Tag Archives: dos attacks

BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities

Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

Christmas is usually a very busy time for Valve because of the major sales that the company has a habit of running on the Steam digital distribution system, and this year the company had to deal with a set of problems linked to the service and with the way the user base perceived them as an attack that had the potential to affect their personal data. In a new official site article, the studio delivers more information about what happened on December 25, saying that between 11:50 and 13:20 Pacific Standard Time store page requests for around 34,000 users, containing personal information, were seen by others. Valve admits, “The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The company also delivers an apology to all those affected by the Christmas problem . Despite the fact that some sensitive information was shared with others, the company makes it clear that users have to take no further action because the Steam system does not allow for it. This means that even if there are plans to work with a third-party company and contact those affected once they have been identified, no action on their part is required to make sure that the accounts are safe. Valve also explains that the problem was created because of a DDoS attack that combined with increased Winter Sale traffic to affect the caching of pages and forced the company to take down the store and deal with the problem. The company makes it clear that such attacks have not managed to break its security and are routinely dealt with. Steam continues to dominate PC digital distribution Valve needs to maintain its services as secure as possible to keep it in the lead on the PC and to continue offering players a wide variety of video games and some spectacular price cuts on special occasions. The Winter Sale is running at the moment, with more than 10,000 video games offered at reduced prices each day and a set of special trading cards that gamers can earn and use to tweak their profile. In late 2015 Valve also introduced the Steam machines, created in collaboration with a wide variety of partners, and the special controller, which offers plenty of new options for PC gamers who want to stay away from their monitors or share a couch with friends. In 2016, the company is planning to also enter the virtual reality space with Vive, which is created in partnership with HTC and does not yet have an official launch date or an attached price. The device was expected to arrive before the end of 2015, but Valve decided to delay it because of a major tech-related breakthrough that’s supposed to improve the user experience once the headset is commercially available. Source: http://news.softpedia.com/news/valve-reveals-details-about-christmas-issues-personal-info-was-shown-ddos-attack-involved-498289.shtml

More:
Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

Rutgers University Suffers Sixth DDoS Attack This Year

Three cyber-security firms could not handle the attack Rutgers University’s IT department has managed to restore all services after a large-scale DDoS attack kept some of its systems down for four days between December 24 and December 28. This is not the first time Rutgers University has been hit with a DDoS attack, having already reported on a similar incident back at the end of September . Earlier this year, at the end of March and start of May, university staff also suffered four similar attacks, with the longest one lasting for five full days. Sixth time this year, nobody has claimed responsibility yet The first five attacks were claimed by a hacker that went by the name of Exfocus, who admitted in an interview that he was hired via an underground forum to carry out the DDoS bombardment, and later paid in Bitcoin. Unlike in the case of the first five attacks, Exfocus has not come forward to claim responsibility. The Rutgers IT staff said the attack targeted the sakai.rutgers.edu URL, the University’s Sakai portal. Sakai is an open source, self-hosted Java-based course learning environment used primarily by academic institutions. The DDoS attack did not affect student activities since students are away for Christmas break, which started on December 24 and will end on January 5. A $3 million investment in IT security systems did not help at all Last August, Rutgers management spent $3 million / €2.67 million on security measures to bolster their online platform. According to NJ.com, the University hired three cyber-security firms. The unplanned investment was motivated by the March and May attacks. Despite this, the University’s DDoS mitigation provider has failed to live up to its job, both in September and in this most recent four-day-long attack. In his interview, Exfocus said that he controlled a botnet of 85,000 machines, and was able to launch DDoS attacks of around 25 Gbps, which is considered to be of a medium scale. The proper law enforcement agencies have been notified of the attack. Softpedia has reached out to Exfocus on Twitter. We’ll update the article if we uncover any new information. Source: http://news.softpedia.com/news/rutgers-university-suffers-sixth-ddos-attack-this-year-498229.shtml

See more here:
Rutgers University Suffers Sixth DDoS Attack This Year

2016 will see the rise of DDoS-as-a-service

We’ve already seen a big increase in DDoS attacks in the past year and according to the latest predictions these are set to continue and become more sinister in nature as we move into 2016. Security specialist Corero foresees a rise in ‘Dark DDoS’ attacks used as various smokescreens to distract victims while other attacks infiltrate corporate networks to steal sensitive data. Dave Larson, COO at Corero Network Security, says, “The highly sophisticated, adaptive and powerful Dark DDoS attack will grow exponentially next year as criminals build on their previous successes of using DDoS attacks as a distraction technique. The Carphone Warehouse attack in August was interesting because it was one of the first publicly reported cases of Dark DDoS in the public domain. This is a new frontier for DDoS attacks and a growing threat for any Internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information”. It also predicts a rise in DDoS-as-a-service cyber crime business models, where it’s possible to pay to have victims hit for as little as $6.00 per month. This means less sophisticated cyber crime actors can readily become DDoS adversaries. During October 2015, 10 percent of Corero’s customer base was faced with extortion attempts, which threatened to take down or to continue an attack on their websites unless a ransom demand was paid. If the volume of DDoS attacks continues to grow at the current rate of 32 percent per quarter, according to Corero’s latest Trends and Analysis Report, the volume of Bitcoin ransom demands could triple to 30 percent by the same time next year. Corero also anticipates 2016 will see ISPs come under pressure to provide DDoS mitigation services to their customers. In a survey conducted this autumn, Corero revealed that three quarters of enterprise customers would like their ISP to provide additional security services to eliminate DDoS traffic from entering their networks. “The current status quo allows malicious traffic carrying DDoS threats to flow freely over most provider networks,” says Larson. “As a result, most customers end up paying their provider for bandwidth that delivers potentially dangerous Internet content. But the technology exists for ISPs to turn this problem into a business opportunity. By providing DDoS mitigation tools as a service, deployed at the Internet edge, they can defeat this problem before it enters their customers’ networks”. Source: http://betanews.com/2015/12/28/2016-will-see-the-rise-of-ddos-as-a-service/

Massive DDoS Attacks of Over 1 Million Queries Per Second Threaten Root Servers That Support The Global Internet

Today, we share a blog post from Looking Glass’ Director of Product Management, Patrick Lynch, as he discusses distributed denial of service (DDoS) attacks on DNS root servers. On Nov 30 and again on Dec. 1, massive DDoS attacks against several Internet based DNS root servers with volumes of over 1 million queries per second threatened the global Internet. There is speculation that the attack was initiated by ISIS (here). Not only is this a risk to the Internet as a whole, but also impacts the Internet Service Providers (ISPs) that are the unfortunate middle link in the attack and whom the majority of Internet access depends on. Although the target was the DNS root servers, the intermediate ISPs probably were more severely impacted by the sudden spike in the traffic load due to the relationship between DNS authoritative and recursive servers. Verisign provided additional information showing why the source IPs were spoofed, and the root servers’ users group also published some information. Arstechnica also has a description of the event. There are a number of actions that are available to an ISP that mitigate both the attacks on the DNS root servers, and on the ISP itself: Ingress filtering by source IP address – Routers can enforce BCP38 that only allows traffic to originate with source IP addresses that are valid for that ISP. This will also prevent source and destination addresses from being the same. If Ingress filtering is not practical, then having a DNS firewall will provide similar capabilities to ingress filtering as well as additional capabilities such as: Only allow queries from allowed IP ranges Rate limit queries by source IP or destination IP to prevent volumetric attacks Rules that prevent DNS responses (as opposed to queries) going to the root servers When an upstream DNS server is busy (as in a DDOS attack), automatically generate a server unavailable error and do not add to the DDOS attack Securing DNS is challenging given the nature of the protocol and the fact that the DNS ports must be left open to ensure continuous delivery of DNS services to Internet attached devices. Source: https://lgscout.com/massive-ddos-attacks-of-over-1-million-queries-per-second-threaten-root-servers-that-support-the-global-internet/

Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Turkey is suffering from a wave of cyber-attacks on financial and government websites which intensified over Christmas, resulting in the temporary disruption of credit card transactions. A video released this week and attributed to Anonymous vowed retribution for Ankara’s alleged ties with ISIS. The attacks on Turkish servers have been persistent in recent weeks, but on Christmas day Turkish banks suffered a website outage and reportedly saw sporadic disruption to credit card transactions. Isbank, Garanti and Ziraat Bank were among the targets, local media reported. “It is hard to determine where these attacks are coming from, with detailed work it will be understood whether these attacks are carried out by hackers or by certain groups” said the Minister of Communications Binali Yildrim. The DDoS attacks on Turkey’s “.tr” domain, Yildrim said were “serious” as they include domains of ministries, banks, and the military. The ministry asked Ankara’s Middle East Technical University (ODTU), which operates the “.tr” domain to step up security measures. ODTU’s analysis said that the attacks are coming from “organized sources” outside Turkey. Turkish Telecom, in a statement to Hurriyet daily, said that they are now on “24/7 defense” as they acknowledged facing “thousands of attacks.” Most Turkish institutions use Turk Telekom as their service provider. “The attacks are serious,” a spokesman for internet provider Turk Telekom, Onur Oz, told Reuters. “But the target is not Turk Telekom. Instead, banks and public institutions are under heavy attack.” The banking sector is one of the fastest growing areas of online services in Turkey and equates roughly to 1.5-2 billion transactions daily, according to Hurriyet. More than 85 percent of daily banking transactions in Turkey are carried out on digital platforms. “These attacks began two weeks ago but have intensified over the past two days,” said Burak Atakani, a network specialist from Istanbul Technical University. Some Turkish media outlets have speculated that the cyber-attacks might have been launched by Russia in retaliation to the downing of a Russian bomber by a Turkish fighter jet late in November over Syrian airspace. Meanwhile in a video, released this week allegedly by hacktivist collective Anonymous, hackers promised to take on the Turkish government over its alleged shady deals with Islamic State (IS, formerly ISIS/ISIL) terrorist organization. Anonymous especially threatened to bombard the banking sector. “Turkey is supporting Daesh [the Arabic name for IS] by buying oil from them, and hospitalizing their fighters. We won’t accept that [Recep Tayyip] Erdogan, the leader of Turkey, will help [IS] any longer,” says a video message from the group. “We will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.” Special Cyber government security units within the Information and Communication Technologies Authority (ICTA) and the Telecommunications Directorate (TIB) have been deployed to stop the attacks. “Turkey is not in a position to be powerless in the face of these attacks,” said Customs and Trade Minister, Bulent Tufenkci. “I think that we’ll have necessary response.” Source: https://www.rt.com/news/327119-turkey-banks-cyber-attacks/

Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC.tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group. In a video uploaded by Anonymous, the hacktivists said that their attack on Turkish servers was part of their ongoing operation #OpISIS. According to the video message, “We won’t accept that Erdogan, the leader of Turkey, will help ISIS any longer. The news media has already stated that Turkey’s Internet has been the victim of massive DDOS attacks . This lead Turkey to shut down it’s internet borders and deny anybody outside the country to access Turkish websites.” The hacktivists also warned the government that if Turkey didn’t stop aiding Daesh or ISIS the attacks will continue and target airports, banks, government and military servers. “If you don’t stop supporting ISIS, we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous. The cyber attack on Turkish root DNS servers took place last week which forced 40,000 .tr domains to go offline. Though the targeted domains were back online they same day however the accesses to those sites was kept limited. The state of Turkey has been accused of aiding and buying oil from the Daesh terrorist group. Some also accuse Turkey of being a safe passage for the groups recruitment in Syria. Source: https://www.hackread.com/anonymous-40-gbps-ddos-attack-on-turkish-servers/

More:
Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next

A DDoS attack initiated by grey-hat hacker group Phantom Squad may have taken Microsoft’s Xbox Live online network offline for at least 3 hours today. If the hacker group’s threats are to believed, Sony’s PlayStation Network (PSN) may be next. Gamers, look away. This is going to make for painful reading. For the second time in two years, a hacker group may be disrupting two of the most popular gaming networks in the console gaming world, Xbox Live and the PlayStation Network. Hacked reported on the DDoS threats made by Phantom Squad a few days ago, after a series of tweets posted by the hacker group that also took credit for knocking Reddit offline recently. In a case of history repeating itself, the group is doing what infamous hacking group Lizard Squad did last year in December, disrupting gamers’ plans of going online with their consoles by taking down Xbox Live and PSN for several days last year. While the new group Phantom Squad threatened to take down the gaming networks during Christmas, Xbox Live suffered an outage in certain parts around the world for a few years today. To nobody’s surprise, Phantom Squad took credit for the outage. An update posted today on Xbox’s status website read: Hey Xbox members, are you having trouble purchasing or managing your subscriptions for Xbox Live? Are you also having an issue with signing into Xbox Live? We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We’ll post another update when more information becomes available. The message made no reference to any disruptions or DDoS attacks targeting the network although Microsoft nor Sony seldom acknowledge such attacks, even if they were bearing the brunt of such attacks. For now, Xbox Live Status shows all services are up and running and it is likely that Microsoft has found an IP range or two to block the DDoS requests flooding the servers, a common defense strategy against such attacks. Meanwhile, Phantom Squad has claimed that it will DDoS both gaming networks this Christmas Day. So we are going to DDoS Xbox&PSN on Christmas Day We Dont Joke We Are Always Watching Christmas Day PSN&Xbox This Is Not A Bluff #Phantom — PhantomSquad (@PhantomLair) December 18, 2015 The hacking group claims that the disruptions are to bring attention to the lack of cybersecurity in the gaming networks but gamers will argue the group is doing it simply to annoy a large population of console gamers looking to wind down and play games during the holidays. Hacked has previously reported on several disruptive malicious hackers, including those from Lizard Squad who have been arrested not long after their antics from Christmas last year. One of the suspects was arrested in the UK in January this year while another was apprehended as a part of a wider operation in March 2015. Hacked will keep you updated on this story as it unfolds in the week leading to Christmas. Source: https://hacked.com/xbox-live-suffers-ddos-disruption-playstation-network-may-next/

Read this article:
Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next

Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas

Hacker group Phantom Squad plans to shut down Xbox Live and PlayStation Network on Christmas. Forget the Grinch, there’s someone else who wants to steal Christmas. Phantom Squad, an online hacker group, has threatened to shut down Xbox Live and the PlayStation Network this Christmas by unleashing a series of DDoS (distributed denial of service) attacks — coordinated barrages of falsified incoming server traffic that causes the system to crash. DATA BREACHES AND CYBERATTACKS IN 2015 “We are going to shut down Xbox Live and PSN this year on Christmas,” the hackers tweeted. “And we are going to keep them down for one week straight. #DramaAlert.” We are going to shut down Xbox live and PSN this year on christmas. And we are going to keep them down for one week straight #DramaAlert — Phantom Squad (@PhantomSqaud) December 9, 2015 This could cause a big problem, because a lot of people are expecting to receive new gaming consoles on Dec. 25. If Phantom Squad is successful, this would be the second year in a row that these gaming networks go offline. Last year, the infamous hacker group Lizard Squad took credit for shutting down Xbox Live and PSN for two days. The group demanded more retweets and Twitter followers in exchange for restoring the servers. Phantom Squad, which said it has no relation to Lizard Squad, claims they’ve previously performed smaller outages on the gaming community servers, as well as other website such as Reddit. The group also explained in a tweet why it is that they perform these attacks. “I get asked a lot on why we do this? Why do we take down PSN and Xbox Live?” the tweet reads. “Because cyber security does not exist.” Sony and Microsoft have both received a series of attacks over the past year, but it’s still unknown what tactics they’ve developed to try and avoid these issues. Kim Dotcom, the infamous Internet entrepreneur behind Megeupload, has warned Sony and Microsoft that the attack could be avoided if they update their servers. “Warning @Sony & @Microsoft. You had 1 year to upgrade your networks. If Lizard Squad takes down PSN & XBOX this Xmas, we’ll be pissed! RT!,” Dotcom tweeted. Dotcom, who is also a gamer, helped stop last year’s attack by promising the hackers 3,000 accounts on his encrypted upload service Mega. While Sony and Microsoft work on strengthening their servers, people who bought a console as a gift this Christmas can unbox it, plug it in, and download all the updates as soon as they buy it. This process will let them at least play games offline on Christmas. Otherwise, if the hackers release a DDoS attack, the console will be useless without being powered on and updated. Source: http://www.nydailynews.com/news/national/hackers-plan-ddos-attack-psn-xbox-live-christmas-article-1.2467876

Link:
Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas

Boston internet service disrupted briefly by DDoS attack

Internet service in Boston was disrupted on Tuesday in what is being called a “minor act of cybervandalism,” according to the Boston Herald . The outage, affecting city agencies and the police and fire departments, was “short, but widespread,” said Mayor Martin J. Walsh. A distributed denial of service (DDoS) attack that caused computers worldwide to redirect network traffic to City Hall computers is cited as the method by which web connections were shuttered. While Jascha Franklin-Hodge, the city’s CIO, dismissed the attack as “a minor act of cybervandalism,” the incident is another example of an attack method becoming increasingly common and illustrates the vulnerabilities enterprises face on a daily basis. Experts explained that as the attack harvests no data, it might have been retribution or an attacker’s attempt to gain notoriety. Franklin-Hodge said his team was able to restore service within 20 minutes. Source: http://www.scmagazine.com/boston-officials-call-ddos-attack-on-internet-service-a-minor-act/article/460203/

Excerpt from:
Boston internet service disrupted briefly by DDoS attack