Tag Archives: rights

26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

A man was sentenced to probation after being convicted for Distributed Denial of Service (DDoS) attacks as a result of Group-IB and the The Ministry of the Interior (MVD) collaboration work. Group-IB assisted in the investigation, collection, preservation and identification of digital evidence. The criminal business owner turned out to be a 26-year-old resident of the Sayansk-city, Irkutsk region. The reason for the investigation was an attack on a large financial corporation, which owns several banks. Since the recourse to the Group-IB up to the moment of the attacker arrest there were record-breaking short terms – all of the work was done within a month. The criminal used underground hacking forums to find clients by posting advertisements for DDoS services. Russians, citizens of the CIS, Britons and many others ordered his services regularly. Group-IB’s evidence said a man used the Dragon botnet to launch the attacks. In autumn 2012, authorities had arrested the suspect in Sayansk, Ziminsk district. During the investigation, the accused pleaded guilty and showed detailed process of launching cyber-attacks. Group-IB computer forensic experts proved the guilt of the arrested in committing a series of cybercrimes. A Sayansk city court judge rendered a guilty verdict against 26-year-old man for unauthorized access to computer information and was condemned to two years of conditional sentence. The Group-IB experienced experts explained that such attacks are common now as a result of unfair competition between companies. “Commercial organizations should think about DDoS protection,” said Dmitry Volkov, Head of the Group-IB Investigation Department. “However, if the incident has already occurred, the Group-IB is ready to conduct a full and independent investigation and find the attacker using forensic methods and tools.” Source: http://www.digitaljournal.com/pr/1776830#ixzz2vCwNMKJi

Continued here:
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

DDoS cyber attacks get bigger, smarter, more damaging

Crashing websites and overwhelming data centers, a new generation of cyber attacks is costing millions and straining the structure of the Internet. While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks. Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks. On February 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far. At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare. The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments. [ID:nL2N0LG1Y8] On February 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February. In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters. DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours. A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centers from just 2 percent in 2010. The average cost of a single outage was $630,000, it said. “It’s really a game of cat and mouse,” said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites. “I’d like to say we are ahead, but I just don’t think it’s true.” As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective. The aims of attackers include extortion, political activism, providing distraction from data theft and, for “hobbyist” hackers, just testing and showcasing their skills, security experts say. Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge. HIJACKING PRINTERS, SMARTPHONES Many attacks, however, appear to be homegrown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the United States, followed by China, Thailand, Britain and South Korea. As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google’s Android operating system, which by the third quarter of 2013 accounted for more than 80 percent of new phones. Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers. Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralyzed the Saxony government website. DDoSarrest says some of the most recent attacks it has dealt with were on U.S. universities and largely blamed on students showing off or protesting against high tuition fees. The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders. Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast. SLOWING THE INTERNET Last year’s Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack. Crashing data centers can wreak havoc with other services based there, including phone systems and vital industrial facilities. The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events. Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million. Namecheap, which aims to offer cut-price hosting for websites, said it had already spread its data centers across five countries and three continents to better handle constant attacks but was still overwhelmed by the roughly 100 Gbps incident. Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast moving that automated systems can no longer tackle them. Prolexic itself runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centers. “It’s very hard to know what to do,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. “The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher.” Source: http://www.reuters.com/article/2014/03/05/us-cyber-ddos-idUSBREA240XZ20140305

Visit link:
DDoS cyber attacks get bigger, smarter, more damaging

Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman

The Meetup site is down after a hacker attempted to extort $300 from the site’s CEO Scott Heiferman. The social networking site was the victim of a DDoS attack that was allegedly paid for by one of Meetup’s competitors. The attack began on Thursday when CEO Scott Heiferman received an email that reads: Date: Thu, Feb 27, 2014 at 10:26 AM Subject: DDoS attack, warning A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer. As soon as Heiferman received the email, the attack began and overwhelmed Meetup’s servers. The site went down and stayed that way for nearly 24 hours. The success of the site being back up was short-lived as Meetup was hit again and again with numerous DDoS attacks over the course of the weekend. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman – photo from Twitter Stating his reasons for not paying the hacker behind the attack, Heiferman wrote on Meetup’s blog: We chose not to pay because: 1. We made a decision not to negotiate with criminals. 2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more. 3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world. 4. We are confident we can protect Meetup from this aggressive attack, even if it will take time. As of right now, the site is still down as the Meetup team continues to secure its servers. When users attempt to log onto the site, they are met with the following error message: Over the past several days, Meetup has suffered a prolonged denial of service (DDoS) attack, resulting in intermittent service outages for our website and apps. We’re working urgently to bring Meetup back and restore full functionality. We appreciate your patience. Heiferman encourages all Meetup users to stay informed by receiving updates via Twitter, Facebook or the company’s blog. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman. Source: http://americanlivewire.com/2014-03-03-meetup-site-down/

Taken from:
Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman

DDoS Attack! Is Regulation The Answer?

Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back. The scale, diversity, and magnitude of recent DDoS attacks have knocked enterprises back on their heels. Now they’re attracting attention from regulators. Intended or not, attackers are forcing a sea change. The question at hand is whether self-regulation will improve or if regulatory intervention is inevitable. Cloudflare’s recent analysis of a February 13 denial of service attack explains the most recent variation on a recurring DDoS attack theme, and in doing so illustrates that we’ve made little or no progress in mitigating root causes of DDoS: The attack was distributed , emanating from over four thousand servers and twelve hundred networks. The attack used reflection , a technique where the source IP address of query traffic is “spoofed.” All of the attacking hosts set the source IP address of queries to the IP address of the targeted host so that the responses will overwhelm the victim. The attack also used amplification , a technique where a small query results in a much larger response being transmitted in order to deplete the target’s resources more rapidly. There are also other similarities between this and prior DDoS attacks. The attacks exploit UDP-based services (DNS, chargen, and now NTP). They exploit the absence of anti-spoofing measures by ISPs or private networks, and they exploit the “open” operation of these services, taking advantage of open DNS resolvers, publicly accessible network time servers, and services that should be configured to respond only to clients within specific administrative domains. The takeaway is obvious: Services that run over UDP and are accessible in a public or open manner are targets for reflection or amplification attacks, and the ability to spoof IP addresses exacerbates this threat .

Original post:
DDoS Attack! Is Regulation The Answer?

Cyber attacks ready to lay siege to 2014 World Cup

Brazilian hackers have issued threats to disrupt this summer’s FIFA World Cup and there are worries that the telecommunications infrastructure won’t be able to cope with the attacks. Reuters spoke to hacking groups headquartered in Brazil that are planning to attack the event due to the global exposure it will give them and they are confident of bringing down some of the largest sites involved with the tournament. “We are already making plans,” said an alleged hacker who goes by the name Eduarda Dioratto. “I don’t think there is much they can do to stop us.” Distributed denial of service [DDoS] attacks are reportedly the weapon of choice for Brazil’s hackers to target sites operated by FIFA and the Brazilian government as well as other sponsors and organisers. “The attacks will be directed against official websites and those of companies sponsoring the Cup,” a hacker known as Che Commodore told Reuters over Skype.Some of the problems that could be exploited include overstrained networks, widespread use of pirated programming and little care taken to invest in online security. The same report also states that one of the “world’s most sophisticated cyber criminal communities” already operates in the country and it has already started to scupper ticket sales through phishing. “It’s not a question of whether the Cup will be targeted, but when,” said William Beer, a cybersecurity expert with the consultancy firm Alvarez & Marsal. “So resilience and response become extremely important.” FIFA has yet to comment on the issue and the country itself is confident that it is at least some way prepared for any attacks that are launched. “It would be reckless for any nation to say it’s 100 percent prepared for a threat,” said General José Carlos dos Santos, the head of the cyber command for Brazil’s army. “But Brazil is prepared to respond to the most likely cyber threats.” During the Confederations Cup 2013, the traditional dress rehearsal for the World Cup, the cyber command stopped over 300 cyber attacks and dos Santos added that the number will be “much higher” during the tournament proper. Source: http://www.itproportal.com/2014/02/26/cyber-attacks-ready-to-lay-siege-to-2014-world-cup/#ixzz2uZ9neK9Q

Theresa May Home Office website DDoS attack: Man charged

A man is being charged with attacking websites belonging to the Home Office and the Home Secretary Theresa May. Mark Lynden Johnson, 43, from Stoke-on-Trent, is being charged with encouraging or assisting an offence under the Computer Misuse Act. He is due to appear at Birmingham Magistrates’ Court on 12 March. Both websites were taken offline during attacks between 15 and 18 June 2012, the Crown Prosecution Service (CPS) said. The websites were subjected to a Distributed Denial Of Service attack, also known as a DDoS attack, which prevented visitors accessing them, a CPS spokesperson said. A DDoS attack floods a webserver with so many requests that it can no longer respond to legitimate users. Source: http://www.bbc.co.uk/news/uk-england-stoke-staffordshire-26341874

Continue reading here:
Theresa May Home Office website DDoS attack: Man charged

Apple Daily in Hong Kong and Taiwan hit by DDoS attack

Apple Daily said its websites for both Hong Kong and Taiwan were hit by DDoS attacks on Saturday. IP addresses reveal that attacks originated from China, Russia, and France, according to Michael Yung, CIO of Next Media, the parent company of Apple Daily. Starting 1pm on Saturday, traffic to the Next Media website became increasingly huge that access to Apple Daily and other contents of the firm was significantly slow, Yung said, adding that audiences could only view text content via the newspaper’s mobile app. The firm’s website was restored at 6pm after several hours of fixing, Next Media said. According to Yung, small-scale attacks to the Next Media website are frequent but much more severe ones come before the June 4 commemoration and July 1 protest every year. Next Media said the attack is an act of harming freedom of press and but that won’t stop the organization from defending it. While Anonymous reportedly confirms that the attack came from the mainland Chinese government, Next Media said the identity of the attacker remains unknown at the moment because IP addresses identified could be fake. There’s also speculation that the attack’s related to Sunday’s “Free Speech, Free Hong Kong” protest organized by the Hong Kong Journalists Association. The protest is a response to recent moves that are seen as compromising editorial independence and freedom of speech. Of late, Commercial Radio fired its outspoken host Li Wei Ling while Chinese-language newspaper Ming Pao replaced its existing chief editor with a Malaysian journalist who’s not known to the local community and media industry. Source: http://news.idg.no/cw/art.cfm?id=F7551BB6-DF9A-6D69-EBD70AD566B9147F

Continued here:
Apple Daily in Hong Kong and Taiwan hit by DDoS attack

Cyber attacks: preventing disruption to your website

One of the largest ever cyber attacks took place this month and it has been cited that it was the shape of things to come. But it is not all doom and gloom – there is plenty that businesses can do to prepare for the future. Start by thinking about the impact of your website being down for a day to three days and how it would affect current and prospective clients and the reputation of your brand. Google is usually the first port of call when checking out products and services, so chances are high that any disruption to your web experience won’t be favourably looked upon by prospects. Cyber criminals will often inject malware into legitimate websites with the goal of getting innocent users to click on it, which will automatically trigger a download and can lead to all sorts of problems for the user. As the website owner, you may be completely unaware, but this is something that Google is cracking down on. If a website is spotted hosting malicious links, Google can blacklist it, meaning it will not show up in searches and it will temporarily remove it from the Google index, which badly affects SEO. Browsers, such as Chrome, Firefox etc will also flag insecure or risky websites and that may scare away potential customers. It may take weeks of effort to get removed from blacklists and re-indexed. If this wasn’t bad enough, the risk is actually two-fold. There are some would-be attackers that will threaten to hold your website to ransom. In this case, they will identify the holes in your website and blackmail you into paying them in order for them not to get your website blacklisted. The best way to avoid getting blacklisted, or indeed blackmailed, is to have the website checked for malware and other infections. And it is also highly recommended to have your website scanned for known vulnerabilities. This will ensure that there are no “holes” that attackers can exploit to install malware or create watering holes for unsuspecting customers. Another issue to avoid falling victim to is a DDoS attack. DDoS attacks bombard a website with so many external communication requests that it floods the system and overloads the server to such a point that it can no longer function, leaving the website paralysed and unable to transact business. Attacks of this nature are on the rise and it’s fair to predict that this year will be no exception to this trend. The best start is to have a plan in place- whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost. In addition, it’s worth noting that some good DDoS protection services will offer a caching component that will allow bursts of legitimate traffic to your website without negatively impacting on the server. Because it will automatically balance the load coming in, it keeps the website available to handle large amounts of requests with no disruption to your user base. So, make sure you do your research when choosing the best option for your website. Bear in mind that, while you can get a protection service in an emergency situation, as with so many things, the best offense is a good defence, so businesses should make sure that they have a proactive DDoS solution in place to avoid disruption to your web presence. Top tips: 1) Run malware detection and anti-virus on your website to spot and clear any existing infections 2) Enlist the services of a vulnerability scanner to identify and fix any exploits in your website 3) Have proactive DDoS protection in place; either in the form of hardware or a managed service 4) Have load balancing in place to ensure your website can handle increases in transactions Source: http://www.itproportal.com/2014/02/21/cyber-attacks-preventing-disruption-your-website/

Namecheap Is In The Middle Of A DDoS Attack

If any of your favorite sites don’t seem to be working right now, don’t panic — it’s not just you. Namecheap, the host of some 3 million-plus domains, is reporting that they’re currently undergoing a Distributed Denial Of Service attack of unknown origins. If that sounds like a bunch of mumbo-jumbo to you, here’s all you need to know: a Distributed Denial Of Service (or DDoS) attack is, generally, when an attacker floods its target with so much traffic that it’s unable to respond to legitimate requests. Namecheap, a company that helps make it so that you can type URLs (like WhateverWebsiteHere.com) instead of IPs (like 192.168.0.1), is currently facing an attack like this, making it quite hard for them to do their job. The attackers appear to be focusing on some of Namecheap’s primary DNS servers. As a result, many domains that are hosted on Namecheap will be unable to resolve, and other features that rely on their nameservers (like email) might not work. The company is actively battling the attack, and are hoping that they’ll have everything locked down within the next hour or so. In the meantime: if your domain is hosted on Namecheap and is having difficulties resolving, Namecheap recommends temporarily switching it to their backup DNS system. Update: Namecheap tells us that the situation now seems to be under control. See their full response to this attack below. Namecheap gained many a fan back in 2011, when the company launched a campaign called Move Your Domain Day in response to competitor GoDaddy’s then-support of the controversial Stop Online Piracy Act. This, along with many other pressures, eventually lead GoDaddy to recanting their support for the bill. Update: Here’s the official response and breakdown of the attack from Namecheap CEO Richard Kirkendall and VP Matt Russell: Today is one of the days that as a service provider who strives to deliver excellence day in and day out, you wish you never had. At around 15.55 GMT / 11.55 EST, a huge DDoS attack started against 300 or so domains on our DNS platform. Our DNS platform is a redundant, global platform spread across 3 continents and 5 countries that handles the DNS for many of our customers. This is a platform meticulously maintained and ran, and a platform that successfully fends off other DDoS attacks on an almost-daily basis. Today, however, I am compelled to announce that we struggled. The sheer size of the attack overwhelmed many of our DNS servers resulting in inaccessibility and sluggish performance. Our initial estimates show the attack size to be over 100Gbps, making this one of the largest attacks anyone has seen or dealt with. And this is a new type of attack, one that we and our hardware and network partners had not encountered before. We responded with our well-practiced mitigation plan while also enabling our backup system for those with affected domains. It took us around 3 hours to fully mitigate the attack, working closely with our hardware and network vendors. At this moment in time, 99% of our services are back to normal. I’d like to take this time to apologize to those customers affected. I also wish to iterate that we will learn from this attack and come back stronger, and more robust. We are bringing forward a key DNS infrastructure enhancement program that will see us massively expand the size of our DNS infrastructure and our ability to absorb and fend off attacks like these. We remain firmly committed to delivering the absolute best service possible to our loyal customers. Richard Kirkendall CEO Source: http://techcrunch.com/2014/02/20/namecheap-ddos/

More:
Namecheap Is In The Middle Of A DDoS Attack

MMO developer offering $14,000 reward for DDoS attack info

If you know a little thing or two about MMOs and a little more about DDOS attacks, you might be able to net yourself a near $15,000 bounty. Wurm Online, the MMO from Minecraft creator Markus Persson (no longer involved) and childhood friend Ralf Jansson, was hit by a DDOS attack yesterday and at the time of writing, it still remains down. Nobody so far has owned up to the attack, which was launched soon after a recent update. Presumably from the relative obscurity of the game, the DDOSer is a player, but there’s very little information on who they are or why they might have done it. However, in an attempt to find out more and ultimately catch and convict those responsible, the studio behind it, Code Club, is now offering a reward: “Shortly after today’s update we were the target of a DDOS attack and our hosting provider had to pull us off the grid for now,” it said in the announcement. “We will be back as soon as possible but things are out of our hands since their other customers are affected. As we wrote in a previous news post we are planning on changing hosting anyways which should improve things for the future. We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.” DDOS attacks against large games has become more common over the past few years, since it usually garners a lot of attention and understandably annoys a lot of gamers. However the purpose beyond attention getting is often unclear, since it rarely impacts anyone more than the players. So what about it guys? Anyone here think they could track down a DDOSer? Source: http://megagames.com/news/mmo-developer-offering-14000-reward-ddos-info

Continue Reading:
MMO developer offering $14,000 reward for DDoS attack info