Tag Archives: web-development

Hong Kong Voting Site Suffers DDoS Attack Before Civil Referendum

Just days before a citizen-led online referendum on voting rights, the technical platform that advocates had planned to use for the referendum suffered a massive DDoS attack. From June 20-22, citizens will be invited to vote on a referendum on constitutional reforms that would guarantee all citizens the right to vote in elections that determine who will be the city’s Chief Executive. To build a public consensus around a recent civil proposal on universal suffrage, the civic group “Occupy Central with Love and Peace” appointed the Public Opinion Programme at Hong Kong University and the Center for Social Policy Studies at the Hong Kong Polytechnic University to host the civil referendum on their servers. On June 13, 30 hours after HKU’s Public Opinion Programme (POP) tested their online system by accepting voter pre-registrations, the system endured the largest distributed denial of service attack in its history. Two of their hosting providers have since withdrawn their service for the project. The civil referendum has been criticized by pro-Beijing political groups, sparking controversy concerning channels for nomination. Many Hong Kongers feel that political party nomination and nomination by a nominating committee serve as a filtering mechanism for eliminating candidates who are undesirable for Beijing. According to a press release issued by HKU POP on June 16, the voting system is hosted by Amazon Web Services (AWS), Cloudflare and UDomain. All three web hosting services suffered from large scale DDoS attacks on June 14 and 15. AWS recorded 10 billion system requests with 20 hours, CloudFare recorded a 75Gb DDoS per second and UDomain 10Gb per second. As the scale of attack is tremendous, all three service providers were forced to temporarily suspend their services. An expert estimated that there could be at least 5,000 but possibly more than 10,000 computers involved in the attack. On June 16, Amazon decided to stop providing DNS hosting service to HKU POP and UDomain withdrew its security protection service. Cloudflare is now the only service provider to support the voting system. IT security expert Anthony Lai posted digital attack maps on his Facebook page, comparing the attack scale between June 10 and June 14 (see top), before and after HKU POP tested the voting system: Digital Attack Map on June 10. Destination Hong Kong. HKU POP is working on a solution to the voting system’s vulnerability. They are considering to using 125 telephone lines for voting, but this will not be able to accommodate the expected 70,000 votes in 12 hours. In 2012, the HKU POP was also attacked by DDoS when it hosted a mock universal suffrage poll for the chief executive election. Source: http://advocacy.globalvoicesonline.org/2014/06/17/hong-kong-voting-site-suffers-massive-ddos-attack-before-civil-referendum/

Feedly suffers second round of DDoS attacks after perpetrator tried to extort money

Update 7.26am PST (June 12) After initially giving the all-clear for business to resume, Feedly has announced that it’s currently suffering a second round of DDoS attacks. The company says in a blog post: “We are currently being targeted by a second DDoS attack and are working with our service providers to mitigate the issue. As with yesterday’s attack, your data is safe. We apologize for the inconvenience and will update this blog post as more information is available or the situation changes.” Update 3:40PM PT: Feedly has posted on its blog that it has neutralized the DDoS attack as of 3:07PM PT. “You should now be able to access your feedly from both feedly.com, mobile apps and third party applications. Our ops team is closely monitoring the situation in case the attacks resume. It might take a few hours for some of the 40 million feeds we poll to be fully updated. We would like to re-iterate that none of your data was compromised by this attack.” Original post below: If you’ve been having issues accessing your RSS feed via Feedly today, well, there’s a good reason for that. Feedly has announced that it’s currently suffering a DDoS (distributed denial-of-service) attack, with the perpetrator(s) attempting to garner money from the company to make it stop. “We refused to give in and are working with our network providers to mitigate the attack as best as we can,” explains Edwin Khodabakchian, founder and CEO of Feedly. Feedly is assuring its users that their data remains safe, and access will be restored once the “attack is mitigated.” Other companies have been affected by a DDoS too, as Feedly alludes to when it says “we are working in parallel with other victims of the same group and with law enforcement.” Just yesterday, Evernote reported it had been subjected to a similar attack, though it was quickly restored. It’s not clear whether this is directly related to the current attack on Feedly. We’ll update here when we receive any updates. Source: http://thenextweb.com/insider/2014/06/11/feedly-suffers-ddos-attack-perpetrator-tries-extort-money/

More here:
Feedly suffers second round of DDoS attacks after perpetrator tried to extort money

RSS Reader Feedly is Being Held Hostage By a DDOS Attack

Feedly, one of the most popular post-Google Reader RSS readers, has been unavailable for hours due to a denial of service attack against the site. According to a post on Feedly’s blog, whoever is perpetrating the attack is trying to extort money from the company, but it “refused to give in.” Feedly is currently working on infrastructure changes that will prevent this kind of thing from happening in the future. I have long been of the opinion that denial of service attacks – the process of flooding a website with so many requests for web pages that it essentially becomes overwhelmed and stops working – doesn’t really qualify as hacking. It doesn’t grant the person doing it with access to anyone’s data. In fact, it doesn’t really have any effect on the data at all. It’s more like a sit-in, effectively shutting down a business by blocking access. Don’t get me wrong, it’s a nuisance. If I were the owners of Feedly, I’d be apoplectic. But I think if no data is stolen or damaged, the punishments for these types of behaviors generally exceeds the seriousness of the crime. Extortion, on the other hand, is a different thing entirely. Here’s hoping Feedly is back on its feet soon. Source: http://www.onthemedia.org/story/rss-reader-feedly-being-held-hostage-ddos-attack/

Continue Reading:
RSS Reader Feedly is Being Held Hostage By a DDOS Attack

Facing a criminal DDoS attack

Distributed denial of service (DDoS) attacks attempt to flood a server with so many requests that they render a website useless. The effects are many, from lost customer conversions and revenue to punished SEO ranking and blacklisting. The reality is that DDoS attack methods and the criminals behind them are evolving. Understanding this evolution is key to making sure companies that place any sort of importance on their websites stay protected. The type and style of attack is changing – there are headless browsers and application layer attacks, and DDoS attacks as cover for more sinister cyberattacks. Every reseller with security in the portfolio needs to understand that DDoS is not a static problem that can be dealt with and then ignored. It changes, and the tactics for defending against this type of attack need to advance even faster. Better general awareness about DDoS attacks has forced attackers to develop new ways to get around the basic defences. Media attention on high-profile DDoS attacks attracts activists with a message. Groups try to outdo one another in a bid for attention. A growing variety of coding practices, web platforms and web design features have multiplied the number of variables which can result in application exploits, rendering a website useless. With more access to high-CPU devices available through the cloud and dedicated hosting, DDoS attackers can now use those CPUs to run more sophisticated attacks. For these reasons, we are seeing more sophistication in attack style, meaning there is less volume and attackers are targeting very specific vulnerabilities in a website by doing their homework to make sure they target the weakest points. One of the stealthiest methods is headless browsers. These can be a clever way for cybercriminals to get around standard DDoS protection and masquerade as legitimate web traffic. The kit itself is used for programmers to test their websites, so to all intents and purposes, it is a legitimate browser web kit, just modified to run a series of queries and target basic web user interfaces. Detection is difficult and stopping a headless browser DDoS attack can take a trained professional to spot and remediate it. Importantly, with headless browsers Javascript and Captcha can be processed and can jump through the hoops, as it were, of the website, as it was designed for testing. This will be a big problem for more traditional DDoS protection, such as box solutions. What will be most effective here is real-time support, where there is a human involved who can develop some rule sets to determine what is going on and implement the modules within seconds. Application layer attacks are also becoming more prevalent, although you might not even notice them, if you don’t know what you are looking for. Attackers are getting better at reconnaissance and research, facilitating smarter attacks that can keep the volume low and under the radar, meanwhile killing the site in the background and fooling IT into spending time on the wrong part of the site when it is down. It is these application attacks and headless browser attacks that we see as the biggest concern for the future. I can only surmise that media hype is fuelling the focus on volumetric DDoS attacks, which is where the industry seems to be concentrating to meet customer expectations. Actually there is a rise in application attacks and we should be educating companies about these threats, as they indicate serious consequences for businesses that place any sort of importance on their websites. Jag Bains is chief technology officer of DOSarrest Source: http://www.channelweb.co.uk/crn-uk/opinion/2348218/facing-a-criminal-denial-of-service

See the original post:
Facing a criminal DDoS attack

Get Safe Online suffers ‘DDoS’ attack

“We’re looking at what we can do to make sure this won’t happen again. We’re sorry. I’ve had no sleep for two days” – Tony Neate, GSO chief executive During the first hour after the National Crime Agency (NCA) advised Internet users to check out the Get Safe Online web site in the wake of the Gameover Zeus/CryptoLocker botnet takedown, the site suffered what some have described as an unintended DDoS attack. The reality for most users who heeded the 2pm Monday call was that site either froze as they were trying to access it, or simply became inaccessible as too many people overloaded the site server’s access facility. Get Safe Online (GSO) has blamed the effective outage as simply down to the fact that two many people were trying to access the site at the same time. As a result, the servers could not complete the IP requests, resulting in an outage lasting two days, until late yesterday. This was despite the site operators moving swiftly to quadruple site capacity. Tony Neate, GSO’s chief executive – the man who set up the company back in 2006 after a 30-year career in the Police – told the BBC newswire that it is important for people to realise that this has been a learning curve for him and his team. “We’re looking at what we can do to make sure this won’t happen again. We’re sorry. I’ve had no sleep for two days,” he said. GSO is a jointly funded operation supported by the UK government and a variety of commercial sponsors, including Barclays, NatWest, Kaspersky Lab and PayPal. The idea behind the site is that it is a one-stop shop for cybersecurity safety for individuals and small businesses. Sean Power, security operations manager with DOSarrest, the DDoS remediation specialist, said that the overload of GSO is a great example of the `Slashdot effect’ or the `Reddit hug of death.’ This, he explained, is where a site’s sudden popularity – usually initiated by reference in a popular community site – is more than the infrastructure can handle. “This is akin to a small cart vendor opening a free money stall in Times Square,” he said, adding that the nett effect is a sudden denial of service that is both unintentional and unexpected. It is, says Power, vital that a denial-of-service incident response team is able to tell the difference between a malicious attack and a sudden dramatic increase in popularity, because you will want to treat the two situations very differently. “For this reason many firms elect to employ a seasoned denial-of-service mitigation company who have the expertise to make this distinction – and act accordingly to ensure that the site is up and available to all legitimate visitors,” he said.” “One of the added advantages of having a good distributed-denial-of-service protection provider is their ability to handle extremely large legitimate requests, whereby the customer gets to leverage their caching and distributed architecture,” he added. Source: http://www.scmagazineuk.com/get-safe-online-suffers-ddos-attack/article/351148/

Continue reading here:
Get Safe Online suffers ‘DDoS’ attack

Anonymous takes aim at World Cup sponsors

Hactivist group Anonymous has announced plans to launch a DDoS attack on the sponsors of the football World Cup, which opens in Brazil later this month. Reuters – interviewing Che Commodore, a masked member of Anonymous – says that preparations for the distributed denial of service attack are now under way. “We have a plan of attack. We have already conducted late-night tests to see which of the sites are more vulnerable – this time we are targeting the sponsors of the World Cup,” he said. The main sponsors of the World Cup include Adidas, Budweiser, Coca Cola and Emirates Airlines. Reuters quotes Che Commodore as claiming that a test attack earlier this week allowed Anonymous to break into the Brazilian Foreign Ministry’s server and access dozens of confidential documents, as well as steal several email accounts. The newswire adds that in response to the claims, a Foreign Ministry official told Reuters that 55 email accounts were accessed and the only documents that were obtained were attached to emails and those from the ministry’s internal document archive. Can Anonymous carry out its threat? Tim Keanini, CTO with Lancope, says that, regardless of threat profile, an event of this magnitude must have a heightened level of readiness to a physical or cyber security related event. “By the time a group like this makes a public announcement, much of the infiltration phase has already been done. These threat actors are smart and they don’t start to show their cards until they are well into the operational phase of their campaign,” he explained. Keanini said that events like the World Cup require hundreds of interconnected businesses and every one of those businesses need to be prepared. “If your business is connected to the Internet you should be prepared for cyber security events because it is likely to have already happened, you just don’t have the tools and technique to detect it,” he noted. Sean Power, security operations manager with DOSarrest, meanwhile, said that Anonymous is a face that any hacktivist can masquerade behind. “The composition of a team from one OP to the next will vary greatly – with a predictable effect on the sophistication of the attack. That being said, under normal operation any event as much in the public eye should be wary of DoS attacks, if threats have already been levied, that concern should be increased, not dismissed out of hand,” he explained. Ryan Dewhurst, a senior engineer and web security specialist with RandomStorm, told SCMagazineUK.com that Anonymous has already stated that they used targeted phishing emails to install malware on victim’s machines and gain access to government documents. “I believe they will use a mixture of both sophisticated and non-sophisticated attacks. However, they have also stated that they will be carrying out Distributed Denial of Service (DDoS) attacks against the World Cup sponsors,” he said. “Anonymous’ DDoS attacks, in the past, have worked by getting many Anonymous members to run software, most likely their infamous Low Orbit Ion Cannon (LOIC) tool, which attempts to flood their target with an overwhelming amount of traffic. The LOIC tool is most likely being run by the majority of the group members who have less technical skill, whereas the more sophisticated attacks are most likely carried out by the most skilled members of the group which would be fewer in number,” he added. Dewhurst says that Anonymous – if indeed it is this group and not another group of hacktivists using its name – are always going to go for the easiest targets, as these are also the least risky for them to attack, while still achieving their goals. “If their less risky methods are unsuccessful they will begin to increase the sophistication of the attack, however this also increases the risk of them eventually being caught,” he explained. David Howorth, Alert Logic’s vice president, say there are lessons that can be learned from Anonymous’ latest campaign, which means that companies should review their security practices assuming an attack could take place. IT security professionals, he advises, must be vigilant and ensure that all employees are aware of the company’s internal security policy and best practices, practice good password security, as well as making sure that all systems and applications are up-to-date and patched. “Make sure you have expertise that can monitor, correlate and analyse the security threats to your network and applications across your on-premise and cloud infrastructure 24×7 for continuous protection – this should be done now, as the hackers are already testing the vulnerabilities in the infrastructure in preparation for their attacks,” he went on to say. Source: http://www.scmagazineuk.com/anonymous-takes-aim-at-world-cup-sponsors/article/349934/

Read the article:
Anonymous takes aim at World Cup sponsors

Hacktivist Warns World Cup Sponsors Anonymous DDoS Attack is Coming

Che Commodore claims groups have already tested which are the most vulnerable sites. A hacktivist claiming to be affiliated with infamous online collective Anonymous has said the group is planning to DDoS various high profile sponsors of the forthcoming FIFA World Cup this month. The hacker, who goes under the name “Che Commodore”, told Reuters in a Skype interview from Brazil that Anonymous had already begun planning the campaign, designed to protest the vast sums of money being thrown at the event when the country still suffers severe social inequality. “We have already conducted late-night tests to see which of the sites are more vulnerable,” he said. “We have a plan of attack.” The targeted firms on the Anonymous shortlist apparently include Budweiser, Adidas, Emirates and Coca-Cola – all major sponsors of the tournament, the biggest single-event sporting competition in the world. If it goes ahead, the DDoS campaign will be the second major attack by Anonymous in the region in recent days. Another hacktivist, known as AnonManifest, used a phishing attack to penetrate the Foreign Ministry’s network last week and exfiltrate over 300 confidential documents which were later posted online, the report claimed. The ministry’s email system was apparently taken down as a result and 3,000 account holders told to change their passwords. Civil unrest directed mainly at the Brazilian government has marred the build-up to a World Cup which has already cost £9 billion – money they think would be better spent on improving things like social welfare and public services. In June 2013, over one million people took to the streets of more than 100 cities in violent protests against the spiralling costs of the tournament. David Howorth, VP at Alert Logic, said that the threat of attack during a major tournament like the World Cup is heightened due to the global exposure it gives hacktivists. He urged high profile sponsors to work with their network vendors to plan a DDoS prevention strategy; ensure all apps are up-to-date and patched; and that firewall, IDS and web application firewalls are configured correctly. “Make sure you have expertise that can monitor, correlate and analyse the security threats to your network and applications across your on-premise and cloud infrastructure 24×7 for continuous protection – this should be done now as the hackers are already testing the vulnerabilities in the infrastructure in preparation of their attacks,” he added. “Finally, remember that hackers are creative – don’t just focus on one attack vector as the attacker will try multiple ways to cause damage.” Source: http://www.infosecurity-magazine.com/view/38657/hacktivist-warns-world-cup-sponsors-anonymous-ddos-attack-is-coming/

More:
Hacktivist Warns World Cup Sponsors Anonymous DDoS Attack is Coming

WildStar early access period derailed by DDoS attacks

WildStar was set to launch for early buyers an hour ago, giving those folks a chance to jump into the game’s world days before everyone else. Unfortunately for those players (including our own Giant Robots In Disguise guild), WildStar is experiencing server issues and the developers are pointing the finger at a DDoS attack. WildStar executive producer Jeremy Gaffney posted on Reddit, “I’ve heard from a few folks it’s a confirmed DDOS attack (real time updates, may change, fog of war, etc.). Partially handled. Servers taking in some players now, player counts rising. Ninjitsu continues.” The best suggestion for now is to keep hammering away. The early bird period lasts all the way up to WildStar’s official release on June 3. Source: http://www.shacknews.com/article/84738/wildstar-early-access-period-derailed-by-ddos-attacks

Read the article:
WildStar early access period derailed by DDoS attacks

Repeat attacks hit two thirds of DDoS victims

Empirical research just published suggests that, whilst overall DDoS attack volumes are increasing steadily, new attack vectors are also constantly being used by cybercriminals. The analysis – entitled `NSFOCUS DDoS Threat Report 2013? – is based on more than 244,000 real-life distributed denial of service attacks observed at Tier 1 or Tier 2 ISPs by the research firm during the year. Researchers found that 79.8 percent of all attacks were 50 Mbps or less. In addition, although large size attacks get the most media attention, only 0.63 percent of all attack incidents were logged at 4 Gbps or more. Perhaps most interestingly of all is that more than 90 percent of the observed attacks lasted 30 minutes or less – and that 63.6 per cent of all targeted victims are attacked more than once. This figure is in line with earlier figures from Neustar whose second annual report, entitled `DDoS Attacks & Impact Report – 2014: The Danger Deepens’ – suggested that once attacked, there is an estimated 69 percent chance of a repeat attack. Delving into the report reveals that HTTP_FLOOD, TCP_FLOOD and DNS_FLOOD are the top three attack types – contributing to more than 87 percent of all attacks. DNS_FLOOD attacks, however, significantly increased from 13.1 percent during the first half of the 2013 to 50.1 percent in the second half. So why the short duration attacks? The report suggests that, after analysing almost a quarter million DDoS incidents, a clear trend emerges, namely that that majority of DDoS attacks seen were short in duration, small in total attack size, and frequently repeating against the same target. “These short and frequently repeating attacks often serve two purposes: First, to scout their victims’ defence capabilities before more tailored assaults are launched, and second, to act as smokescreens or decoys for other exploitation,” says the report. The analysis adds that that many companies are using a combination of traditional counter-measures like scripts, tools and access control lists (ACLs) to handle network layer attacks – as well as on-premise DDoS mitigation systems for more prompt and effective mitigation against hybrid attacks (defined as a combination of network-layer and application-layer attacks). The most interesting takeout from the report, SCMagazineUK.com notes, is that the `old guard’ attack vectors – including the use of SNMP – remain an evolving constant. According to Sean Power, security operations manager with DOSarrest, amplification attacks – such as SNMP – are not really that new. “Legitimate SNMP traffic has no need to leave your network and should be prevented from doing so. This attack exists because many organisations fail to prevent this,” he explained. Power went on to say that the effectiveness of the attack stems from the fact that any Web site can be targeted and requires very little effort to produce excessive traffic, since it relies on third party unsecured networks to do most of the heavy lifting for the attack. “Blocking these attacks is best done via your edge devices as far removed from the targets as possible,” he said, adding that if the attack is large enough that it is overwhelming your edge devices, then you need to look at cloud-based technology for cleaning the traffic. Also commenting on the report, Tom Cross, director of security research for Lancope, said that many people who launch attacks on the Internet do so using toolkits that make the process of launching attacks as easy as installing a software application and running it. “DDoS attacks have become increasingly popular, there are many ways to launch them and lots of different tools circulating that launch attacks in different ways. As a consequence, anyone providing service on the Internet should be prepared for volumetric traffic floods involving any kind of Internet traffic,” he explained. Cross says that it is also important that people do not allow their networks to serve as reflectors that attackers can use to amplify their denial of service attacks. “To that end, DNS, SNMP, NTP, and Voice over IP services in particular should be checked to make sure that they cannot be used by an anonymous third party as a reflector. Locking down these services is part of being a good citizen of the Internet,” he said. Source: http://www.scmagazineuk.com/repeat-attacks-hit-two-thirds-of-ddos-victims/article/348960/

More:
Repeat attacks hit two thirds of DDoS victims

HOSTING Partners With DOSarrest Internet Security to Offer DDoS Protection Services

DOSarrest Internet Security, an industry leading DDoS protection provider, has announced a partnership agreement to offer its full suite of DDoS products to HOSTING, the leading cloud service provider in the market today. Products include DDoS protection for client websites, Layer 7 cloud based Load balancing, WAF, vulnerability testing and optimization as well as DEMS, D OSarrest E xternal M onitoring S ervice. “We are excited to add HOSTING to our growing list of service provider partners. DDoS protection has become a necessity to ensure a customer has a stable website environment and more clients are beginning to realize this and are requesting this protection service from their hosting provider,” said Brian Mohammed, DOSarrest Director of Sales and Marketing. “It’s a fact of modern business that organizations must deploy comprehensive, multilayered security to best protect themselves from DDoS attacks,” said Bill Santos, President of HOSTING’s Advanced Solutions. “DOSarrest’s DDoS protection products offer the sophistication, reliability and service that HOSTING customers have come to rely upon, and we are eager to introduce their offerings.” “A single DDoS attack puts a heavy strain on Network Operations Center resources, often for hours,” said Jag Bains, CTO of DOSarrest Internet Security., “This partnership helps to alleviate the strain on HOSTING’s support team, who can remain focused on providing the highest level of support and monitoring for their customers.” About HOSTING: HOSTING helps organizations design, build, migrate, manage and protect their cloud-based environments. Leveraging enterprise-class networking and connectivity technologies, HOSTING provides the highest levels of compliance, availability, recovery, security and performance. HOSTING owns and operates six geographically dispersed data centers under an ITIL-based control environment validated for compliance against HIPAA, PCI DSS and SOC (formerly SAS 70) frameworks. HOSTING’s cloud-enabled solutions were recently recognized by Gartner Group, placing in the Top 10 in the Managed Hosting Magic Quadrant in both “ability to execute” and “completeness of vision” – in both 2012 and 2013. More information at www.hosting.com About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Other cloud based services include, Load balancing, WAF, External Website monitoring and Vulnerability Testing. More information at www.DOSarrest.com Source: http://www.marketwired.com/press-release/-1915044.htm

See the original article here:
HOSTING Partners With DOSarrest Internet Security to Offer DDoS Protection Services