Tag Archives: dos attacks

Police nab alleged DDoS extortion gang at Heathrow Airport

Two Polish men were arrested at Heathrow Airport earlier this week in connection with an alleged DDoS extortion attack on a Manchester-based business, news sources have reported. Details are light but it is known that a website connected to the business was brought down during the attack, which happened at an unspecified time before the 7 August arrests. “This investigation centres on an allegation that the on-line company was blackmailed,” said Detective Inspector Chris Mossop, of Greater Manchester Police’s Serious Crime Division “As part of this blackmail attempt, one of the company’s websites was made temporarily unavailable by the offenders,” he added. “Denial of service attacks have become increasingly common offences in recent years and can have a devastating effect on the victim’s on-line business or presence.” The investigation continued in several countries, including the UK, the US and Poland, police said. Although such cases rarely come to light, cyber-extortion has flourished in the last decade. In almost every case, DDoS is the weapon of choice. These days, small and medium-size businesses are the usual target because they are far less likely to have DDoS mitigation in place to defend themselves. The other less common technique involves attackers stealing data and threatening to release it unless a ransom is paid. An example of this type of attack came to light last year when a Belgian bank was blackmailed by hackers. Last December, hackers tried to extort $4,000 AUS (£2,600) from a medical centre in Australia after breaching its network and encrypting its customer database. A recent survey suggested that one in five UK businesses had been affected by DDoS attacks during 2012. Source: http://news.techworld.com/security/3463285/police-nab-alleged-ddos-extortion-gang-at-heathrow-airport/

Read the article:
Police nab alleged DDoS extortion gang at Heathrow Airport

Analysis: Who’s Really Behind DDoS?

Now that Izz ad-Din al-Qassam Cyber Fighters has launched its fourth phase of distributed-denial-of-service attacks against U.S. banks, many observers are continuing to ask: Who’s behind this group, and what are the real motives? Is al-Qassam really an independent hacktivist group, as it claims? Does it have connections to a nation-state, such as Iran? Or does it have ties to organized crime? And is there a possibility that it has leased out its botnet to multiple groups? In this analysis, Information Security Media Group weighs the evidence. al-Qassam has been waging DDoS attacks against leading U.S. banking institutions and a handful of smaller ones since last September. The attacks, designed to disrupt online banking service, have, so far, proven to be more of a nuisance than a malicious threat. But the launch of this new phase, which was announced July 23, raises new questions about just who is behind Izz ad-Din al-Qassam The Group’s Message Since the beginning, al-Qassam has positioned itself as a group of hacktivists – independent attackers who are waging online war against U.S. banking institutions to make a social statement. The group claims the catalyst for the attacks is a movie trailer on YouTube that it deems offensive to Muslims. And because YouTube has not removed links to this trailer, as al-Qassam has asked, al-Qassam is focusing its attack energies on America’s core – it’s financial foundation. In an Oct. 23 post on the open forum Pastebin, al-Qassam restated its purpose, and noted that the attacks are not being waged to perpetrate fraud . “We have already stressed that the attacks launch only to prevent banking services temporarily throughout the day and there is no stealing or handling of money in our agenda,” the group states. “So if others have done such actions, we don’t assume any responsibility for it. Every day we are giving a compulsive break to all employees of one of the banks and its customers.” The post also takes issue with statements made in October by U.S. Defense Secretary Leon Panetta, who during a speech about cybersecurity noted that industries touching critical infrastructure were at risk. “Mr. Panetta has noted in his remarks to the potential cyberthreats such as attacking on power and water infrastructures, running off trains from the tracks and etc.,” the post states. “In our opinion, Panetta’s remarks are for distracting the public opinion and in support of the owners of the banks’ capital. … This is capitalism’s usual trick.” Then, in November, an alleged member of al-Qassam told ABC News that its attacks were not backed by anyone, nor were they connected to the August 2012 attack on Aramco, a Saudi oil firm, which involved the deletion of data from tens of thousands of computers. “No government or organization is supporting us, and we do not wait for any support as well,” the self-proclaimed al-Qassam member wrote in an e-mail, ABC News reported. “Do you think that the massive protests in the world are done with support? [In] the same manner [that] millions of Muslims in the world protested, hackers are also part of this protest” But many experts have questioned the protest motive and have expressed doubt that al-Qassam is what it says it is. Experts’ Views Financial fraud analyst Avivah Litan has repeatedly argued these attacks are actually being backed by a nation-state, namely Iran, not independent hacktivists. Others, such as Bill Wansley of the consultancy Booz Allen Hamilton, have shared similar opinions. “There are indications that it’s an Iranian group,” Wansley told BankInfoSecurity in late September 2012. “There are a lot of indicators it’s from that region of the world. But these hacktivist groups, frankly, can operate from a number of different locations and give the impression of being from one time zone when they’re really not. So it’s not conclusive. But there certainly have been some indicators, such as the use of Arabic names, Iranian names and the time zone [and the time of day when the first attacks struck] that would indicate something from that part of the world.” An unnamed source within the U.S. government quoted in the New York Times in May suggested Iran is backing attacks against the U.S. in retaliation for economic sanctions the U.S. has imposed on Iran. Many security experts, however, have been reluctant to attribute these attacks to any one type of actor. That’s because any attribution could only be based on circumstantial evidence in the online world, says Alan Brill, cybercrime investigator and senior managing director at investigations and risk-consulting firm Kroll. “You can’t accept crowd opinion for verified fact,” he says. “I think it’s still very difficult to attribute things like this, simply because the Internet was never designed to make that easy.” Although Brill admits he has not carefully reviewed the evidence linked to these attacks, he says attributing these types of attacks is challenged by attackers’ abilities to mask their points of origination with throw-away IP addresses and anonymous networks. “Unlike other forms of evidence, such as a fingerprint at a crime scene, which does not change, this stuff is just so fluid,” he says. “It’s very difficult to put all of the pieces together. And in the case of state actors, you’re not going to get a lot beyond circumstantial evidence.” Reviewing Patterns But what can the industry glean from the most recent attacks? Many experts say the more they learn about al-Qassam, the more confused they are. The group’s Pastebin announcements, attack schedules and breaks between attack campaigns have been inconsistent. Just as soon as the industry thinks it’s outlined a pattern, the pattern changes, as shown again in this fourth wave of attacks. Here, Information Security Media Group spells out some important factors. Are They Really Hacktivists? Support for the notion that al-Qassam is a hacktivist group stems from the fact that it claims itself to be one – and so far, no financial fraud or other type of data compromise has been linked to an al-Qassam attack. Banking regulators have warned of the potential for DDoS to be used as a mode of distraction for fraud to be perpetrated in the background But so far, no account compromises have been associated with al-Qassam attacks. The group claims it’s waging its attacks for social reasons – outrage over a YouTube video deemed offensive to Muslims. That purpose would suggest this is just a group of hacktivists out for attention. Is a Nation-State Involved? But none of the industry experts interviewed for this analysis believes that is truly the motive. Hacktivists typically want attention. “There’s usually some bragging about what was accomplished,” Wansley said last year. “That’s the typical pattern of some of the hacktivist groups.” While al-Qassam bragged on Pastebin in the early weeks of its attacks, the bragging has waned over time. Hacktivists also often name their targets in advance. Al-Qassam did this early on, but as the attacks became less effective, that stopped. During the second and third campaigns, al-Qassam took credit after the attacks. Now, most of that post-attack bragging has stopped as well. And experts note that these DDoS strikes have been hitting U.S. banking institutions for nearly a year; a hacktivist group would need substantial funding to run an attack campaign that long. That’s why many believe al-Qassam is actually a front for a nation-state, a criminal network – or even a mix of both. “In this case, there’s a group that has an Arabic name that has never been associated with cyber-activity at all,” Wansley noted. “[The name has] been associated with Hamas. And for them to, all of the sudden, become a hacktivist group is just really interesting. We’ve never seen that before. That doesn’t mean they’re not doing it, but it could also mean they’re being used as a cover for some other country or organization to do something.” The timing of this fourth phase further supports the notion that al-Qassam is actually a nation-state actor, Gartner’s Litan contends. The Iranian presidential election, as well as elections for regional posts, occurred June 14. Litan says the attacks were expected to lapse during the election, assuming that the Iranian government is actually funding the attacks. “We all knew they’d be back after the election,” she says. “Really, this is just business as expected.” Based on information she’s gathered from law enforcement and some of the attacked banks, Litan concludes: “We know it’s Iran because the attacks have been traced back to them, through the files, through the servers.” Is There a Criminal Connection? But could there be a criminal element involved? Many experts say a connection to organized crime is possible, because the attackers waging these long-term, extensive DDoS strikes are likely getting funding from a nefarious source. But are there clues al-Qassam is waging its attacks for a criminal purpose? Brobot, al-Qassam’s botnet, keeps growing, experts say. While the attacks waged by Brobot have been unsuccessful at causing any significant online outages during the third and fourth phases, al-Qassam has continued to increase the botnet’s size. Why? Some argue the purpose is to rent out Brobot for a profit – perhaps to cybercrime rings. And attacks linked to Brobot this campaign may support the notion that Brobot is now being used by more than just al-Qassam. During the afternoon hours of July 30, Brobot was used to attack merchant sites, seemingly as a coding test for the attacks that kicked off July 31, says Mike Smith of the cybersecurity firm Akamai, which has been tracking and mitigating DDoS activity linked to al-Qassam. The only commonality among the July 30 targets: They all have the word “Da Vinci” in their website URLs, Smith and others confirmed. “There was no connection to banking at all,” Smith says. Source: http://www.govinfosecurity.com/analysis-whos-really-behind-ddos-a-5966

View article:
Analysis: Who’s Really Behind DDoS?

DDoS is Back; 3 Banks Attacked

A week after the self-proclaimed hacktivist group Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a fourth phase of attacks against U.S. banks it’s still not clear whether the group has resumed its distributed-denial-of-service activity. DDoS attacks appear to have targeted three banks July 24 through July 27, according to Keynote, an online and mobile cloud testing and traffic monitoring provider, and other sources. But security vendors that track attacks linked to al-Qassam’s botnet, known as Brobot, say they’re uncertain exactly who was behind those attacks. While some attack evidence suggested a link to Brobot, nothing was definitive. The online banking sites of JPMorgan Chase, U.S. Bancorp and Regions Financial Corp. all experienced intermittent outages last week, Keynote says, and the outages appear to be DDoS-related. All three banking institutions have previously been targeted by al-Qassam. Those three banks all declined to comment about the outages, although Chase did acknowledge intermittent online issues July 24 on Twitter , in response to customer complaints. Detecting those online glitches, however, took some digging, says Aaron Rudger, Keynote’s Web performance marketing manager. The online traffic patterns were different from what Keynote has recorded in the past for activity believed to be related to DDoS, he says. “Normally with DDoS attacks, we see a ramping decline in a site’s performance as the load against it builds,” Rudger says. “Eventually, the site falls over when overwhelmed.” But in all three online outages tracked last week, that pattern was not present, he says. “It seems they were hit very hard, very fast – so fast, our agents did not observe the typical ‘ramping’ effect of an attack,” he says. The pattern divergence could signal a different type of DDoS approach, or merely be a byproduct of the steps the affected banking institutions were taking to mitigate their outages, or a combination of the two, he says. And while all three banks suffered slightly different types of attacks – Chase hit by DNS lookup errors, U.S. Bank hit by TCP connection errors and Regions hit by traffic that allowed access to its homepage but kept eBanking inaccessible – Rudger says they all were, at least in part, linked to external issues. Bot Activity The outages linked to Chase began during the morning of July 24, stopped and then picked back up in the afternoon, says one DDoS mitigation expert, who asked to remain anonymous. The first wave of attacks had no commands linked to Brobot, but the second wave did, the source says. The outages at U.S. Bank, which began during the very early morning hours of July 24, also stopped for a while and picked back up in the afternoon, Rudger says. And the outages at Regions showed similar patterns, though the outages spanned two days and eBanking remained inaccessible throughout the duration, he adds. John LaCour, CEO of cybersecurity and intelligence firm PhishLabs, declined to comment about any particular banks affected by DDoS activity, but he confirmed that his company had tracked new attacks. He did not say, however, if those attacks were linked to Brobot. Tracking Attacks Several other DDoS mitigation providers would not comment about last week’s three apparent DDoS attacks. But the anonymous source says no one is certain whether al-Qassam is connected to those attacks. After al-Qassam’s announcement that it planned to launch a fourth phase of attacks, copycats may have decided to take advantage, launching attacks of their own hoping to be mistaken as al-Qassam, the source says. The group hasn’t attacked since the first week of May, when it announced it was halting its DDoS strikes in honor of Anonymous’ Operation USA , bringing an end to its third phase of attacks, which began March 5 (see New Wave of DDoS Attacks Launched ). al-Qassam has repeatedly stated it’s waging its attacks against U.S. banking institutions in protest of a Youtube movie trailer deemed offensive to Muslims. “Other DDoS actors have started their hostilities, trying to blame (or at least be confused with) them on QCF,” the source says. “We saw similar activity from the middle of Phase 2 onward, where fraudsters were attacking known [Operation] Ababil targets in order to straphang on the chaos that QCF was bringing.” Several security vendors tracking the group’s Brobot say that the botnet is growing. “The huge number of servers controlled by the attackers shows that this campaign was fully planned, intentionally organized and deliberate,” says Frank Ip, vice president of U.S. operations for NSFOCUS, which tracks DDoS activity. “This leads us to wonder whether the attack campaign is supported or backed by a country or financially well-off organization behind the scenes. We expect that similar DDoS attack events will occur in the wake of the recent activity, employing more diversified and varying methods.” Source: http://www.govinfosecurity.com/ddos-back-3-banks-attacked-a-5951/p-2

Visit site:
DDoS is Back; 3 Banks Attacked

Regions Bank Hit with New DDoS Attack

Regions Bank was the victim of cyber attackers that shuttered the bank’s website and interrupted its customers’ debit cards, reported AL.com. The bank’s website was hit Friday with a distributed-denial-of-service attack. Customers may have also not been able to use their debit cards at ATMs and merchants, according to a statement released to the website. “Access to regions.com and online banking were disrupted intermittently today by a distributed denial of service (DDoS) attack,” a spokesman told AL.com on Friday. “Some customers may have also been unable to use their CheckCards at ATMs or at merchants. We apologize for the difficulties this has caused and are working to resolve the issues as quickly as possible.” The attack comes on the heels of recent threats by from the hactivist group Izz ad-Din al-Qassam Cyber Fighters. Since last September, al-Qassam has taken responsibility for a series of cyber assaults that have plagued some of the nation’s largest banks — shuttering the online banking operations of Wells Fargo, PNC and dozens of others. Regions Bank was among those hit in early October. The Regions outage and debit card issues that occurred Friday reportedly lasted for nearly two hours. Source: http://www.americanbanker.com/issues/178_145/regions-bank-hit-with-new-ddos-attack-1060942-1.html

Read more here:
Regions Bank Hit with New DDoS Attack

Network Solutions restores service after DDoS attack

Network Solutions said Wednesday it has restored services after a distributed denial-of-service (DDoS) attack knocked some websites it hosts offline for a few hours. The company, which is owned by Web.com, registers domain names, offers hosting services, sells SSL certificates and provides other website-related administration services. Network Solutions wrote on Facebook around mid-day Wednesday EDT that it was under attack. About three hours later, it said most customer websites should resolve normally. Some customers commented on Facebook, however, that they were still experiencing downtime. Many suggested a problem with Network Solutions’ DNS (Domain Name System) servers, which are used to look up domain names and translate the names into an IP addresses that can be requested by a browser. DDoS attacks are a favored method to disrupt websites and involve sending large amounts of data in hopes of overwhelming servers and causing websites to not respond to requests. Focusing DDoS attacks on DNS servers has proven to be a very effective attack method. In early June, three domain name management and hosting providers — DNSimple, easyDNS and TPP Wholesale — reported DNS-related outages caused by DDoS attacks. Hosting service DNSimple said it came under a DNS reflection attack, where DNS queries are sent to one party but the response is directed to another network, exhausting the victim network’s bandwidth. Source: http://www.pcworld.com/article/2044618/network-solutions-restores-service-after-ddos-attack.html

Continue Reading:
Network Solutions restores service after DDoS attack

Many online newspapers become DDoS victims

At 4.11 pm of July 7, when accessing Dan Tri newspaper at dantri.com.vn, readers would see the words “Ban hay thuc hien phep tinh de tiep tuc su dung bao Dan Tri” showing that the access was denied. Dan Tri was just one of the many online newspapers hacked in recent days under a large scale DDoS offensive of the hackers. The hacking made a lot of newspapers inaccessible. Some readers still could access websites, but they had to try many times and wait with patience. Internet security experts have commented that the attack might have been well prepared for a long time, because it was conducted in a very methodical way. HVAOnline, a security forum, reported that since July 4, Thanh Nien, Tuoi tre, Dan Tri, VietNamNet, Kenh 14 have been the victims of the DDoS attacks, noting that the number of hacked online newspapers is on the rise. It is estimated that each of the newspapers incur the DDoS attack capacity of 50-70 Mbps, while the capacity was up to 1.3 Gbps for some newspapers. To date, some newspapers have fixed the problems, but the access remains unstable. According to Vo Do Thang, Director of Athena, an Internet security training center in HCM City, the current attack power would be unbearable to the small online newspapers. As such, the hacking would cause serious consequences, especially if it lasts for a long time. The experts said hackers purposely attacked the server of VDC 2 (the Vietnam Data communication Company) where the servers of many online newspapers are located. As a result, not only the VDC 2’s server, but the newspapers’ servers also suffered. HVAOnline said the forum itself and many other forums, information portals in Vietnam also incurred many DDoS attacks, but at weaker intensity. In fact, experts said the attacks began in June 2013 already at low intensity, which could be the preparation for the “general offensive” in July. They believe that the hackers may belong to a big and powerful organization to be able to mobilize such large botnets and zombies for the large scale attack. The hackers reportedly timed their attacks in their way. After finishing one attack aiming to one goal, they began the attack to another goal. After that, they unexpectedly returned and attacked the first aiming point. This way of hacking might make readers and the newspapers’ administrators misunderstand that the newspapers got troubles, while they did not think of a DDoS attack. Buu Dien newspaper on July 11 quoted the Director of an Internet security firm as saying that the firm, after analyzing the attack, found out that the attack was originated from an IP in Vietnam. BKAV’s Nguyen Minh Duc said two days ago that BKAV has not received any request for help from the hacked newspapers. A Symantec’s report in 2011 said that Vietnam has become the favorite space of the world’s hackers, and that it is the biggest botnet in the world. One of the reasons behind this is that Vietnamese don’t install anti-virus software on their computers, and they have the habit of installing cracked software pieces, or downloading some software products from unreliable websites. Source: http://english.vietnamnet.vn/fms/science-it/79186/many-online-newspapers-become-ddos-victims.html

See more here:
Many online newspapers become DDoS victims

Tips To Prepare For A DDoS Attack

IT security experts report that distributed denial of service (DDoS) attacks are a growing concern for 2013: this trend is proved by the countless attacks during 2012 and shown from the findings on the latest CSI Computer Crime & Security Survey, which attracts widespread media attention and is one of many online sources that provides valuable information and guidance to information security professionals. How can a business or individual decrease the likelihood of these type of threats? Fortunately, there are methods that can be used in advance to mitigate risk and infections from the amplification of such attacks. Safety First First of all, it is paramount to identify if the network is safe and protected from unauthorized access, malicious content, real-time threats and cyber intrusions. If not, network system managers should consider using traditional security products like a firewall, Intrusion Prevention and Detection Systems (IPDS) and Web application firewall devices to establish a first line of security defense. It is crucial to be responsive and implement the necessary security hardware and software tools ahead of time to defend the perimeter of the network from intrusion and before being the hacker’s target. Business and individuals alike should plan early on and not wait until they are at mercy of the attack to use proper security controls. Malicious attacks, which can be carried out from several compromised systems and from another location (IP address), can enable a rogue attacker to install a series of zombie Trojans to attack or infect (with malware) hosted computers. Whatever reason and motive the intruder has, s/he is able to take over an entire network and initiate a flood or packet attack, all while denying legitimate connections and paralyzing victims’ systems or servers (e.g., Web servers, DNS servers, application servers). The aim is to use up the network bandwidth and bring its operations or services down. Knowing how dangerous such an attack can be, it comes of utmost importance to be familiar with the different kind of DDoS attacks that could affect the network to understand what type of countermeasures should be put to use. Despite the scale and frequency of these attacks, there are ways to be prepared and avoid being vulnerable to this threat that can be so disruptive. Next is a list of tips to prepare and plan, before an attack strikes, which if made a victim of could have devastating effects on one’s business, such as costly downtime and/or lost revenue. Here are six ways to prevent a DDoS attack • Utilize packet filters on the router(s) • Setup a firewall with advanced security • Properly configure webserver with security modules • Implement logging with ACLs and have them in place to filter traffic • Exploit NetFlow for traffic monitoring and tracking down specific attacks • Rely on a third-party cloud DDoS mitigation provider for proprietary filtering technology. This is a great alternative for those that do not want to handle the security themselves and obtain a quick solution that provides on-demand, real-time protection to monitor 24/7 a business or individuals’ on-premises network infrastructure. If you’re looking for reputable provider, I would suggest getting DDoS protection from DOSarrest . Other than the tips listed, it is suggested to always have more bandwidth available, maintain anti-virus software, and deploy IPDS devices or firewalls in front of the servers just in case of a DDoS attack. It is better to spend some time (and money) preparing in advance for this network threat than dealing with a last minute crisis and trying to figure out what needs to be done. Source: http://www.examiner.com/article/tips-to-prepare-for-a-ddos-attack

See the original post:
Tips To Prepare For A DDoS Attack

Financial Security: Learning From DDoS Attacks

Exactly how big are distributed denial of service (DDoS) attacks in mid-2013? “Just big enough” is what most attackers would say. The Cyber Fighters of Izz ad-din Al Qassam, a group claiming to protest an anti-Moslem video and considered by many experts to be the perpetrators of the attacks, have shown a knack for ratcheting up the volume as banks invest in greater DDoS mitigation bandwidth. The al Qassam template hasn’t gone unnoticed. In the cyber underground, criminal gangs have chatted about the group’s favorite weapon, the “itsoknoproblembro” DDoS toolkit, which hits various parts of a web site at the same time and floods servers with traffic up to 70Gbps. The al Qassam botnet — dubbed the “brobot” — is striking too. Instead of marshaling tens of thousands of infected home computers, it uses hosting providers’ or business’ commercial content servers, which offer fatter pipes and bandwidth galore. The same tactics are available to those whose motive is greed, with the Internet itself serving as their weapons storehouse. Since they never pay for those high-capacity servers and all that power, what’s to stop attackers from using as much as they want? Though an attack of less than 2Gbps can take down many sites, attackers want to be sure your site is down throughout the world. In fact, they use free web monitoring services to make sure that folks in Chicago and Paris can’t reach you. If the attack isn’t working globally, the attackers up the ante. Just figuratively, though–humongous attacks cost no more than surgical strikes. If this is bad news for top-tier banks, it’s potentially disastrous for smaller institutions lacking the budget and expertise to handle attacks themselves. Fortunately, a little planning and preparation can make a big difference. “Does This Hardware Make Me Look Fat?” It Pays To Be Less Attractive To Attackers. Short of making arrests, the good guys can’t stop the bad guys from launching DDoS attacks. So increasingly, larger banks have taken steps to become less-appealing targets — less likely to go offline for long periods of time and more likely to retain customers thanks to helpful communications. Best practice number one: Distribute your Internet infrastructure. Separate your DNS, e-commerce, payment gateways and VPNs. If everything’s on the same infrastructure and you’re socked with a DDoS attack, the damage is more widespread and the attackers win. Say your DNS is hit. Not good, but if your VPN, for instance, is on a different circuit (either real or virtual), your staff has backdoor access to email and other functions. Because you’ve segregated your private- and public-facing systems, business doesn’t grind to a complete halt. To accomplish this, find a trusted third party to manage infrastructure like DNS. Or at least have a Plan B, enabling you to park your DNS, VPN or web service somewhere else until the attack ends. By lining up a willing provider well in advance, you’ll spare yourself some agony when the dirt hits the fan. It’s also smart to assume that someday you’re going to be hit. To paraphrase Trotsky, you may not be interested in DDoS, but DDoS is interested in you. With over 7,000 attacks daily, it’s only a matter of time, so more banks and credit unions are crafting emergency plans. Like natural disaster planning or certain business recovery efforts, these preparations go far beyond technical responses. It starts with being ready to do business, gasp, offline. If your credit union site is down, you may decide to extend your regular business hours, which in turn might require extra tellers and call center operators, or even coffee and cookies for customers in long lines. You’ll also need to let people know about any such contingencies. Be ready to communicate with customers quickly and reassuringly. Email may not be an option, so consider radio announcements or other media outlets, including a company web page separate from the one that’s under attack. Also think about a toll-free number your customers can call. How much detail should you reveal about the impact of an attack? That’s up to you, of course. Some financial institutions have chosen to say as little as possible, for fear of feeding attackers valuable information. Others have been more transparent, betting they’ll reap the reward in customer gratitude and fewer account defections. Whatever procedures you develop, be sure to practice them. You’ll never be ready for everything, but executing the basics well can help enormously. Again, the throes of a crisis aren’t the best time to white-board responses. Run drills of your emergency plan and you’ll likely accomplish two things: more effective DDoS mitigation and better core service, the latter tending to slip when attacks are all-consuming. While al Qassam is a role model for cyber miscreants, the major banks are a more positive one in the DDoS protection arena. Smaller banks and credit unions don’t have the same deep pockets, but they can still make plans, develop responses and make smart technology investments. Inertia is the one thing they truly can’t afford. For protection against your eCommerce site click here . Source: http://www.banktech.com/risk-management/financial-security-learning-from-ddos-at/240157243

View the original here:
Financial Security: Learning From DDoS Attacks

LinkedIn DDoS response botched

More than half of Linkedin’s members were knocked off the service for an extended period yesterday following a botched response to a DDOS by service provider Network Solutions. Users were redirected in error to India-based website confluence-networks.com which did not require Secure Sockets Layer connections meaning users’ cookies were sent in clear text. Initial media reports suggested the company’s DNS had been hijacked and user security potentially compromised as user’s cookies may have been visible as plain text during the outage. Linkedin subsequently confirmed on Twitter that the outage was due to human error not malice. “Yesterday’s issue was not malicious in any way It was an error by the company that manages our domain,” the statement said. In a post on its site the company claimed LinkedIn member data was not compromised. For protection against your eCommerce site click here . Source: http://www.scmagazine.com.au/News/347578,linkedin-ddos-response-botched.aspx

LulzSec Hacker Ryan Cleary To Be Released

Convicted LulzSec hacker Ryan Cleary, 21, is set to be released “imminently” after appearing Wednesday in a London courtroom for sentencing relating to charges that he made and possessed 172 indecent images of children on his PC. “Some of these images showed children aged as young as six months old in circumstances where they were completely vulnerable,” Judge Deborah Taylor told Cleary, reported The Independent in Britain. “These images were such as would make any right-minded person concerned at you viewing such images.” Cleary, aka Viral, previously pleaded guilty to two charges of making indecent images of children and one charge of possessing indecent images of children. Taylor said Wednesday that although U.K. sentencing guidelines required incarceration for the offenses to which Cleary had plead guilty, “time has been served in any event.” Based on time served, his pleading guilty to all charges filed against him and agreeing to wear an electronic device that will monitor his location, Cleary received a three-year community service order, which requires that he work in the community without pay. He also received a 36-month supervision order, which is akin to probation and requires that Cleary meet weekly with his probation officer. Finally, Cleary was ordered to sign the U.K.’s Violent and Sex Offender Register, which is a database used by police and prison officials to track people convicted of related offenses. Cleary previously appeared in court last month, when he was sentenced to 32 months in prison, followed by a five-year serious crime prevention order that can be used to restrict where he’s allowed to travel and which jobs he’ll be allowed to work. Also sentenced in May were fellow LulzSec participants Jake Davis (Topiary), Mustafa al-Bassam (Tflow) and Ryan Ackroyd (Kayla). Together with Cleary, they pleaded guilty to charges of hacking a number of sites, including the CIA, Britain’s Serious Organized Crime Agency (SOCA) and National Health Service (NHS), and Sony Pictures Entertainment, as well as leaking the credit card data and personal information of hundreds of thousands of people. Cleary also pleaded guilty to launching numerous distributed denial of service (DDoS) attacks under the banners of Anonymous, Internet Feds and LulzSec. British police said the attacks in which Cleary participated caused an estimated $31 million in damages. British police said that when they arrested Cleary at his home on June 20, 2011, they found him in the middle of launching a DDoS attack against the website of SOCA, which was conducting a joint investigation with the FBI into the activities of LulzSec, Anonymous and AntiSec. Clearly was first arrested in 2011 and released on bail, subject to his refraining from using the Internet. He was re-arrested on bail violation charges on March 5, 2012, for going online in December 2011 to contact LulzSec leader Sabu. The day after Cleary’s arrest, federal officials revealed that in June 2011, Sabu — real name Hector Xavier Monsegur — had been arrested and turned confidential government informant, and was helping the FBI investigate hackers and information security attacks. The news of Cleary’s imminent release after serving less than his full jail sentence has led some members of Anonymous to accuse him of having cut a deal with authorities, although no evidence has been produced to back up that assertion. “Anyone who gets away with child porn charges is obviously collaborating with the feds,” according to a post by “ro0ted” to the pro-Anonymous CyberGuerilla blog. Cleary’s legal troubles might not be over, as he was indicted last year by a Los Angeles federal grand jury on hacking charges. But his attorney, Karen Todner, said last year that U.S. prosecutors had indicated that they wouldn’t be seeking his extradition. Furthermore, if that changed, she said her client would fight any such request. “Cleary suffers from Asperger’s syndrome and is on the autistic spectrum and extradition to the United States is totally undesirable,” she said. Source: http://www.informationweek.com/security/attacks/lulzsec-hacker-ryan-cleary-to-be-release/240156590?cid=RSSfeed_IWK_Government