Tag Archives: var-username

Mexican news site suffers DDoS Attack after publishing article on State Massacre

After publishing the article — titled “It Was The Feds” — news portal Aristegui Noticias reported suffering distributed denial of service (DDoS) attacks, which brought the site down for more than seven hours. Press freedom group Article 19 immediately called on authorities to guarantee the free flow of information. Additionally, the group called on the Mexican government to act in defense of journalists, “especially when they are providing vital information to the public as is in the case of Laura Castellanos.” Castellanos, the investigative reporter behind the article, has been the victim of intimidation, break-ins, and security threats over her decades-long career. In 2010, Article 19 included Castellanos in their journalist protection program. Mexico’s human rights commission called on the government to conduct a thorough investigation to “get to the truth” of the Apatzingán incident. “We want to let society know what happened that day,” human rights commission ombudsman Luis Raúl González Pérez said Tuesday. Source: https://news.vice.com/article/mexicos-government-is-brushing-off-report-of-another-state-massacre-of-unarmed-civilians

More here:
Mexican news site suffers DDoS Attack after publishing article on State Massacre

The rise and rise of bad bots – little DDoS

Many will be familiar with the term bot, short for web-robot. Bots are essential for effective operation of the web: web-crawlers are a type of bot, automatically trawling sites looking for updates and making sure search engines know about new content. To this end, web site owners need to allow access to bots, but they can (and should) lay down rules. The standard here is to have a file associated with any web server called robots.txt that the owners of good bots should read and adhere too. However, not all bots are good; bad bots can just ignore the rules! Most will also have heard of botnets, arrays of compromised users devices and/or servers that have illicit background tasks running to send spam or generate high volumes of traffic that can bring web servers to their knees through DDoS (distributed denial of service) attacks. A Quocirca research report, Online Domain Maturity, published in 2014 and sponsored by Neustar (a provider of DDoS mitigation and web site protection/performance services), shows that the majority of organisations say they have either permanent or emergency DDoS protection in place, especially if they rely on websites to interact with consumers. However, Neustar’s own March 2015, EMEA DDoS Attacks and Protection Report, shows that in many cases organisations are still relying on intrusion prevention systems (IPS) or firewalls rather than custom DDoS protection. The report, which is based on interviews with 250 IT managers, shows that 7-10% of organisations believe they are being attacked at least once a week. Other research suggests the situation may actually be much worse than this, but IT managers are simply not aware of it. Corero (another DDoS protection vendor) shows in its Q4 2014 DDoS Trends and Analysis report, which uses actual data regarding observed attacks, that 73% last less than 5 minutes. Corero says these are specifically designed to be short lived and go unnoticed. This is a fine tuning of the so-called distraction attack. Arbor (yet another DDoS protection vendor) finds distraction to be the motivation for about 19-20% of attacks in its 2014 Worldwide Infrastructure Security Report. However, as with Neustar, this is based on what IT managers know, not what they do not know. The low level, sub-saturation, DDoS attacks, reported by Corero are designed to go unnoticed but disrupt IPS and firewalls for just long enough to perpetrate a more insidious targeted attack before anything has been noticed. Typically it takes an IT security team many minutes to observe and respond to a DDoS attack, especially if they are relying on an IPS. That might sound fast, but in network time it is eons; attackers can easily insert their actual attack during the short minutes of the distraction. So there is plenty of reason to put DDoS protection in place (other vendors include Akamai/Prolexic, Radware and DOSarrest ). However, that is not the end of the bot story. Cyber-criminals are increasingly using bots to perpetrate another whole series of attacks. This story starts with another, sometimes, legitimate and positive activity of bots – web scraping; the subject of a follow on blog – The rise and rise of bad bots – part 2 – beyond web scraping. Source: http://www.computerweekly.com/blogs/quocirca-insights/2015/04/the-rise-and-rise-of-bad-bots.html

Continued here:
The rise and rise of bad bots – little DDoS

Namecheap DNS Under DDoS Attack

Namecheap DNS hosting is under a DDoS attack, as a result millions of websites are offline. The company issued a statement : We regret to let you know that we are experiencing a DDoS attack against our default DNS system v2. If your domain name(s) is using DNS system v2, it may not be resolving properly at the moment. Unfortunately, there is no current ETA for the issue, but we are doing our best to mitigate the attack and minimize its affect on the service. We will keep you updated on the progress. An update was later posted : Update @ 7:45 AM EDT | 11:45 AM GMT The attack is still ongoing, unfortunately. We are doing our best to mitigate the attack as soon as possible. Your patience and understanding are highly appreciated Source: https://www.shieldjournal.com/namecheap-dns-under-ddos-attack/

Read this article:
Namecheap DNS Under DDoS Attack

How startup GitHub survived a massive five-day DDoS attack

The collaborative coding site scrambled to withstand the opening salvo from what researchers dubbed China’s Great Cannon. But CEO Chris Wanstrath says that was just the beginning. To survive, startups must surmount challenges like product development, funding negotiations and cash flow. GitHub CEO Chris Wanstrath can add a very different challenge to his list: a sustained five-day network attack that some say marked the beginning of a new, more aggressive chapter in China’s relations with the outside computing world. GitHub’s business, founded in 2008, is all about letting programmers work together. It offers a place where individual coders can contribute to each other’s software projects, and where companies like Google, Facebook and Twitter can share work through the collaborative open-source movement. But on March 26, two organizations with GitHub accounts came under attack. Attacks on GitHub are common, though it can be nearly impossible to figure out their origins, Wanstrath said during an interview here at the company’s Merge conference. Even teenagers flexing their online muscles can launch an attack by buying access to a collection of machines. But this recent GitHub attack one was the worst in the company’s history. The company’s seven-person response team worked around the clock in a cat-and-mouse game to keep GitHub running even as the attackers shifted from one type of attack to another. Those two targeted GitHub sites were GreatFire.org, a nonprofit organization that tries to help people bypass Chinese censorship, and the Chinese New York Times, according to an analysis of the attack by network security software firm Netresec. But it hurt all of GitHub’s operations. That’s because it was a distributed denial-of-service (DDOS) attack, where countless computers around the world overwhelmed GitHub’s servers to the point where they couldn’t provide the online service they’re supposed to provide. Researchers dubbed the attack the Great Cannon. The Great Firewall of China has been around for years, letting the government block access to sites it doesn’t want its Chinese residents seeing, but the Great Cannon serves an offensive rather than defense purpose, the researchers at the University of Toronto, University of California and Princeton University wrote. When people visited innocent Web pages, the attacker’s servers would replace website code with malicious code that would direct their browsers to ceaselessly reload the GitHub pages. “The Cannon manipulates the traffic of bystander’ systems outside China, silently programming their browsers to create a massive DDOS attack,” the researchers said. The Chinese system could work similarly to one run by the US National Security Agency and its British counterpart, Government Communications Headquarters, according to documents leaked by former NSA contractor Edward Snowden. These programs, called Quantum and Foxacid, appeared to target the anonymous communication technology called Tor and employees at Belgian telecommunications company Belgacom, according to security expert Bruce Schneier and Der Spiegel, a German news publication. Wanstrath sat down with CNET’s Stephen Shankland to discuss the GitHub attack. The following is an edited transcript of their conversation. What was your first inkling that you were under attack? Wanstrath: A traffic spike. We started to get an unusual amount of traffic. It was coming from all over the world — were we on Oprah? Then we realized people’s phones or computers were getting hijacked to load GitHub. We saw the man-on-the-side attack. But that was just was the first attack of a series. Wanstrath: Yes. It was a mix of new stuff and boring stuff. The nature of the first attack was novel. After that we saw other attacks that were traditional, like SYN floods. In five days, we saw 18 or 20 attacks. How often are you attacked ordinarily? Wanstrath: Once a month, if not more. We’ve got monitoring. We have a good incident response program set up. When there’s an attack profile, you get paged. The main event of a DDOS is overwhelming the network with traffic. When you get a million requests and they’re exactly the same in one second, that’s a DDOS. We have automated systems, then an ops team on the network around the clock. So was somebody trying to send a message? Wanstrath: Of course. I just don’t know who the message was for. I’m not even sure the message is to us. You don’t need to be a state government to run this sort of attack. Sometimes it’s teenagers fighting over message boards. If it was from China, is there an easier way to target GreatFire and the New York Times than launching a five-day attack? Wanstrath: Sure. That’s why it’s confusing to conclude it came from China. In China, the New York Times is blocked, the Wall Street Journal is blocked. China blocks [lots] of websites. And after five days they chose to disengage? Did you vanquish the enemy? Wanstrath: It was an ongoing battle. We successfully mitigated some of their attacks. Even though we were winning, we were fighting the whole time. There was a lot of press about it, which may have contributed to the disengagement. What’s frustrating is there was no ransom note — no request for anything. Just an attack. What did it do to your business? Wanstrath: The outages are frustrating. We never went totally down, but people had errors. It interrupted people’s workflows. At GitHub, people were up all weekend. So is this a badge of honor? A sign that you’ve arrived? Wanstrath: It’s hard to feel that way when there are real people trying to do real work with GitHub. If this is what arriving is like, this isn’t what we signed up for. We’ve been attacked for awhile. We have defenses. But GitHub two or three years ago would not have successfully mitigated this attack. You can imagine a smaller company just falling over. What did you learn? Have you changed any technology or policies? Wanstrath: We learned a lot on a technical level. The DDOS is such a cat-and-mouse game. We can’t share broadly with the technology community to say here’s how to protect yourselves, though. It’s like bacteria. If the attackers know what we do, then they’ll stop doing that attack. Now, they don’t know what we know. Did you talk to the US government about the attack? Wanstrath: We can’t say it really has a China component because we can’t prove anything. We can’t really ask for help for anyone. I’m not sure what would have happened if this had lasted a month. Source: http://www.cnet.com/au/news/how-startup-github-survived-a-massive-five-day-network-attack-q-a/

Original post:
How startup GitHub survived a massive five-day DDoS attack

Borg routers open to repeat remote DoS attack

Patches cooked for five versions of Cisco’s IOS Remote attackers can send some Cisco routers into a continuous denial of service funk by rebooting network processor chips with a crafted attack. The high-severity hole (CVE-2015-0695) affects the IOS XR software in Cisco ASR 9000 Series Aggregation Services routers running Typhoon-based cards, the second-generation of line cards. The Borg says exploitation could cause “a lockup and eventual reload of a network processor chip and a line card that is processing traffic, leading to a denial of service condition”. “The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface when any of the following features are configured: Unicast Reverse Path Forwarding, policy-based routing, quality of service, or access control lists,” Cisco says in an advisory. “An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface.” Users should apply the patches for five versions as there are no workarounds for the flaw. Software newer than version 4.3.0 are unaffected. The Borg does not know of any in-the-wild attacks using the vulnerabilities and has offered some techniques for admins to identity exposure. Source: http://www.theregister.co.uk/2015/04/16/borg_routers_open_to_repeat_remote_dos_attack/ http://whitepapers.theregister.co.uk/paper/view/3715/cyber-risk-report-2015.pdf

Asia-Plus’s website hit with DDoS attack again

The website of the Media Holding Asia-Plus has been hit with distributed denial-of-service (DDoS) attack again. The Asia-Plus’s website was hit with the DDoS attack on April 14. Over the past ten days, it has already been the third attempt to make the website unavailable to its subscribers. The first DDoS attack o the Asia-Plus’s website was conducted on April 3 and it was conducted practically from all domestic Internet service providers. Restoration of a stable work of the web-resource took nearly three days. The reasons for these DDoS attacks are still unknown because it is not clear who is behind these DDoS attacks. However, it cannot be ruled out that a group of hackers has appeared who want to “test” steadiness of the site. In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reportedly reached an average rate of 28 per hour. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. Denial-of-service threats are also common in business, and are sometimes responsible for website attacks. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. Source: news.tj/en/news/asia-plus-s-website-hit-ddos-attack-again

More:
Asia-Plus’s website hit with DDoS attack again

Belgian media company experiences DDoS attack

Rossel, a Belgian media group, experienced a distributed denial of service (DDoS) attack that stretched out for several hours Sunday. One of Belgium’s largest French-speaking newspapers, La Soir , along with others sites were affected and were temporarily shut down, according to report by Deutsche Welle . The attack occurred just days after pro-ISIS sympathizers launched a cyberattack against a French television network and Tunisian extremists took over a Belgian regional government website. Didier Hamann, director of Le Soir , tweeted that the perpetrator hadn’t yet been identified. Currently no evidence has been uncovered that links the attack to the one that crippled French TV station TV5 Monde. Hamann also noted that the station was regularly targeted by cyber threats, but “this time the firewall is not working as normal.” Source: http://www.scmagazine.com/ddos-attack-on-belgian-media-group-lasts-hours/article/408998/

See the original post:
Belgian media company experiences DDoS attack

Online gambling sites taken out by DDoS attacks

Customer of Betfair and PokerStars have been left enraged after the software of both gambling giants suffered from major connectivity issues over the weekend. Betfair’s sportsbook, betting exchange and websites were unavailable for more of April 13 after the firm’s servers came under attack from a Distributed Denial-of-Service (DDoS) attack . Betfair’s customer service team, manning the @BetfairHelpDesk Twitter account, confirmed to customers that a DDoS attack was the cause of the problems and reassured worried punters that their details and funds were safe. The attack seems to be either over or under control as I was able to log into all Betfair products on April 14. A DDoS attack is designed to temporarily or indefinitely interrupt or suspend the services offered by the targeted website. One way of achieving this is to bombard the site’s servers with so much bogus information and requests that it is overloaded and cannot respond to legitimate traffic requests. This appears to be what happened to Betfair on April 13. You may recall that partypoker was targeted by numerous DDoS attacks in October 2014 that resulted in some of its Pokerfest events being cancelled. The attacks at partypoker resurfaced in early December 2014 and saw the site effectively taken offline for several hours while its technicians and its Internet Service Provider (ISP) in Gibraltar combated the problem. Around the same time, 888poker was suffering similar connectivity problems – its servers are also in Gibraltar – but the London Stock Exchange (LSE) listed company refused to comment on whether or not it had been targeted by the same DDoS attacks that plagued partypoker. Poker sites are often reluctant to announce they are suffering from a hacker’s attempt to cause a DDoS because of the possible widespread panic the mention of a hacker could and would cause. Usually, the so-called hacker isn’t interested in attempting to obtain information – major online poker and gambling sites have these details secure under state-of-the-art systems – they are attempting to disrupt the targeted site’s business. Although neither confirmed or denied by its management team, rumours of PokerStars being under a DDoS attack have been doing the rounds on various forums, including Two Plus Two. Players have been reporting major lag (low response when clicking buttons etc) and connectivity problems when attempting to play at PokerStars since April 9. The problems seem to be global, although resident of Belgium seem to be more severely affected judging by tweets from various Belgians including Friend of PokerStars Pierre Neuville and PokerStars’ Belgian Twitter account on April 12, although a more recent update claims all problems Pokerstars.be were facing are now resolved. While PokerStars does appear to be on top of the problems now, its Network Status panel shows it has Very Good connection at five of the six listed hosts, although Manx Telecom, Isle of Man has 0% connection and all packets of data being sent to it are currently being lost. Source: http://uk.pokernews.com/news/2015/04/betfair-and-pokerstars-suffer-major-connectivity-problems-17360.htm?utm_medium=feed&utm_campaign=homefeed&utm_source=rss

See the article here:
Online gambling sites taken out by DDoS attacks

Betat Casino Suffers DDoS Attacks

Betat Casino, a popular international online gaming destination, has been subject to Distributed Denial of Service (DDoS) attacks by yet unidentified hackers, the specialty press reports. The hackers are apparently trying to extort the operator for Bitcoins. The website has made an announcement to its players complaining about their crippled service, in which they revealed the attack and the fact that the hackers wanted 10 bitcoins (currently about $2500) to stop the attack. “ This attack was vicious, massive and wide spread and hit our entire range of sub-nets, even our CDN has been compromised (Content Delivery Network) as well as our AWS (Amazon’s Cloud Service), ” a Betat spokesperson commented on the attack. “To say that 45Gbps of bandwidth is a lot is a gross understatement. These hackers have massive capacity and are highly organized. Luckily, we are well equipped to handle these kinds of attacked and while nothing of this magnitude has been recorded on both our front, nor on the service providers experience, we are highly confident that by end of the week we will have the situation under full control. That said, the next 5-7 days will be rough and our customers may experience times of inconsistent performance.” In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Basically, it floods the targeted servers with huge loads of data, making them function much slower or not available at all to its users. According to the information available on the internet, these types of attacks are either initiated by groups of hackers with their own agenda, or they can be “ordered” through the dark web for as low as $150. Source: http://casinolocale.net/betat-casino-suffers-ddos-attacks/

More here:
Betat Casino Suffers DDoS Attacks

The “Great Cannon”: How China Turns Its Web-sites Into Cyberweapons

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling… When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling it the Fantastic Cannon. Separate from but positioned within China’s Wonderful Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by working with cyberattacks to damage solutions that help folks inside China see banned content. The Excellent Cannon is not merely an extension of the Fantastic Firewall, but a distinct attack tool that hijacks website traffic to (or presumably from) person IP addresses, and can arbitrarily replace unencrypted content material as a man-in-the-middle. With this most recent DDoS attack, the Wonderful Cannon worked by weaponizing the internet site visitors of visitors to Baidu or any website that utilised Baidu’s comprehensive ad network. This suggests any one visiting a Baidu-affiliated from anyplace in the planet was vulnerable to obtaining their internet visitors hijacked and turned into a weapon to flood anti-censorship internet sites with too a lot targeted traffic. This distinct attack had a narrow target: Particular web sites recognized to circumvent Chinese censorship. But Citizen Lab thinks the Terrific Cannon could be utilised in a substantially broader way. Due to the fact it is capable of making a complete-blown man-in-the-middle attack, it could be made use of to intercept unencrypted emails, for example. The attack launched by the Good Cannon seems somewhat apparent and coarse: a denial-of-service attack on services objectionable to the Chinese government. However the attack itself indicates a far far more significant capability: an potential to “exploit by IP address”. This possibility, not yet observed but a function of its architecture, represents a potent cyberattack capability. As Citizen Lab’s researchers note, it’s fairly strange that China would show off this strong weapon by applying it in such a pointed attack. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Online to co-opt arbitrary computer systems across the net and outside of China to obtain China’s policy ends. The only silver lining here is that this could prompt a far more urgent push to switch to HTTPS, given that the Good Cannon only operates on HTTP. This attack tends to make it painfully apparent that utilizing HTTPS isn’t just a smart safeguard— it is a required precaution against effective state-sponsored cyberattacks. Source: http://www.eaglecurrent.com/technology/the-quotgreat-cannonquot-how-china-turns-its-web-sites-into-cyberweapons-h4121.html