Tag Archives: marketing

OpThrowback: Anonymous to Launch DDOS Attacks Against FBI, NSA.

Anonymous hackers, more precisely the ones who hacked a couple of Syrian government websites last week, have announced the start of a new campaign called Operation Throwback. ~ SoftPedia The goal of the operation is “to strike back against the oppressors of our freedom.” The hackers say they will launch distributed denial-of-service (DDOS) attacks against several high-profile websites. Today, on October 28, they plan on launching a cyberattack against the main website of T-Mobile. On October 31, they plan on attacking the website of the FBI, the NSA, Verizon, Microsoft and AT&T. The hacktivists urge their supporters to download DDOS tools and VPNs. The initiators of the operation are providing download links and instructions on how to use them. Earlier today, the hackers tested their “firepower” against the official website of the American Nazi Party. At the time of publishing NCB Interpol web site was down, apparantly from Ddos attack. Source: http://revolution-news.com/opthrowback-anonymous-to-launch-ddos-attacks-against-fbi-nsa/

View original post here:
OpThrowback: Anonymous to Launch DDOS Attacks Against FBI, NSA.

12 year old Quebec boy Anonymous Hacker Pleads Guilty to DDOS Attack on Government Websites

A 12-year-old Quebec boy is responsible for hacking several government and police websites during the student uprising in spring 2012, creating computer havoc and causing $60,000 damage, court heard Thursday. Some sites were out of service for up to two days and the boy did it in the name of the activist/hacktivist group Anonymous. The Grade 5 student from the Montreal suburb of Notre-Dame- de-Grâce, whose actions were not politically motivated, traded pirated information to Anonymous for video games, court was told. The boy appeared in youth court Thursday dressed in his school uniform and accompanied by his father. He pleaded guilty to three charges related to the hacking of the websites, including those of Montreal police, the Quebec Institute of Public Health, Chilean government and some non-public sites. Police estimate damage to the sites at $60,000 but a more detailed report will be produced in court when the boy is sentenced next month. The little hacker, whose name can’t be published and is said to have been involved with computers since the age of nine, contributed to the crash of some sites and accessed information belonging to users and administrators. He had even issued a warning to others: “It’s easy to hack but do not go there too much, they will track you down.” Court heard the boy used three different computer attacks, one which resulted in a denial of service to those trying to access the websites and flooded servers, making them ineffective. In another method he would alter information and make it appear as the homepage. His third tactic involved exploiting security holes in order to access database servers. “And he told others how to do it,” a police expert testified in Montreal on Thursday. While others were arrested in the scheme, it was the boy who opened the door to the website attacks, court heard. “He saw it as a challenge, he was only 12 years old,” his lawyer said. “There was no political purpose.” In 2000, a 15-year-old Montreal boy, know as Mafiaboy, did an estimated $1.7 billion in damage through hacking. He was sentenced to eight months in youth detention and subsequently received several job offers in cybersecurity. Source: http://www.torontosun.com/2013/10/25/que-boy-12-pleads-guilty-to-hacking-government-websites

A DDoS Attack Could Cost $1 Million Before Mitigation Even Starts

A new report suggests that companies are unaware of the extent of the DDoS threat, unaware of the potential cost of an attack, and over-reliant on traditional and inadequate in-house defenses. Marking its inaugural International DDoS Awareness Day, Neustar has released new research into business awareness of contemporary denial-of-service attacks. IDG Research Services questioned more than 200 IT managers for companies with an online marketing or commercial web presence; 70% of which were involved in e-commerce operations. The study finds that it takes an average of ten hours before a company can even begin to resolve a DDoS attack. On average, a DDoS attack isn’t detected until 4.5 hours after its commencement; and a further 4.9 hours passes before mitigation can commence. With outage costs averaging $100,000 per hour, it means that a DDoS attack can cost an internet-reliant company $1 million before the company even starts to mitigate the attack. With the year’s peak shopping period fast approaching, it is something that cannot be ignored. “If an attack results in an outage lasting days, the economic results could be catastrophic. To some companies, it could even be fatal,” warns Neustar. One problem, suggests Susan Warner, Neustar’s market manager for DDoS solutions, is that IT administrators may not be fully aware of the business implications of downtime. “For example,” she says, “an administrator may believe that if the system goes down for a few hours it’s not a big deal, but may not realize there is going to be hundreds of thousand of dollars of marketing spend lost for every hour of site downtime.” A second problem is either a misunderstanding of the nature of modern attacks, or a basic belief that DDoS attacks will always go after someone else. Most companies rely on in-house technology to defend against attacks: 77% have firewalls, 65% have routers and switches, and 59% have intrusion detection. But only 26% use cloud-based mitigation services. Nevertheless, there is a strong belief among these IT managers that they are adequately protected: 86% of the respondents are either somewhat, very or extremely confident in their defenses. But new DDoS techniques such as DNS amplification/reflection, warns Neustar, “can easily overwhelm on-premise defenses and even congest the presumably vaster resources of an ISP.” In fact, in the face of a major attack, in-house defenses can make matters worse. A lot of enterprises, warns Warner, “believe they have some technology already in place that will help them, such as a firewall or a router that can handle some extra traffic, but a high-volume DDoS attack is going to quickly overwhelm those traditional types of defenses and they will rapidly become part of the bottleneck.” “Responding to this new reality,” says the report, “requires actionable continuous monitoring and analysis against realtime threat intelligence, and constantly evolving incident management scenarios.” The answer lies in the cloud. “Cloud-based mitigation is achieved either by redirecting your traffic during an assault or having it always go through a cloud service,” says Warner. “An always-on type of approach can also be achieved through a hybrid solution that provides mitigation resources on-site; if they begin to be overwhelmed, a failover to a cloud service is immediately activated.” Source: http://www.infosecurity-magazine.com/view/35238/a-ddos-attack-could-cost-1-million-before-mitigation-even-starts

View article:
A DDoS Attack Could Cost $1 Million Before Mitigation Even Starts

Google Project Shield protects “free expression” sites hit by DDoS

Before you ask: this Google’s Project Shield has nothing to do with NVIDIA SHIELD, the two being completely different elements – the Google iteration is all about protecting sites that’d otherwise have little to no protection. Google Project Shield makes with the barrier around a website to stop DDoS (Distributed Denial of Service) attacks to keep sites active. This project has been used to keep up all manner of sites that – before this project – had been taken down by the likes of governments and unfriendly hacker groups. This project has been used for several impressive sites in the recent past, Google aiming to make a much bigger deal of it in the near future. One example is the Persian-language social and political blog Balatarin. Another is quick-access site Aymta, kept up by Google in the face of DDoS attacks recently. This site provides early-warning (somehow or another) of scud missiles to people in Syria. Another example of this project is action is the keeping up of election monitoring service iebc.or.ke during a recent election cycle. Project Shield was responsible for keeping this site up for the first time – it’s stayed up for the entire cycle, that is – in history. Google is currently inviting sites in the following categories to join the initiative – webmasters serving: Independent News Human Rights Elections-Related Content Small independent sites in need of the infrastructure and resources Google is able to supply will be able to apply for help through the main Google Project Shield portal where some very, very simple information is required. Though the site says “invite only”, in this case, Google means that you’ll be invited if your application is accepted. There is also an “Other” category in the “type of content you host on your site” portion of the page in addition to those categories listed above. Source: http://www.slashgear.com/google-project-shield-protects-free-expression-sites-hit-by-ddos-21302260/

DDoS Attacks Grow Shorter But Pack More Punch

If there was ever a riddle asking the listener to name something that has become bigger and shorter at the same time, distributed denial-of-service attacks (DDoS) would be an acceptable answer. According to a new report from Arbor Networks about the third quarter of 2013, the average attack size now stands at 2.64 Gbps for the year, an increase of 78 percent from 2012. The number of attacks monitored by the firm that are more than 20 Gbps experienced massive growth, to the tune of a 350 percent increase so far this year. Meanwhile, the length of the vast majority of attacks (87 percent) has gone down to less than an hour. “Shorter duration attacks are not inherently harder to detect, but they can be harder to mitigate,” says Gary Sockrider, solutions architect for the Americas, Arbor Networks. “Many organizations today rely on network- or cloud-based mitigation of DDoS attacks. Because they rely on rerouting attack traffic to scrubbing centers, there is a small delay in mitigation while routing or domain name changes propagate. “Ideally you want to have mitigation capabilities on your own network that can react immediately without the need for redirection. I think it’s safe to say that if you have absolutely no mitigation capabilities, then shorter attacks are better. However, if your only protection has inherent delays, then shorter attacks potentially cannot be stopped.” Barrett Lyon, founder of DDoS mitigation firm Prolexic Technologies and now CTO of Defense.net, says that shorter DDoS attacks also have the added benefit of minimizing an attacker’s exposure. “The longer it runs, the more things are obviously clogged up and the more reactive network engineers become,” he observes. “When network engineers start researching a problem like that — congestion in their network or why is this computer slow — it exposes the botnet and makes it much vulnerable than it would be otherwise. So if it’s a short attack but big, [attackers] can kind of quickly see and size up their target. They can quickly determine … what’s the best bang for the buck when it comes to attacking.” A clear trend of increasing attack sizes has emerged during the past several years, Sockrider says. “I believe there [is] a combination of factors enabling this trend,” he says. “First, there is increased availability of simple-to-use tools for carrying out attacks with little skill or knowledge. Second, there is a growing proliferation of DDoS-for-hire services that are quite inexpensive. Third, increasingly powerful workstations and servers that get compromised also have significantly faster connections to the Internet from which to generate attacks.” The largest monitored and verified attack size during the quarter was 191 Gbps, according to the firm. Fifty-four percent of attacks this year are more than 1 Gbps, up from 33 percent in 2012. Some 37 percent so far this year are between 2 Gbps and 10 Gbps. Another general trend is of attacks moving to the application layer. In fact, while volumetric attacks are still common, they are now frequently combined with application-layer and state exhaustion attacks, Sockrider says. In some cases, DDoS attacks have served as diversions meant to draw attention from other activities, such as bank fraud. For example, a report published in April by Dell SecureWorks noted how DDoS attacks were launched after fraudulent wire and automatic clearing house (ACH) transfers. “Most people that follow DDoS trends are aware of the really high-profile attacks against government and financial institutions, but in reality the most common targets are actually business and e-commerce sites,” Sockrider says. “We’re also seeing increased attacks in the online gaming industry, where attacks are waged for competitive advantage. Additionally, some organizations are taking collateral damage because they reside in a data center, and they happen to share infrastructure with a high-profile target. The bottom line is that in the current environment, every organization is a potential target.” Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-grow-shorter-but-pack-more/240162741

See more here:
DDoS Attacks Grow Shorter But Pack More Punch

What Is a DDoS Attack?

What Is a DDoS Attack? Before we can understand just how groundbreaking this recent attack was, let’s first go over exactly what a denial of service attack is. It is one of the least complicated attacks that a hacker can pull off. Basically the goal is to shut down a webserver or connection to the internet. Hackers accomplish this by flooding the server with an extremely large amount of traffic. It would be like taking a wide open freeway and packing it full of the worst rush hour traffic you could imagine. Every connection to and from the freeway would grind to a halt. This would make visiting the website (or the road) next to impossible, or at the least extremely slow! In some cases, the server might overload and shut down completely. When this happens, it doesn’t mean that the website was necessarily hacked. It just means that the website was kicked off the internet for a period of time. This may not sound like that big of a deal, but if your company relies heavily on its online presence, this interruption of service could take a huge cut out of profits. DoS v. DDoS The next item to be clarified is the difference between a DoS (Denial of Service) attack and a DDoS or (Distributed Denial of Service) attack. This distinction is pretty simple: a DoS attack comes from one network or computer whereas a DDoS comes from multiple computers or networks. DDoS attacks are most always bigger than a DoS attack because the strength of the attack can be multiplied by a huge amount of computers. Source: http://www.scientificamerican.com/article.cfm?id=what-is-ddos-attack

Preparing for DDoS attacks

Not everyone despaired over the Distributed Denial of Service (DDoS) attacks that hit some of the Web’s biggest e-commerce sites in February. Security consultants and developers of security tools seized the opportunity to spotlight their solutions. Simple DoS attacks are not new. During one, a hacker floods a system with packets of useless requests, making the system so busy it denies access to legitimate users. What’s new are the hacker tools that enable DDoS attacks, in which a hacker uses dozens or hundreds of machines to worsen the attack. The hacker uses client software on one PC to install ‘zombie’ or ‘back door’ programs on other servers, which then flood a target system with useless packets. Zombie programs, including TFN (Tribal Flood Network), Trin00, TFN2K (Tribal Flood Network 2K) and Stacheldraht (Barbed Wire), arrived last fall destined for Solaris, Linux and Windows NT servers. Until recently, most security packages designed to thwart such attacks were aimed at the Unix environment. Now, however, hundreds of programs are being designed for Windows NT, ranging from Internet Security Systems’ (ISS) award-winning SAFEsuite software to BindView Corp.’s free and downloadable Zombie Zapper. Some programs scan the addresses of outgoing messages, intercepting wayward messages before they swamp a potential victim. Others allow administrators to block fake messages from entering a system, or stop the echo functions that help create the constant data flood in a DoS attack. While the programs for NT are good news, the task of evaluating them can easily overwhelm an IS staff, according to Aberdeen Group, a consultancy in Boston. Adding pressure are unresolved issues of liability when one’s computers have been compromised because of lax security. To organize efforts and provide a modicum of legal defense, leading security practitioners suggest these guidelines: Perform a security audit or risk assessment of critical systems using system- and network-based vulnerability tools. Identify and empower an Incident Response Team. Establish an Emergency Response and Escalation Plan. Install Intrusion Detection and Response systems. Examine legal liability exposure. If systems are under attack: Alert your Incident Response Team. Contact your ISP; often, hosts can shut down your access line, stopping the attack. Notify CERT/CC. Notify law enforcement authorities at the FBI and the National Infrastructure Protection Center (NIPC). Monitor systems during the attack using network and host-based intrusion detection systems. Enable detailed firewall logging. Collect forensics to prosecute hackers later. Source: http://networksasia.net/article/preparing-ddos-attacks-960134400

Read the article:
Preparing for DDoS attacks

US charges 13 Anonymous members for DDoS attacks

The U.S. has brought criminal charges against 13 persons, said to be members of the hacker group Anonymous, for their alleged participation in cyberattacks as part of a campaign called Operation Payback.The defendants and other members of Anonymous allegedly launched or attempted to launch cyberattacks against government entities, trade associations, individuals, law firms and financial institutions, according to a federal grand jury indictment released Thursday in the U.S. District Court for the Eastern District of Virginia, Alexandria division. Among the organizations targeted were the Recording Industry Association of America, the Motion Picture Association of America, the United States Copyright Office of the Library of Congress, Visa, MasterCard, and Bank of America. The method of attack was DDoS (distributed denial of service) which floods web sites with spurious Internet traffic so that they become unavailable, and the weapon of choice was the freely-available and downloadable network stress testing program known as the Low Orbit Ion Cannon or LOIC, according to the indictment. The 13 persons have been charged with one count of “conspiracy to intentionally cause damage to a protected computer” from about Sept. 16, 2010 to at least Jan. 2, 2011. All are from the U.S. and in their 20s with the exception of Geoffrey Kenneth Commander, a 65-year-old man from Hancock, New Hampshire, and Dennis Owen Collins, a man from Toledo, Ohio born in 1960. Members of Anonymous launched Operation Payback on about September 2010 to retaliate against the discontinuation of The Pirate Bay, a controversial file-sharing website in Sweden, according to the indictment. On December 4, 2010, Operation Payback planned DDoS attacks on the websites of entities that were either critical of whistle-blower website WikiLeaks or had refused to process payments for WikiLeaks, including Amazon and U.S. Senator Joseph Lieberman. The hacker group thereafter launched attacks on the website of PostFinance, a Swiss payments, e-finance, and electronic account management organization, the Swedish prosecutor’s office and a Swedish law firm. This was followed by an attack on the website of MasterCard, which cost the payment firm at least US$5,000 in losses during a one-year period, according to the indictment. Anonymous has attacked sites in the U.S. and abroad for a number of ideological reasons ranging from censorship of the Internet, the takedown of file-sharing site Megaupload, and Israel military action against Hamas. Source: http://www.pcworld.com/article/2052360/us-indicts-13-anonymous-members-for-ddos-attacks.html

Read the original:
US charges 13 Anonymous members for DDoS attacks

GitHub Struggles With Second Day Of DDoS Attacks

Code sharing site GitHub has been fending off large distributed denial of service (DDoS) attacks for two days now, with the site repeatedly taken offline. The attacks started at around 8pm yesterday, when a “large scale DDoS attack” hit. It didn’t last long as GitHub was back online less than an hour later. GitHub downed by DDoSers again But today problems emerged again. From 10.30am, another DDoS has taken GitHub down. “We’re doing everything we can to restore normal service as soon as possible,” a GitHub spokesperson told TechWeekEurope . GitHub has been keeping users updated on its status page. “We’re simultaneously working on deflecting the attack and restoring affected services,” read a post at 11.17am. “We’re working to re-establish connectivity after the attack disrupted our primary internet transit links,” another post from 11.48am read. The site was functioning at 12pm today, but there was no update on the status page. The site has been battered by DDoS attacks throughout this year. In August, a “very large” strike was reported and it was hit twice in two days in March. Source: http://www.techweekeurope.co.uk/news/github-ddos-attacks-128704

More:
GitHub Struggles With Second Day Of DDoS Attacks

WordPress Site Hacks Continue

WordPress installations sporting known vulnerabilities continue to be compromised by hackers and turned into distributed denial of service (DDoS) launch pads. That warning was sounded last week after IT professional Steven Veldkamp shared an intrusion prevention system (IPS) log with Hacker News , which found that a single 26-second DDoS attack against a site run by Veldkamp was launched from 569 different WordPress blogs. Those blogs appear to have been compromised by attackers, since they comprised everything from a “mercury science and policy” blog at the Massachusetts Institute of Technology (which as of press time remained offline) and a National Endowment for the Arts blog to WordPress sites run by Pennsylvania State University and Stevens Institute of Technology. “The key aspect to note here is the number of compromised WordPress servers,” said Stephen Gates, chief security evangelist at DDoS defense firm Corero Network Security, via email. “It’s a simple mathematical equation — attackers are looking to infect servers sitting in hosting environments with each server easily capable of generating 1 Gbps of attack traffic. It is quite easy to generate extremely high volumes and varieties of attack traffic by compromising just a few WordPress servers.” Once WordPress servers get compromised, attackers can use them for a variety of purposes, such as attacking U.S. financial institutions. “From volumetric attacks that melt down firewalls to the ‘low and slow attacks’ that sneak through firewalls undetected — the list is really endless,” Gates said. WordPress blogs, of course, are easy to provision and host. But that ease of installation — and use — means that such software is often run outside the purview of IT provisioning and oversight. Furthermore, many WordPress administrators fail to keep their software updated or follow security best practices, such as choosing unique usernames and strong passwords for WordPress admin accounts. As a result, numerous WordPress sites sporting known vulnerabilities — or “admin” as the admin account name — remain sitting ducks for automated attacks. Indeed, malware is often used to automatically find and exploit vulnerable WordPress installations. In August, Matthew Bing, an Arbor Security Engineering & Response Team (ASERT) research analyst, noted that the Fort Disco malware — first discovered in April 2013 — was being used to target known vulnerabilities in content management systems, backed by six command-and-control servers that were running a botnet comprised of more than 25,000 Windows PCs. “To date, over 6,000 Joomla, WordPress and Datalife Engine installations have been the victims of password guessing,” he said in a blog post. How widespread is the problem of exploitable WordPress software? According to a study conducted by EnableSecurity CEO Sandro Gauci, the list of the one million most trafficked websites — per the Alexa index — includes 40,000 WordPress sites. But 70% of those sites are running a version of WordPress with known vulnerabilities. Those statistics were relayed last week by WordPress security expert Robert Abela, who studied data that EnableSecurity’s Gauci compiled over a four-day period in the middle of September, immediately following the September 11 release of WordPress 3.6.1, which remains the latest version. In a blog post, Abela reported that of the 42,106 WordPress sites from the Alexa index identified, 19% had already been updated to the new version, while 31% of sites were still running the previous version (3.6). But the remaining 51% of cataloged WordPress sites ran one of 72 other versions, with 2% of all cataloged sites still running version 2.x, which dates from 2007 and earlier. Needless to say, many historical WordPress updates have included patches for exploitable vulnerabilities. For example, the latest version of WordPress — 3.6.1 — patched a known vulnerability in version 3.6 that would have allowed an attacker to remotely execute code. Previous versions of WordPress have also sported a number of known bugs, including version 3.5.1 (8 vulnerabilities), 3.4.2 (12 vulnerabilities) and 3.3.1 (24 vulnerabilities). All of this adds up to numerous WordPress sites that can be relatively easily hacked, based on a review of the top 10 most-seen versions of WordPress seen among the more than 40,000 counted by Gauci. “At least 30,823 WordPress websites out of 42,106 are vulnerable to exploitable vulnerabilities,” said Abela. “This means that 73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools. Considering the number of vulnerable WordPress installations out there, and the popularity of such websites, we are still surprised … most of them haven’t been hacked yet.” Source: http://www.informationweek.com/security/attacks/wordpress-site-hacks-continue/240162060