Tag Archives: dos attacks

Netherlands public broadcaster hit in worst-ever DDoS attack

The Netherlands public broadcaster NPO was hit by the largest DDoS attack ever, leaving the NOS site and app unreachable for some time on Sunday night. Other national and regional broadcasters’ sites were still online, but difficult to reach. During a DDoS attack a computer system is bombarded with an extreme number of visits. “We are used to large groups of users with big news, but this number surpassed everything. And all at the same time”, NPO said, according to NOS. The public broadcaster is considering which measures to implement, on top of the measures already in place, to prevent similar disturbances in future. The perpetrators behind the attack have not yet been identified. Source: http://www.nltimes.nl/2015/11/30/netherlands-public-broadcaster-hit-in-worst-ever-ddos-attack/

It’s Black Friday: Do you know who is DDoSing your servers? And how to stop them

Today is Black Friday in the U.S. a retail holiday where numerous, extravagant deals are revealed to a ravenous public. In the brick and mortar universe, this can become a free-for-all when shoppers will camp out for days in front of a store just to get in on the first deals. In the cyber universe the same greatly increase traffic can be seen and this also makes it hunting season for hackers and extortionists attempting to get a cut. On the Internet, the easiest and lowest form of disruption is the distributed denial of service (DDoS) attack and we’ve seen it employed throughout the year by for various reasons to take down websites. To get a better understanding of what e-retailers can expect now on Black Friday and the upcoming Cyber Monday, SiliconANGLE reached out to Nexusguard (Nexusguard Limited), DDoS protection experts, and spoke with their Chief Scientist Terrence Gareau. “Risk from cyberattack is a trend repeating every year,” says Gareau. “No doubt retailers all experience an uptick in attacks [during Black Friday]. Attackers are definitely taking advantage of the uptick and e-tailers need to put in more resources to boost their websites’ security.” This year DDoS attacks hit record highs, according to the State of the Internet report from Akamai for Q2 2015. The number of attacks grew by 132 percent compared to the same time in 2014 and 12 attacks occurred that exceeded 1,000 gigabits per second (Gbps). Nexusguard’s own overwatch on DDoS showed that during 2015 Q3 attack numbers rose by 53 percent over Q2, higher than any quarter over the past two years. E-commerce at more risk than ever from DDoS attacks Most DDoS attacks that make it to the news are being done my Internet mayhem groups looking for fame and attention. The most recent example is the attack committed by Lizard Squad on Christmas Day, December 26, 2014 against the Xbox LIVE and PlayStation networks that knocked the gaming services offline for millions of customers However, Gareau says that not all DDoS attacks come from people seeking attention—some are seeded with greed and extortion. Especially when it comes to the lesser-known attacks that services and e-retailers suffer around this time of year. When asked if competitors might use DDoS to knock out or weaken sales from other e-retailers, Nexusguard’s chief scientist would only say that it does appear that competitors do attack each other this time of year. That said, more danger appears to be coming from extortion rackets this time of year than from greedy competitors. The usual strategy is to hit an outlet with a DDoS attack (a short one) and then send an e-mail requesting some sort of ransom payment or the attack comes back. A few more blasts might come along to get the target’s attention. “Hackers are aware that the holidays are a prime time for online retailers. Therefore, they would do anything to break through any defenses,” says Gareau. This time of year criminals know that stores and e-retailers are looking to make as much money as possible off traffic. As well, increased traffic makes servers even more vulnerable to DDoS because it means they’re already working at capacity. Attackers see this as low-hanging fruit because first it’s easier and second an e-retailer will lose a great deal of money for even ten minutes of time offline during the sales rush. “One of the most sophisticated attacks focused on the login prompt,” Gareau adds, when asked for an example of how hackers attempt to knock sites offline. “In fact, on Thanksgiving and Christmas last year, we saw a hacker craft specific requests to the login form, preventing visitors from logging on.” Cold advice about DDoS extortion: “…don’t f**ing pay ‘em.” “We expect to see an increase in fraud and extortion, directly linked to DDoS as seen over the last few years,” Gareau says. When it comes to handling the potential of (or ongoing) DDoS attacks, Gareau suggests getting a proper team on board, he works for such a team at Nexusguard after all, but he also has an opinion on extortion and it’s a very simple one: “…And don’t f**ing pay ‘em,” he adds. This year has a perfect example of why paying DDoS extortion is a losing bet. In early November Switzerland-based ProtonMail, a provider of end-to-end encrypted e-mail, was struck by a powerful DDoS attack and the attackers demanded a ransom of $6,000 to relent. (The amount requested was 15 bitcoins, which at the time came out to approximately $5,850.) ProtonMail paid the ransom but then paid the price: the ProtonMail website and service were washed away by a DDoS attack anyway. Paying extortion to make a DDoS attacker go away does not necessarily make them go away. Just like any other criminal enterprise, knowing that a payment will come is a good way to make sure they will come back. Worse, it will fund the criminals to build out or increase their total power, which means they can go after other targets more frequently. In many cases that ransom requested by the criminals behind the DDoS could be paid to an anti-DDoS outfit and used to lessen the impact of the attack. The result is that the criminals get nothing but time wasted firing off their attack tools. Source: http://siliconangle.com/blog/2015/11/27/its-black-friday-do-you-know-who-is-ddosing-your-servers-and-how-to-stop-them/

Finance, telco and IT sectors were top targets for DDoS attacks in 2015

A new study conducted by Kasperky Labs and B2B International, has revealed that around one in four IT, telecommunication, and financial services companies have experienced a distributed denial of service (DDoS) attack over the last year. Almost half of the financial businesses understand that they are a prime target for these attacks while IT and telecommunication companies do not believe they are as at risk. This is dangerous because it could leave them more vulnerable to potential attacks. DDoS attacks have grown in popularity amongst cyber criminals and have been used to extort money, disrupt a site’s operation, and serve as a distraction whilst another cyber attack is occurring. 75 per cent of businesses that were victims of DDoS attacks said that the timing of attacks corresponded with other security incidents. Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab said: “As the recent DDoS attacks on telecoms companies and banks reveal, businesses in these sectors represent prime targets for DDoS attackers. In some cases, DDoS attacks are a smokescreen for the cyber-theft or result in exorbitant ransom demands. That is why vulnerable sectors need to be extra-vigilant about security and be ready to deal with DDoS attacks. They need to build their understanding of the threat and choose the best protection against it. The days of DDoS attacks being an operational frustration that just resulted in some downtime are long over.” However the study showed that many companies are unaware of the threat of DDoS attacks and are unclear about how to stop them or contain them. Only 52 per cent of the companies surveyed felt that they had the necessary information regarding the intricacies of these attacks. This could be troublesome as DDoS attacks have become a popular tool among cyber criminals due to their difficulty to trace and ease to implement. Kaspersky Labs does offer DDoS protection to its customers and is able to reroute traffic allowing junk requests to be filtered out while legitimate traffic is forwarded to the site. This allows users to continue using the site or service safely even while an attack is taking place. Source: http://www.itproportal.com/2015/11/26/finance-telco-it-sectors-top-targets-for-ddos-attacks-2015/

View the original here:
Finance, telco and IT sectors were top targets for DDoS attacks in 2015

Anonymous vs ISIS, Australian attorney general, NTP and DDoS exploits

Anonymous vs ISIS Naturally, even cybersecurity news in this past week has centred around ISIS in the wake of the Paris attacks. The main headline has come from Anonymous, who have again but more formally waged ‘war’ on ISIS themselves. So far their efforts seem to have focused on communication; deleting thousands of Twitter accounts they believe are associated with the terrorist group. One notable aspect of how ISIS recruit supporters is through social media such as Twitter and Facebook, with an estimated 46,000 affiliated Twitter accounts. The move by Anonymous was announced immediately after ISIS dubbed the group ‘idiots’ and began circulating some useless cybersecurity advice to its followers via messaging app Telegram. Anonymous’s efforts, dubbed #OpParis are likely to irritate the group and possibly damage their recruitment opportunities. Australian attorney general warns terrorism means privacy will suffer Australian Attorney General George Brandis has said that Australians should expect ‘greater impediments to personal privacy’ in the wake of the Paris attacks. Measures have already become more strict under his tenure, with legislation passed to collect call records, IP addresses, location and billing information but it remains to be seen what further changes might be made. He also said during the interview by Nine Network that the situation with ISIS was tantamount to war. UK warns terrorists are targeting hospitals, power stations and air traffic control In an address at GCHQ (Government Communication Headquarters, a branch of British intelligence), chancellor George Osborne warned that terrorists will also be making efforts to target national infrastructure in order to carry out attacks. He also said that the government intend to double cybersecurity spending over the next five years. While we know such attacks are possible, we are yet to see terrorist groups like ISIS leverage this type of capability. NTP being made more secure to avoid DDoS exploits A new beta version of the Network Time Protocol (NTPsec) has been released, in efforts to avoid exploitation in DDoS attacks. Currently only available for open source use and feedback, the protocols codebase has been greatly streamlined; reduced from 30,000 lines of code to just 884. One of the project’s lead developers Eric S Raymond said: ‘The most important change you can’t see is that the code has been very seriously security-hardened, not only by plugging all publicly disclosed holes but by internal preventive measures to close off entire classes of vulnerabilities.’ Hackers offer 200,000 Comcast user passwords for sale Hackers have offered 200,000 Comcast user passwords for sale on the dark web, leading to a mass password reset from the company. What’s interesting in this case is that this was not a breach, but the result of users being duped into revealing their passwords themselves. Fortunately, Comcast’s own security officer discovered the passwords up for sale and initiated the mass reset before any accounts were known to be exploited. A reminder to be more careful with our password management! Vodafone reveal breach as further arrests made in TalkTalk case In the wake of the large TalkTalk breach and as a third man was arrested in the case, Vodafone announced their own breach. Affecting just 1827 users, who have all since been informed, Vodafone have not revealed how the attack was carried out. The number of customers affected by the TalkTalk breach has now been revised; originally given as 4 million, the number is now down to 1.2 million. In addition to usernames, emails and passwords 21,000 of these included bank account details and 28,000 credit card details. Source: https://www.acunetix.com/blog/articles/in-the-headlines-anonymous-vs-isis-australian-attorney-general-ntp-and-ddos-exploits/

Follow this link:
Anonymous vs ISIS, Australian attorney general, NTP and DDoS exploits

To the IT Security Rescue: DARPA and the Extreme DDoS Defence Program

IT security is a big deal – especially today with concerns that the government may be compromising some private networks. We know that the agency has compromised Google and Yahoo! in the past. Today, the Defence Advanced Research Projects Agency (DARPA) is working to fight against certain kinds of security breaches. On the surface of it, it seems contradictory, since DARPA is a branch of the U.S. Department of Defence. But, here’s a deeper look into the agency, and what they’re doing and why. DDoS Attacks and Why They’re Important A DDoS attack is a special type of DOS attack, commonly called a “Distributed Denial of Service” attack. It’s an attempt to bring down a network using multiple compromised systems, which are usually infected with malware or a virus – usually a trojan. The point of a denial of service attack is to make so many requests from the server that it can’t keep up, and crashes – taking the site or network offline. A distributed attack means that multiple computers are making requests for information or data from the server. And, because they are spread out, it’s very difficult to stop. It’s difficult to distinguish between legitimate users and attackers because, often, innocent computers are hijacked in the attack and made to look like legitimate users. Security companies that specialize in this type of threat know how to deal with them. And, you can visit this website if you want to know more about how detection and analysis works from inside the industry – including the concept of “white hat hacking” or “penetration testing.” Option One: Self-Defence Tactics One option commonly employed by companies and organizations in the past was a homebrew self-defence strategy. This is the simplest way to defend against an attack, but it’s also a method that’s a bit outdated. Usually, a coder or in-house IT employee would write some Python script that would filter out bad traffic. Sometimes, enterprises would use existing firewalls to block malicious traffic. In the early 2000s, this was a simple affair. Today, attacks are fairly complex and, while it’s simple to write a script, it doesn’t work nearly as well as it used to. A firewall will quickly be overloaded under the mildest of today’s DDoS attacks. Option Two: Specialized Equipment Defence Another option is to use specialized equipment to defend your company or organization. It’s a similar approach to the DIY method in that an enterprise is doing all of the work to stop an attack. However, instead of relying on scripts and firewalls, the business buys and deploys dedicated DDoS mitigation hardware. The hardware sits in a company’s data centre in front of the standard servers and routers. It’s made specifically to detect and filter malicious traffic. Companies that use this approach face multiple challenges. First, the hardware is costly. And, if the company isn’t under attack, the devices are just sitting there, collecting dust. They can also be expensive to operate. You need skilled network and security people to run them. They have to be constantly updated by your operations and IT team if you want protection against the latest threats. DDoS tactics change on a daily basis. And, finally, the Achilles heel of the hardware is that they can’t handle volumetric attacks. All an attacker has to do is figure out your maximum bandwidth and exceed it. Option Three: ISP Defence Most companies outsource their DDoS mitigation. Some enterprises use their ISP to provide the service. An ISP can have more bandwidth than a single company would, which helps with large attacks. But, there are still problems with this approach. The most obvious is that ISPs aren’t in the business of threat detection and mitigation. They sell bandwidth. So, their systems might not actually be very good at detecting and defending against a well-orchestrated (or even not-so-well orchestrated) attack. Option Four: Cloud Mitigation Provider This option essentially outsources the problem to a company that specializes in cloud services. Cloud mitigation providers are experts when it comes to providing DDoS mitigation from the cloud. In other words, these companies have built out massive network resources. They have more bandwidth capabilities than your average hosting provider or cloud storage vendor, and they can mitigate the threat of an attack at multiple sites around the Internet. Basically, they redistribute the bad traffic that comes in to lessen its effects. In many cases, there is no effect. They can scrub traffic for you, and send only the “clean” traffic to your data centre. One major reason you’d want to hire these people is for their expertise. They usually have network and security engineers and researchers on staff that are monitoring the latest threats and tactics hackers use so that customers are well-protected. They also have bandwidth – lots of it. They provide more bandwidth than an enterprise could ever hope to provision on its own. This is effective in stopping even the largest of attacks. They have multiple types of DDoS mitigation hardware. Since DDoS attacks are very complex, there’s an inherent need for multiple layers of filtering to keep up with the latest threats. Cloud providers use multiple technologies, including their own proprietary technology to defend against attacks. Source: http://www.theglobaldispatch.com/to-the-it-security-rescue-darpa-and-the-extreme-ddos-defence-program-68380/

More here:
To the IT Security Rescue: DARPA and the Extreme DDoS Defence Program

15-Year-Old Brit Charged with DDoS Attacks, Bomb Threats

British police have arrested and charged a 15-year-old teenager from Plympton, Plymouth. The boy was taken into custody at his parents’ house on Monday, November 16. According to police reports, the teen hacker launched several DDoS attacks from his home against companies and servers in Africa, Asia, Europe, and North America. Additionally, the hacker also made several bomb threats against North American airlines. He used social media to deliver his warnings. Because he’s a minor, the Devon & Cornwall Police did not reveal his name, but the youngster was freed on bail by his parents and will face a judge before Plymouth Youth Court on Friday, December 18. Official charges have been brought against the teenager under the Section 51 of the Criminal Law Act (two offenses for the bomb threats) and Section 3 of the Computer Misuse Act (three offenses for the DDoS attacks). Previously, UK police had arrested several teens in connection with the high-profile TalkTalk data breach . This is an unrelated case but still raises questions about the UK youth’s predilection to cyber-crime. With so many hacking tools available online, many teens find it extremely easy to launch large-scale attacks on “anyone who annoys them.” Things may have been made worse yesterday, when, in an attempt to increase attacks on ISIS members, the Anonymous hacktivism group published a noob’s guide to hacking . Source: http://news.softpedia.com/news/15-year-old-brit-charged-for-ddos-attacks-bomb-threats-496420.shtml

More:
15-Year-Old Brit Charged with DDoS Attacks, Bomb Threats

UK Broadband Provider AAISP Suffers Strong DDoS Assault

Internet provider Andrews and Arnold (AAISP) appears to have become the target for a semi-sporadic Distributed Denial of Service (DDoS) assault, which began hitting their network yesterday and has caused some of their customers to lose connection. Generally speaking DDoS attacks work by overloading a target server (e.g. a website or other network service) with masses of data requests from multiple internet connected computers / devices; usually Trojan/Virus infected computers that then become part of a botnet , which can be controlled by a single individual that usually hides their connection behind other servers. At this point it’s crucial to reflect that DDoS attacks happen to ISPs all the time (we read about them on an almost weekly basis), they’re practically par-for-the-course, but most can be mitigated and few are ever significant enough to knock lots of end-users offline. In nearly all cases these incidents aren’t actually an attack against the ISP, but rather somebody targeting a specific customer on the ISPs network. As such this should NOT be confused with the recent TalkTalk incident, which also involved a separate hacking attempt and was aimed at the ISPs web server. By comparison the assault against AAISP appears to have targeted part of their network and NOT their website, which is usually what happens when somebody is looking to knock a specific subscriber offline. The nature of this assault, which seems both powerful and aimed at several areas of their network, meant that AAISP’s “ usual anti-DOS systems have not helped “, although they were later able to “ mitigated most of the problems. ” Unfortunately the assault began again this morning and moved to a new target block, which has kept AAISP’s staff on their toes. Adrian Kennard, Director of AAISP, told ISPreview.co.uk: “ Staff have been working on this to reduce the impact on all customers as much as possible, and are continuing to do so today. There are still a handful customers that are collateral damage from the attack and we are working on getting those customers on line right now .” Apparently “ many ” of AAISPs customers have been affected by the DDoS, although only a handful were actually left without Internet connectivity and the provider is now attempting to identify which customers were being targeted by the assault (in practice they may not get to the bottom of this, just as most other ISPs rarely do). In the meantime some of provider’s customers are having their WAN IP address changed to get them on-line, including a few that own blocks of IPs (this can sometimes be a bit more tricky for the customer). One of those is Basingstoke based fixed wireless broadband ISP HiWiFi, which has been tweeting about the incident since last night. It’s worth pointing out that the Computer Misuse Act effectively makes DDoS illegal, although finding the perpetrators is rather more difficult, not least because such attacks are usually short-lived (the longer they go on the greater the chance of being traced and caught). Source: http://www.ispreview.co.uk/index.php/2015/11/uk-broadband-provider-aaisp-suffers-strong-ddos-assault.html

Continued here:
UK Broadband Provider AAISP Suffers Strong DDoS Assault

UK pummelled with DDoS after ISIS cyber attack warning

Earlier this week, the UK government warned ISIS militants were developing the capability to launch cyber attacks against Britain’s infrastructure. Today, we are witnessing a huge amount of DDoS (Distributed Denial of Service) attacks on the United Kingdom. As of writing, a look at the Digital Attack Map shows an unprecedented amount of attack traffic aiming towards the UK. Most of the DDoS attacks use “fragmentation” which sends a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance. The cyber attacks come after a week of physical attacks towards the international community, and subsequent retaliation in the form of bombing campaigns against key IS targets in Syria and hundreds of raids on various safe houses being used to harbor the militants in France and Belgium. It’s unclear what the attack traffic is targeting, and whether it’s originating from IS sympathasisers, but online activist group Anonymous has been under attack for declaring war on the militants with the launch of their #OpParis campaign for anyone to disrupt social network accounts used for propaganda and recruitment by the group. An IRC used by Anonymous has temporarily had to shut-off external connections from third-party clients. #OpParis is not “hacking” in the traditional sense, as the group is often known for, in fact its rules prohibit carrying out certain attacks such as DDoS and instead focuses on using software to collect the social network accounts used by ISIS. Volunteers then use the services’ built-in tools for abuse reporting. So far, #OpParis has reportedly taken down 5,500 Twitter accounts – despite not all being confirmed as being ISIS-affiliated. ISIS has used the web for international recruitment, and for encrypted communications. The actions of Anonymous has worried the group as it’s disruptive to spreading their poisonous ideology to potential new recruits, but it has also pushed the militants into using safer messaging tools and issuing advice to followers over which services to use. The potential of using these encrypted services, like Telegram, for organising attacks out the view of intelligence agencies is concerning governments. David Cameron, Prime Minister of the United Kingdom, has expressed his government’s interest in “banning” encrypted messaging tools which agencies struggle to intercept. Cameron’s plan has been criticised not just for its privacy implications, but also for how it would be impossible to ban such tools in practice as most of the chosen tools are “open source” and can be distributed by anyone. In response to cyber attack threats, the UK government has pledged £2 billion towards creating a “National Cyber Centre” based at GCHQ (Government Communications Headquarters) Chancellor George Osborne said ISIS was trying to develop the capability to attack British infrastructure such as hospitals, power networks and air traffic control systems for lethal consequences. In a speech at GCHQ, he said “they have not been able to use it to kill people yet by attacking our infrastructure through cyber attack, but we know they want it and are doing their best to build it.” “We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace. When we talk about tackling (ISIS), that means tackling their cyber threat as well as their guns, bombs and knives,” he continued. It’s unclear if the cyber attacks towards the UK today are ISIS-related, but it goes to show the need for a facility dedicated towards facing cyber threats. Back in September, we reported about the creation of the Global Cyber Alliance. The alliance is headquartered in New York and London, but it’s unclear if this new investment will be an expansion of that scheme or an independent facility. Will Pelgrin, former CEO and President of the Center for Internet Security, said: “Cyber crimes have become a worldwide epidemic with estimates of a half billion global cyber victims annually. We must treat cyber security threats and crimes as we would any widespread infectious disease – immediately, urgently and collectively. Cyber risks have reached catastrophic proportions and, therefore, require an unparalleled, public/private and transnational response.” Source: http://www.telecomstechnews.com/news/2015/nov/18/uk-pummelled-ddos-after-isis-cyber-attack-warning/

Link:
UK pummelled with DDoS after ISIS cyber attack warning

Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Anti-ISIS hackers claimed to have detected indicators of an impending attack on Paris as well bitcoin funding, a wallet with over $3 million, used by ISIS militants. During Dateline coverage after the terrorist attacks on Paris, Lestor Holt asked, “Does this change the game in terms of intelligence?” Andrea Mitchell replied, “It does,” before discussing how intelligence missed any type of communication regarding the coordinated attacks. She added, “There’s such good surveillance on cell phones and there’s such good communications ability by the intelligence gathering in Europe, especially in France, especially in Great Britain and in the United States. So they may have been communicating via social media or through codes. And that’s the kind of thing that is very concerning to U.S. intelligence.” After the Charlie Hebdo massacre, France passed an “intrusive” surveillance bill, granting the government the power “to wiretap communications, install secret surveillance cameras and sweep up metadata.” That didn’t stop the horrific attacks on Paris, aka “Paris’ 9/11,” and more ubiquitous and invasive surveillance is not the answer. Matthew Williams, a researcher of computational criminology at Cardiff University in Wales, told Mic that “picking out singular acts of crime or terror from an indiscriminate pile of civilian noise is all but impossible.” Ghost Security Group detected indicators of attack on Paris Even with all the surveillance, intelligence groups again missed indicators of a credible terrorist attack. Yet in an interview with NewsBTC, a member of the hacktivist group “Ghost Security Group” claims it “did detect several indicators of an attack impending and are currently in the process of collecting valuable evidence for United States government officials.” ISIS and bitcoin funding DW (Deutsche Welle) previously reported that the Islamic State is experimenting with currency, specifically gold and bitcoin. One bitcoin wallet received around $23 million in a month; anti-ISIS hackers from GhostSec followed a chain of transactions to another wallet with over $3 million in bitcoins. Ghost Security Group confirmed to NewsBTC that ISIS is “extensively using bitcoin for funding their operations” and that the group has “managed to uncover several bitcoin addresses used by them.” Furthermore, bitcoin is “their prime form of cryptocurrency.” No evidence was given, such as the bitcoin wallet address, as the hackers “cannot go into more detail at the moment on current investigations.” GhostSec Background GhostSec (Ghost Security), a hacktivist group which is an offshoot of Anonymous, has been attacking thousands of ISIS social media accounts and public websites since early this year. The group is not alone; in February, Anonymous and the Redcult Team called ISIS a virus that it planned to cure during Operation ISIS (#OpISIS). A GhostSec spokesperson claimed that ISIS, ironically, has been using Google and Amazon Web Service to avoid U.S. and international intelligence agencies and to shield itself and its websites from being hacked by Ghost Security Group; the latter has been credited with stopping terrorist attacks. DigitaShadow, executive director of the Ghost Security Group, told IBTimes UK, that the group discovered terrorist threats against Tunisia in July, and also uncovered evidence that foiled a terrorist attack in New York on July 4. The hacktivist group has also been credited with discovering and reporting other credible extremist threats. GhostSec keeps a running tally of Twitter IDs reported, server IPs reported to host extremist content, Facebook, Tumblr, YouTube and other common sites as well as “uncommon sites” that have been reported as being dedicated to extremist causes and “could/should be targeted and brought down.” It also has a way to submit potential terrorism-related content and other tools. The hacking group has targeted and bypassed CloudFlare “to determine the actual website that they need to attack to takedown the actual website.” Ghost Security Group Ghost Security reportedly formed earlier this year after the terrorist attacks against Charlie Hebdo offices in Paris. Earlier this month, Ghost Security Group split (pdf) from “Ghost Security.” Ghost Security Group is a counter terrorism network that combats extremism on the digital front lines of today utilizing the internet and social media as a weapon. Our cyber operations consist of collecting actionable threat data, advanced analytics, offensive strategies, surveillance and providing situational awareness through relentless cyber terrain vigilance. The newly formed Ghost Security Group (GSG) said (pdf) it “needed to address some misapprehensions concerning our group. Much of that stemmed from our uses of menacing graphics which resemble logos used by illicit cyber networks. Perceptions matter and all of that was undermining our abilities to cultivate relationships with officials who now recognize our capabilities to add value to counter terrorism initiatives.” The new group has a new website that has a more corporate-like appearance, while Ghost Security uses the older .org website. Ghost Security Group added (pdf): The group’s new trademarked look discards the hoodies and Guy Fawkes masks so often associated with publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites in favor of pristine, white graphics devoid of any reference to illegal activities. Part of the transition has included discarding their old brand and website, www.GhostSec.org , which are now used by former group members who have a different philosophy and approach to combating ISIS online. Ghost Security Group has 12 core members, some of whom work “16 hours a day … and 7 days a week nonstop” to identify surface-level and hidden Deep Web sites that are suspected to be related to the Islamic State; the group receives tips from volunteers and part-time helpers. Foreign Policy reported the group receives 500 tips every day. Data-mining, identity stitching, email monitoring, predictive analysis, social media surveillance, terrorism financing and social engineering are but some of the things listed among GSG’s counter surveillance capabilities. Some members of the small group of terrorist hunters have “ex-military or cybersecurity backgrounds.” GSG said it “monitors over 200 known violent extremist websites for actionable threat data and analysis;” it has “identified and terminated over 100,000 extremist social media accounts that were used primarily for recruitment purposes and transmission of threats against life and property.” It is GSG that claims to have detected indicators of the attack on France. Can you believe that? Michael Smith, co-founder of Kronos Advisory and an advisor to U.S. Congress, forwards about 90% of GhostSec’s leads to the FBI. Even retired Gen. David Petraeus, formerly head of the CIA, told Foreign Policy, “[Smith] has shared with me some of the open source data he has provided to various U.S. agency officials, and I can see how that data would be of considerable value to those engaged in counter-terrorism initiatives.” Regarding ISIS and bitcoin funding, one unnamed GSG hacker said, “Most of the Bitcoin funding sites utilized by the Islamic State are on the deep web and we have managed to uncover several and successfully shut them down in order to limit the funding extremists receive through the use of cryptocurrencies.” The feds claim encryption is a terrorist’s tool, so hopefully the horrible attacks on Paris won’t add fuel to their encryption-is-evil claims. In the same way that all encryption is not bad, bitcoin is not used exclusively by terrorists; hopefully the ISIS-bitcoin-funding issue won’t take a twist and lead to the bashing of cryptocurrencies or a push for more surveillance laws. If you like the idea of cyber vigilantes going after ISIS instead of the government, and if you want to help stop ISIS and other extremist groups, GSG said to report “suspicious activities.” Tips go through a “rigorous review process before a website is cleared for termination.” Every potential “target is reviewed by five members – often including a native Arabic speaker – and ranked by level of threat.” When “asked if their destruction of Islamic State websites sets a bad precedent for freedom of speech online,” GSG’s @DigitaShadow answered: “No. Free speech isn’t murder.” Source: http://www.networkworld.com/article/3005308/security/hacktivists-claim-isis-terrorists-linked-to-paris-attacks-had-bitcoin-funding.html

Continue Reading:
Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Security blogger Graham Cluley’s website suffers DDoS attack

A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes. There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous. Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year. And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money. Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins. One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed. And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley. We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.” Unfortunately, it doesn’t take much skill to launch this kind of attack. Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests. DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is. In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers: No-one should ever pay internet extortionists. For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting. But if we pay the extortionists’ demands, that will only give them more reason to do it again. Source: http://www.mysec.hu/magazin/kuelfoeldi-hirek/20413-security-blogger-graham-cluley-s-website-suffers-ddos-attack

Continue reading here:
Security blogger Graham Cluley’s website suffers DDoS attack