Tag Archives: development

NATO websites hit by DDoS attack

Hackers brought down several public NATO websites over the weekend in what appeared to be the latest escalation in cyberspace over growing tensions over Crimea. A spokesperson for the Western military alliance said the cyber attacks had begun on Saturday evening and continued on Sunday, although most services had now been restored. “It doesn’t impede our ability to command and control our forces. At no time was there any risk to our classified networks,” another NATO official said. NATO’s main public website, which carried a statement by Secretary-General Anders Fogh Rasmussen saying that Sunday’s referendum on Crimea’s status would violate international law and lack legitimacy, worked intermittently. The distributed denial of service (DDoS) attack also hit the site of a NATO-affiliated cyber security centre in Estonia. NATO’s unclassified email network was also affected. A group calling itself “cyber berkut” said the attack had been carried out by patriotic Ukrainians angry over what they saw as NATO interference in their country. The claim, made at www.cyber-berkut.org, could not be independently verified. “Berkut” is a reference to the feared and now disbanded riot squads used by the government of ousted pro-Russian Ukrainian President Viktor Yanukovich. Cyber warfare expert Jeffrey Carr, in a blog on the attacks, described cyber berkut as staunch supporters of Yanukovich and a “pro-Russia hacktivist group working against Ukrainian independence”. Lungescu noted the statement but said due to the complexities involved in attributing the attacks, NATO would not speculate about who was responsible or their motives. “Kicking sand” John Bumgarner, chief technology officer at the non-profit research institute US Cyber Consequences Unit, said initial evidence strongly suggested the attacks were launched by pro-Russian sympathisers. “One could equate these cyber attacks against NATO as kicking sand into one’s face,” he said. Crimeans voted in a referendum on Sunday on whether to break away from Ukraine and join Russia, with Kiev accusing Moscow of rapidly building up its armed forces on the peninsula in “crude violation” of an international treaty. The website for the Crimea referendum said on Sunday it had come under cyber attack overnight, although it appeared to be working on Sunday. Cyber attacks on NATO’s computer systems are common, but a NATO official said the latest one was a serious online assault. Ian West, director of NATO’s cyber defence nerve centre at Mons in southern Belgium, said last year that the alliance’s network intrusion detection systems handled around 147 million “suspicious events” every day and around 2500 confirmed serious attacks on its computers in the previous year. Tensions between Moscow and the West have been rising steadily since Russia intervened following the ouster of Yanukovich. Ukrainian and Russian websites have both been targets for cyber attacks in recent weeks but this appeared the first major attack on a Western website since the crisis began. Suspected Russian hackers used DDoS attacks to cripple websites and services in Estonia in 2007 during a dispute over a war memorial, and against Georgia during its brief 2008 war with Russia. Moscow denied orchestrating such attacks, saying they were simply carried out by independent patriots. Groups calling themselves cyber berkut have attacked several Ukrainian websites in recent weeks, computer security experts say. Source: http://www.itnews.com.au/News/375271,nato-websites-hit-by-ddos-attack.aspx

View post:
NATO websites hit by DDoS attack

NATO websites hit by cyber attacks

A number of NATO websites have been hit by cyber attacks, but they have had no impact on the military alliance’s operations, a NATO spokeswoman said. The attacks, which affected NATO’s main website, came amid rising tensions over Russian forces’ occupation of Ukraine’s Crimea region where a referendum is to be held on Sunday. NATO spokeswoman Oana Lungescu said on Twitter that several NATO websites have been the target of a “significant DDoS (denial of service) attack.” She said there had been no operational impact and NATO experts were working to restore normal function. Source: http://www.itv.com/news/update/2014-03-16/several-nato-websites-hit-by-ddoscyber-attacks/

View original post here:
NATO websites hit by cyber attacks

162,000 reasons to tighten up WordPress security

“Cyber-criminals continue to innovate and find vulnerabilities to exploit for their criminal activity” says Lancope CTO Tim Keanini. 162,000 reasons to tighten up WordPress security WordPress may be one of the most popular website systems used to publish on the Internet, but its open source nature – and consequent security challenges – have been highlighted this week after around 160,000 WordPress sites have apparently been used as DDoS zombies. Security research firm Securi reports that the WordPress pingback option – which allows WordPress sites to cross-reference blog posts – has been misused in recent times by unknown hackers to launch large-scale, distributed denial-of-service (DDoS) attacks. The attack vector used is not unknown as, back in the summer of last year, Incapsula reported that one of its clients was targeted in a pingback DDoS attack involving 1,000 page hits a second. Securi says it has been monitoring a swarm attack involving more than 162,000 WordPress sites and collectively generating many hundreds of IP requests to a single WordPress site. Whilst Daniel Cid, Securi’s CTO, has declined to identify the site, this suggests the attack may have been a proof-of-concept trial. On a technical level, the attack vector exploits an issue with the XML-RPC (XML Remote Procedure Call) code within WordPress and which is used for pingbacks, trackbacks and remote access from mobile Web browsers. SCMagazineUK.com notes that WordPress has known about the issue for several years, but the problem is that it a key structural issue with WordPress’s kernel architecture. Despite this, WordPress development teams have changed the default setting of sites to operate with a Web cache, meaning there is less load placed on the hosting server concerned. The hackers, however, have generated fake website addresses within their IP calls, so bypassing the web cache. Securi’s CTO says he been talking to WordPress developer teams about the issue, who are reportedly investigating a workaround. Tim Keanini, CTO of Lancope, said that the structural natures of the issue mean that it is not something that will ever go away. “Think of it as a supply chain and these criminals need compromised connected computers for their botnets – if you are connected for whatever reason to the Internet, you are a part of this supply chain,” he said, adding that cyber-criminals continue to innovate and find vulnerabilities to exploit for their criminal activity. To add to this, he explained, we – as Internet users – continue to put insecure devices on the Internet and with the Internet of Things ramping up, he warns there is just no end to the supply of targets. “What we need to do is to focus on the precision, timeliness, and leadership through these crisis – not the fact that they will just go away. They are here to stay and a part of doing business in the Internet age. When these events happen, what does leadership look like that provides business continuity and restores customer confidence? That is the question we need to be asking because hanging your head in shame does no one any good,” he said. Sean Power, security operations manager with DDoS security vendor DOSarrest, said that the vulnerabilities in old versions of WordPress mean that hackers can exploit them to be used for DDoS attacks. “This is nothing new – in fact, it was first recognised back in 2007. Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks,” he said. “The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners,” he added. Power went on to say that this a prime example of how users aren’t regularly performing updates to their websites – “because if they were, we wouldn’t still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw.” Source: http://www.scmagazineuk.com/162000-reasons-to-tighten-up-wordpress-security/article/337956/

See original article:
162,000 reasons to tighten up WordPress security

WordPress USED AS ZOMBIE in DDoS attacks

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security experts discovered that the attack traffic was coming from WordPress sites with pingbacks enabled on blog posts, which is on by default. Pingbacks allow automatic backlinks to be created when other websites link to a page on a WordPress blog. The problem can be fixed by installing a simple plugin, as explained by Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. “Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites,” Cid explains. “Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused.” Sean Power, security operations manager for DOSarrest, a DDoS mitigation technology services firm, said the attack relied on exploiting vulnerabilities in old versions of WordPress. This type of issue has been known about since 2007 and the specific problem abused in the latest run of attacks was fixed more than a year ago in a WordPress core release in January 2013. “Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks,” Power explained. “The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners. “This is a prime example of how users aren’t regularly performing updates to their websites, because if they were, we wouldn’t still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added. WordPress is an open source blogging platform and content management system (CMS) that’s used by millions of websites across the interwebs. Source: http://www.theregister.co.uk/2014/03/12/wordpress_vuln_creates_botnet_army/

View the original here:
WordPress USED AS ZOMBIE in DDoS attacks

DDoS Attacks Still a Significant Threat

It’s an attack vector that’s been around ever since the Internet became a valuable business tool. Distributed Denial of Service, of DDoS, attacks are still one of the most prevalent threats facing businesses today. There are reports suggesting that DDoS attacks are on the rise and that the Internet’s DNS infrastructure – critical for the operation of the Internet – remains vulnerable and a significant target. Jag Bains, the CTO at DOSarrest Internet Security, spoke to us about DDoS attacks and what can be done to mitigate their impact. When we spoke with Michael McKinnon from AVG at the Tech Leaders forum in Queensland earlier this year, he said “So much damage is being done, for example, through spoof traffic. If most major network providers were responsible enough to stop traffic from leaving their networks that they knew were coming from IP addresses they weren’t responsible for then we would have spoof traffic on the Internet and cut down networks responsible for this kind of damage”. I asked Bains what could be done to prevent DDoS attacks from being a viable attack vector and whether there was a benefit for network operators to not block the attacks. “They’re not doing it from a revenue opportunity. One guy’s server is compromised for a few days and it flips out a huge bill. But, it’s too much of a headache [for telcos] to make it a revenue stream’” said Bains. “The big guns behind some of these attacks are occurring out of data centres that have compromised servers or hosting networks with compromised servers,” he added. Although it is possible to block spoof packets coming from a network, this would not be as straightforward as it sounds. Bains suggested that there would be significant cost. “It comes at a CPU cost to your routers. You’re dealing with high traffic volumes that might create a different type of bottleneck,” said Bains. I challenged Bains on this, noting that Moore’s Law will take this year’s bottleneck and make it insignificant in a short time. In fact, if we’d taken action like this against DDoS attacks a decade ago there would be little need to suffer these attacks. “Let’s say we did that and it might help to stem these tidal wave attacks. But that doesn’t mean DDoS would have been thwarted. One of the most interesting things in the DDoS arena is the rise of application attacks coming from legitimate sources,” he said. As well as their use to cripple companies and use as a form of ransomware – it’s not unknown for gambling operators in unregulated markets to use DDoS attacks to either cripple or ransom their competition – they can be used to manipulate financial markets. According to Bains the recent Mount Gox attack, that resulted in losses of hundreds of millions of dollars of Bitcoin, was at least partly a DDoS attack. “Hammering the exchange affected stability. Prices lowered and couldn’t come back up and they were using it to influence the peaks and troughs,” he said. “It’s a tool that’s crude in its intentions but highly effective”. Bains’ company, DOSarrest claims to have a solution. Their software can shift the traffic from a DDoS attack to a server environment that is specifically designed to deal with the attack. “All users have to do is change their DNS record to point to one of our IPs. We’re able to take the DOS attack out of hosting the network, bring it to a topology or infrastructure that is groomed specifically for that only”. What’s clear is that DDoS attacks are here to stay and that there is no silver bullet that will prevent their occurrence. However, it is possible to mitigate the damage they can do. Source: http://www.cso.com.au/article/540163/ddos_attacks_still_significant_threat/?fp=4&fpid=959105

View the original here:
DDoS Attacks Still a Significant Threat

Mt. Gox hit by massive DDoS attacks

Mt. Gox K.K., the collapsed trading platform for the bitcoin digital currency, came under so-called distributed denial of service (DDoS) attacks aimed at shutting its servers by overloading them with massive volumes of data in early February, it has been learned. Also between February and earlier this month, bitcoin exchanges in Canada and Slovenia were hit by similar attacks, indicating such cyber-attacks have been launched on a global scale. According to sources, the Tokyo-based Mt. Gox was struck by cyber-attacks aimed at stealing bitcoins beginning Feb. 7 by exploiting security shortfalls in its system. Separately, it came under major DDoS attacks, with the system accessed 150,000 times per second. The attacks mostly from servers in the United States and Europe continued for several days. The company suspended bitcoin withdrawals on Feb. 10. DDoS attacks often hijack a large number of computers with viruses. According to the sources, perpetrators often launch such attacks to steal data when a company tries to mend defects in its system. Although the DDoS attacks failed to shut down Mt. Gox’s system, subsequent attacks targeted flaws in its system, stealing a massive amount of bitcoins. In mid-February, a Slovenian bitcoin exchange temporarily suspended trading due to a system glitch caused by cyber-attacks. A Canadian bitcoin exchange announced that it has lost 896 bitcoins, the equivalent of ¥60 million, due to cyber-attacks, while another exchange reported that more than 12 percent of its bitcoin holdings was stolen. “[The attacks] are probably launched by multiple hackers who want to boast they broke into the bitcoin systems,” said Tetsutaro Uehara, a professor of information security at Ritsumeikan University. “DDoS attacks can be done without high-level hacking techniques. It is possible that copycats turned their eyes on other exchanges after weaknesses in Mt. Gox’s system were found.” One week after Mt. Gox filed for bankruptcy protection, the bitcoin community is still puzzled over what exactly caused the company to go under. What are believed to be in-house documents of Mt. Gox, including a draft detailing the purported theft, are circulating on the Internet. Around Feb. 25, before the company suspended business, English documents titled “Crisis Strategy Draft” reporting 744,408 bitcoins had been stolen were posted on the Internet. The damage was almost the same as the figure cited by the company when it collapsed. Earlier this month, a self-proclaimed Russian hacker posted audio recordings of alleged conversations between Mt. Gox Chief Executive Officer Mark Karpeles and a Japanese megabank official, who urged him to close the company’s account in the bank. According to sources, the recordings are believed to be genuine. The “Russian hacker” also posted the design chart of the Mt. Gox computer system. A ‘genuine geek’ Source: http://the-japan-news.com/news/article/0001103726

More:
Mt. Gox hit by massive DDoS attacks

DDoS Attacks May Be Entering a New Era

It seems cybercriminals are no longer content just to bring down Web sites with their distributed denial-of-service (DDoS) attacks. Now, these cybercrooks are demanding ransom from Web site owners to call off their DDoS assaults, leaving victims between a rock and a hard place — either pay up or watch their sites go dark. Distributed denial-of-service (DDoS) attacks are booming, and may be reaching new levels that include more blackmail. According to recent reports, we could be entering a new phase of site attacks. Prolexic, a security firm, issued a report this month that said attacks in general, in particular DDoS, were up 32 percent in the last year over 2012. DDoS attacks generally utilize networks of hijacked computers, which then bombard targeted Web sites with requests that overwhelm them, causing the sites to crash. While such attacks have been common for years, new benchmarks are appearing. In February, security firm Cloudfare reported that it recently helped protect one of its clients against the largest DDoS attack on record. The unnamed Web site, according to Cloudfare, was subjected to 400 gigabytes per second, nearly a third larger than the 2013 attack on antispam Web site Spamhaus. The Spamhaus attack, also fended off by Cloudfare, had been the largest on record to that point. $300 Ransom Last month, domain registration company Namecheap reported it had been assaulted by a coordinated attack on 300 of its registered sites. This week, social networker Meetup.com said attackers demanded a $300 ransom in exchange for calling off a DDoS attack. The site refused, and was brought down for several days, including over the Oscars weekend when many Meetup users scheduled get-togethers. In a blog post, CEO Scott Heiferman said that his company did not want to negotiate with criminals, especially since the low ransom demand apparently meant the attackers were amateurs who might be encouraged to engage in more such efforts. Reportedly, such ransom demands, especially when no user confidential data is involved, are not uncommon but are not frequently made public. A New Era Has Dawned Lawrence Orans, research vice president at industry research firm Gartner, told us that we may indeed be in a new era. He said, “[The] DDoS attack landscape changed in September, 2012, when attackers began to launch attacks using botnets of compromised servers, instead of botnets of compromised PCs.” He added that these server botnets enabled attackers to launch more powerful attacks, and the key event in that month occurred when cyberattacker group Izz Ad-Din Al Qassam “started to launch attacks, using botnets of servers, against major North American banks.” A report late last year from the Ponemon Institute said that nearly 20 percent of U.S. data center outages resulted from organized attacks on Web sites. Orans noted that DDoS attacks can span from several hours to several days, and ISPs are currently charging “a 15 percent premium over bandwidth costs to offer a ‘clean pipe’ service to monitor and mitigate against DDoS attacks.” Some estimates peg the average cost of a DDoS outage at about $630,000. To counter this, Orans said that enterprises in verticals commonly targeted for DDoS attacks “should consider specialty DDoS mitigation providers,” or DDoS mitigation services provided by ISPs. Source: http://www.toptechnews.com/news/DDoS-Attacks-Entering-a-New-Era/story.xhtml?story_id=0120013PJXVC

Original post:
DDoS Attacks May Be Entering a New Era

26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

A man was sentenced to probation after being convicted for Distributed Denial of Service (DDoS) attacks as a result of Group-IB and the The Ministry of the Interior (MVD) collaboration work. Group-IB assisted in the investigation, collection, preservation and identification of digital evidence. The criminal business owner turned out to be a 26-year-old resident of the Sayansk-city, Irkutsk region. The reason for the investigation was an attack on a large financial corporation, which owns several banks. Since the recourse to the Group-IB up to the moment of the attacker arrest there were record-breaking short terms – all of the work was done within a month. The criminal used underground hacking forums to find clients by posting advertisements for DDoS services. Russians, citizens of  the CIS, Britons and many others ordered his services regularly. Group-IB’s evidence said a man used the Dragon botnet to launch the attacks. In autumn 2012, authorities had arrested the suspect in Sayansk, Ziminsk district. During the investigation, the accused pleaded guilty and showed detailed process of launching cyber-attacks. Group-IB computer forensic experts proved the guilt of the arrested in committing a series of cybercrimes.  A Sayansk city court judge rendered a guilty verdict against 26-year-old man for unauthorized access to computer information and was condemned to two years of conditional sentence. The Group-IB experienced experts explained that such attacks are common now as a result of unfair competition between companies. “Commercial organizations should think about DDoS protection,” said Dmitry Volkov, Head of the Group-IB Investigation Department. “However, if the incident has already occurred, the Group-IB is ready to conduct a full and independent investigation and find the attacker using forensic methods and tools.” Source: http://www.digitaljournal.com/pr/1776830#ixzz2vCwNMKJi

Continued here:
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

DDoS cyber attacks get bigger, smarter, more damaging

Crashing websites and overwhelming data centers, a new generation of cyber attacks is costing millions and straining the structure of the Internet. While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks. Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks. On February 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far. At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare. The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments. [ID:nL2N0LG1Y8] On February 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February. In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters. DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours. A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centers from just 2 percent in 2010. The average cost of a single outage was $630,000, it said. “It’s really a game of cat and mouse,” said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites. “I’d like to say we are ahead, but I just don’t think it’s true.” As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective. The aims of attackers include extortion, political activism, providing distraction from data theft and, for “hobbyist” hackers, just testing and showcasing their skills, security experts say. Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge. HIJACKING PRINTERS, SMARTPHONES Many attacks, however, appear to be homegrown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the United States, followed by China, Thailand, Britain and South Korea. As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google’s Android operating system, which by the third quarter of 2013 accounted for more than 80 percent of new phones. Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers. Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralyzed the Saxony government website. DDoSarrest says some of the most recent attacks it has dealt with were on U.S. universities and largely blamed on students showing off or protesting against high tuition fees. The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders. Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast. SLOWING THE INTERNET Last year’s Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack. Crashing data centers can wreak havoc with other services based there, including phone systems and vital industrial facilities. The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events. Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million. Namecheap, which aims to offer cut-price hosting for websites, said it had already spread its data centers across five countries and three continents to better handle constant attacks but was still overwhelmed by the roughly 100 Gbps incident. Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast moving that automated systems can no longer tackle them. Prolexic itself runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centers. “It’s very hard to know what to do,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. “The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher.” Source: http://www.reuters.com/article/2014/03/05/us-cyber-ddos-idUSBREA240XZ20140305

Visit link:
DDoS cyber attacks get bigger, smarter, more damaging

Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman

The Meetup site is down after a hacker attempted to extort $300 from the site’s CEO Scott Heiferman. The social networking site was the victim of a DDoS attack that was allegedly paid for by one of Meetup’s competitors. The attack began on Thursday when CEO Scott Heiferman received an email that reads: Date: Thu, Feb 27, 2014 at 10:26 AM Subject: DDoS attack, warning A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer. As soon as Heiferman received the email, the attack began and overwhelmed Meetup’s servers. The site went down and stayed that way for nearly 24 hours. The success of the site being back up was short-lived as Meetup was hit again and again with numerous DDoS attacks over the course of the weekend. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman – photo from Twitter Stating his reasons for not paying the hacker behind the attack, Heiferman wrote on Meetup’s blog: We chose not to pay because: 1. We made a decision not to negotiate with criminals. 2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay.  We believe if we pay, the criminals would simply demand much more. 3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world. 4. We are confident we can protect Meetup from this aggressive attack, even if it will take time. As of right now, the site is still down as the Meetup team continues to secure its servers. When users attempt to log onto the site, they are met with the following error message: Over the past several days, Meetup has suffered a prolonged denial of service (DDoS) attack, resulting in intermittent service outages for our website and apps. We’re working urgently to bring Meetup back and restore full functionality. We appreciate your patience. Heiferman encourages all Meetup users to stay informed by receiving updates via Twitter, Facebook or the company’s blog. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman. Source: http://americanlivewire.com/2014-03-03-meetup-site-down/

Taken from:
Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman