Mt. Gox K.K., the collapsed trading platform for the bitcoin digital currency, came under so-called distributed denial of service (DDoS) attacks aimed at shutting its servers by overloading them with massive volumes of data in early February, it has been learned. Also between February and earlier this month, bitcoin exchanges in Canada and Slovenia were hit by similar attacks, indicating such cyber-attacks have been launched on a global scale. According to sources, the Tokyo-based Mt. Gox was struck by cyber-attacks aimed at stealing bitcoins beginning Feb. 7 by exploiting security shortfalls in its system. Separately, it came under major DDoS attacks, with the system accessed 150,000 times per second. The attacks mostly from servers in the United States and Europe continued for several days. The company suspended bitcoin withdrawals on Feb. 10. DDoS attacks often hijack a large number of computers with viruses. According to the sources, perpetrators often launch such attacks to steal data when a company tries to mend defects in its system. Although the DDoS attacks failed to shut down Mt. Gox’s system, subsequent attacks targeted flaws in its system, stealing a massive amount of bitcoins. In mid-February, a Slovenian bitcoin exchange temporarily suspended trading due to a system glitch caused by cyber-attacks. A Canadian bitcoin exchange announced that it has lost 896 bitcoins, the equivalent of ¥60 million, due to cyber-attacks, while another exchange reported that more than 12 percent of its bitcoin holdings was stolen. “[The attacks] are probably launched by multiple hackers who want to boast they broke into the bitcoin systems,” said Tetsutaro Uehara, a professor of information security at Ritsumeikan University. “DDoS attacks can be done without high-level hacking techniques. It is possible that copycats turned their eyes on other exchanges after weaknesses in Mt. Gox’s system were found.” One week after Mt. Gox filed for bankruptcy protection, the bitcoin community is still puzzled over what exactly caused the company to go under. What are believed to be in-house documents of Mt. Gox, including a draft detailing the purported theft, are circulating on the Internet. Around Feb. 25, before the company suspended business, English documents titled “Crisis Strategy Draft” reporting 744,408 bitcoins had been stolen were posted on the Internet. The damage was almost the same as the figure cited by the company when it collapsed. Earlier this month, a self-proclaimed Russian hacker posted audio recordings of alleged conversations between Mt. Gox Chief Executive Officer Mark Karpeles and a Japanese megabank official, who urged him to close the company’s account in the bank. According to sources, the recordings are believed to be genuine. The “Russian hacker” also posted the design chart of the Mt. Gox computer system. A ‘genuine geek’ Source: http://the-japan-news.com/news/article/0001103726
Tag Archives: dos attacks
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia
A man was sentenced to probation after being convicted for Distributed Denial of Service (DDoS) attacks as a result of Group-IB and the The Ministry of the Interior (MVD) collaboration work. Group-IB assisted in the investigation, collection, preservation and identification of digital evidence. The criminal business owner turned out to be a 26-year-old resident of the Sayansk-city, Irkutsk region. The reason for the investigation was an attack on a large financial corporation, which owns several banks. Since the recourse to the Group-IB up to the moment of the attacker arrest there were record-breaking short terms – all of the work was done within a month. The criminal used underground hacking forums to find clients by posting advertisements for DDoS services. Russians, citizens of the CIS, Britons and many others ordered his services regularly. Group-IB’s evidence said a man used the Dragon botnet to launch the attacks. In autumn 2012, authorities had arrested the suspect in Sayansk, Ziminsk district. During the investigation, the accused pleaded guilty and showed detailed process of launching cyber-attacks. Group-IB computer forensic experts proved the guilt of the arrested in committing a series of cybercrimes. A Sayansk city court judge rendered a guilty verdict against 26-year-old man for unauthorized access to computer information and was condemned to two years of conditional sentence. The Group-IB experienced experts explained that such attacks are common now as a result of unfair competition between companies. “Commercial organizations should think about DDoS protection,” said Dmitry Volkov, Head of the Group-IB Investigation Department. “However, if the incident has already occurred, the Group-IB is ready to conduct a full and independent investigation and find the attacker using forensic methods and tools.” Source: http://www.digitaljournal.com/pr/1776830#ixzz2vCwNMKJi
Continued here:
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia
Namecheap Is In The Middle Of A DDoS Attack
If any of your favorite sites don’t seem to be working right now, don’t panic — it’s not just you. Namecheap, the host of some 3 million-plus domains, is reporting that they’re currently undergoing a Distributed Denial Of Service attack of unknown origins. If that sounds like a bunch of mumbo-jumbo to you, here’s all you need to know: a Distributed Denial Of Service (or DDoS) attack is, generally, when an attacker floods its target with so much traffic that it’s unable to respond to legitimate requests. Namecheap, a company that helps make it so that you can type URLs (like WhateverWebsiteHere.com) instead of IPs (like 192.168.0.1), is currently facing an attack like this, making it quite hard for them to do their job. The attackers appear to be focusing on some of Namecheap’s primary DNS servers. As a result, many domains that are hosted on Namecheap will be unable to resolve, and other features that rely on their nameservers (like email) might not work. The company is actively battling the attack, and are hoping that they’ll have everything locked down within the next hour or so. In the meantime: if your domain is hosted on Namecheap and is having difficulties resolving, Namecheap recommends temporarily switching it to their backup DNS system. Update: Namecheap tells us that the situation now seems to be under control. See their full response to this attack below. Namecheap gained many a fan back in 2011, when the company launched a campaign called Move Your Domain Day in response to competitor GoDaddy’s then-support of the controversial Stop Online Piracy Act. This, along with many other pressures, eventually lead GoDaddy to recanting their support for the bill. Update: Here’s the official response and breakdown of the attack from Namecheap CEO Richard Kirkendall and VP Matt Russell: Today is one of the days that as a service provider who strives to deliver excellence day in and day out, you wish you never had. At around 15.55 GMT / 11.55 EST, a huge DDoS attack started against 300 or so domains on our DNS platform. Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis. Today, however, I am compelled to announce that we struggled. The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with. And this is a new type of attack, one that we and our hardware and network partners had not encountered before. We responded with our well-practiced mitigation plan while also enabling our backup system for those with affected domains. It took us around 3 hours to fully mitigate the attack, working closely with our hardware and network vendors. At this moment in time, 99% of our services are back to normal. I’d like to take this time to apologize to those customers affected. I also wish to iterate that we will learn from this attack and come back stronger, and more robust. We are bringing forward a key DNS infrastructure enhancement program that will see us massively expand the size of our DNS infrastructure and our ability to absorb and fend off attacks like these. We remain firmly committed to delivering the absolute best service possible to our loyal customers. Richard Kirkendall CEO Source: http://techcrunch.com/2014/02/20/namecheap-ddos/
MMO developer offering $14,000 reward for DDoS attack info
If you know a little thing or two about MMOs and a little more about DDOS attacks, you might be able to net yourself a near $15,000 bounty. Wurm Online, the MMO from Minecraft creator Markus Persson (no longer involved) and childhood friend Ralf Jansson, was hit by a DDOS attack yesterday and at the time of writing, it still remains down. Nobody so far has owned up to the attack, which was launched soon after a recent update. Presumably from the relative obscurity of the game, the DDOSer is a player, but there’s very little information on who they are or why they might have done it. However, in an attempt to find out more and ultimately catch and convict those responsible, the studio behind it, Code Club, is now offering a reward: “Shortly after today’s update we were the target of a DDOS attack and our hosting provider had to pull us off the grid for now,” it said in the announcement. “We will be back as soon as possible but things are out of our hands since their other customers are affected. As we wrote in a previous news post we are planning on changing hosting anyways which should improve things for the future. We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.” DDOS attacks against large games has become more common over the past few years, since it usually garners a lot of attention and understandably annoys a lot of gamers. However the purpose beyond attention getting is often unclear, since it rarely impacts anyone more than the players. So what about it guys? Anyone here think they could track down a DDOSer? Source: http://megagames.com/news/mmo-developer-offering-14000-reward-ddos-info
Continue Reading:
MMO developer offering $14,000 reward for DDoS attack info
Second Anonymous member sentenced for role in DDoS attack
The U.S. District Court, Eastern District of Wisconsin, has sentenced Jacob Wilkens to 24 months of probation and ordered him to pay $110,932.71 in restitution for his role in a distributed denial-of-service (DDoS) attack against Koch Industries. Wilkens pled guilty to intentionally causing damage to a protected computer by assisting other members of the hacktivist collective Anonymous in launching a DDoS attack on the servers of Angel Soft bathroom tissue, based in Green Bay, in February and March of 2011. The attacks against Koch Industries were said to have lasted three days and resulted in several hundred-thousand dollars in losses. For his role in the same attack, Christopher Sudlik was ordered earlier this month to pay the same in restitution, as well as being sentenced to 36 months of probation and 60 hours of community service. Source: http://www.scmagazine.com/second-anonymous-member-sentenced-for-role-in-ddos-attack/article/334490/
More:
Second Anonymous member sentenced for role in DDoS attack
Exchange Halts Payouts as DDoS Attack Pummels Bitcoin
A second major bitcoin exchange suspended withdrawals on Tuesday, amidst widespread attacks on the vast software system that drives the digital currency. Bitstamp, an exchange based on Slovenia, says that it suspended Bitcoin withdrawals due to “inconsistent results” from its online bitcoin wallet caused by a denial-of-service attack, according to a post on the exchange’s Facebook page. “Bitcoin withdrawal processing will be suspended temporarily until a software fix is issued,” the post reads. The news comes a week after the Tokyo-based exchange Mt. Gox suspended Bitcoin payouts, blaming a known bug in the bitcoin software. At the time, outside observers turned the blame on Mt. Gox’s accounting software, but it turns out that the company isn’t the only exchange struggling to cope with the bug. That a known issue like this could lead to the suspension of payouts on two of the world’s most popular bitcoin exchanges underscores the immaturity of bitcoin and the ongoing growing pains of the the world’s most popular digital currency. These growing pains are not just technical, but political. As Bitstamp battles against these attacks, it’s also worth noting that the Slovenian exchange is not listed as a money services business with FINCEN, the U.S. agency that registers money transmitters — even though it accepts US customers. Bitstamp did not respond to a press inquiry from WIRED. But according to Andreas Antonopoulos, the chief security officer with bitcoin wallet-maker, Blockchain, the effects of this week’s attack should be temporary. “It’s a griefer attack,” he says. “All it does is slow down these exchanges.” But the company could eventually run into serious problems with regulators in the U.S. FINCEN expects even foreign-based money transmitters to register if they service US customers. A Bored Teenager With a Computer? Bitstamp’s technical issues came to light after someone — nobody knows who, exactly — started flooding the worldwide bitcoin network with thousands of bad transaction records. Because of a flaw in the bitcoin protocol, it’s possible for the bad guys to create two unique transaction identifiers — called hashes — for legitimate transactions on the network. The official bitcoin ledger, or blockchain, is not fooled by these so-called “malleable transactions”, but some badly written wallet software could be confused. “It’s like creating a fake receipt,” says Antonopoulos. In theory, someone could try and use one of these fake receipts to try and trick an exchange into believing that a bitcoin transfer had not gone through, but a look at the blockchain would clear things up, he explains. It turns out that a small number of these bad transactions have been broadcast in the background of the bitcoin network for some time now, but after Mt. Gox went public with its problems, someone cranked up the volume. “Some joker is rewriting thousands of bitcoin transactions and rebroadcasting them,” says Jeff Garzik, a core developer on the bitcoin software. “It’s not a ‘massive and concerted’ attack, probably just a bored teenager with one computer.” Antonopoulos, who is working with other bitcoin companies to coordinate a response to the attack, says he’s spoken with five exchanges (not including Mt. Gox) about the issue, and that three of them are unaffected by the issue. None of the five exchanges that Antonopoulos has spoken with appear to have lost money because of the issue, he says. Source: http://www.wired.com/wiredenterprise/2014/02/bitcoin-ddos/
See the original article here:
Exchange Halts Payouts as DDoS Attack Pummels Bitcoin
Credit unions among industries that suffered more DDoS attacks in 2013
A growing number of data center outages are caused by distributed denial of service attacks. On a technical level, DDoS campaigns are much more complicated to address than other leading causes such as human error or IT equipment failure. Accordingly, they often cost hundred of thousands of dollars to resolve. Throughout 2013, credit unions were increasingly targeted by DDoS attacks that overwhelmed their websites with traffic and sometimes created distractions so that other threats could bypass IT security. Going into 2014, mitigating risk from DDoS through software and backup solutions will be the key to reducing the costs and consequences of IT outages. Report finds that DDoS, equipment failure among the leading causes of outages According to one think tank’s research, DDoS attacks accounted for only 2 percent of outages at 67 U.S. data centers in 2010. By 2013, the share had risen to 18 percent. Perpetrators have benefited from ongoing increases in network speeds and the growing complexity of IT infrastructure, both of which have made it much easier to generate massive amounts of fraudulent traffic. The resulting server and equipment failures have footed IT departments with some steep bills. Outages caused by DDoS attacks typically ran $822,000 apiece, far outpacing the $380,000 price tag for incidents attributable to human error. Equipment issues were the most expensive cause, with each event costing slightly under $1 million. While the length of data center outage has gone down over the past few years, related expenses have risen. The average 2013 incident lasted 86 minutes, but cost $690,204, or 37 percent more than in 2010. Credit unions have felt the impact of more frequent DDoS attacks The rise of DDoS attacks has affected IT operations at credit unions, which were targeted by several prominent campaigns in 2013. A $4 billion credit union in Pleasanton, Calif., and a $1.6 billion one in Austin, Texas, had online services knocked out for hours at a time in the wake of DDoS attacks. More specifically, cybercriminals have honed tactics that put financial institution computers through the motions until they become exhausted. For example, a DDoS attack may ask a site for password resets on thousands of spurious accounts, forcing the system to go through each request. Some DDoS incidents may be distractions that facilitate wire theft, but others are politically motivated. Credit unions may need better preparation against DDoS risk, especially since some simply rely on online banking providers or ISPs to protect data. Restore on reboot software can be easily deployed by IT administrators as part of an imaging solution, and it provides fine-tuned management of all office endpoints. Organizations can ensure that kiosks and cash dispensing services remain active even in the event of a crash or attack. Source: http://www.faronics.com/news/blog/credit-unions-among-industries-that-suffered-more-ddos-attacks-in-2013/
Read the article:
Credit unions among industries that suffered more DDoS attacks in 2013
E-toll site weathers denial of service (DDoS) attack
Sanral’s e-toll Web site suffered a denial of service (DoS) attack on Friday, according to the agency. “Some users complained of slow site performance, and our service provider traced the problem to a denial of service attack of international origin,” said Sanral spokesman Vusi Mona. No further details of the attack were available, but Alex van Niekerk, project manager for the Gauteng Freeway Improvement Project, said the site has come under repeated attack since going live, but suffered only minor performance degradation. DoS attacks, particularly distributed denial of service (DDoS) attacks, are a popular technique used to knock sites offline, overwhelming them with traffic until they are unable to service their clients. Activist group Anonymous frequently uses DDoS to attack targets, using its wide base of supporters to generate traffic. Botnets often launch DDoS attacks from their installed base of zombie PCs. And last year, anti-spam service Spamhaus suffered one of the largest DDoS attacks in history, with incoming traffic peaking at 300Gbps, launched by a Dutch Web host known for harbouring spammers. Sanral’s Web site has been the target of several attacks lately, including a hack which may have leaked personal information, a flaw which allowed motorists to be tracked in real-time, and a session fixation attack which allowed login sessions to be hijacked. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=70192:e-toll-site-weathers-denial-of-service-attack
See more here:
E-toll site weathers denial of service (DDoS) attack
DDoS attacks get more complex – are networks prepared?
The threat of cyber attacks from both external and internal sources is growing daily. A denial of service, or DoS, attack is one of the most common. DoS have plagued defense, civilian and commercial networks over the years, but the way they are carried out is growing in complexity. If you thought your systems were engineered to defend against a DoS attack, you may want to take another look. Denial of service attack evolution A denial of service attack is a battle for computing resources between legitimate requests that a network and application infrastructure were designed for and illegitimate requests coming in solely to hinder the service provided or shut down the service altogether. The first DoS attacks were primarily aimed at Layer 3 or Layer 4 of the OSI model and were designed to consume all available bandwidth, crash the system being attacked, or consume all of the available memory, connections or processing power. Some examples of these types of attacks are the Ping of Death, Teardrop, SYN flood and ICMP flood. As operating system developers, hardware vendors and network architects began to mitigate these attacks, attackers have had to adapt and discover new methods. This has led to an increase in complexity and diversity in the attacks that have been used. Since DoS attacks require a high volume of traffic — typically more than a single machine can generate — attackers may use a botnet, which is a network of computers that are under the control of the attacker. These devices are likely to have been subverted through malicious means. This type of DoS, called a distributed denial of service (DDoS), is harder to defend against because the traffic likely will be coming from many directions. While the goal of newer DoS attacks is the same as older attacks, the newer attacks are much more likely to be an application layer attack launched against higher level protocols such as HTTP or the Domain Name System. Application layer attacks are a natural progression for several reasons: 1) lower level attacks were well known and system architects knew how to defend against them; 2) few mechanisms, if any, were available to defend against these types of attacks; and 3) data at a higher layer is much more expensive to process, thus utilizing more computing resources. As attacks go up the OSI stack and deeper into the application, they generally become harder to detect. This equates to these attacks being more expensive, in terms of computing resources, to defend against. If the attack is more expensive to defend against, it is more likely to cause a denial of service. More recently, attackers have been combining several DDoS attack types. For instance, an L3/L4 attack, in combination with an application layer attack, is referred to as diverse distributed denial of service or 3DoS. Internet and bandwidth growth impact DoS Back in the mid- to late 1990s, fewer computers existed on the Internet. Connections to the Internet and other networks were smaller and not much existed in the way of security awareness. Attackers generally had less bandwidth to the Internet, but so did organizations. Fast forward to the present and it’s not uncommon for a home connection to have 100 megabits per second of available bandwidth to the Internet. These faster connections give attackers the ability to send more data during an attack from a single device. The Internet has also become more sensitive to privacy and security, which has lead to encryption technologies such as Secure Sockets Layer/Transport Layer Security to encrypt data transmitted across a network. While the data can be transported with confidence, the trade-off is that encrypted traffic requires extra processing power, which means a device encrypting traffic typically will be under a greater load and, therefore, will be unable to process as many requests, leaving the device more susceptible to a DoS attack. Protection against DoS attacks As mentioned previously, DoS attacks are not simply a network issue; they are an issue for the entire enterprise. When building or upgrading an infrastructure, architects should consider current traffic and future growth. They should also have resources in place to anticipate having a DoS attack launched against their infrastructure, thereby creating a more resilient infrastructure. A more resilient infrastructure does not always mean buying bigger iron. Resiliency and higher availability can be achieved by spreading the load across multiple devices using dedicated hardware Application Delivery Controllers (ADCs). Hardware ADCs evenly distribute the load across all types of devices, thus providing a more resilient infrastructure and also offer many offloading capabilities for technologies such as SSL and compression. When choosing a device, architects should consider whether the device offloads some processing to dedicated hardware. When a typical server is purchased, it has a general purpose processor to handle all computing tasks. More specialized hardware such as firewalls and Active Directory Certificates offer dedicated hardware for protection against SYN floods and SSL offload. This typically allows for such devices to handle exponentially more traffic, which in turn means they are more capable to thwart an attack. Since attacks are spread across multiple levels of the OSI model, tiered protection is needed all the way from the network up to the application design. This typically equates to L3/L4 firewalls being close to the edge that they are protecting against some of the more traditional DoS attacks and more specialized defense mechanism for application layer traffic such as Web Application Firewalls (WAFs) to protect Web applications. WAFs can be a vital ally in protecting a Web infrastructure by defending against various types of malicious attacks, including DoS. As such, WAFs fill in an important void in Web application intelligence left behind by L3/L4 firewalls. As demonstrated, many types of DoS attacks are possible and can be generated from many different angles. DoS attacks will continue to evolve at the same — often uncomfortably fast — rate as our use of technology. Understanding how these two evolutions are tied together will help network and application architects be vigilant and better weigh the options at their disposal to protect their infrastructure. Source: http://defensesystems.com/Articles/2013/12/19/DOS-attacks-complexity.aspx?admgarea=DS&Page=3
Continue reading here:
DDoS attacks get more complex – are networks prepared?
Mobile devices increasingly used to launch sophisticated DDoS attacks
DDoS attacks still plague businesses worldwide, and cyber criminals are increasingly using mobile devices to launch attacks The threat of distributed denial of service (DDoS) attacks against enterprise users from mobile applications is increasing as more users go mobile, according to DDoS security company Prolexic. Cyber criminals are finding mobile devices can make for a powerful attack tool – and surprisingly easy to use. “Mobile devices add another layer of complexity,” said Stuart Scholly, Prolexic President, in a press statement. “Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.” DDoS attacks can lead to website and server downtime, interruption in day-to-day business operations, and lead to lost revenue and wasted manpower. Prolexic discovered a 26 percent increase in DDoS attacks from Q4 2012 to Q4 2013, with a significant number of advanced DDoS attack weapons. Source: http://www.tweaktown.com/news/34862/mobile-devices-increasingly-used-to-launch-sophisticated-ddos-attacks/index.html
Read more here:
Mobile devices increasingly used to launch sophisticated DDoS attacks