Tag Archives: latest-news

AFP and RBA websites hit by DDoS attacks

The websites for the Australian Federal Police (AFP) and the Reserve Bank of Australia were hit overnight by distributed denial of service attacks claimed to be brought about by Indonesians angry over the leaks that reveal Australian Signals Directorate (ASD) had been tapping the phones of high ranking Indonesian government officials, including President Susilo Bambang Yudhoyono. The AFP’s website was for some time overnight but was restored this morning, with one Twitter user claiming responsibility for bringing the sites down using the hashtags #AnonymousIndonesia and #IndonesiaCyberArmy. The AFP said it was taking the attack “very seriously” but said that no sensitive information was hosted on the public-facing website. “The AFP website is not connected to AFP IT systems. The AFP website is not hosted by AFP ICT infrastructure. It is hosted by a third party hosting provider,” the AFP spokesperson said in a statement. The spokesperson said he was not at liberty to divulge the name of the hosting company. The AFP said the attacks were irresponsible and would not influence government policy. “Activities such as hacking, creating or propagating malicious viruses or participating in DDOS attacks are not harmless fun. They can result in serious long-term consequences for individuals, such as criminal convictions or jail time,” he said. “AFP Cyber Crime Operations identifies, investigates and prosecutes individuals or groups for offences committed against Australian critical infrastructure and information systems.” The RBA’s website was affected by the DDoS attacks, but a spokesperson for the RBA denied that the website had been brought down. “There has been no outage but the Bank’s website has been experiencing access delays for some users,” the spokesperson said. “The bank has DOS protection for its website, which has been effectively deployed. The bank’s website and systems remain secure.” The attacks come as Australia’s relationship with Indonesia continues to strain in the wake of the phone tapping revelations leaked earlier this week by former NSA contractor Edward Snowden. Prime Minister Tony Abbott is facing increasing pressure from the Indonesian government to explain the revelations. Source: http://www.zdnet.com/au/afp-and-rba-websites-hit-by-ddos-attacks-7000023451/

Read the article:
AFP and RBA websites hit by DDoS attacks

Bitstamp Suffers Banking Software Issue and DDoS Attack

Bitstamp’s website has been experiencing a number of difficulties over the past couple of days. Yesterday, the Slovenia-based company experienced problems with the banking software it uses. A statement on the company’s blog and Facebook page reads: Dear Bitstamp clients, We are currently experiencing some problems with our banking software. As a result, deposits and withdrawals may be delayed. We expect this issue to be solved be resolved tomorrow or the next day. We kindly ask our customers with pending transfers to remain patient and refrain from submitting additional support tickets on the matter. We will announce as soon as this issue gets resolved. Thank you for your understanding. Best regards, The Bitstamp team With a tweet 19 hours ago stating: Bitstamp CEO Nejc Kodri? said the issue related to the company’s transaction log: “We were missing bank transaction log from Friday. Also sending transfers out was disrupted, but it now works.” This afternoon, the site suffered a DDoS attack. The last time CoinDesk was successfully able to access price data from Bitstamp was 14:05 (GMT). The site is still experiencing problems. Kodri? said his team is “still working on this” issue. Kodri? said the site hasn’t experienced any difficulties because of increased user traffic over the past couple of days, during which the bitcoin price has increased sharply. In fact, the entrepreneur said the site experienced a record number of visits yesterday with no problems. Source: http://www.coindesk.com/bitstamp-suffers-banking-software-issue-ddos-attack/

See the article here:
Bitstamp Suffers Banking Software Issue and DDoS Attack

Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack

Radio Free Europe/Radio Liberty has been targeted in an Internet attack known as a distributed denial of service (DDoS). The attack has disrupted RFE/RL’s global multimedia news and information services intermittently since November 14. Nonetheless, its computer network was working on November 18 and broadcasts have continued normally. The attack has not prevented the public from accessing RFE/RL’s web pages. But it has slowed the ability of RFE/RL’s broadcasting services to upload fresh news stories, photographs, and video to the Internet. RFE/RL President Kevin Klose said information is still being gathered about the attack, but he confirmed that it is believed to be “targeted.” Klose said a decision was taken on November 18 to report on the attack in response to the needs of the broadcasters’ audiences, “who rely on RFE/RL reporting, and who themselves contend with countless obstacles to connect with us every day.” RFE/RL’s content-management system also supports Voice of America, Middle East Broadcasting, and the Office of Cuba Broadcasting. Those U.S. international media networks also have been adversely affected by the attacks but continue to operate. Klose described the attack as “stark evidence of the challenges that confront the free dissemination and exchange of information in this age.” A DDoS attack floods the target with fake requests that come from thousands or even millions of computers that have been compromised or infected with viruses or malware. RFE/RL experienced a more limited DDoS attack against its Belarusian language service in 2008. RFE/RL Director of Technology Luke Springer said the latest attack was discovered on November 14 when hardware for the international media organization’s computer network began receiving many times more requests than normal. At the peak of the attack, the RFE/RL network was receiving requests for data from hundreds of thousands of computers every second. Springer said that means there are probably more than 1 million malware-infected computers being directed by the attackers — most likely without the knowledge of the computer owners. Technical investigations show that nearly 80 percent of the computers sending out requests for data as part of the DDoS attack are in China and nearly 20 percent are in Russia. But Springer said those findings do not indicate who is responsible for the attack. Attempts to make technical changes that counter the attack have temporarily alleviated the problem. But Springer said the attackers also have been changing their methods, allowing them to continue disrupting services intermittently. Springer said the DDoS attack has not damaged RFE/RL’s network equipment. But he says that “filling up the Internet pipeline with so many bogus requests has caused a traffic jam.” RFE/RL is a private, nonprofit organization funded by a grant from the U.S. Congress.

Read the article:
Radio Free Europe/Radio Liberty (RFE/RL) Targeted for DDoS attack

New Zealand Couriers struck down by DDoS attack

The New Zealand Couriers website was the victim of a ‘denial of service’ botnet attack late last week, believed to be from overseas. The ‘denial of service’ attack, which took place on Thursday November 7, was specifically aimed at preventing access to www.nzcouriers.co.nz and the online tools hosted on this page, and required intensive and malicious effort by an unknown group. Revealed through a customer email sent out by the company, NZ Couriers wrote: “We have sorted out the issues caused by this attack for the most part. “But there are some important pieces of information we wanted to make you aware of: • You may experience a longer wait time than usual when contacting our call centre, due to more people doing things over the phone that they would usually do through our website. We would encourage you in the first instance to try using our online tools as usual before calling through to book a courier, buy product, or track an item. • The issue was caused by a malicious attack, but no one who visits our website is at any sort of risk – this is not related to viruses or anything along those lines. • Traffic to www.nzcouriers.co.nz has been restricted to New Zealand and Australian based companies – so if you have a customer outside of this region, or if your company runs an offshore system then they may not be able to access this website. If this occurs, we do have a way to resolve this – simply contact us on 0800 800 841 and we’ll get the details from you required to sort this out. Admitting that there may be “some lingering issues over the next few days,” NZ Couriers claims these are likely to be sorted out within the next week. “New Zealand Couriers apologises for this interruption of service and we will continue to do everything in our power to deliver the same great service you have come to expect from us,” the company email concluded. Source: http://techday.com/netguide/news/nz-couriers-struck-down-by-dos-attack/173381/

Read More:
New Zealand Couriers struck down by DDoS attack

Pro Afrikaans Action Group (Praag) under DDoS attack

Afrikaans language activist group Praag intends to lay criminal charges against people responsible for attacking its website, the group said on Thursday. Pro Afrikaans Action Group (Praag) founder Dan Roodt said the website and servers had been under a “distributed denial of service” (DDOS) attack, causing disruptions since Tuesday. He believed the attack was aimed at bankrupting Praag and its service provider through the consumption of bandwidth and damage to network infrastructure. “We are going to lay charges with the SA Police Service under the Electronic Communications and Transactions (ECT) Act 25 of 2002 for the DDOS attack against us, but also against those anonymous individuals slandering us on Facebook, social media, and in relation to potential advertisers on our site,” said Roodt. On Sunday, Rapport reported that Google had decided to stop channelling advertising to Praag, and this threatened the future of the website. Roodt told the paper that Praag made thousands of rands from advertising on its website, and would not be able to function without advertisers. He said Google told him that Afrikaans was not a recognised advertising language and it could channel advertisements only to the English version of the Praag website. Roodt, however, alleged that a woman who opposed Praag was behind the problem. He claimed the woman had started a “malicious and fanatical” Facebook group called “Speak Out Against the Website Praag”. In a letter she reportedly posted on the social media network, she accused Praag of being racist and of spreading hate speech, and shared the letter with companies she claimed were helping it spread this message by advertising on the website. On Thursday, Roodt said he had the backing of supporters to take on the attackers. “We will not be using the distasteful and underhanded techniques of our opponents but will be defending ourselves in an open, transparent and legal manner,” he said. Source: http://www.iol.co.za/news/crime-courts/charges-pending-after-praag-web-attack-1.1607313#.UoTwduLrKb4

View the original here:
Pro Afrikaans Action Group (Praag) under DDoS attack

3-Cyber attack “war game” tests London banks

* Exercise involved “fake foreign government attack”-source * Also involved “denial of service attack” – source * Event dubbed “Waking Shark II” * Bank of England has told banks to strengthen defences By Matt Scuffham and Joshua Franklin A cyber attack by a foreign government on financial markets played out in one of London’s historic halls on Tuesday in a “war game” simulation designed to test the City’s defences against online saboteurs. About 100 bankers, regulators, government officials and market infrastructure providers gathered to take part in a exercise dubbed “Waking Shark II” at Plaisterers’ Hall in the heart of Britain’s financial district. Regulators and companies are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific lenders. The Bank of England has told banks to strengthen their defences against cyber attacks. One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services. Tuesday’s five and a half hour event ran from 1200 GMT and involved simulations designed to test how well banks and other market players communicate and coordinate with authorities and each other, sources told Reuters. An industry source who attended said one of the simulations featured a cyber attack by a fake foreign government and a denial-of-service (DOS) attack, which makes network resources unavailable to users. The source described the test as a “productive exercise” which left participants better equipped to deal with a real-life attack. The finance ministry, Bank of England and the Financial Conduct Authority said the exercise had been “sustained and intensive”. “A thorough review of the lessons learned is underway to identify potential improvements to the resilience of the sector,” their joint statement added. A report will be published early in the new year. REAL CHALLENGE The event, one of the largest of its kind in the world, follows a similar large-scale simulation in New York this year dubbed “Quantum Dawn 2? and comes amid heightened fears over the threat from hacking and cyber attacks. “This is a good opportunity to iron out any flaws now before our cyber defences are tested in anger,” said Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team. Richard Horne, a partner at PricewaterhouseCoopers who specialises in cyber security, said the exercise was useful but the real challenge lay in co-ordinating across the industry to make sure a crisis scenario is never reached. “It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans,” Horne said. The investment banking industry itself played a key role in co-ordinating the exercise, along with the Bank of England, the Treasury and the Financial Conduct Authority (FCA) and follows a similar exercise two years ago, the sources said. Institutions involved in this year’s test included Barclays , BNP Paribas, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC, JP Morgan, LCH Clearnet, London Stock Exchange, Morgan Stanley, Nomura, Royal Bank of Scotland , SocGen, SWIFT and UBS, according to a source familiar with the matter. Source: http://www.reuters.com/article/2013/11/12/banks-wargame-idUSL5N0IX48C20131112

Read the original:
3-Cyber attack “war game” tests London banks

Decoding the cyber attacks – DDoS against Singapore Government

Hacktivism arrived in Singapore 10 days ago in the form of “the Messiah”, who claimed to be a member of global cyber activism group Anonymous. He threatened to unleash a legion of hackers on the country and its infrastructure if the Government did not revoke its licensing regime for news websites. Should Singaporeans be afraid? ON OCT 29, as ordinary Singaporeans went about their Tuesday, political protest took an unexpected turn. This day marked the arrival of the hacktivist in Singapore – a new breed of protester who hacks into online sites to make a point. And that day, the Singapore Government was his declared target. In a blurry YouTube video, a masked man threatened chaos on the country and its infrastructure if the licensing regime for news websites, instituted in June, was not lifted. Identifying himself as a part of cyber activism group Anonymous, he declared: “For every single time you deprive a citizen his right to information, we will cost you financial loss by aggressive cyber-intrusion.” What preceded and followed the video message were defacements of several websites, from that of the Ang Mo Kio Town Council to The Straits Times ’ blog section, by a hacker calling himself “the Messiah”. Last Saturday, when several government websites went down for several hours, some Singaporeans wondered if it was the start of the threatened chaos. Communications consultant Priscilla Wong, 36, says: “My first thought was, could this be ‘the Messiah’ carrying out his threats?” But the Infocomm Development Authority (IDA) of Singapore, the local sector regulator, told the media that it was not a case of hacking, but of scheduled maintenance that took longer than expected due to technical glitches. Then, on Wednesday, Prime Minister Lee Hsien Loong said that the authorities would spare no effort in finding the hackers, and that they would be dealt with severely. Two days later, a page on both the Prime Minister’s Office (PMO) and the Istana websites were hacked in retaliation. This move took the hostilities to a new level, say observers. “If you presume it’s the same guy or the same group, then this shows escalating tensions,” says PAP MP Zaqy Mohamad, who chairs the Government Parliamentary Committee on Information and Communications. “I suppose they took PM’s words as a challenge, and to some extent, it showed their confidence and brazenness.” How significant is this emergence of local hacktivism, and what are the ramifications? What happened? While the website defacement left many wondering if the leaking of classified personal information was just a string of codes away, cyber experts say there is a gulf between the technical skills required for the two acts, and that the two activities tend to be carried out by different groups for different purposes. Website defacements are generally considered “low-level” hacking jobs, says Paul Ducklin, a consultant at security software firm Sophos. The next level up is DDoS attacks, short for Distributed Denial of Service. In DDoS attacks, the attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic. The IDA revealed on Friday that there was an unusually high level of traffic to many government websites on Nov 5, the day of the Messiah’s threatened attack, and that these indicated either attempts to scan for vulnerabilities or potential DDoS attempts. While such attacks may cause inconveniences by slowing down website access for users, they do not usually result in a loss of data or information. In the case of the PMO and Istana Web pages, the hackers exploited a vulnerability known as “cross-site scripting”, which resides in an unpatched Google search bar embedded in a Web page on each of the two government websites. Users had to type a specially crafted string of alpha-numeric search terms – understood to have been circulated on online forums – in the Google search bar before an image resembling a defaced page came on screen. IDA assistant chief executive James Kang stressed that the integrity and operations of both sites were not affected. “Data was not compromised, the site was not down and users were not affected,” he said. The most severe attacks, those resulting in personal information theft, are usually carried out in stealth by organised crime groups for financial gain, say experts. They use computer programs such as keylogging software to harvest passwords and banking account details. Foreign academics studying the Anonymous group note that the hacktivists do not have the financial wherewithal, nor desire, to perpetrate this level of cyber crime. An expert on the Anonymous collective, Gabriella Coleman of Canada’s McGill University, wrote in a recent academic paper: “It has neither the steady income nor the fiscal sponsorship to support a dedicated team tasked with recruiting individuals, coordinating activities and developing sophisticated software.” The Messiah’s actions so far seem consistent with Anonymous’ modus operandi of symbolic protest instead of real damage. “The attacks so far were mainly targeted at government-linked organisations with the purpose of creating attention, rather than causing direct damage,” says Alvin Tan, director for anti-virus software company McAfee Singapore and the Philippines. The Internet Society’s Singapore chapter president Harish Pillay emphasises that the websites that have been defaced by “the Messiah” are not high-security ones. There is no reason to link the hacking of such websites to intrusion into classified government databases, he says. “That’s like saying that since a shophouse next to Parliament House got burgled, then Parliament House is in danger of being burgled. The two are not the same.” Still, the threats have made an impact. Last Saturday, the IDA took down some of the gov.sg websites for maintenance in an attempt to patch vulnerabilities. A combination of Internet routing issues and hardware failures caused a glitch, which took the websites offline longer than expected that day, IDA said. Plugging weaknesses On Wednesday, PM Lee confirmed that the Government was beefing up its systems but cautioned that it was not possible to be “100% waterproof”, as IT systems are complicated and “somewhere or other, there will be some weakness which could be exploited”. In the wake of the hacking of the PMO and Istana pages, the IDA said that it is continuing to strengthen all government websites. This includes the checking and fixing of vulnerabilities and software patching. But bringing cyber security here up to a level that could deter elite “crackers” – the term for ill-intentioned hackers – will be challenging, say experts. A major obstacle is the lack of security experts not just in Singapore but also worldwide. Singaporean Freddy Tan, chairman of the International Information Systems Security Certification Consortium – or (ISC)2, estimates the shortfall of infocomm security staff in Singapore to be at least 400. (ISC)2 is the world’s largest not-for-profit body that educates and certifies IT security professionals. Specifically, there is a severe shortage of security analysts and digital forensics workers who monitor Internet traffic patterns, says Tan. Value of cyber protest “The Messiah” and his colleagues have heralded a new age of digital protest here. But observers are split on whether it is a valuable form of social and political activism. “It gets people to sit up and ask, what’s going on here?” notes Pillay. When it comes to the issues, the Messiah and his colleagues seem to be interested in a gamut of them. Experts say the overall agenda seems to concern equality, looking out for the underdog and a call for transparency. The lynchpin demand, made in the YouTube video on Oct 29, was directed at the Government’s licensing regime for news websites. The regulations require selected news sites with at least 50,000 unique visitors from Singapore each month over a period of two months to post a S$50,000 (RM130,000) bond and take down content against public interest or national harmony within 24 hours. It is opposed by some for what they perceive as its intent to suppress online free speech, and a group of bloggers has mounted a “Free My Internet” campaign against it. But the group has distanced itself from “the Messiah”, and among prominent online commentators a rift has emerged over whether to denounce the hacking or accept it as another form of social and political activism that could effect change in its own way. The hackers’ threats spurred some Netizens to reject this method of seeking to change policies, arguing that it amounted to one group seeking to impose its views on others rather than arguing its case. The Online Citizen, for example, said it did not condone Anonymous’ tactics, saying it did not condone “intentional violations of the law which are calculated to sabotage and disrupt Internet services which innocent third parties rely on for data”. Some have likened hacking to the civil disobedience practised by Singapore Democratic Party chief Chee Soon Juan in the 1990s, when he argued that it was just to disobey an unjust law. But if “the Messiah” wanted to add his heft to the campaign against the website licensing regime, observers were confused by his timing. After all, it was announced in June, and the outcry and public protests against it took place later that month. “Hacking Singapore sites for a law that was passed half a year ago is like laughing at a joke after everyone has left the party,” notes Professor Ang Peng Hwa, director at the Singapore Internet Research Centre. If and when the hackers are identified, the Singapore authorities are likely to bring a gamut of laws down to bear on them, say local lawyers. “At least three of Singapore’s broad laws might be invoked,” says lawyer Gilbert Leong, partner at Rodyk & Davidson. The first is the new Computer Misuse and Cybersecurity Act, passed in Parliament in January. It was called the Computer Misuse Act before but was amended to allow the Minister for Home Affairs to order a person or organisation to act against any cyber attack even before it has begun. For instance, telcos might have already been roped in to track the hacker. The second is the Criminal Law (Temporary Provisions) Act, which may be used against those who publish subversive materials that compromise public order. The third law is the Sedition Act, for exciting disaffection against the Government. Facing charges Whoever was behind the YouTube video could also face charges under the Internal Security Act for threatening the security of the Internet, says lawyer Bryan Tan, a partner in Pinsent Masons MPillay. If caught and proven guilty, “the Messiah” could face hefty fines and years in prison for his hacktivism. Law enforcers’ jobs would be made harder if “the Messiah” and his colleagues do not reside in Singapore. However, another law – the United Nations (Anti-Terrorism) Measures Regulations – might be used to extradite the offender to Singapore. This law might be used as “the Messiah” had threatened to attack Singapore’s infrastructure, which could be deemed by the authorities as a terrorist act. Whatever comes of “the Messiah” and Anonymous’ arrival in Singapore, hacktivism looks to be a new fact of life in an inter-connected, politicised society. It is however a tactic that many activists online have been quick to reject and Singaporeans on the whole have shown little interest in supporting. — The Straits Times/ANN Source: http://www.thestar.com.my/News/Regional/2013/11/10/Decoding-the-cyber-attacks.aspx

Read More:
Decoding the cyber attacks – DDoS against Singapore Government

DDoS as dance: Anonymous hits the ballet

A new multimedia ballet, “HackPolitik,” fuses jarring, angular movements with electroacoustic music and video projection to interpret the activities of hacker collective Anonymous. Hacker collective Anonymous is going to the ballet. Take that in; it’s not often you’ll see Anonymous and ballet in the same sentence. The unusual pairing will take place November 15 and 16 at the Boston University Dance Theater, where the Juventas New Music Ensemble debuts “HackPolitik,” a new contemporary ballet based on the hacktivist group’s activities and personalities. The piece combines electroacoustic music, modern dance, and video projection to examine how the Internet impacts 21st century discourse and sometimes blurs the lines between activism and anarchy. Instead of pastel tutus, expect to see dancers in black and white, with dramatic face paint that evokes Guy Fawkes masks. And erratic, sometimes militant movements instead of fluid pirouettes. How do hacks on Twitter and LinkedIn accounts translate to physical movement? Neither the dance nor the music is neatly representative of things like Web site defacements, distributed denial-of-service attacks, and data theft, though they do aim to capture the mood of cyber insurgency. One scene, for example, opens with a soloist appearing to search for a way into something. Once she’s successful, the rest of the dancers join her with a series of advancing movements directed at one point in space that’s meant to represent the entity being attacked. “The movement interprets the initial culture of Anonymous as a crass, chaotic, and immature world out of which particular personalities and goals emerge,” choreographer Kate Ladenheim tells CNET. “For example, in the opening of the piece, we created a phrase that we lovingly refer to as the ‘f*@% you’ phrase. There are 10 examples of immature gestures/f*@%-you hand motions that are abstracted to become full bodied and then traveled through space in various ways.” This was Ladenheim’s take on trolling, memes, and the “all-around chaos of IRC and online message boards like 4chan.” The idea for “HackPolitik” came to Boston-based composer Peter Van Zandt Lane in late 2011, when some of Anonymous’ more high-profile politically driven cyberattacks grabbed the spotlight. Lane teaches a course at Brandeis University called “Protest and Propaganda in Music,” but hadn’t had much occasion to meld those interests with his creative work. “The idea of a ballet based on the global hacktivist movement excited me, as it was a way I could potentially pull these three spheres together,” he tells CNET. The two-act piece touches, among other things, on the December 2010 distributed denial-of-service attack on PayPal. It was organized in response to PayPal halting donations to the online leaked-documents clearinghouse WikiLeaks. Another of the ballet’s 10 scenes references Anonymous’ 2011 attack on HBGary Federal, a security firm trying to investigate the loosely organized global group. “The music, on its own, says…disorder, absurdity, cohesion/collaboration, militaristic triumph, humiliation, betrayal, etc.,” Lane says. “Choreography can connect these expressions a bit more concretely to the activities of Anonymous, but ultimately, the audience has to make connections themselves, between a generally abstract art form and the specific events that inspired them.” To create the ballet, Lane; Ladenheim, artistic director of NY-based contemporary dance company The People Movers; and conductor Lidiya Yankovskaya, artistic director of the Juventas New Music Ensemble, mined author Parmy Olson’s writings on Anonymous, which closely examine the global activist movement. Anonymous has supporters worldwide, as evidenced by this week’s “Million Mask March” in cities from Washington, D.C., to Tokyo to Sao Paulo, Brazil. Some pioneers of the hacktivist movement, however, have criticized Anonymous, saying its methods abridge free speech and hurt the cause . But “HackPolitik,” Lane insists, isn’t about taking sides. “For me,” he says, “the piece is less about answers, and more about bringing up questions on how we emotionally and artistically are able to respond to the influence of technology on our society.” Source: http://news.cnet.com/8301-17938_105-57611236-1/ddos-as-dance-anonymous-hits-the-ballet/

Taken from:
DDoS as dance: Anonymous hits the ballet

Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars. Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”. But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry. This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.” The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation. For protection against your eCommerce site click here . Source: http://defense-update.com/20131107_denial-service-ddos-cyber-attacks-using-logic-terror-threats.html

Read the original:
Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Jurassic DDoS?

Like something from the digital ice age, distributed denial-of-service (DDoS) attacks have thawed and are roaming the cyber planet again, according to data from Google in collaboration with Arbor Networks, which provides insight into the scale and geography of recent cyber strikes. Various other reports support the same theory. Verisign estimates that a third of downtime incidents stem from DDoS attacks. These attacks are costly for both businesses and consumers, and the costs are rising. The security firm Prolexic found that attacks became bigger and more frequent in 2013 vs. 2012. There was a 58% increase in total DDoS attacks; 101% increase in application layer (Layer 7) attacks; 48% increase in infrastructure (Layer 3 &4); and 12.4% increase in average attack duration. In addition to an increase in frequency and scale, Prolexic observed some interesting metrics that illustrate significant changes in DDoS attack methodologies. Most notably was a shift away from the bulky flat packet SYN floods to UDP-based attacks and the rapid adoption of Distributed Reflection Denial-of-Service (DrDoS) attacks. A “reflection attack” is a compromise of a server’s security caused by tricking it into giving up an authentication security code, allowing a hacker to access it. These attacks are made possible when servers use a simple protocol to authenticate visitors. It exploits a common security technique known as a challenge-response authentication, which relies on the exchange of secure information between authorized user and server. The hacker logs on and receives a challenge. The server is expecting an answer in the form of the correct response but instead, the hacker creates another connection and sends the challenge back to the server. In a weak protocol, the server will send back the answer, allowing the hacker to send the answer back along the original connection to access the server. Systems that use a challenge-response authentication approach to security can be vulnerable to reflection attacks unless they are modified to address the most common security holes. Reflection attacks use a different kind of bot and require a different type of server to spoof the target IP. Prolexic believes the adoption of DrDoS attacks is likely to continue, as fewer bots are required to generate a high volume of attack traffic due to reflection and amplification techniques. Such attacks also provide anonymity by spoofing IP addresses. Another interesting observation by Prolexic is that infrastructure-based attack protocols such as SYN floods remain in steady use and are often implemented in conjunction with the reflection attacks. The US and China are popular targets simply because these two countries have more internet users than any other country, and both countries are popular choices for ideologically based attacks. The top ten DDoS originating countries according to the Prolexic Quarterly Global DDoS Attack Report Q3 2013 are: China – 62% United States – 9.06% Republic of Korea – 7.09% Brazil – 4.46% Russia – 4.45% India – 3.45% Taiwan – 2.95% Poland – 2.23% Japan – 2.11% Italy – 1.94% So, what does the future hold for DDoS attacks? Future DDoS attacks will likely be conducted through the use of booter scripts, stressor services, and related Application Programming Interfaces (API). The increasing use of this attack method will result in much more effective attacks with fewer resources required. Since these attacks are easier to employ, DrDoS attacks will become more popular. In fact, according to Prolexic, script kiddies are graduating into digital crime and assembling DDoS-for-hire sites for as little as five dollars ($5). That $5 can buy you 600 seconds of DDoS and just $50 could put a credit union down for an afternoon. Remember, it costs far less to generate an attack than to mitigate an attack. Security professionals must promote cleanup efforts and make it difficult for hackers to send money to criminals offering DDoS for hire. The financial institutions with smaller security budgets become more lucrative targets because they cannot apply the resources to identify threats. Verizon’s Chris Novak agreed: “We are seeing where DDoS is used to distract a medium-size financial institution. While they are busy fighting off the DDoS, they don’t see that terabytes of data just walked out the door. That’s scary.” DDoS is not dead. In fact, it is alive and kicking. In addition to the foray of targets, many new government programs have become recent hacker targets using DDoS. As new software is developed, it is incumbent on IT security professionals to be cognizant of potential DDoS vulnerabilities and to initiate countermeasures as quickly as possible. Source: http://www.infosecurity-magazine.com/blog/2013/11/5/jurassic-ddos/1050.aspx

Read the original:
Jurassic DDoS?