eastern Europe and are interested in stealing credit card information, or engage in identity theft etc. They are highly organized, infect thousands of systems across the globe in order to achieve their objectives, and even ‘rent’ access to an infected computer for an hourly fee for conducting DDoS. The second type are hacktivists or politically motivated hackers whose sole interest is in furthering a political agenda by defacing a site, or bringing a site down through DDoS attacks. Pakistani hackers fall in this category . The third and the most serious type are nation state attackers involved in corporate espionage. They gain access to competing companies in order to steal business strategy and intellectual property. Chinese hackers are well-known for this. Source: http://timesofindia.indiatimes.com/tech/tech-news/Prepare-a-new-dossier-Pakistans-cyber-Mujahideen-hit-India/articleshow/48739013.cms?

View post:
Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

No wonder the Pentagon has announced it’s working on a plan to fund tools and researchers to help organizations defend themselves against the pervasive threat of cyber assaults known as distributed denial-of-service (DDoS) attacks. In recent days, the agency said it’s looking to fund researchers who can come up with tools as part of a program starting next April that would, among other things, help organizations recover from DDoS attacks in a maximum of 10 seconds. And the acknowledgement of that hunt for researchers for the program, called Extreme DDoS Defense, arguably comes not a moment too soon. A few new industry reports are out that show the number of DDoS attacks is trending upward, even hitting new highs. Their provenance and targets take many forms – from organized, malicious hackers targeting sophisticated organizations to more isolated incidents where, experts say, the intent is to just find a weakness somewhere, anywhere. But the result is a kind of cyber blitz that’s growing in number and aggressiveness. New York Magazine was among those organizations recently hit by a DDoS attack, and at a critical moment. After publishing the blockbuster results of an interview with 35 women who’ve accused Bill Cosby of sexually assaulting them, the magazine’s website was knocked offline by what appeared to be a DDoS attack. Attacks like those, said Incapsula co-founder Marc Gaffan, are not only on the rise but “have essentially been going up for the last two years, quarter over quarter.” His company is a cloud-based application delivery service. According to another cloud services provider, Akamai Technologies, DDoS attacks were up 132% in the second quarter compared to the same period in 2014. During the period between April and June this year, Akamai’s research also found 12 attacks it described as “mega attacks” – which peaked at more than 100 gigabits per second and 50 million packets per second. What’s more, the company said, few organizations are able to mount a strong enough defense to keep attacks like that at bay. “The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter,” said John Summers, vice president of Akamai’s cloud security business unit. “Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.” Once upon a time, Gaffan said, the attacks were largely the work of hackers looking to make a name for themselves, to make some larger point or to go after a controversial target to inflict some degree of discomfort. “They’re also about extortion and ransom,” Gaffan said. “They can be used to stoke competitive feuds, as well as a diversion for a larger attack. When it comes to extortion, attackers are looking online for businesses who’d suffer significantly if their website is down. Most companies don’t pay the ransom. “Often, we also see ransom numbers so small, they try to make it low enough that it’s a no-brainer for organizations to pay. Companies also hire DDoS gangs to take competitors down. There was one organization that came to us and said, ‘We were attacked.’ Two minutes later, a competitor put on Twitter that they were going out of business, and that’s why their site was down.” Such attacks continue to be a costly problem for the organizations that end up as targets. The Q2 2015 Global DDoS Threat Landscape from Incapsula showed, of network layer DDoS attacks, the longest during the quarter lasted 64 days. A little more than 20% of all attacks lasted over five days. The report based its data on 1,572 network layer and 2,714 application layer DDoS attacks on websites using Incapsula services from March 1st through May 7th. According to the organization’s DDoS Impact Survey, an attack on average costs a business $40,000 per hour. Implications include the loss of consumer trust, data theft, intellectual property loss, and more, according to the report. The report went on to note the longest application layer attack it found lasted for eight straight days. The average duration stretched for just over two and a half hours. And in the second quarter, almost 15% of all application layer DDoS traffic came from China, followed by Vietnam, the U.S., Brazil and Thailand. “What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month,” the organization’s threat landscape report reads. “This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes.” Meanwhile, Arbor Networks Inc., a provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, found similar results. Its just-released Q2 2015 global DDoS attack data shows growth in the average size of attacks, with 21 percent of attacks during the quarter topping 1 gigabit per second. “One thing we see a lot of is just probing, just hitting the network as hard as they can to see where it will fall down,” said Gary Sockrider, principal security technologist at Arbor. “Another is where this is used for extortion. Where the business model is ok, now we’ve done this – pay us money.” Sockrider continued, “The lesson to take is this isn’t just a service provider problem. It’s no longer sufficient to leave it to deal with upstream. It’s everybody’s problem. You have to understand that threat, that you are a potential target, and bake that into your business resiliency planning.” Source: http://bgr.com/2015/08/31/ddos-attacks-report-2015-trends/

View post:
DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

BitTorrent patches reflective DDoS attack security vulnerability

A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks. The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks. According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem — which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request. Successful distributed denial-of-service (DDoS) and DRDoS attacks launched against websites flood domains with traffic, often leaving systems unable to cope with the influx and resulting in legitimate traffic being denied access to Web resources. The team said in a paper (.PDF) documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable. On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to “mitigate the possibility of such an attack.” Francisco De La Cruz, a software engineer from the uTorrent and BitTorrent team, wrote a detailed analysis of the attack and the steps the company has taken to reduce the risk of this vulnerability. The vulnerability lies within libµTP, a commonly used tool which can detect network congestion and automatically throttle itself — a useful feature when BitTorrent clients are being used on home networks. However, the way libµTP handles incoming connections allows reflectors to accept any acknowledgement number when receiving a data packet, which opens the doorway to traffic abuse. The success of a DRDoS relies on how much traffic an attacker can direct towards a victim, known as the Bandwidth Amplification Factor (BAF). The higher the BAF, the more successful the attack. In order to reduce the BAF ratio and mitigate the security issue, BitTorrent engineers have ensured a unique acknowledgement number is required when a target is receiving traffic. While this can still be guessed, it would be difficult and time-consuming to do so for a wide pool of victims. De La Cruz said: “As of August 4th, 2015 uTorrent, BitTorrent and BitTorrent Sync clients using libµTP will now only transition into a connection state if they receive valid acknowledgments from the connection initiators. This means that any packets falling outside of an allowed window will be dropped by a reflector and will never make it to a victim. Since the mitigation occurs at the libµTP level, other company protocols that can run over libµTP like Message Stream Encryption (MSE) are also serviced by the mitigation.” Regarding BTSync, BitTorrent says the severity of the vulnerability — even before recent updates were applied to the protocol — mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol’s design ensures that peers in a share are limited — keeping the potential attack scale down. According to the BitTorrent executive, the protocol therefore would “not serve as an effective source to mount large-scale attacks.” Averill commented: “This is a serious issue and as with all security issues, we take it very seriously. We thank Florian for his work and will continue to both improve the security of these protocols and share information on these updates through our blog channels and forums.” Source: http://www.zdnet.com/article/bittorrent-patches-reflective-ddos-attack-security-vulnerability/

Read the original post:
BitTorrent patches reflective DDoS attack security vulnerability

The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

DDoS attacks are often seen as a global phenomenon that affects ISPs and large datacentres. But the daily damage is done by much smaller attacks on vulnerable, sometimes poorly defended resources such as websites belonging to well-known organisations. The UK has had more than its fair share of such attacks with hacktivism and occasionally extortion the main motivations. Here we chart some of the worst attacks that have affected UK organisations in recent years. DoS attack on CMP Media (UBM) – 1998 Proof that simple denial of service (DoS) attacks (if not DDoS) are far from new, a disgruntled magazine subscriber decided to barrage the email server and fax machines of the UK tech publisher CMP Media (later sold to UBM) with enough traffic to cut the company off from the world for most of two days. The ISP identified the likely culprit but in 1998 denial of service attacks were a civil rather than criminal matter and remained so until 2006. LulzSec ‘”Tango down” DDoS attacks – 2011 The group that gave the Anonymous movement its UK brand, the small collection of mainly British youths that hid behind the LulzSec moniker loved their DDoS. Several big UK organisations were targeted but the attack that downed the Serious Organised Crime Agency (SOCA) website in June 2011 was probably the last straw. Alleged UK GCHQ DoS attack on Anonymous – 2011 In 2014 Britain hater and anti-NSA campaigning journalist Glenn Greenwald alleged that GCHQ Joint Threat Research Intelligence Group (JTRIG) unit launched DDoS attacks to disrupt chatrooms used by hacktivists from Anonymous and LulzSec. It was pointed out that this was really a targeted DoS attack and not an indiscriminate DDoS. Attack on the BBC by Iran – 2012 Downplayed at the time but what hit the Beeb on 2 March 2012 was anything but for those on the receiving end. Downed the BBC’s email server for a while, disrupted its Persian Service (hence the blame being attributed to Iran, which hates the Service’s output) and even overloaded its exchange with large numbers of phone calls. DDoS attack on Oxford and Cambridge universities – 2012 A single 20-year old individual – later imprisoned for a range of cybercrimes – was blamed for the DDoS attacks on Oxford and Cambridge University that disrupted their websites for a period of days in 2011 and 2012. It was never clear why the named man attacked the universities but the ease with which one person could cause so much trouble for large institutions was noted at the time. DDoS on 123-reg domain registrar – 2012 A sign that DDoS attacks could take on even big Internet-facing businesses, in May 2012 the UK’s largest domain registrar was hit with enough traffic to take its site down for a reported 15 minutes with further problems throughout the day. Rivals were also targeted as crybercriminals tested their latest techniques against well-defended businesses. Spamhaus 325Gbps super-DDoS – 2012 The massive 325Gbps DDoS attack on UK anti-spam organisation Spamhaus remains probably the second or third largest of all time and was even ridiculously said to have ‘slowed the Internet’. Later blamed on Dutch national Sven Kamphuis, the Spamhaus attack was the first to use a technique called DNS amplification to such sensational effect. Julian Assange hacktivists turn on MI5 – 2012 Wikileaks’ founder Julian Assange was briefly a focus for anti-corporate rage, and his pursuit by the UK, the US and Sweden over rape allegations promoted a series of hacktivist DDoS attacks in late 2012. Predictable they might have been but also surprisingly successful – MI5’s public website was put out of action for several hours. Manchester casino extortion attack – 2013 A rare publicised example of DDoS in the service of extortion, the attack on a Manchester-based online casino came after the business refused to pay the owner refused to hand over half the business to Polish nationals Piotr Smirnow and Patryk Surmacki. The pair were eventually arrested at Heathrow Airport tying to leave the country and later jailed. Raspberry Pi Foundation DDoS – 2013 Not everyone likes the Raspberry Pi people it seems including a “lone sociopath” with issues. The individual concerned launched a flurry of bizarre grudge DDoS attacks on its website, with some success. The attacker even targeted a group of teens working on a 48-hour Python hackathon using RaspBerry Pis. The Foundation beat the attacks with the help of an understanding ISP. Carphone Warehouse data breach DDoS – 2015 In July 2015, major UK smartphone retailer Carphone Warehouse suffered a serious data breach which, it later transpired, might have been aided using a DDoS ‘distraction’ attack. Up to one in five DDoS incidents are later found to be part of a data theft snatch in which IT staff are occupied fending off the DDoS, giving attackers more opportunity to sneak in and out. Mumsnet DDoS attack by @DadSecurity – 2015 Who would attack a site as apparently innocuous as Mumsnet? In what must rank as the oddest ideological attack of recent times, a campaign group called ‘@DadSecurity’ is suspected of doing just that as part of a wider campaign of nuisance that included having an armed police team dispatched to the house of founder Justine Roberts. Came after earlier data breach in 2014. Source: http://www.techworld.com/picture-gallery/security/uks-12-worst-ddos-attacks-hacktivism-extortion-plain-malice-3623767/#12

Continue reading here:
The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

Teen nabbed after attacks on UK government and FBI sites

His lawyers claim that their client was only on the “periphery” of a conspiracy to take down UK government and FBI sites, but a UK teen who didn’t mind boasting online about those crimes now faces the possibility of jail time. Charlton Floate, 19, of Solihull, England, already admitted to three counts of computer misuse under the Computer Misuse Act and three counts of possessing prohibited images at Birmingham Crown Court. The attacks took place in January 2013, when Floate and a team of other cyber criminals crippled government sites with deluges of digital traffic sent from malware-infected computers. Such computers are often called zombie computers, and they’re widely used in botnets to gang up on sites with what’s known as a distributed denial of service (DDoS) attack. The gang managed to knock out the UK’s Home Office site – a heavily used site that provides information on passports and immigration among other things – for 83 minutes. The group also took down an FBI site – that allowed users to report crime – for over five hours. The prosecutor, Kevin Barry, reportedly said that in November 2012, Floate carried out two test runs, remotely attacking the computers of two men in the US. Floate uploaded a sexually explicit video to YouTube to “mock and shame” one of his victims, and he “taunted” the other victim about having control of his computer. Modest, he was not – Floate also reportedly bragged about the government site attacks on Twitter and on a forum frequented by hackers. Judicial officer John Steel QC rejected Floate’s legal team’s contention that he was on the “periphery” of the cyber gang, saying that evidence pointed to his actually being central to the crimes, including organizing the attacks. He said Floate was “clearly a highly intelligent young man”, who had become an expert in computer marketing, had written a book on the subject, and succeeded in taking down an FBI.gov website – what he called the “Holy Grail” of computer crime: A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved. He was the person who instituted such attacks and assembled the tools and personnel for doing so. The Holy Grail it may be but in this case I beg to differ about how successful Floate was in getting his hands on it. A DDoS attack isn’t a form of sophisticated lock picking, it’s just a noisy way to board the door shut from the outside. Floate may well be bright but he stumbled once, and that’s all that investigators needed. Namely, he used his own IP address – he worked out of his mother’s home – to check up on how the attacks had gone. Police traced the address to Floate’s mother’s home, where they seized Floate’s computer and mobile phone. They also found evidence that he’d tried to recruit others into the gang and that he’d discussed possible weaknesses in certain websites as well as potential future targets – including the CIA and The White House. Sentencing was adjourned until 16 October, pending a psychiatric report. Floate is currently remanded on conditional bail. Steel said he hadn’t yet made up his mind about sentencing but added there’s “clearly potential for an immediate custodial sentence” and that Floate “should be mentally prepared for it.’ Source: https://nakedsecurity.sophos.com/2015/08/24/teen-nabbed-after-attacks-on-uk-government-and-fbi-sites/

Carphone Warehouse hackers used DDoS attack as smokescreen

Hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4 million people, according to sources with knowledge of the incident. The retailer revealed at the weekend that its security had been breached in a “sophisticated” attack. It is now thought that criminals used a cyber attack technique known as Distributed Denial of Service (DDoS) as a cover to help them infiltrate the retailer’s systems and perpetrate one of Britain’s biggest ever data thefts. To mount a DDoS attack, a global network of hijacked computers, known as a botnet, is used to bombard the target computers with traffic, overloading them and potentially forcing them offline. The ensuing technical problems can serve as a distraction for security staff, allowing hackers to exploit software vulnerabilities or stolen administrator credentials to break into systems and extract data undetected. A source with knowledge of the attack on Carphone said its online retail systems had come under bombardment before the major data theft was noticed on Wednesday last week. The millions affected are customers of OneStopPhoneShop.com , e2save.com and Mobiles.co.uk , as well as Carphone and its own mobile operator, iD Mobile. The systems broken into also held data for Talk Mobile and TalkTalk Mobile, the retailer said. Victims were advised to ask their bank to be on the lookout for suspicious activity, although on Monday there were no verified reports of fraud using the stolen data, sources said. Hackers who steal personal data often sell it in bulk on digital black markets to other criminals who seek to use it to commit fraud. According to internet security experts, criminals are increasingly using DDoS attacks to disguise their intrusions. In the most famous case, in 2011, Sony’s PlayStation Network, an online gaming service, was shut down for weeks after the personal and financial details of 77 million customers were stolen. The chief of the PlayStation division told the US Congress that a simultaneous bombardment of traffic against the network “may have made it more difficult to detect this intrusion quickly”. Subsequent examples of DDoS smokescreens include a 2012 attack on a bank during which card date was stolen and $9m drained from accounts via cash machines around the world. A warning that online bombardment can be a “diversionary tactic” for fraudsters is now part of official cyber security advice to US banks. Carphone Warehouse, which is contacting customers affected and co-operating with police and the Information Commissioner’s Office, declined to comment. Source: http://www.telegraph.co.uk/finance/newsbysector/epic/cpw/11794521/Carphone-Warehouse-hackers-used-traffic-bombardment-smokescreen.html

See the original post:
Carphone Warehouse hackers used DDoS attack as smokescreen

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International DOTA 2 tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

In what it said was support for the ongoing curriculum protests, hacker group Anonymous Asia yesterday launched a third wave of distributed denial of service (DDoS) attacks against the Web sites of two political parties and a government ministry. The Web sites of the New Party, Chinese Nationalist Party (KMT), the KMT Taipei branch office and the Ministry of Economic Affairs were attacked for more than an hour. According to reports by Storm Media Group, Anonymous launched its first wave of DDoS attacks under the name “Anonymous #Op Taiwan” on Friday last week by locking down the Presidential Office and Ministry of Education Web sites for five hours. A notice released by the group said: “We are everywhere and nowhere. Taiwan’s police are not exempt [from our attacks], and all police must take responsibility for this incident. We cannot permit the use of violence or pepper spray on peacefully demonstrating people. When you hurt the Taiwanese people, revenge will be sought. We cannot forget, support us and the corrupt officials will be afraid of us. Taiwan’s government, expect us.” On Sunday, the group launched a second wave of DDoS attacks against the Ministry of Education, the Ministry of National Defense, the National Academy of Educational Research and CtiTV, a television station generally sympathetic toward the KMT, the report said. In a Facebook post on Sunday, New Party Chairperson Yok Mu-ming (???) said the DDoS attacks were serious national security concerns. “Do we not see China as our enemy and try to prevent Beijing hacking our Web sites? What I’m seeing now is like the opening salvoes of a Taiwanese civil war,” Yok said. Yok called on the public to put pressure on the Presidential Office and National Security Bureau to look into the attacks and find out who was behind them. “We must know if the motives are against curriculum changes or if there are other ulterior motives,” he said. Shortly after Yok’s Facebook post the New Party Web site was hacked. Anonymous Asia said on Facebook: “Yok Mu-ming, are you looking for us? Here we come.” Anonymous Asia is a loose coalition of hackers and Internet activists. The group describes itself as “an internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives” and has been known for high-profile public DDoS attacks on government, religious, and corporate Web sites. Source: http://www.taipeitimes.com/News/taiwan/archives/2015/08/04/2003624588

More here:
Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

FBI to Banks: DDoS Extortions Continue

Don’t Pay Attackers or Scammers, Security Experts Warn Numerous firms across the financial services sector – and beyond – continue to face a variety of distributed-denial-of-attack and data breach extortion attempts. Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data. Richard Jacobs, assistant special agenct in charge of the cyber branch at the FBI’s New York office, reports that the bureau continues to see a large number of related shakedown attempts, with attackers in April making DDoS extortion threats against more than 100 financial firms, including some big banks and brokerages, MarketWatch reports. Some firms have reportedly been hit with demands for tens of thousands of dollars, and the FBI says that some victims do pay, even though attackers might never have followed through on their threats. Likewise, the payoff sometimes leads attackers to blackmail victims for even more money. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs tells Marketwatch. Attacks on the Rise This is far from a new tactic for criminals operating online, and law enforcement experts have long warned organizations to not accede to attackers’ demands. “Extortion types of attacks have always been around,” says information security expert Brian Honan, who heads Dublin-based BH Consulting and also serves as a cybersecurity advisor to Europol. “They were quite popular during the 1990s and early 2000s, waned for a while, but are now gaining popularity again with criminals. We are seeing a rise in such types of attacks both in the U.S. and in Europe.” Large financial institutions in particular appear to be getting singled out by blackmailers, says financial fraud expert Avivah Litan, an analyst at the consultancy Gartner. “The large banks are under an onslaught of [such] attacks; the smaller banks, I hear mixed things from,” she says. But banks don’t talk about such attacks much, she adds, “because no one wants the public to know that they’re being extorted.” The growth of such shakedown attempts has been driven in part by the increasing availability and ease of use of DDoS-on-demand services, Litan says. “It’s always been easy to get DDoS attacks, but now it’s just more organized, more readily available, and you can say, ‘I want to do it against these particular U.S. banks or U.K. banks,’ for example,” she says. Sometimes, attackers do follow through on their threats by executing DDoS disruptions or leaking data. Earlier this year, for example, a hacking team calling itself “Rex Mundi” demanded a payment of 20,000 euros ($21,000) from French clinical laboratory Labio, or else it would release people’s blood test results. When Labio refused to pay, the hackers dumped the data. The “Pedro Batista” Scam But at least some of these shakedown attempts appear to be little more than bluster. For example, one threat researcher – speaking on condition of anonymity – reports that in recent months, an apparently Portugal-based attacker or middleman named “Pedro Batista” has attempted to extort both the Federal Savings Bank, plus the Industrial Bank in China. Batista claimed in an email – sent to the researcher – to have obtained root access to an FSB MySQL database, which supposedly contained extensive information about the firm’s clients. For the Industrial Bank of China, Batista also claimed to have stolen a database containing employees’ salaries, plus usernames and passwords. Neither of those firms responded to Information Security Media Group’s queries about whether they could confirm having received blackmail notices from Batista, or if they had given in to the extortion demands. But Mikko Hypponen, chief research officer at F-Secure, says the Pedro Batista shakedown is a scam. “Since 2013, an individual using this name has been contacting security experts, offering vulnerabilities or leaked databases for sale,” he tells Information Security Media Group. “Those that have kept up the communication with him have found out that he had no goods or very little goods to actually deliver. He might be able to do some SQL injections to gain partial access to some information, but for the most part, this seems to be some kind of a scam operation.” How To Respond: 5 Essentials Organizations can simply ignore those types of scams, security experts say. But dealing with DDoS threats requires a more structured response, says Honan, who offers the following recommendations: React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats. Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help. Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate. Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits. Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business. Litan likewise advocates technical planning as the primary way to defend against threatened or in-progress DDoS attacks. Furthermore, if an organization’s DDoS defenses do fail to mitigate the attack, she says an excellent fallback strategy is to redirect customers to a backup site that attackers don’t yet know about. “If you are under attack, you have a miniature website set up that you can immediately redirect your customers to, with most of the functions on the site, so you don’t have to deal with extortion attempts – go ahead and DDoS me, it doesn’t matter,” Litan says. “Some of the large banks have done that, and it has worked effectively.” Above all, Honan says that on behalf of all would-be victims, no targeted organization should ever give in to extortion attempts. “Needless to say, you should not pay the ransom, as you have no guarantee the criminals will not attack you anyway, or that other criminals may target you in the future,” Honan says. “And by paying the demands you simply motivate the criminals to carry out similar attacks against you and others.” Source: http://www.bankinfosecurity.com/fbi-to-banks-ddos-extortions-continue-a-8446

More here:
FBI to Banks: DDoS Extortions Continue