Two months ago, BTC-China was growing fast. It was on a blazing trajectory that would soon see it become the world’s largest Bitcoin exchange. With Bitcoin, the world’s most popular digital currency, in the midst of an tremendous upswing of its own, BTC was on the verge of hitting it very, very big. But before that, there would be the double-barreled rite of passage. First came the extortion attempt, and then the non-stop computer attacks, known as distributed denial of service (DDoS) attacks. The extortionists contacted BTC-China in mid-September. Over instant-message chats, they first said they wanted just a few hundred dollars — paid out in bitcoins, naturally — but the demands soon escalated. BTC-China CEO Bobby Lee doesn’t want to get into specifics, but he says that they claimed to have been hired by one of his competitors. He doesn’t believe this, but he thinks that other Bitcoin companies should be concerned. “The DDoS attackers are hitting more and more of us, and it’s going to be a widespread problem,” he says. Since, September, there have been dozens of these attacks on BTC-China. According to Lee, one of them used up a remarkable 100 G/bits per second in bandwidth. “They’re throwing big-time resources into these attacks,” says Marc Gaffan, co-founder of Incapsula, the company that Lee hired to protect his exchange from the criminals. “The attack on BTC-China was one of the largest ever.” Incapsula has about two-dozen clients that are involved in Bitcoin businesses, Gaffin says. A year ago, it had none. CloudFlare, another provider of DDoS protection services has seen a big jump in attacks over the past three months, says Matthew Prince, the company’s CEO. “We’re seeing daily attacks targeting Bitcoin related sites on our network, most of which are relatively small but some get to very high volumes.” Some attacks have even exceeded the 100 G/bits per second volume that hit BTC-China, he says. Yesterday, European payment processor BIPS said it had been hit with a DDoS attack, and then hacked to the tune of nearly 1,300 bitcoins, or $1 million. Last week, Bitstamp, another major Bitcoin Exchange, went offline temporarily. The company has not responded to requests for comment, but it blamed the outage on software and networking issues, not a DDoS. On most websites, hackers can steal credit card numbers or personal information, but these have to be sold somehow. When you break into a Bitcoin business and get access to digital wallets, as was the case with BIPS and an Australian company, Inputs.io, which was hit last month, you’re stealing money itself. “If a Bitcoin wallet can get compromised, then the hackers can actually steal real money and there’s no way to refund the money,” Lee says. In April, Mt. Gox got clobbered via DDoS. The point, the company speculated, was to destabilize Bitcoin, and fuel panic-selling. “?Attackers wait until the price of bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can,” Mt. Gox wrote on its website. Gaffan and Lee agree that, in addition to extortion, market manipulation is likely a motive with the recent DDoS attacks too. “It’s about trying to influence the market,” Gaffan says. “We see more Bitcoin exchanges going under attack.” Source: http://www.wired.com/wiredenterprise/2013/11/ddos_bitcoin/
Read the original:
Want Cheaper Bitcoins? Hit Someone With a DDoS Attack
Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars. Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”. But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry. This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.” The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation. For protection against your eCommerce site click here . Source: http://defense-update.com/20131107_denial-service-ddos-cyber-attacks-using-logic-terror-threats.html