Tag Archives: dos attacks

National Bureau of Investigation (NBI) investigate OP Pohjola DDoS attack

The National Bureau of Investigation (NBI) is investigating a Denial of Service (DoS) attack on the OP Pohjola financial services group. The attack shut down online banking and direct debit services, but the bank has no leads on who might have launched it. Police are investigating an attack on Finnish bank OP Pohjola’s online banking services that caused disruption for customers using online banking and card payments on New Year’s Eve. The company said in a press release that traffic in the denial of service attack originated both inside and outside Finland. The firm is investigating the incident in collaboration with the authorities, network operators and IT services provider, Tieto. A formal police complaint has been filed and OP says that the National Bureau of Investigation is looking into the case. The disruption started on Wednesday at around 16:30, according to the bank, and was only fixed after midnight. Disruption could continue, and those located outside Finland could face difficulties in using OP’s services. Source: http://yle.fi/uutiset/police_investigate_op_pohjola_attack/7716184

How Mega founder Kim Dotcom helped Xbox Live, PSN recover from Lizard Squad’s DDoS attack

How Kim Dotcom helped stop holiday Xbox Live and PSN DDoS attacks Over the Christmas holiday, a loosely organized group of hackers known as Lizard Squad took down Microsoft’s online gaming service, Xbox Live (XBL), as well as Sony’s online gaming platform, PlayStation Network (PSN), through coordinated denial-of-service attacks (DDoS). But the legally embattled owner of Mega, Kim Dotcom, may have offered the olive branch that helped both online gaming services slowly come back online. DDoS attacks are implemented by either forcing the targeted network’s service or website to reset, or by consuming its resources at such a high level that it can no longer function. While relatively simple and not considered “hacking” by security experts, large-scale DDoS attacks, like those against Xbox Live and the PlayStation Network, require the use of massive “botnets,” compromised computers all working in unison to overwhelm a service. This meant that for the majority of the holiday, including Christmas Day and Boxing Day, two of the highest traffic online gaming days of the year, most people were unable to access either Xbox Live or PSN. While Lizard Squad’s motivations for the attacks are still unclear, the group claims they want Microsoft and Sony to improve security on their online services. Just like many online attacks of this kind, it’s more likely they were perpetrated simply because they were possible, especially since preventing a DDoS attack is difficult regardless of how secure a network is. The controversy surrounding the attacks also involved a rival hacking group, The Finest Squad, allegedly attempting multiple times to take down Lizard Squad over the course of the holidays through their own DDoS attacks and by “doxing,” releasing the personal information of Lizard Squad members. These efforts ultimately failed and both PSN and XBL remained offline until Dotcom intervened. Lizard Squad and The Finest Squad also frequently traded insults through social media and on popular YouTube hacking-focused talk show, DramaAlert. This is where Kim Dotcom comes in: contacting Lizard Squad directly and promising the group 3,000 $99 Lifetime accounts, worth approximately $300,000 in total, for his encrypted upload service, Mega, if they stopped their DDoS assault on XBL and PSN. Lizard Squad also credited Dotcom with being the main peacemaker in terms of getting the attacks to stop. Despite one faction of Lizard Squad claiming all attacks have ceased, another faction of the group reportedly continued disrupting XBL and PSN, creating free digital game listings for Call of Duty: Advanced Warfare and Destiny. When both services went back online they were also overwhelmed with thousands of users trying to log into their profiles simultaneously, creating additional difficulties for Microsoft and Sony’s online infrastructure. However, As of Dec. 30th, both Xbox Live and the PlayStation Network are running relatively smoothly. Despite playing an important role in getting both gaming services back online, some have criticized Dotcom for setting a dangerous precedent by giving away free Mega accounts to malicious hackers. Other recent high-profile hacking incidents include a group of hackers known as the Guardians of Peace gaining access to Sony’s internal network and leaking a number unreleased films, and also threatening a terrorist attack if the controversial movie The Interview was released. Source: http://business.financialpost.com/2014/12/30/how-mega-founder-kim-dotcom-helped-stop-holiday-xbox-live-and-psn-ddos-attacks-by-appeasing-lizard-squad/?__lsa=7896-d0fe

View article:
How Mega founder Kim Dotcom helped Xbox Live, PSN recover from Lizard Squad’s DDoS attack

DDoS attack on Swedish Parliament’s website

The official website of the Swedish Parliament was taken down on Tuesday, in what officials labelled “an outside attack”. The website, riksdagen.se, was taken down at 11am on Tuesday, with visitors met by a blank screen. By 2pm, the website was up and running again, but officials confirmed that the problem had not been caused by any internal IT troubles. “It went down because of an attack from the outside,” Riksdag spokesperson Anna Olderius told the TT news agency. “But we refuse to comment on security issues in any more detail than that.” The cyber attack marks the second against the website in the past two years. In October 2012, the website went down together with that of the country’s central bank other government websites, news networks, and university home pages. Hacktivist network Anonymous claimed responsibility for the October attacks. “You don’t fuck with the internet,” the group wrote online, in what was apparently a response to police raids on the previous hosts to The Pirate Bay and WikiLeaks. The attacks were carried out via a Distributed Denial of Service (DDoS), where a website is bombarded with communication requests so that the servers become overloaded and the site crashes. As yet, no one has claimed responsibility for Tuesday’s attack. Source: http://www.thelocal.se/20141230/cyber-attack-hits-government-website

See more here:
DDoS attack on Swedish Parliament’s website

‘Bitcoin Baron’ claims credit for City of Columbia, KOMU DDoS attacks

He cited a 2010 SWAT raid in Columbia as his motivation behind the DDoS attacks. An individual is taking credit for the distributed denial of service attacks on the websites of the City of Columbia and KOMU-8 on Friday. KOMU posted about the attack on its Facebook page at 3:48 p.m. Friday, about three hours after the station had reported on a similar attack on the City of Columbia’s website earlier Friday. KOMU’s article included a statement from Assistant City Manager Tony St. Romaine indicating the activist group Anonymous was behind the attacks. Shortly after their site was attacked, KOMU received an email from a third party who indicated that he, not Anonymous, was behind both attacks. KOMU General Manager Marty Siddall said the individual referred to himself as “Bitcoin Baron.” Through his Twitter, Bitcoin Baron has connected himself to multiple other DDoS attacks. Bitcoin Baron said in a video that his motivation behind the attacks was a 2010 Columbia SWAT raid on the house of Jonathan Whitworth, who was presumed to be a marijuana dealer. During the raid, one of Whitworth’s dogs was fatally shot in front of his wife and child. “I decided that this should go viral once more to show everyone the true nature of how you and every police department does things,” Bitcoin Baron said in his video. Bitcoin Baron said in a tweet that no data was affected by any of the DDoS attacks. Prasad Calyam, assistant professor of computer science with a technical focus in cyber security, said DDoS attacks occur when a user creates a large amount of fake traffic that accesses a site’s servers all at once to crash the site. “(A DDoS attack) is a sort of brute force attack, where many machines are compromised to act like regular users in order to block real users from reaching the site,” he said. Calyam said DDoS attacks cannot be stopped as they occur, and he advised that locally blocking a website is the best way to deal with an attack. “(That is) because it’s hard for an Internet provider to block people from accessing your site,” he said. “The only way to prevent attacks is through an intrusion detection system, which can be really expensive … There are open source intrusion detection systems available, but they must be maintained and managed by experts.” Siddall said KOMU is working with their third-party Internet provider to prevent future attacks. Source: http://www.themaneater.com/stories/2014/12/29/bitcoin-baron-claims-credit-city-columbia-komu-ddo/

More here:
‘Bitcoin Baron’ claims credit for City of Columbia, KOMU DDoS attacks

Sony issues formal response to DDoS attacks in PSN update

For the first time in days, Sony has issued a formal response to the ongoing distributed denial-of-service (DDoS) affecting various networks in the gaming industry, including PlayStation Network. While the update doesn’t offer much in terms of when PlayStation owners can expect full service to resume, Sony has at least assured us that they are working to restore full network access. Note: An update on Sony’s official support page notes that service is restored on PS3 and Vita; however, PSN is still down on PS4. A special section of the website is dedicated to PSN post-restoration that says if you are continuing to experience problems after PSN services are fully restored to refer to Contact Support. Here’s the full message from Catherine Jensen, VP of SCEA Consumer Experience. The video game industry has been experiencing high levels of traffic designed to disrupt connectivity and online gameplay. Multiple networks, including PSN, have been affected over the last 48 hours. PSN engineers are working hard to restore full network access and online gameplay as quickly as possible. From time to time there may be disruptions in service due to surges in traffic, but our engineers will be working to restore service as quickly as possible. If you received a PlayStation console over the holidays and have been unable to log onto the network, know that this problem is temporary and is not caused by your game console. We’ll continue to keep you posted on Twitter at @AskPlayStation and we’ll update this post once the problems subside. Thanks again for your patience. The DDoS attacks on PSN (and Xbox LIVE) began around Christmas Day. Though neither Sony nor Microsoft admitted to being DDoS’d, the notorious hacker group Lizard Squad was eager to claim credit. For those unfamiliar, this is the same group that launched multiple attacks earlier this year, including bomb threats to SOE president John Smedley. On Friday, one of the numerous Twitter accounts claiming to be Lizard Squad said the DDoS attacks were stopped and that any ongoing disruptions were “just the aftermath” of hours worth of traffic bombardment. However, another account claiming to be one of the prominent members of Lizard Squad, continued to tweet out messages suggesting the DDoS attacks were continuing. Even now, two days after Christmas, PSN is still struggling to return to full service; although, some believe it to be Sony simply restructuring its system architecture. At this point it’s still not 100 percent certain if the outages are ongoing DDoS attacks, but it appears for now at least that Sony has a grasp on the problem and is working to restore service. Hopefully they are addressing the issues and even working to prevent this sort of thing from happening in the future. Considering this isn’t the first time PSN has been brought down for a lenghty period, I’m hoping Sony will finally take some serious action in preventing this sort of outage again. But, I’m also skeptical; if they haven’t learned by now, when will they? Source: http://www.gamezone.com/news/sony-issues-formal-response-to-ddos-attacks-in-psn-update-9048-jrni

View original post here:
Sony issues formal response to DDoS attacks in PSN update

Update: Columbia’s website back online after cyber attack; KOMU down from DDoS attack

UPDATE: This story has been updated to include details of another denial of service attack on KOMU and additional comments on FBI involvement in investigating the attack on Columbia’s website. COLUMBIA — The city’s official website is back online after being down since Wednesday night, when a cyber attack flooded the server with information requests. But the hacker responsible might have found a new target in KOMU. The city’s site, gocolumbiamo.com, was back up as of 12:35 p.m. The site provides information and updates to the public about city services and events. Deputy city manager Tony St. Romaine said city officials have been in touch with the FBI about the incident. Joel Sealer, a spokesman for the FBI in Kansas City, said only that city officials had been in contact with the agency, but he would not comment on or confirm the existence of an investigation. St. Romaine said the activist hacker group Anonymous was the source of the attack on the city’s site, but a YouTube video posted by Bitcoin Baron denies that affiliation and claims sole responsibility for the attack. In the video’s introduction, Bitcoin Baron states that the attack is in retaliation for a February 2010 incident where Columbia police killed one dog and wounded another during a drug raid. The YouTube video then shows footage from the raid. The city’s website was hit by a distributed denial of services attack, which sent requests from multiple sources to the site’s server to overload its bandwidth capacity. City staff became aware of the problem at around 11 p.m. Wednesday and shut down access to the site to sort out the problem. KOMU.com’s outage began around 3 p.m. Friday, and KOMU posted on its Facebook page at 4 p.m. Saturday to address the distributed denial of service attack. In the post, KOMU calls the attack a “direct result” of its reporting on the city’s website being taken down. Its story noted that city officials believed Anonymous was responsible, but a third party contacted the news station to claim responsibility and threaten to take down KOMU.com as well. Attacks of this nature generally don’t result in the theft of information or other security loss, St. Romaine said. “Your system is not getting hacked into, and data is not getting compromised,” he said. Source: http://www.columbiamissourian.com/a/183192/update-columbias-website-back-online-after-cyber-attack-komu-down/

Continue Reading:
Update: Columbia’s website back online after cyber attack; KOMU down from DDoS attack

DDoS attack takes down City of Columbia website

Columbia Deputy City Manager says a hacker group took responsibility for the attack on GoColumbiaMo.com A City of Columbia official said the city’s website, gocolumbiamo.com, suffered a cyber attack Wednesday night, and the website will be down until further notice. Deputy City Manager Tony St. Romaine said Anonymous, a group associated with cyber attacks and hacking activism, took down the city’s website with a Distributed Denial of Service (DDoS) attack. St. Romaine said the group cited a drug-related SWAT raid in Columbia in 2010, where police shot two dogs in the house. A YouTube video shows a user taking credit for the attack, along with the SWAT raid from 2010. (Warning: the video contains strong language and graphic content.) A news release sent Friday morning said the city’s IT department was notified of an attack around 11 p.m. Wednesday. Deputy City Manager Tony St. Romaine told ABC 17 News IT staff worked through the night until 7 a.m. Thursday. The staff left the office, but continued to work from home. “This form of attack is an attempt to make an online service unavailable by flooding the website server with requests from multiple sources,” the release said. “In most cases, they involve forging of sender addresses so that the location of the attacking machines cannot easily be identified.” The release said this sort of attack renders city services provided online unavailable, and doesn’t compromise personal information. Source: http://www.abc17news.com/news/city-of-columbia-website-suffers-cyber-attack/30405572

View article:
DDoS attack takes down City of Columbia website

DDoS attacks carry six-figure price tag for businesses

The average distributed denial-of-service (DDoS) attack costs large businesses an average of $444,000 in lost revenue and subsequent IT spending, according to a recent survey by B2B International. The same poll found that DDoS attacks hit the bottom line of small-to-medium-sized businesses (SMBs) at an average clip of $52,000 per incident. Kaspersky Lab sponsored the annual survey, conducted by B2B International, which polled 3,900 respondents from 27 countries about IT infrastructure challenges they faced from April 2013 through May 2014. All businesses at risk Businesses of all sizes were polled, with approximately 17 % coming from large enterprises (5,000 to 50,000 employees), 12% from the large/medium category (1,500 to 5,000), 25% from the medium/small (250 to 1,500) enterprise segment, and the remaining from small businesses. Overall, nearly 1 in 5 businesses (18%) experienced a DDoS attack during the year-long study period. The polling then drilled down into business verticals that provide online financial services or operate public-facing websites. Among this subset that relies on 24/7 web access for clients, the survey found that 38% experienced at least one DDoS attack during the study period. When this subset was broken down into specific business verticals, the poll found that 49% of IT/technology firms suffered at least one DDoS incident during the study period, followed by e-commerce sites (44%), telecommunications (44%), media (42%), construction/engineering (40%) and finance (39%). Downtime = Money The most frequent effects of DDoS attacks include slow-loading web pages, inability to complete online transactions, or complete service disruption – all of which weigh heavily on a business that relies on the web for revenue. Survey respondents listed potential losses in revenue (33%) and damage to company brand (38%) as the two most negative outcomes from a DDoS attack. This is in lockstep with their management’s concerns, who list loss of revenue (26%) and customer trust (23%) as the most feared outcomes of such an attack. A disconnect between the potential threat of DDoS and investments to detect or mitigate these attacks is apparent when dissecting the survey. For example, media companies were fourth on the list of most targeted, by only 38% of respondents from these firms listed DDoS countermeasures as a security priority. Among e-commerce respondents, whose businesses may be most heavily affected by the effects of a DDoS attack, only 41% noted DDoS security investment as a priority. “Even if a company does not have a public-facing website, its finances and reputation can be seriously affected by DDoS attacks”, said Eugene Vigovsky, head of DDoS protection at Kaspersky Lab, in a statement. “It is known that DDoS can be organized not only to incapacitate online services or for ransom, but also to mask other cybercriminal activities, such as targeted attacks…to gain access to confidential data.” Watching your availability When it comes to online security, most organizations tend to focus on the confidentiality or integrity of data and services, often at the expense of availability, noted Lenin Aboagye, Director of IT, cloud and product security for data center provider IO. He told DatacenterDynamics that companies experiencing DDoS-related downtime stand to lose money every minute their web services are affected. “If you operate a downed e-commerce site, and people cannot make a purchase especially during this holiday season, then losses can be substantial”, he added. “Most organizations do not look into this area of security because it’s not considered a data breach event that requires customer notification.” Source: http://www.datacenterdynamics.com/focus/archive/2014/12/ddos-attacks-carry-six-figure-price-tag-businesses

More:
DDoS attacks carry six-figure price tag for businesses

Alibaba : Cloud Suffered DDoS Attack for 14 Hours

A well-known game company on Alibaba Cloud Computing suffered a DDoS attack for 14 hours from December 20 to 21. However, Alibaba has not disclosed the name of the game company and why the company was attacked. Alibaba condemned the hacking attack and called on all Internet innovation companies to jointly resist hacking. Alibaba Cloud said in the microblogging “faced with hacker attacks, we cloud never compromise.” Source: http://www.4-traders.com/ALIBABA-GROUP-HOLDING-LTD-17916677/news/Alibaba–Cloud-Suffered-DDoS-Attack-for-14-Hours-19594653/

Continue reading here:
Alibaba : Cloud Suffered DDoS Attack for 14 Hours

Garden-variety DDoS attack knocks North Korea off the Internet

Experts cite the fragility of North Korea’s connection, note that routine DDoS attacks could have easily forced the country offline The simplest explanation for North Korea’s suddenly dropping off the Internet was a distributed denial-of-service (DDoS) attack that overwhelmed the isolated nation’s tenuous connection to the rest of the world, experts said Monday. North Korea’s Internet connection went down around 11 a.m. ET Monday, and was restored about nine and a half hours later, at approximately 8:45 p.m. ET. But within hours, some sites checked by Computerworld , including North Korea’s official news agency, were again offline. A DDoS attack could have been launched by a small group or even an individual, the researchers said. “If it turns out it was an attack, I’d be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask,” said Matthew Prince, co-founder and CEO of security firm CloudFlare, in an email. Prince and others bet that a run-of-the-mill DDoS attack took down North Korea’s Internet because the isolated country has a “pipe” to the Internet so narrow that a routine attack could easily flood its capacity and take it offline. Ofer Gayer, security researcher at Incapsula, estimated North Korea’s total bandwidth at 2.5 Gbps, far under the capacity of many recent DDoS attacks, which typically are in the 10Gbps to 20Gbps range. “Even if North Korea had ten times their publicly reported bandwidth, bringing down their connection to the Internet would not be difficult from a resource or technical standpoint,” Gayer said, also in an email. Almost all of North Korea’s Internet traffic passes through a connection provided by China Unicom, the neighboring country’s state-owned telecommunications company. North Korea has just a single block of IP (Internet protocol) addresses, or just 1,024 addresses, another vulnerability; in comparison, the U.S. boasts 1.6 billion IP addresses. “When organizations –- nation states or commercial entities -– rely on a single Internet service provider and a small range of IP addresses, they make themselves easy prey,” Gayer said. “Attackers have a single target -– the one connection to the Internet backbone –- to flood with traffic.” According to Prince of CloudFlare and Jim Cowie, chief scientist at Dyn Research, North Korea — officially named the Democratic People’s Republic of Korea (DPRK) — went completely dark after a weekend of intermittent connectivity. For example, Computerworld was unable to reach the DPRK’s Central News Agency, its official mouthpiece, much of Sunday, Dec. 21. The IDG News Service, which like Computerworld is owned and operated by IDG, reported Monday that North Korea had fallen off the Internet. North Korea’s outage might have gone unreported but for the November hack of Sony Pictures; the release of gigabytes of the Hollywood studio’s internal documents; Sony yanking The Interview , a comedy that portrayed the assassination of Kim Jung-un, the country’s dictator, after hackers threatened American theaters; and the U.S. government’s contention that North Korea was responsible. In comments last week, President Obama said, “We will respond proportionally [to North Korea], and we will respond in a place and time and manner we choose.” But it’s far more likely that North Korea’s connection to the world was severed by hacktivists or cyber terrorists than by the U.S., or any other nation, the researchers said. Dan Holden, the director of Arbor Networks’ security engineering and response team, said the attacks were relatively small in scale — the weekend peak was just shy of 6 Gbps — and among other targets, took aim at the primary and secondary DNS (domain name system) servers for most websites in North Korea. “It’s not as if a super sophisticated attack is needed in order to cripple it,” Holden said in a Monday blog. Holden also pointed out that a pair of hacktivist cyber-terrorist groups, Anonymous and Lizard Squad, had taken to Twitter to threaten to attack North Korea. Both groups have used DDoS attacks in the past to knock sites offline. Prince of CloudFlare posed other possibilities, ranging from North Korea purposefully cutting itself off from the Internet — a move other authoritarian regimes have made, such as Syria — to China Unicom breaking the connection. But Prince leaned toward the DDoS theory. “Given the largest DDoS attacks are an order of magnitude larger than [North Korea’s capability], it is conceivable that an attack saturated the connection and knocked the site offline,” Prince said. “It’s worth remembering that just a few weeks ago a teenager in the U.K. pleaded guilty for single-handedly generating a 300Gbps attack against Spamhaus.” Prince’s reference was to the 17-year-old arrested this summer and charged with launching a massive DDoS attack in March 2013 against the anti-spam organization. Cowie of Dyn Research concurred with the other experts who pointed to the flimsiness of North Korea’s Internet connection, although like Prince, he said there might have been causes other than a DDoS. “A long pattern of up-and-down connectivity, followed by a total outage, seems consistent with a fragile network under external attack,” Cowie said in a Monday blog. “But it’s also consistent with more common causes, such as power problems.” North Korea did not mention the outage on its news website late Monday before it again went dark, but it did include a rambling 1,700-word missive from the National Defense Commission (NDC), the agency that controls the country’s huge military forces. The NDC sharply threatened the U.S. with retaliation if a cyberattack was launched against the DPRK. “The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels,” the NDC said in a bellicose statement. “Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’ declared by Obama.” Source: http://www.computerworld.com/article/2862652/garden-variety-ddos-attack-knocks-north-korea-off-the-internet.html

Continued here:
Garden-variety DDoS attack knocks North Korea off the Internet