Tag Archives: marketing

PayPal 14 plea deal a win for DDoS as civil disobedience

Eleven of the fourteen defendants in the PayPal 14 case have reached a plea deal with federal prosecutors. Under the agreement, the defendants will plead guilty to felonies and misdemeanors under the Computer Fraud and Abuse Act (CFAA). If they observe good behavior, federal prosecutors will ask that the felonies be dropped. This comes as good news to those who advance the notion that DDoS (Distributed Denial of Service) attacks are acts of civil disobedience. Two other defendants will serve 90 days in prison after pleading guilty to a misdemeanor charge pled guilty to a misdemeanor, while the last of the fourteen defendants was not eligible for a plea deal in the case. The PayPal 14 are only a small fraction of the over 1,000 participants identified in a DDoS attack aimed at PayPal, which Anonymous hit as part of “Operation Payback” after the company cut service to WikiLeaks’s donations page. Pierre Omidyar, founder of eBay, which is the parent company of PayPal, called for leniency. Ironic given that PayPal provided the Department of Justice with a list of the participants’ IP addresses, which helped the FBI locate the protesters. “I can understand that the protesters were upset by PayPal’s actions and felt that they were simply participating in an online demonstration of their frustration. That is their right, and I support freedom of expression, even when it’s my own company that is the target,” Omidyar wrote two days ago in a Huffington Post op-ed. “The problem in this case however is that the tools being distributed by Anonymous are extremely powerful. They turn over control of a protester’s computer to a central controller which can order it to make many hundreds of web page requests per second to a target website.” DDoS works by connecting thousands of computers together to bombard websites with traffic until it collapses. As Omidyar noted, it multiplies the power of a single protester, which is something that cannot be done in the physical realm without significant grassroots effort. Nevertheless, the plea deal is significant because it sets a legal precedent that DDoS isn’t just some effort to cause significant financial harm. While the plea deal doesn’t define DDoS as digital protest, it might be the first step in acknowledging the attack as something akin to protesters blocking a road or a business. These physical protests are typically prosecuted as misdemeanors, not felonies that can bring hefty prison terms, high restitution costs, and a lifetime designation as a felon. The PayPal 14 plea deal might also help begin the very necessary process of amending the CFAA, which allows stiff penalties for these non-violent crimes in the first place. Shortly before the news was announced, activist lawyer Stanley Cohen tweeted: “Stay tuned for details. Pay Pal 14 will be resolved today, big win for civil disobedience. Up the Rebels.” And a good win for the internet, which is coming of age as the supreme venue for protest against political and financial power. Source: http://www.deathandtaxesmag.com/210854/paypal-14-plea-deal-a-win-for-ddos-as-civil-disobedience/

Bitcoin Password Grab Disguised As DDoS Attack

Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack. Aficionados of the cryptographic currency known as Bitcoin might have gotten more than they bargained for recently, after a distributed denial-of-service (DDoS) attack appeared to be used as a smokescreen for launching a password-stealing attack against users of Bitcointalk.org. Michael Marquardt (a.k.a. “Theymos”), one of the administrators of the popular bitcoin discussion forum, Sunday warned its 176,584 members of the attack. He said the attack had been traced to a flaw in the systems of domain registration firm AnonymousSpeech, which specializes in anonymous email, as well as running hosting servers outside the United States and the European Union. Attackers hacked AnonymousSpeech to change the bitcoin discussion forum’s DNS settings to an attacker-controlled server. According to Marquardt, the DNS redirection attack was spotted Sunday by forum manager Malmi Martti (a.k.a. Sirius), who immediately moved the domain to a different registrar. “However, such changes take about 24 hours to propagate,” he warned, meaning that users remained at risk unless they logged on to the forum using its IP address, rather than trusting domain name servers to resolve to the non-malicious site. What was the risk to forum users? “Because the HTTPS protocol is pretty terrible, this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, [personal messages], etc.,” Marquardt said. “Your password only could have been intercepted if you actually entered it while the forum was affected. I invalidated all security codes, so you’re not at risk of having your account stolen if you logged in using the ‘remember me’ feature without actually entering your password.” In other words, anyone who logged into the forum between Sunday and Monday, and who entered a password, should assume that it was compromised by attackers. What were the bitcoin forum attackers gunning for? The most likely explanation would be participants’ usernames and passwords, which — if reused on other sites — might have allowed attackers to drain people’s online bitcoin wallets. Likewise, attackers might have been interested in gathering email addresses of people who are interested in bitcoins to target them — via phishing attacks — with malware designed to find and steal bitcoins from their PCs. The DNS hack and DDoS attack against Bitcointalk are just the latest exploits in a long string of attacks targeting bitcoin e-wallet services and payment systems. Last month, Denmark-based bitcoin payment processor Bitcoin Internet Payment System suffered a DDoS attack that allowed the attackers to hide their real target: online wallets storing 1,295 bitcoins, which they successfully stole. At the time, their haul was valued at nearly $1 million. As that haul suggests, the rise in bitcoin-related attacks can be attributed to the bitcoin bubble, which has seen the value of the cryptographic currency rise from a low of $1 per bitcoin in 2011, to $1,200 per bitcoin as of Wednesday. The rise in bitcoin’s value has lead to a number of malicious attacks, as well as a rise in efforts of a different nature. Last week, for example, Malwarebytes researcher Adam Kujawa warned in a blog post that a number of free toolbars and search agents have begun including bitcoin-mining software, which can consume massive amounts of system resources, slowing PCs to a crawl. Bitcoin mining isn’t inherently suspect. In fact, it’s crucial to the success of bitcoins, because it’s what records the chain of bitcoin transactions. Furthermore, the bitcoin system is set up to reward — with bitcoins — anyone who successfully solves related cryptographic puzzles that help maintain the public bitcoin ledger known as the “block chain.” But some people have begun turning PCs into nodes in their personal bitcoin-mining empire, such as online gaming company E-Sports, which was recently hit with a related $325,000 fine by the New Jersey state attorney general’s office. In the case of toolbars and search agents with built-in mining software, however, users who agree to the accompanying end-user license agreement (EULA) might be authorizing a third party to turn their PC into a bitcoin-mining platform. “So take note if your system is running especially slow or if a process is taking up massive amounts of your processing power; it might be malware or even a [potentially unwanted program] running a miner on your system,” said Kujawa at Malwarebytes. “Looks like the bad guys are adapting all of their various technical attacks and business models to the bitcoin world,” CounterHack co-founder and SANS Institute hacking instructor Ed Skoudis said in a recent SANS email newsletter, responding to the Malwarebytes report. “Given the stakes for rapid money-making here, we’ll surely see even more creative bitcoin-related attacks in the near future.” Source: http://www.informationweek.com/security/attacks-and-breaches/bitcoin-password-grab-disguised-as-ddos-attack—-/d/d-id/1112919

Continue Reading:
Bitcoin Password Grab Disguised As DDoS Attack

5 DDoS defence strategies every company should know

If there is any one fact that remains consistent when it comes to distributed denial of service (DDoS) attacks, it is this: whatever mitigation solution your security engineers implement today, hackers will find a way to defeat it within the next two years. The pain of re-engineering a security program every 24 months is dwarfed by the potential pain of DDoS-provoked outages. In 2011, these attacks cost businesses more than a billion dollars, according to the Yankee Group. So how can companies defend themselves against attacks that are growing larger in scale, more complex in nature and more damaging to corporate reputations? Start with these five strategies: 1. Get educated, and be prepared Attackers are highly educated and highly motivated. Whether they shut sites down for financial gain or idealistic causes, the hackers who may target you today will do so with complex attacks at the application layer, Layer 7, where they can deplete your server resources by imitating legitimate users. They are likely to attack websites that rely on SSL by exploiting a Web server’s limited ability to handle large amounts of HTTPS sessions. These are not the straightforward DNS reflection attacks or TCP SYN floods of yesterday 2. Learn which attacks can be defeated with which solutions In order to combat increasingly sophisticated DDoS attacks, your company needs to learn what methods attackers are embracing today and continually research the most effective tools and services for addressing them. For example, you can defeat the OSI model, and Layer 3 and 4 attacks at the network and service layers with access control lists (ACLs), policies and commercially available DDoS mitigation solutions. On the other hand, you’ll need inspection by proxy to identify and fight Layer 7 attacks. 3. Ignore attacker inquiries It’s not unusual for a hacker to contact a company as he is assaulting its websites. You might receive demands if the motive behind the attack is pure financial extortion. If the attacker views himself as more of an activist, he might contact you simply to taunt the company during the outage. The best reaction to these communications is no reaction. Ignore them. Doing so generally lowers the probability that the attack will occur, if it hasn’t already, or that it will continue, if it’s already in progress. 4. Build secure networks Let start with the basics: avoid firewalls. This old security standby maintains the connection state which can be quickly filled by an attacker, rending the system useless and making it easier to take the server offline. This makes even the largest firewalls vulnerable to even the smallest attacks. Look for a hosting provider that can manage and secure your servers or build proxies using load balancers. Load balancers such as nginx or haproxy enable your host to dampen the effect of low-and-slow Layer 7 attacks, which is particularly critical if you are on a Windows Server. Finally, it’s worth it to upgrade your networks to modern equipment. Make sure your service contracts are up to date and purchase products that have a reputation for withstanding prolonged attacks. 5. Have a contingency plan Because hackers are constantly learning and DDoS attacks are constantly changing, you could make all the right decisions and still find your company under fire. That’s why a holistic approach is important. Your business should have secure network and system architecture, onsite packet filters, additional mitigation capacity with a third-party service, and skilled security staff. If you don’t have an in-house security expert, it is all the more essential that you have a DDoS mitigation service on call. Such a partner should be available on short notice and dedicated to helping you during a worst-case-scenario attack. Effective DDoS mitigation doesn’t come down to one solution, one partner or one vendor. Defending your company against attacks requires that you stay educated, stay prepared and stay vigilant. A hosting service with the right DDoS partner can be a valuable asset in your company’s business continuity plan (BCP). Whether you decide to manage your security on-site or outsource it, make sure that you build a DDoS mitigation strategy that accounts for your company’s specific needs, as well as the ever-evolving nature of attack scenarios. Source: http://www.itproportal.com/2013/12/03/5-ddos-defence-strategies-every-company-should-know/

Popular Bitcoin forum targeted in DNS and DDoS attack

Roughly 175,000 members registered on bitcointalk.org are being discouraged from logging into their accounts following attacks against the popular Bitcoin forum, according to an advisory on the top of the main page. “If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it,” according to the advisory. On Monday, a bitcointalk.org administrator named ‘theymos’ wrote that what likely happened is an attacker took advantage of a vulnerability in the forum’s registrar, Anonymous Speech, to redirect the domain name system (DNS) to a different point. Bitcointalk.org was promptly transferred to a different registrar as a result, theymos explained, but the administrator added that those types of changes take time and that users should avoid logging into the website for about 20 hours. “Because the HTTPS protocol is pretty terrible [on the forum], this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc.,” theymos wrote. “Your password only could have been intercepted if you actually entered it while the forum was affected.” The administrator added, “I invalidated all security codes, so you’re not at risk of having your account stolen if you logged in using the “remember me” feature without actually entering your password.” Meanwhile, the Bitcoin forum is concurrently the target of a massive distributed denial-of-service (DDoS) attack, theymos wrote, adding that while the two events are probably linked, it is unclear why the attacker is doing both at once. Source: http://www.scmagazine.com/popular-bitcoin-forum-targeted-in-dns-and-ddos-attack/article/323311/

Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

The website Ukraine’s Interior Ministry is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers, local media said Sunday. Ukraine’s IT specialists claimed that they were behind the outage, which came after police violently dispersed a pro-EU rally in downtown Kiev Saturday, and promised to take down other Ukrainian government websites, pravda.com.ua reported. “Unfortunately, not each Ukrainian can come to Mykhailivska Square in Kiev or other local squares… That’s why I suggest an efficient way that everyone can show their protest in the Internet… I mean DDoS attack on the sites of our enemies in the government,” IT specialists said in a statement. The report said the Ukrainian government portal, www.kmu.gov.ua, also went out of service Sunday after suspected hacking. Some 35 people were injured after riot police cracked down on protesters camping out in the Independence Square in the capital Kiev Saturday, doctors said. Seven people still remain in hospital. A total of 35 people were briefly detained by police. Protesters regrouped Saturday near a monastery at Mykhailivska Square in downtown Kiev, which became the new place for continuing pro-EU rallies. Activists spent a night there and said they would form a national resistance task force to prepare a nationwide strike. Source: http://en.ria.ru/world/20131201/185186195/Ukrainian-Interior-Ministry-Website-Reportedly-Hit-By-Hackers.html

See the original post:
Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

Google Nexus 5 vulnerable to DDoS attack

Google Nexus smartphones including the latest Google Nexus 5 running Android 4.4 KitKat are vulnerable to denial-of-service attack via Flash SMS messages; it has been revealed on Friday during DefCamp security conference in Bucharest, Romania. Bogdan Alecu, a system administrator working with Levi9 – an IT services company, performed a live test during the conference on a Nexus 4 phone running Android 4.3. Alecu showed through the test that after receiving 30 odd Flash messages, the smartphone became unresponsive. During this state the phone neither responded to screen taps nor was it able to receive any phone calls and had to be rebooted manually to get it in functional order. Flash messages are Class 0 SMS that gets displayed on phones’ screen directly without getting stored on the device. Users have the option to saving the message or dismissing it. According to Alecu, there have been instances during this tests that the phone behaves in a different manner at times and loses mobile network connectivity temporarily. The connectivity is restored in a short while with ability to place and receive phone calls, but internet connectivity is lost up until the phone is manually restarted. There are instances when the messaging app crashes and the Nexus smartphone reboots. The issue has been discovered over a year ago revealed Alecu and has been tested on all Google Galaxy Nexus smartphones running Android 4.x including the recently released Nexus 5. Alecu revealed that he has contacted Google multiple times just to receive automated response. Some one did respond that the issue will be resolved in Android 4.3, but unfortunately it still persists and has been passed onto Android 4.4 KitKat. There is no official fix for the vulnerability and till then the only workaround is an app named Class0Firewall (https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en) developed by Michael Mueller, an IT security consultant from Germany in collaboration with Alecu. Source: http://www.techienews.co.uk/973439/google-nexus-5-vulnerable-denial-service-attack/

More:
Google Nexus 5 vulnerable to DDoS attack

DDos Is Hot, Planning Is Not

Distributed denial-of-service (DDoS) attacks continue to plague major corporations today, but half of organizations don’t have a plan or defense against DDoS attacks, a new survey found. Nearly 45 percent of organizations surveyed by Corero have no DDoS response plan, while some 21 percent don’t have a response team set up in the case of a DDoS attack targeting their networks. Around 60 percent say they don’t have a designated DDoS response team, and 40 percent say they don’t have a point of contact within their organizations when a DDoS hits, according to the survey of some 100 respondents. “Half of them aren’t really doing anything about DDoS. They’re just hoping nothing will happen to them, or they [will just be] putting up with inconvenience it’s causing in the meantime,” says Ashley Stephenson, CEO of Corero, which will release full data from the survey next month. Stephenson says he has seen cases where corporations had no idea that their own computing resources were being used in DDoS attacks against them. “A lot of people are not really paying attention to what’s going on, and that’s facilitating the malicious activity going on out there,” he says. More than 54 percent of the organizations surveyed say they have either an out-of-date network diagram of their infrastructures or no diagram at all. Some 66 percent don’t have statistics on network traffic patterns and traffic volume baselines to help identify when a DDoS is brewing. One of the reasons DDoS attacks have become so popular is that they are relatively inexpensive to pull off. “It’s a cheap resource being used to launch the attacks,” Stephenson says. “And the more we invest in good Internet [technology], the greater power is available for third parties to leverage it and do these attacks … [The attackers] are just cataloging all of these vulnerabilities and exploitable resources and calling on them when necessary to affect the attack.” Compromised desktop machines traditionally have been the most popular weapons for DDoSing a target, but, increasingly, attackers are deploying servers for more firepower. “That takes fewer bots but much more powerful [ones],” Stephenson says. A recent report by Dell SecureWorks revealed just how much DDoS-for-hire services cost in the cyberunderground. Those services cost only $3 to $5 per hour and $90 to $100 per day, Dell SecureWorks found. And a weeklong attack goes for $400 to $600. Source: http://www.darkreading.com/attacks-breaches/survey-ddos-is-hot-planning-is-not/240164306?utm_source=twitterfeed&utm_medium=twitter

Read this article:
DDos Is Hot, Planning Is Not

Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

Europe’s primary bitcoin payment processor for merchants and free online wallet service, BIPS, was the target of a major DDoS attack and subsequent theft in the past few days that saw 1,295 BTC (just over $1m on CoinDesk’s BPI) stolen. Kris Henriksen, BIPS’ CEO, said most of the missing funds were “from the company’s own holdings”. BIPS uses an algorithm, based on supply and demand, to work out the amount of bitcoins it needs to keep it in a ‘hot wallet’. The heist, however, was apparently not due to any vulnerability in the code itself. He also said merchants who had chosen to instantly convert their bitcoin to fiat currency bank accounts were not affected. Theft The Copenhagen, Denmark-based company was targeted on 15th November by a massive DDoS attack. Then on 17th November, it was followed up by a subsequent attack that disabled the site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” the company said in a written statement. BIPS believes the two attacks were connected, and at least the initial DDoS attack was “found to originate from Russia and neighboring countries”. The company moved fast to restore full merchant payment and transfer services by 19th November, but disabled all wallet functions in order to complete a full forensic analysis. Its help desk also went down for a few days, but was restored on 22nd November. Investigation Under BIPS’ privacy policy, it is not allowed to disclose users’ information to anyone, even the authorities. They will now set up a system for affected wallet users to voluntarily sign the required permission documents, to engage in a more thorough investigation with law enforcement to track down the culprits. Henriksen stressed that merchant processing “was restored very quickly, and if you had auto-convert on, there is nothing to worry about”. BIPS’ official statement on its site read: To protect the successful merchant processing business, BIPS has decided to temporarily close down its consumer wallet initiative. BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users. As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model. The consumer wallet initiative has not been BIPS’ core business and, as such, regrettably affecting several users has not affected BIPS merchant acquiring. All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted. Restoration of merchant services did little to comfort individual wallet owners, though. On the Bitcoin Talk forum, several users voiced anger at the prospect of losing their funds, and what they saw as unclear statements from BIPS about exactly what had been stolen, from whom, and how much. One member even created a ‘bips.me potential lawsuit signup form’ for users to input their contact details and number of bitcoins missing, in an effort to prompt a negotiated solution. Though the attack and theft highlights problems that some online wallet services have faced with security, it is significant given BIPS’ comparatively large user base and prominence in the market. As well as online accounts, BIPS had also offered a paper wallet function for those wishing for a safer long-term storage solution. Source: http://www.coindesk.com/bitcoin-payment-processor-bips-attacked-1m-stolen/

Read the original:
Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

AFP and RBA websites hit by DDoS attacks

The websites for the Australian Federal Police (AFP) and the Reserve Bank of Australia were hit overnight by distributed denial of service attacks claimed to be brought about by Indonesians angry over the leaks that reveal Australian Signals Directorate (ASD) had been tapping the phones of high ranking Indonesian government officials, including President Susilo Bambang Yudhoyono. The AFP’s website was for some time overnight but was restored this morning, with one Twitter user claiming responsibility for bringing the sites down using the hashtags #AnonymousIndonesia and #IndonesiaCyberArmy. The AFP said it was taking the attack “very seriously” but said that no sensitive information was hosted on the public-facing website. “The AFP website is not connected to AFP IT systems. The AFP website is not hosted by AFP ICT infrastructure. It is hosted by a third party hosting provider,” the AFP spokesperson said in a statement. The spokesperson said he was not at liberty to divulge the name of the hosting company. The AFP said the attacks were irresponsible and would not influence government policy. “Activities such as hacking, creating or propagating malicious viruses or participating in DDOS attacks are not harmless fun. They can result in serious long-term consequences for individuals, such as criminal convictions or jail time,” he said. “AFP Cyber Crime Operations identifies, investigates and prosecutes individuals or groups for offences committed against Australian critical infrastructure and information systems.” The RBA’s website was affected by the DDoS attacks, but a spokesperson for the RBA denied that the website had been brought down. “There has been no outage but the Bank’s website has been experiencing access delays for some users,” the spokesperson said. “The bank has DOS protection for its website, which has been effectively deployed. The bank’s website and systems remain secure.” The attacks come as Australia’s relationship with Indonesia continues to strain in the wake of the phone tapping revelations leaked earlier this week by former NSA contractor Edward Snowden. Prime Minister Tony Abbott is facing increasing pressure from the Indonesian government to explain the revelations. Source: http://www.zdnet.com/au/afp-and-rba-websites-hit-by-ddos-attacks-7000023451/

Read the article:
AFP and RBA websites hit by DDoS attacks

Bitstamp Suffers Banking Software Issue and DDoS Attack

Bitstamp’s website has been experiencing a number of difficulties over the past couple of days. Yesterday, the Slovenia-based company experienced problems with the banking software it uses. A statement on the company’s blog and Facebook page reads: Dear Bitstamp clients, We are currently experiencing some problems with our banking software. As a result, deposits and withdrawals may be delayed. We expect this issue to be solved be resolved tomorrow or the next day. We kindly ask our customers with pending transfers to remain patient and refrain from submitting additional support tickets on the matter. We will announce as soon as this issue gets resolved. Thank you for your understanding. Best regards, The Bitstamp team With a tweet 19 hours ago stating: Bitstamp CEO Nejc Kodri? said the issue related to the company’s transaction log: “We were missing bank transaction log from Friday. Also sending transfers out was disrupted, but it now works.” This afternoon, the site suffered a DDoS attack. The last time CoinDesk was successfully able to access price data from Bitstamp was 14:05 (GMT). The site is still experiencing problems. Kodri? said his team is “still working on this” issue. Kodri? said the site hasn’t experienced any difficulties because of increased user traffic over the past couple of days, during which the bitcoin price has increased sharply. In fact, the entrepreneur said the site experienced a record number of visits yesterday with no problems. Source: http://www.coindesk.com/bitstamp-suffers-banking-software-issue-ddos-attack/

See the article here:
Bitstamp Suffers Banking Software Issue and DDoS Attack