Tag Archives: var-username

Bitrated faces severe DDoS attack and $3,200 ransom demand

A couple of hours ago, Bitrated, a bitcoin trust platform meant for reputation management and consumer protection has posted a tweet, warning users about an ongoing DDoS attack, carried out in the form of an extortion attempts. During the last couple of weeks, numerous Bitcoin-related companies, but also other businesses from all around the world have been affected by such attacks. According to a Medium post written by the Bitrated, it seems like they received a warning mail five minutes prior to the commencement of the attack, asking for a total of 7 BTC, worth around $3,200 at the time of writing. Unlike other extortionists who decided not to stand up to their promise, Bitrated’s servers were attacked for a couple of hours, and were put under a strain of 3.2 Gb/s. In return, DigitalOcean null routed trading on their network infrastructure. According to Bitrated, the company has an ethic code which makes them unable to succumb to any extortion attempts. They believe that blackmail demands are unethical, and funding the extortionists will undoubtedly lead to further attacks. Bitrated also mentioned that due to their nature of being a bootstrapped startup, they do not have the financial resources required to counter-attack such demands, which is why the service may be unavailable for a while. Based on everything that has been outlined so far, what do you personally think about this DDoS attack? Let us know your thoughts in the comment section below. UPDATE: The DDoS attacks have stopped. Therefore, the platform is available. Bitrated encourages users who wish to do so, to withdraw their funds from the system as soon as possible. Source: http://themerkle.com/bitrated-faces-severe-ddos-attack-and-3200-ransom-demand/

Read the article:
Bitrated faces severe DDoS attack and $3,200 ransom demand

Anonymous Threatens Bank DDoS Disruptions

Follows Collective’s ‘Total War’ Against Donald Trump After earlier this year declaring “total war” against U.S. Republican presidential candidate Donald Trump, the hacktivist group Anonymous is now threatening global banks with 30 days of distributed denial-of-service attack disruptions. As a preview, on May 2, the group claimed to have disrupted the website of Greece’s central bank. “Olympus will fall. A few days ago we declared the revival of Operation Icarus. Today we have continuously taken down the website of the Bank of Greece,” the group said in the video posted on You Tube and delivered in the classic Anonymous style via a disembodied, computerized voice. “This marks the start of a 30-day campaign against central bank sites across the world,” it adds. “Global banking cartel, you’ve probably expected us.” Of course, banks have previously been targeted en masse by DDoS attackers. Beginning in 2012, for example, attacks waged by a group calling itself the “Izz ad-Din al-Qassam Cyber Fighters” continued to disrupt U.S. banks’ websites as part of what it called “Operation Ababil.” In March, the Justice Department unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government – accusing them of having waged those attacks. Regardless of who was involved, it’s unclear if Anonymous could bring similar DDoS capabilities to bear for its Operation Icarus. A Central Bank of Greece official, who declined to be named, confirmed the May 2 DDoS disruption to Reuters , though said the effect was minimal. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website,” the official said. Greek banks have been previously targeted by DDoS extortionists, demanding bitcoins. “It would have been better if no disruption occurred, but it is good that the attack – if that is what caused the disruption – was handled so quickly,” says information security expert Brian Honan, who’s a cybersecurity expert to the EU’s law enforcement intelligence agency, Europol. A “World Banking Cartel Master Target List” published by Anonymous to text-sharing site Pastebin early this month lists the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis. Also on the target list are websites for the International Monetary Fund, the World Bank as well as 158 central banks’ websites. In a related video missive issued March 31, Anonymous urged its members to “take your weapons and aim them at the New York Stock Exchange and Bank of England,” promising that “this is the operation to end all others.” The planned Anonymous operation follows elements of the collective earlier this year declaring “total war” against Trump, and on April 1 temporarily disrupting several of Trump’s websites, The Hill reports. Since then, of course, Trump has become the only Republican presidential candidate left standing after his massive win in this week’s Indiana primary. Banks: Beware DDoS Threats While the Anonymous bark doesn’t always equal its bite, in the wake of this alert, “banks in the United Kingdom, United States and Latin America should be very prepared” against potential attacks, says Carl Herberger, vice president of security for DDoS-mitigation and security firm Radware. “In the same vein as someone yelling ‘bomb’ at an airport or fire at a movie theater, cyber-attack threats – whether idle or not – are not to be taken lightly,” he says, although he adds that the number of threatened DDoS attacks outweighs the quantity of actual attacks. Herberger says in light of the new threat, all banks should review their DDoS defense plans, keeping in mind that DDoS attackers do continue to refine their tactics, as seen in the disruption of Geneva-based encrypted email service ProtonMail. “As the attacks on ProtonMail in November 2015 have demonstrated … attackers change the profile of their attacks frequently and leverage a persistent and advanced tactic of revolving attacks geared to dumbfound detection algorithms,” he says, dubbing such tactics “advanced persistent DoS.” Maintain a DDoS Defense Plan Security experts have long recommended that all organizations have a DDoS defense plan in place. The U.K.’s national fraud and cybercrime reporting center, ActionFraud, for example, recently issued the following advice to all organizations: Review: “Put appropriate threat reduction/mitigation measures in place,” tailored to the risk DDoS disruptions would pose to the organization. Hire: If DDoS attacks are a threat, seek professional help. “If you consider that protection is necessary, speak to a DDoS prevention specialist.” Prepare: All organizations should liaise with their ISP in advance of any attack. “Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.” DDoS Extortions Spike The guidance from ActionFraud, released April 29, also warned that the center has recently seen a spike in DDoS extortion threats from an unnamed “online hacking group” demanding the equivalent of $2,250 to call off their planned attack. “The group has sent emails demanding payment of 5 bitcoins to be paid by a certain time and date. The email states that this demand will increase by 5 bitcoins for each day that it goes unpaid,” ActionFraud’s alert states. “If their demand is not met, they have threatened to launch a [DDoS] attack against the businesses’ websites and networks, taking them offline until payment is made.” ActionFraud advises targeted organizations: “Do not pay the demand.” That echoes longstanding advice from law enforcement agencies globally. ActionFraud also urges organizations to keep all copies of DDoS extortion emails – including complete email headers – as well as a complete timeline for the threats and any attacks, and to immediately report threats or attacks to authorities. Investigators say that keeping complete records – including packet-capture logs – is essential for helping to identify perpetrators. Or as ActionFraud advises: “Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.” Masquerading as Armada Collective? CloudFlare, a DDoS mitigation firm, reports that related attacks began in March and have been carried out under the banner of Armada Collective, as well as potentially Lizard Squad, although it’s not clear if those groups are actually involved. It’s also unclear if the threatened DDoS disruptions have ever materialized. “We’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack,” CloudFlare CEO Matthew Prince says in a blog post. “In fact, because the extortion emails reuse bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.” Source: http://www.bankinfosecurity.com/anonymous-threatens-bank-ddos-disruptions-a-9085

See the article here:
Anonymous Threatens Bank DDoS Disruptions

Explanation of DDoS attacks and SQL Injections

In most articles about Hack you usually follow attacks by groups like Anonymous, LulzSec and AntiSec. And you’ve heard also spoke websites and platforms that have been hacked as Sony earlier this year, for example. But are you aware of the methods used to break down these services? There are many tools and techniques that some hackers use to reach their goals but I will not give you all this turnkey. Here I will briefly explain the operating principle of the two most known attacks on the web. —  DDoS (Distributed) Denial of Service — SQL injections or SQLi DDoS attacks (Distributed) Denial of Service First of all what is a DDoS attack? A Denial of Service (also known as Distributed Denial of Service, or DDoS), resulting in denial-of-service attack. This kind of attack is to make available a service. Here I take the example (according to the diagram above) an attack on a web server by flooding the network to prevent its operation. You understood the objective and a successful DDoS attack is to render inoperative the website for everyone. As it works? In a DDoS attack, it’s all about logistics. And nothing like an example to explain it all Take a good million malicious people coming together in order to sabotage the company’s affairs X using its call center. They will coordinate their actions say Friday at 10am to call all at the same time the company X. This will be bombarded with millions of phone calls and probably will not manage. The result is that legitimate customers wanting to call this company will struggle to reach her. A DDoS attack on a web server works exactly the same way. Indeed, there is virtually no way of knowing if the generated traffic comes from legitimate requests or hackers. It is a type of attack usually very effective but requires substantial resources following the targeted server. Implementation of the attack A DDoS attack works virtually like a brute force. You’ll need a fairly large number of computers to attack all coordinates simultaneously. According to the example I gave you the call center, you can imagine that he rather difficult to directly control thousands of computers to attack a server. This is where the zombie machines come in. As you probably know, there are a multitude of malware and trojans that once installed on a system dormant pending instructions from the hacker who created it. One such instruction could be for example to send multiple requests to a web server. And so one hacker would have infected several thousand computers could use them to perpetrate the attack. With the use of multiple botnets in general it is very difficult to trace the source of such attacks because the hacker does not have to use its own machine to perform its action (besides controlling botnets but it goes without saying). SQL or SQLI injections What is SQL injection? A SQL injection is an achievement, that is to say a security flaw in an application connected to a database. Typically such flaws leverages bad programming techniques of some developers. ^^ This attack allows a compromise or even a server database if the user using the database system rights. But unlike a DDoS attack a SQLi attack can be easily avoided if a web application is programmed correctly. Implementation of the attack When you want to connect to a web site, you enter your user name and password. To test these settings, the web application will make a request of this type: 1 SELECT user_id FROM users WHERE username = ‘myuser’ AND password = ‘mypass’; Note that the String variables must be enclosed in single quotes. Thus the combination of username (myuser) and password (mypass) must match a line in the table of users (users) to a user_id is returned. If no line is, no user_id is back and in this way the connection with the entered password is invalid. However, if a user enters a substitution value that can be interpreted in the query, then at that time your application is susceptible to SQL injection. Suppose myuser ‘- entered the fields username with any password. This would give: 1 SELECT user_id FROM users WHERE username = ‘myuser’ – ‘AND password =’ ??mypass’; The key to this application is the inclusion of two hyphens (-). This is actually the token to comment out an SQL query. And so everything after the two dashes will be ignored. Here the query executed will be: 1 SELECT user_id FROM users WHERE username = ‘myuser’ As you have noticed most glaring omission here is the verification of the password! And this is by including in the fields username both indents that the password is completely ignored. This is called a SQL injection. The results By imagining that the site has full control over its database, then the consequences can be quite devastating. This can give the possibility to hack delete, create or edit database records, etc … To illustrate the damage that can be caused, consider this request as an example: 1 SELECT user_id FROM users WHERE username = ‘lama’; DROP TABLE users; – ‘AND password =’ ??mypass’; Here we have entered the user name input fields Lama ‘; DROP TABLE users; -. The semicolon used to end a statement and to create a new following. DROP TABLE users; will delete the users table in the database. Basically the query executed by data base will be: 1 SELECT user_id FROM users WHERE username = ‘lama’; 2 DROP TABLE users; Sure SQL permissions as the hacker can do a lot worse! As clear the entire database, create new logins, etc … Protect a SQL injection SQL injection can be easily circumvented by “disinfectant” or “escaping” the data. In English we can translate these words by “Sanitize” or “Escape”. In this way a chain inside a request can not be terminated prematurely. For example, to search the user name Wada in database you are forced to escape the single quote after the L. So you can “sanitize” the chain by inserting a . Returning to the previous SQL injection example with the value myuser ‘-. 1 SELECT user_id FROM users WHERE username = ‘myuser ‘ – ‘AND password =’ ??mypass’; Escaping the single quote after myuser, the database will search the user name myuser ‘-. So the query is executed fully and includes the second condition on the password. There are several methods to escape a string in a request. PHP for example you can use the mysql_real_escape_string () to escape a string in a request. 1 $ Sql ??= “SELECT user_id FROM users”; 2 mysql_real_escape_string ( “myuser” – “). $ Sql. = “AND password = ‘”. mysql_real_escape_string ( “mypass”).

Follow this link:
Explanation of DDoS attacks and SQL Injections

New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Group has ties to the Darkhotel APT attacks Security researchers from Forcepoint say that a new botnet has slowly risen and grown to contain over 19,000 zombies all over the world, but predominantly in Asian countries. Named Jaku ( Star Wars reference alert — Jakku ), the botnet has made most of its victims in countries such as Japan and South Korea, which count 73 percent of all infections. Nevertheless, security experts claim they detected infections with Jaku’s malware in 134 different countries, even if sometimes they comprised one or two users. Jaku is one of the most sophisticated and resilient botnets around Researchers say that first signs of the botnet appeared last September, and in a six-month timeframe, Jaku grew tremendously compared to other similar threats. The group behind Jaku controls the botnet through multiple C&C (command-and-control) servers, most of which are located in countries in the APAC region, such as Singapore, Malaysia, and Thailand. In ordered to stay hidden from sight, the Jaku group deployed three different C&C mechanisms but also used obfuscated SQLite databases on the client-side to store configuration files. The Jaku botnet can be used to deliver spam, to launch DDoS attacks, but also to implement other types of malware. This second-stage delivery process occurs with the help of steganography, which crooks use to bundle their malicious code inside image files. Jaku infects users via poisoned torrent files Forcepoint says that infections usually takes place via malware-laced files shared via BitTorrent. The group usually goes after high-value targets but doesn’t mind if other users are infected as well. Security researchers say the group has shown interest in international Non-Governmental Organizations (NGOs), engineering companies, academic institutions, scientists and government employees. “The Jaku campaign has clear connections with the TTPs used by the threat actors discussed by Kaspersky in the Darkhotel investigations from November 2014,” Forcepoint researchers point out. The Darkhotel group was later known as Dark Seoul , and has recently been connected to hackers in North Korea, part of the Lazarus Group . Source: http://news.softpedia.com/news/new-jaku-botnet-already-has-19-000-zombies-ideal-for-spam-and-ddos-attacks-503689.shtml

Read the original post:
New Jaku Botnet Already Has 19,000 Zombies, Ideal for Spam and DDoS Attacks

Anonymous Target Bank of Greece Website with Massive DDoS Attack

Anonymous shut down the bank of Greece website in a powerful DDoS attack — Vows to target more banks against financial corruption. The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks ( DDoS ) forcing the servers to remain offline for more than 6 hours. OpIcarus is all about targeting banking and financial giants Anonymous’ Operation OpIcarus was launched in January 2016 and restarted in March 2016. The hacktivists behind the operation believe banks and financial giants are involved in corruption and to register their protest they had to take the war to a next level. In an exclusive conversation with one of the hacktivists behind the Greek bank DDoS attack, HackRead was told that: “The greek central bank has been offline all day. we would like all banks out there to know that unless they hold themselves accountable for their crimes against humanity that we will strike a new bank every single day and punish them #OpIcarus.” Source: https://www.hackread.com/anonymous-ddos-attack-bank-greece-website-down/ The hacktivists also released a YouTbe video revealing the reason and a list of banking websites that will be targeted. The list includes banking and financial institutions in Brazil, Bangladesh, China, USA, UK, Pakistan, Iran and several other countries.

Link:
Anonymous Target Bank of Greece Website with Massive DDoS Attack

Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

After terrorizing companies under the fake Armada Collective moniker, the same group appears to have switched to using the name of the infamous Lizard Squad hacking crew, CloudFlare reported today. Early this week on Monday, CloudFlare let everyone know there was a criminal goup sending out extortion emails to companies around the globe. The criminals were posing as Armada Collective , an infamous group known for carrying out DDoS attacks if victims didn’t pay a so-called “protection tax.” The crooks were basing their attacks on the victims googling their name and finding out about the tactics of the real Armada Collective. In fact, CloudFlare says it never saw a single DDoS attack carried out by this group against its targets. In another blog post today, CloudFlare says that three days after they exposed the group, the criminals dropped the Armada Collective name and started using Lizard Squad instead, another hacking crew, famous for downing the Xbox and PlayStation networks on Christmas 2014. The change was to be expected since extorted organizations that would google the Armada Collective name would see all the stories about the copycats instead. CloudFlare says that over 500 companies received extortion emails from this group claiming to be Lizard Squad and that all these emails were identical. As before, the group used one single Bitcoin address to receive payments. By using one Bitcoin address, the group would not be able to tell which companies paid the ransom and which didn’t, meaning this was almost sure the same group as before, launching empty threats once again. CloudFlare says that just like when claiming to be Armada Collective, the group never launched any DDoS attacks when posing as Lizard Squad. Below is a comparison of the two ransom notes received by companies, from the fake Lizard Squad group on the left, and from the fake Armada Collective group on the right. Source: http://justfreedownload.net/news/98693/armada-collective-copycats-now-posing-as-lizard-squad-in-ddos-extortion-scheme.html

See more here:
Armada Collective Copycats Now Posing as Lizard Squad in DDoS Extortion Scheme

The rising cost of DDoS

Data centers may be more reliable, but failures due to malicious attacks are increasing. Their cost is also rising, says Michael Kassner Some cost accountants would cringe at his methodology, but after a 2013 DDoS attack on Amazon, Network World journalist Brandon Butler took a simple route to come up with an attention-grabbing headline: “Amazon.com suffers outage – nearly $5M down the drain?” Did Amazon really lose this much money? Or did it lose more? Butler worked backward from the company’s reported quarterly earnings: “Amazon.com’s latest (2013) earnings report shows the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour.”  The DDoS outage lasted nearly an hour, hence the almost $5 million figure. That is a truly staggering amount to lose in one hour of unplanned maliciously-caused downtime. And Butler’s methodology seems logical on the surface. But could we get a more accurate idea of the actual cost? The Ponemon way of estimating If the Ponemon Institute is known for anything, it is the company’s diligence in providing accurate accounting of issues on the company’s radar – in particular security issues. Its areas of interest happen to include the cost of data center outages, which it covers in a regular report series. The executive summary of the latest, January 2016, report says: “Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to our new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).” To reach those conclusions the Ponemon researchers surveyed organizations in various industry sectors (63 data centers) that experienced an unplanned data center outage during 2015. Survey participants held positions in the following categories: Facility management Data center management IT operations and security management IT compliance and audit The Ponemon researchers used something called activity-based costing to come up with their results. Harold Averkamp at AccountingCoach.com describes activity-based costing as follows: “Activity-based costing assigns manufacturing overhead costs to products in a more logical manner than the traditional approach of simply allocating costs on the basis of machine hours. Activity-based costing first assigns costs to the activities that are the real cause of the overhead. It then assigns the cost of those activities only to the products that are actually demanding the activities.” Following Averkamp’s definition, Ponemon analysts came up with nine core process-related activities that drive expenditures associated with a company’s response to a data outage (see Box). It’s a detailed list, and includes lost opportunity costs. Key findings The research report goes into some excruciating detail, and significant real information can be gleaned from the survey’s key findings. For example, the maximum cost of a data center outage has more than doubled since Ponemon Institute started keeping track, from $1 million in 2010 to more than $2.4 million in 2016. Overall outage costs Source: Ponemon Institute “Both mean and median costs increased since 2010 with net changes of 38 and 24 percent respectively,” says the report. “Even though the minimum data center outage cost decreased between 2013 and 2016, this statistic increased significantly over six years, with a net change of 58 percent.” The report also found that costs varied according to the kind of interruption, with more complexity equalling more cost. “The cost associated with business disruption, which includes reputation damages and customer churn, represents the most expensive cost category,” states the report. The least expensive costs, the report says involve “the engagement of third parties such as consultants to aid in the resolution of the incident.” The Ponemon report looked at 16 different industries, and the financial services sector took top honors with nearly a million dollars in costs per outage. The public sector had the lowest cost per outage at just under $500,000 per outage. Primary causes of outages Source: Ponemon Institute Next, the Ponemon team looked at the primary cause of outages. UPS system failure topped the list, with 25 percent of the companies surveyed citing it. Twenty-two percent selected accidental or human error and cyber attack as the primary root causes of the outage. Something of note is that all root causes, except cyber crime, are becoming less of an issue, whereas cybercrime represents more than a 160 percent increase since 2010. One more tidbit from the key findings: complete unplanned outages, on average, last 66 minutes longer than partial outages. The Ponemon researchers did not determine the cost of an outage per hour; deciding to look at the price per outage and per minute, and how those numbers have changed over the three survey periods. The cost per outage results are considerably less than that reported for the Amazon incident, but an average of $9,000 per minute or $540,000 per hour is still significant enough to make any CFO take note. DDoS is not going away Data centers can only increase in importance, according to the Ponemon analysts, due in large part to cloud computing (30 percent CAGR between 2013 and 2018) and the IoT market (expected to reach 1.7 trillion dollars by 2020). “These developments mean more data is flowing across the internet and through data centers—and more opportunities for businesses to use technology to grow revenue and improve business performance,” write the report’s authors. “The data center will be central to leveraging those opportunities.” An interesting point made by the report is how costs continue to rise and the reasons for data center downtime today are mostly not that different from six years ago. The one exception is the rapid and apparently unstoppable growth in cyber attacks. The report authors are concerned about this very large increase in cyber attack outages, and they make a stark warning that the problem is not going away soon.   Components of cost: Detection cost Activities associated with the initial discovery and subsequent investigation of an outage incident. Containment cost Activities and associated costs that allow a company to prevent an outage from spreading, worsening, or causing greater disruption. Recovery cost Activities and associated costs related to bringing the organization’s networks and core systems back to normal operation. Ex-post response cost All after-the-fact incidental costs associated with business disruption and recovery. Equipment cost The cost of equipment, new purchases, repairs, and refurbishment. IT productivity loss The lost time and expenses associated with IT personnel downtime. USER productivity loss The lost time and expenses associated with end-user downtime. Third-party cost The cost of contractors, consultants, auditors, and other specialists engaged to help resolve unplanned outages. Lost revenues Total revenue loss from customers and potential customers because of their inability to access core systems during the outage. Business disruption Total economic loss of the outage, including reputational damages, customer churn, and lost business opportunities. Source: http://www.datacenterdynamics.com/security-risk/the-rising-cost-of-ddos/96060.article http://www.datacenterdynamics.com/magazine

Read More:
The rising cost of DDoS

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Ghost Squad’s DDoS Attack Closes Down KKK Website The Anonymous vs. Ku Klux Klan (KKK) cyber war is well known to all of us. In continuation of that war, Anonymous affiliate Ghost Squad brought down one of major website belonging to the KKK members. In a series of powerful distributed denial-of-service (DDoS) attacks just a few hours ago, Anonymous has shut down the official website of Loyal White Knights of the Ku Klux Klan (KKK). Ghost Squad, the group said to be behind this attack works with the online hacktivist Anonymous. The reason for attacking the KKK is the “blunt racism” in the name of free speech. In an exclusive conversation with one of the attackers, HackRead was told that: “We targeted the KKK due to our hackers being up in their face, we believe in free speech but their form of beliefs is monolithic and evil. We stand for constitutional rights but they want anyone who is not Caucasian removed from earth so we targeted the KKK official website to show love for our boots on the ground and to send a message that all forms of corruption will be fought. We are not fascist but we certainly do not agree with the KKK movement. They are the Fascists and they are the Racists.” An error message “The kkkknights.com page isn’t working” is displayed for those visiting the website. KKK has not for the first time come under attacks by Anonymous. Earlier, the hacktivists disclosed personal information of KKK members. In October 2015, the group also carried out DDoS attacks on KKK’s website, as one of the Klan members apparently harassed a woman on Twitter. This is not it. In 2014, the official website of a Mississippi-based white supremacist organization “The Nationalist Movement” (nationalist.org) was also spoiled with messages like “Good night white pride.” The KKK Knights website is still offline across the world as shown in the screenshot below: Source: http://www.techworm.net/2016/04/kkk-website-shut-anonymous-ghost-squads-ddos-attack.html

Originally posted here:
KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting

Anonymous NWH targets Denver police department domain with DDoS attack to register protest against the fatal shooting of 39-year-old Dion Avila An Anonymous-linked team of attackers called New World Hacking  (NWH)   has conducted a series of powerful distributed denial-of-service ( DDoS ) attacks on Denver city, county and police website earlier today forcing the site to go offline — The reason for targeting the site was last week’s (Tuesday 14th April)   police shooting in which Dion Avila Damon was allegedly killed inside his parked car near the Denver Art Museum. In an exclusive conversation with two of the NWH attackers (Sad Prophet and SinfulHazeCE) behind this attack, HackRead told that: “We see how Denver police don’t care so if they don’t care about killing and innocent; we don’t care about continuous attacks on Denver.” The attackers also hint for a database leak within a week or so depending on the response from Denver police department. However, Fox news reported that Police is investigating an officer-involved in the shooting. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . At the time of publishing this article, the Denver police department website was down. Source: https://www.hackread.com/anonymous-shut-denver-police-website/    

View post:
Anonymous Launches DDoS attacks Against Denver Police Website Against Fatal Shooting