Tag Archives: stop ddos attacks

DDoS Attacks With BillGates Linux Malware Intensify

XOR botnet authors migrate to using BillGates malware Over the past six months, security researchers from Akamai’s SIRT team have observed a shift in the cyber-criminal underground to using botnets created via the BillGates malware to launch massive 100+ Gbps DDoS attacks. The BillGates malware is a relatively old malware family aimed at Linux machines running in server environments. Its primary purpose is to infect servers, link them together in a botnet controlled via a central C&C server, which instructs bots to launch DDoS attacks at their targets. The malware has been around for some years and due to its (irony-filled) name is probably one of the most well-known Linux-targeting malware families. Former XOR botnet operators reverted to using BillGates A BillGates botnet is capable of launching Layer 3, 4, and 7 DDoS attacks. More accurately it supports ICMP floods, TCP floods, UDP floods, SYN floods, HTTP floods and DNS reflection floods. According to Akamai’s Security Intelligence Research Team (SIRT), ever since the XOR DDoS botnet , also Linux-based, has been neutralized a few months back, hacking outfits have switched to the BillGates botnet for their attacks. While not as powerful as the XOR botnet, which was capable of launching 150+ Gbps attacks, BillGates attacks can go over 100 Gbps when needed. Moreover, as Akamai noticed, the hacking crew that deployed the XOR botnet has also switched to using BillGates malware, the CDN and cyber-security provider seeing DDoS attacks on the very same targets the XOR botnet crew was previously attacking. Most BillGates DDoS attacks targeted Asian online gaming servers DDoS attacks launched with this botnet have were seen targeting Asia-based companies and their digital properties, mostly located in online gaming. Besides the original XOR crew, the malware has been used to build different botnet by multiple gangs and has even been used as the base for other Linux-based DDoSing malware. The BillGates malware is available for purchase on underground hacking forums, and it comes in the form of a “malware builder” which allows each crew to generate its own strand, that can run on different C&C servers. Last June , Akamai observed a similar spike in DDoS attacks coming from botnets built with the BillGates malware. Source: http://news.softpedia.com/news/ddos-attacks-with-billgates-linux-malware-intensify-502697.shtml

See the original article here:
DDoS Attacks With BillGates Linux Malware Intensify

Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown

A nonymous’s repeated attacks on Donald Trump since December of 2015 have made hacker harassment a part of everyday conversation. Today, the United States Department of Justice handed down a sentence to a member of the Electronik Tribulation Army (ETA) that shows just how severe the punishment for those types of hacks can be. Benjamin Earnest Nichols, a 37-year-old ETA member from Oklahoma City, pled guilty to intentionally causing damage with a distributed denial of service (DDoS) attack on mcgrewsecurity.com in 2010. Nichols hasn’t been sentenced yet, but faces a maximum of 10 years in federal prison and a $250,000 fine. It’s the DDoS attack that put Nichols in court, but the list of other things he admits to doing range from costly to downright dirty: causing $6,500 in losses to McGrew Security because of a downed website, making disparaging remarks and insulting McGrew (owner of the attacked website and security service), photoshopping images of McGrew, and sending sex toys to McGrew’s home. The exact type of sex toys were not mentioned in the U.S. Attorney’s Office press release. Regardless, it’s the type of behavior hacking groups have made a name doing. It’s also behavior that the U.S. DOJ plans on stopping. McGrew became a target of the ETA because of his role in the arrest of Jesse McGraw, the leader of the hacker group, back in 2009. McGraw was arrested after he installed malware and a remote-access program on dozens of computers at the North Central Medical Plaza in Dallas. He planned to use the medical computers for a DDoS attack on a rival hacker group, but was stopped before anything came of his tampering. He was sentenced to nine years in federal prison in 2011. It was one of the first major cybercrime sentences given, and the hacking community still mentions the decision’s importance. After McGraw’s arrest, Nichols and two other ETA members turned their eyes on McGrew. “They set up a website in my name to pose as me, and put up embarrassing content or things they though would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images,” McGrew told Wired in 2010. “They harvest email addresses from the university I work at and emailed it out to those.” McGrew was a key witness against McGraw, so the FBI got involved. They raided Nichols’ home because his actions were “affecting a potential witness in an official proceeding,” the search warrant affidavit read. The search warrant lists Nichols as going by the names “thefixer25,” ”fixer,” “fix,” ”c0aX,” and “ballsdeep.” Witness intimidation is a federal crime. The ETA responded by posting the following on its website: “On the 23rd of June 2010 the Federal Bureau of Investigation issued search warrants on ETA members. All their computers and electronic devices have been taken for forensic investigation…. We are not terrorists, we are freedom fighters and cyber protesting is not illegal.” Back in 2009, when McGraw was arrested, ETA members were hyper aware of how they could be next. When Nichols was asked if he was still in the ETA in an email from another member, he responded: “Right now admissal (sic) of any kind like that is certainly what some douchebag prosecutor would like. I cannot give you that answer when you ask me outright, however.” Nichols also said that he wiped his computers. Turns out he didn’t wipe them well enough, and can look forward to big time for his hacking crimes. It’s a message from the DOJ to the hacking community that it surely won’t ignore. Source: https://www.inverse.com/article/13891-hacker-faces-10-years-for-ddos-attacks-and-sex-toy-pranks-in-doj-crack

Read the article:
Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown

Over half of companies feel investment in DDoS protection is justified

A quarter of all companies risk their business-critical systems due to a lack of anti-DDoS protection according to new research by Kaspersky Lab. It’s the kind of absence that can cause enterprises massive financial loss and reputational damage and, according to the research, more than half of companies feel that investing in protection against DDoS attacks is justified. About the same number of survey respondents from telecoms (82 percent) and finance (78 percent) think anti-DDoS protection is an important cyber-security requirement for infrastructure. Just shy of a quarter (24 percent) of respondents don’t use DDoS protection or only use it part of the time (41 percent). Only 34 percent of companies are fully protected against the threat. A majority of companies with no anti-DDoS protection are the ones attacked the most often such as media (36 percent), healthcare and education (both 31 percent). A quarter of companies stated that the stability of business-critical systems is a priority for their organisation, however only 15 percent plan to implement anti-DDoS protection in the near future. “It’s important to take DDoS attacks seriously as they can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Russ Madley, head of B2B at Kaspersky Lab. Source: http://www.scmagazineuk.com/over-half-of-companies-feel-investment-in-ddos-protection-is-justified/article/487567/

Hacker Redirects DDoS Attack to Israeli Intelligence Site

A hacker using the handle “The Jester” allegedly rerouted distributed denial-of-service (DDoS) attacks to hit the Israeli intelligence agency Mossad. The Jester became a high-profile hacker in 2010 when he claimed to have attacked the Wikileaks website. He also is known to attack websites affiliated with ISIS, Hamas, Anonymous and the Occupy movement. In a 2010 article, the New York Times claimed the Jester is a former military contractor who was involved with US special forces operations. The Jester’s website reportedly came under attack with DDoS attacks, which the hacker claims to have redirected against the Israeli intelligence service. He claims to have altered the IP address that his website was registered on to the Mossad address. “To the s***loads attacking my blog, I’ve pointed my domain to 147.237.0.71. Ur now hitting Israeli Intelligence Service (Mossad). Good luck,” the Jester, or th3j35t3r, wrote in an online post. The hacker said he redirected the traffic to Mossad’s IP address because “they can look after themselves perfectly well,” according to reports. Israel’s Information and Communications Technology Authority reportedly issued a statement that Mossad’s website did not encounter irregularities or down time. The Israeli intelligence service’s website remains online and functional, while the Jester’s site is offline at the time of this post. Source: http://www.batblue.com/hacker-redirects-ddos-attack-to-israeli-intelligence-site/

Finnish Defense Ministry Hit by DDoS Cyberattack

Finland’s Ministry of Defence (MoD) is reviewing its IT security infrastructure in the wake of a distributed denial of service (DDoS) attack on its main website. The attack was launched hours before Finnish President Sauli Niinistö met with Russian President Vladimir Putin in Moscow on March 22 to discuss regional security issues and the implementation of deeper cooperation on border defense. Initial investigations by the National Cyber Defense Center (NCDC) are examining the possibility that the cyberattack may have been launched from Russia to coincide with high-level, inter-government talks. Similar DDoS attacks launched against public and private organizations in Sweden in March had traced the servers to Russia. Niinistö met with US President Barack Obama in Washington on April 1. The meeting took place during the international Nuclear Security Summit hosted by the US president. Finland’s MoD confirmed that the sustained DDoS attack, which lasted more than three hours, was the second such cyberattack against its online IT infrastructure in 2016. The MoD responded by diverting traffic from its main site defmin.fi to a temporary site. The previous DDoS attack took place Feb. 27 and lasted nearly five hours. Other key government department websites, including finance, social affairs and health, agriculture and forestry, and the Council of State office, were targeted in simultaneous attacks. The timing of the latest DDoS attack is significant, coming as Finnish and US governments finalize plans connected to joint military exercises in Finland. Source: http://www.defensenews.com/story/defense/international/2016/04/04/finnish-defense-ministry-hit-ddos-cyberattack/82608438/

See original article:
Finnish Defense Ministry Hit by DDoS Cyberattack

Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad

A high-profile US hacker has turned an attack on his website into an assault against the Israeli intelligence service. ‘The Jester’ – or th3j35t3r – claims that he diverted an attempt to overload his website to assault Mossad’s online presence. Haaretz reported that Jester’s website – jesterscourt.cc – was the victim of a denial of service (DoS) attack on the night of 1 April. In a tweet, Jester announced that he had diverted the hacker’s attack by simply changing the IP address his website was registered on. When asked why he picked Mossad by one of his 74,400 Twitter followers, Jester replied “Because they can look after themselves perfectly well.” On his blog, Jester claims to have used this technique before. In a post called Offensive Counter Measures – Be Like Water, Jester details the steps he took to divert another DoS attack, which he alleges was carried out by Anonymous, towards websites linked with the Occupy movement. According to Haaratz, Israel’s Information and Communications Technology Authority said Mossad’s website had not seen any irregularities or disruptions of service. At the time of writing, Mossad’s website was working, but IBTimes UK could not confirm whether it had suffered any downtime. However, The Jester’s website was not working. Anti-ISIS, anti-Anonymous Jester is one of the hacking community’s most high-profile members. What is a DoS attack? During a denial of service (DoS) or a distributed denial of service (DoS) attack, hackers attempt to overload a website’s connections by sending in data requests from multiple sources. Most often hackers use a ‘botnet’ – internet-connected PCs that are compromised by malware – to send in the requests to visit the site, without the users’ knowledge. The huge number of requests, which can reach thousands per second, overload the ability of a website’s server to respond, eventually causing an error message to appear instead of the site’s pages. Making a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web). Jester’s career as a vigilante hacker appears to have started in 2010, when he claimed to have been involved in an attack on the Wikileaks website. That year, the New York Times reported Jester was a a former military contractor who had worked with US special forces. Since then, Jester has developed a reputation as a pro-US hacker vigilante and cybersecurity expert. Through writing his own blog on cybersecurity, he gives talks on the subject through text chat to keep his identity a secret, and is known for attacking websites linked to Hamas and Islamic State (Isis). Jester has also attacked websites used by the Occupy movement and Anonymous – whom he described as “pathetic terrorist sympathizing buttholes”. He claims to have caused more than 180 websites to go offline since 2010. Jester was listed as one of Time magazine’s “most influential people on the internet” in March 2015. Source: http://www.ibtimes.co.uk/notorious-pro-us-hacker-jester-diverts-dos-attack-towards-israeli-spy-service-mossad-1552895

Link:
Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad

Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues

Coinkite, the popular wallet and hardware payment network service provider, has announced it is closing down its web wallet to focus on other projects after legal issues and DDoS attacks have impeded the use of the wallet. Hardware products focus After a noticeable lack in posting on their blog after incredibly frequent posting over the last three years, Coinkite CT r: 24 has announced it is shutting down its web wallet service. Users of the service need not worry about the hardware aspect of Coinkite, as that will remain unaffected, and the team in fact hopes to expand it. “We are winding down the web wallet part of Coinkite so that our team can focus on a number of new products that are more decentralized and embodied as hardware products. We’re still big Bitcoin fans, supporters and Hodlrs, and although Coinkite has been great adventure in the SaaS business, we want to spend more time where our heart is, hardware products, software-”not-as-a-service”, and other exciting new possibilities.” Under DDoS since the first month Coinkite cited the legal issues associated with being a centralized Bitcoin CT r: 8 service, and hence the financial strain brought about by lawyers, and non-stop DDoS-ing since launch for the closing down of the service. “Being a centralized bitcoin service does attract attention from state actors and other well funded pains in the butt, and as a matter of fact, we’ve been under DDoS since the first month we launched—over three years–yay. Plus we have put real fiat dollars into our lawyers’ pockets, to defend our customers from their own governments. This is not what we love to do, which is coding and delivering awesome services.” Programmers-turned-businessmen an issue Part of the issue in the cryptocurrency industry is that many of those who are choosing to create businesses in this newly-fledged sector, are fundamentally programmers, and as such are ill-equipped to deal with the likes of lawyers and regulators. The simple solution to this problem is greater co-operation between the financial industry and the cryptocurrency industry. The financial sector has been around for far, far longer than the cryptocurrency industry. It has the infrastructure, processes, and people already in place to deal with a lot of the issues facing these programmers-turned-businessmen, and if more startups are to succeed, they are going to need to implement them. Source: http://cointelegraph.com/news/coinkite-is-closing-down-its-web-wallet-citing-legal-and-ddos-issues

See the article here:
Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues

University of Georgia hit by DDoS Attack

The University of Georgia was the victim of a cyberattack Sunday night which blocked all Internet access for everyone on campus using the school’s network. The DDoS — distributed denial of service — attack came from outside UGA’s network, and began about 6:10 p.m., according to an email sent Monday by Timothy Chester, UGA’s vice president for information technology. A DDoS attack floods a target’s computer network with traffic, leaving the victim’s use of its websites and computer systems unavailable. During the incident, the university’s entire 20 gigabytes per second of Internet capacity was saturated with outside network traffic, which blocked access campus users. UGA purchases its Internet connectivity through a nonprofit consortium, called Southern Crossroads, which is operated by Georgia Tech. School officials worked with Southern Crossroads to isolate the attack and began blocking it about 10 p.m., Chester’s message said. The attack ended shortly after that. As of Monday morning, officials had found no evidence that systems or data maintained by UGA had been compromised. Colleges and universities have increasingly been the target of these types of cyberattacks. Last year, Rutgers University students requested tuition refunds after the school experienced its fifth DDoS attack in a year. Arizona State University was also hit by a DDoS attack in April, blocking access to its Internet network a week before final exams. Some campuses are not currently equipped to identify DDoS attacks, and may not have a method for effectively mitigating them, industry experts say. “I personally regret that many of you experienced a disruption as you were preparing homework, getting ready for class or doing other University work and I offer my apologies,” Chester said to the campus community in the message. UGA plans to review the incident with federal, state and local law enforcement, and work with the University System of Georgia on reducing the risks of these types of attacks in the future. Source: http://www.ajc.com/news/news/local-education/university-of-georgia-hit-by-cyberattack/nqtN9/

Read the original post:
University of Georgia hit by DDoS Attack

Change.org Victim of DDoS Attack From China

Change.org, an online petitioning platform, has appear beneath an advancing broadcast abnegation of account (DDoS) advance basic from China afterwards the website hosted a alarm advancement Chinese authorities to absolution artisan Ai Weiwei from custody. The attacks, which started backward Sunday, accept about brought down the site, according to Change.org architect Ben Rattray. DDoS attacks plan by application hundreds or bags of afraid computers to forward cartage to a website, cutting it with abstracts so it becomes aloof to accustomed users. Change.org said the accepted advance originates from an accretion accumulation of computers primarily based in China, and has yet to stop. This is the aboriginal time the website has been hit with a DDoS attack. Change.org has been hosting a online address calling for the absolution of Chinese artisan Ai Weiwei, who is currently beneath arrest. The address has admiring about 100,000 humans from 175 countries, authoritative it one of Change.org’s a lot of acknowledged all-embracing campaigns, Rattray said. “It’s appealing bright the advance is in acknowledgment to the campaign,” he added. “It’s amazing that somebody in China with a high-level of abstruse composure can appulse the adeptness for humans about the apple to organize.” The online alarm coincided with demonstrations beyond the apple this accomplished Sunday, which aswell alleged for the artist’s release. Ai, who is aswell accepted for his activism, has been bedfast as allotment of a Chinese government crackdown on political dissidents in the country. Authorities in the country accept arrested added animal rights activists and clamped down on the advice flow, afterward antecedent online postings that began in February calling for a “Jasmine revolution” adjoin the Chinese government. Change.org is currently blocked in China. Internet censors in the country consistently block sites that are accounted to politically sensitive. Despite the block, the computers complex in the DDoS advance are managing to acquisition a way about the country’s civic Internet firewall, said Rattray. In the past, added sites accept been the victims of cyber attacks advancing from China. This March, blog publishing belvedere WordPress.com aswell reported getting hit with a DDoS attack basic from China. Chinese hackers accept aswell allegedly launched cyber attacks to steal abstracts from adopted activity accompanies, according to aegis bell-ringer McAfee. In 2009, Google was aswell the victim of an advance basic from China that was aimed at accessing the Gmail accounts of animal rights activists The Chinese government has ahead responded to these letters by abstinent it is complex in any cyberattacks, abacus that China has aswell been a victim of hacking attempts. The accurate antecedent of DDoS attacks is generally unclear. Although Change.org has traced the accepted advance to servers in China, it is aswell accessible the computers are beneath the ascendancy of hackers based in addition country. Change.org letters that both the FBI and U.S. State Department are searching into the DDoS attack. “We will not stop or yield down annihilation because of this DDoS attack,” Rattray said. “We accept in the axiological appropriate of the humans to adapt about issues they affliction about it.” Source: http://webtechreview.com/change-org-victim-of-ddos-attack-from-china/

Continue reading here:
Change.org Victim of DDoS Attack From China

DDoS Attacks Cripple Swedish News Sites Amid Russia Tension

A number of Swedish government websites and major media outlets were knocked offline for hours over the weekend, police say. No one has taken responsibility for the cyberattacks, which silenced at least seven of Sweden’s most prominent news organizations for hours amid growing tension with Russia. A flood of web traffic Saturday night either crippled or totally shut down the news sites Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad for roughly three hours. Police launched an investigation Sunday, Agence France-Presse reported, with investigators telling many of the same sites the traffic appears to have originated in Russia. Cyberattackers, ranging from Anonymous to state hacking groups, often use distributed denial of service, or DDoS, attacks to direct a wave of falsified web traffic at a single or small number of sites, overwhelming them with traffic for hours or days. This attack was “extremely dangerous and serious,” Jeannette Gustafsdotter, the head of the Swedish Media Publishers’ Association, told the news agency TT, as quoted by the Local.se. “To threaten access to news coverage is a threat to democracy.” The onslaught came after an anonymous Twitter account, using the handle @_notJ, warned of imminent attacks against sites that posted “propaganda.” Aftonbladet, one of the sites mentioned in the tweets, has published a number of stories on the Russian plane crash that killed 62 people and other topics that don’t portray Russia in a positive light. This is what happends when you spread false propaganda. Aftonbladet.se #offline@Aftonbladet — J (@_notJ) March 19, 2016 The following days attacks against the Swedish goverment and media spreading false propaganda will be targetted. — J (@_notJ) March 19, 2016 The attacks also came after a Swedish government report cited Russian “extreme movements, information operations and misinformation campaigns” aimed at Swedish lawmakers and the public as Sweden’s most formidable intelligence threat. The Swedish government asked Russian Embassy staff to leave Sweden in 2015, though the report noted that suspected spies were still working as diplomats, airline employees and business executives. Source: http://m.ibtimes.com/ddos-attacks-cripple-swedish-news-sites-amid-russia-tension-2340079

Original post:
DDoS Attacks Cripple Swedish News Sites Amid Russia Tension