Monthly Archives: June 2012

UFC.com hit with Distributed Denial of Service ‘DDoS’ attack

The FBI was instrumental in arresting two dozen hackers this week that allegedly bought and sold credit card numbers over the Web. If you ask Ultimate Fighting Championship President Dana White, though, he had something to do with it too. Of the 24 individuals apprehended by the Federal Bureau of Investigation this week as part of a two-year undercover sting, at least one wasn’t limiting himself to only computer crimes linked to credit fraud. Mir Islam, 18, was arrested on Tuesday for allegedly selling stolen credit card info on an FBI-run website, according to the United States attorney for the Southern District. Prosecutors say that Islam kept a database of 50,000 credit card accounts and traded the info over the FBI’s own site, Carder Profit. Islam’s biggest opponent wasn’t necessarily federal agents, though. UFC President Dana White has been after Islam and other hackers since at least January and now he says that he thinks he helped bring down a collective of two dozen computer hackers. The feud between hacktivists and White began earlier this year after the president of the US-based Mixed Martial Arts organization announced his support for the Stop Online Piracy Act, or SOPA, a since-defeated congressional proposal that stood to strike down Internet freedoms across the board. As the public caught on to what the passing of SOPA would do to the Web, online advocates began campaigns to crush the legislation before it could clear Congress. Naturally, White’s outspoken support of the bill brought him some unwanted attention from hacktivists, particularly those with the underground collective UGNazi. Along with hackers aligned to the loose-knight Anonymous organization, the UGNazi clan — and particularly Islam’s alias, JoshTheGod — taunted White over his SOPA support, eventually targeted UFC.com with distributed denial-of-service (DDoS) attacks. As one might expect from the man behind a brutal sport such as MMA, White wasn’t quick to turn quiet. “I’m in the fight biz not the website biz!! Might be a big deal to other companies not mine,” White responded to the cyberattacks at the time over Twitter. Other tweets he sent include statements such as, “Lol, I’m not fucking ebay. My website being down doesn’t mean shit” and “I could give a flying rats ass about UFC. Com.” When White taunted hackers by writing, “The Internet is a place where cowards live,” the response was almost instantaneous: soon after his Social Security number and other personal info was published online. Today, White paints a different picture. Speaking to Inc. magazine, the UFC president suggests that this week’s arrests stemmed from his own snitching to the FBI. “I was in Chicago for a fight when I found out these Anonymous guys had started crashing our site. During an interview, I looked right into the camera and dared them to do it again. I said, ‘Who do you think I am, eBay? I’m in the fight business. I could give a shit if you knock my website down. Do it again! Go ahead. I dare you!’” White tells Inc. “You’re gonna send some pizzas to my house and put my Social Security number out? Who gives a shit? If people really wanted to get your Social Security number, I’m sure they could find it. I’m supposed to bow down to you guys now? I’m going to come after you harder. If you want to fight me, you better pack a f—ing lunch, man. Because we’re gonna go until somebody wins and somebody loses.” White says “It was a Twitter war for days,” but the tides turned after he approached the feds to make things more fun. “You get these guys engaged, you get ‘em going, and that’s when you get the FBI involved,” he says. “Because there’s so much piracy of UFC merchandise, the FBI was already monitoring everything that was happening. But after Anonymous hacked our site, we also got U.S. Immigration and Customs Enforcement, part of the Department of Homeland Security, involved. And it helps when they know when and where the hackers are going to attack. So I put my chin out there, and we knew they were gonna punch it. Two weeks after they attacked me, a lot of them started getting busted. I think we contributed to that.” Islam is being accused of helping operate and administering deals on the FBI-run credit card site and other forums. Last week, the UGNazi clan took credit for an hours-long crash of Twitter.com, a claim the social networking site has since rejected. Source: RT

View article:
UFC.com hit with Distributed Denial of Service ‘DDoS’ attack

Distributed Denial of Service ‘DDoS’ Attacks: The Zemra Bot

Symantec has become aware of a new Distributed Denial of Service (DDoS) crimeware bot known as “Zemra” and detected by Symantec as Backdoor.Zemra. Lately, this threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion. Zemra first appeared on underground forums in May 2012 at a cost of €100. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. This allows it to issue commands to compromised computers and act as the gateway to record the number of infections and bots at the attacker’s disposal. Similar to other crimeware kits, the functionality of Zemra is extensive: 256-bit DES encryption/decryption for communication between server and client DDoS attacks Device monitoring Download and execution of binary files Installation and persistence in checking to ensure infection Propagation through USB Self update Self uninstall System information collection However, the main functionality is the ability to perform a DDoS attack on a remote target computer of the user’s choosing. Initially, when a computer becomes infected, Backdoor.Zemra dials home through HTTP (port 80) and performs a POST request sending hardware ID, current user agent, privilege indication (administrator or not), and the version of the OS. This POST request gets parsed by gate.php, which splits out the information and stores it in an SQL database. It then keeps track of which compromised computers are online and ready to receive commands. Inspection of the leaked code allowed us to identify two types of DDoS attacks that have been implemented into this bot: HTTP flood SYN flood The first type, HTTP flood, opens a raw socket connection, but has special options to close the socket gracefully without waiting for a response (e.g. SocketOptionName.DontLinger). It then closes the socket on the client side and launches a new connection with a sleep interval. This is similar to a SYN flood, whereby a number of connection requests are made by sending multiple SYNs. No ACK is sent back upon receiving the SYN-ACK as the socket has been closed. This leaves the server-side Transmission Control Blocks (TCBs) in a SYN-RECEIVED state. The second type, SYN flood, is a simple SYN flood attack whereby multiple connects() are called, causing multiple SYN packets to be sent to the target computer. This is done in an effort to create a backlog of TCB creation requests, thereby exhausting the server and denying access to real requests. Symantec added detection for this threat under the name Backdoor.Zemra, which became active on June 25, 2012. To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed. Source: http://www.symantec.com/connect/blogs/ddos-attacks-zemra-bot

Read More:
Distributed Denial of Service ‘DDoS’ Attacks: The Zemra Bot

LulzSec Members Confess To Distributed Denial of Service ‘DDoS’ Attacks to SOCA, Sony and etc

Four alleged members of the LulzSec hacktivist group had their day in British court Monday. Two of the people charged–Ryan Cleary, 20, and Jake Leslie Davis, 19–appeared at Southwark Crown Court in England to enter guilty pleas against some of the charges against them, including hacking the public-facing websites of the CIA and Britain’s Serious Organized Crime Agency (SOCA). All told, Cleary, who’s from England, pleaded guilty to six of the eight charges lodged against him, including unauthorized access to Pentagon computers controlled by the U.S. Air Force. Meanwhile, Davis–who hails from Scotland’s Shetland Islands–pleaded guilty to two of the four charges made against him. The pair pleaded not guilty to two charges of violating the U.K.’s Serious Crime Act by having posted “unlawfully obtained confidential computer data” to numerous public websites–including LulzSec.com, PasteBin, and the Pirate Bay–to encourage or assist in further offenses, including “supplying articles for use in fraud.” They did, however, confess to launching numerous botnet-driven distributed denial-of-service (DDoS) attacks under the banners of Anonymous, Internet Feds, and LulzSec. According to authorities, the pair targeted websites owned by the Arizona State Police, the Fox Broadcasting Company, News International, Nintendo, and Sony Pictures Entertainment. The pair have also been charged with targeting, amongst other organizations, HBGary, HBGary Federal, the Atlanta chapter of Infragard, Britain’s National Health Service, the Public Broadcasting Service (PBS), and Westboro Baptist church. [ Learn about another hacker indictment. See Feds Bust Hacker For Selling Government Supercomputer Access. ] The two other alleged LulzSec members charged Monday are England-based Ryan Mark Ackroyd, 25, as well as a 17-year-old London student who hasn’t been named by authorities since he’s a minor. Both also appeared at Southwark Crown Court and pleaded not guilty to four charges made against them, including participating in DDoS attacks, as well as “encouraging or assisting an offense.” All four of the LulzSec accused are due to stand trial on the charges leveled against them–for offenses that allegedly took place between February and September 2011–on April 8, 2013. According to news reports, the court heard Monday that reviewing all of the evidence just for the charges facing Cleary will require 3,000 hours. Three of the accused have been released on bail. Cleary was not released; he had been released on conditional bail in June 2011, but violated his bail conditions by attempting to contact the LulzSec leader known as Sabu at Christmastime. LulzSec–at least in its original incarnation–was a small, focused spinoff from Anonymous, which itself sprang from the free-wheeling 4chan image boards. LulzSec was short for Lulz Security, with “lulz” (the plural of LOL or laugh out loud) generally referring to laughs gained at others’ expense. According to U.S. authorities, Davis often operated online using the handles topiary and atopiary, while Ackroyd was known online as lol, lolspoon, as well as a female hacker and botnet aficionado dubbed Kayla. What might be read into Ackroyd allegedly posing as a female hacker? According to Parmy Olson’s recently released book, We Are Anonymous, such behavior isn’t unusual in hacking forums, given the scarcity of actual women involved. “Females were a rare sight on image boards and hacking forums; hence the online catchphrase ‘There are no girls on the Internet,’ and why posing as a girl has been a popular tactic for Internet trolls for years,” wrote Olson. “But this didn’t spell an upper hand for genuine females. If they revealed their sex on an image board … they were often met with misogynistic comments.” In related LulzSec prosecution news, Cleary last week was also indicted by a Los Angeles federal grand jury on charges that overlap with some of the ones filed by British prosecutors. At least so far, however, U.S. prosecutors have signaled that they won’t be seeking Cleary’s extradition, leaving him to face charges in the United Kingdom. The shuttering of LulzSec both in the United States and Great Britain was facilitated by the efforts of SOCA, as well as the FBI, which first arrested Anonymous and LulzSec leader Sabu–real name, Hector Xavier Monsegur–in June 2011, then turned him into a confidential government informant before arresting him again, earlier this year, on a 12-count indictment. As revealed in a leaked conference call earlier this year, British and American authorities were working closely together to time their busts of alleged LulzSec and Anonymous operators on both sides of the Atlantic, apparently using evidence gathered by Monsegur. Source: informationweek

View post:
LulzSec Members Confess To Distributed Denial of Service ‘DDoS’ Attacks to SOCA, Sony and etc

Legalization of Distributed Denial of Service ‘DDDoS’ attacks as a form of protest

Dutch opposition party D66 has proposed the legalization of DDoS attacks as a form of protest. Activists would have to warn of their action in advance, giving websites time to prepare for their attack. ­Kees Verhoeven, the campaign’s leader, argues that it is strange that the fundamental right to demonstrate doesn’t extend to the online realm. The coming years would bring more instances of hacktivism, and it would be reasonable to introduce legislation to regulate, not ban it, he says. Verhoeven proposes that DDoS attacks be legalized so long as the protesters say when they will start their action. That way, a website would have time to prepare for the attack, just like an office building has time to get ready for a rally next to it. The proposal also includes restrictions on transmitting information about a website’s visitors, as well as stricter rules against e-mail spying, and other measures to bolster online privacy. DDoS attacks, popular with hacktivist groups such as Anonymous, would therefore become a legal means to express dissatisfaction with a company or a government. One DDoS attack per year would cost over $10,000 for a financial services company that makes 25 per cent of its sales online, according to Internet traffic management firm NeuStar UltraDNS. If the brand reputation of the company heavily depends on the performance of the website, one DDoS attack a year could end up costing over $20,500. However, DDoS attacks are relatively innocuous compared to other forms of hacking, such as phishing and virus infections, which can cost companies and individuals millions of dollars. Nevertheless, DDoS attacks are so far equated to hacking and are illegal in the Netherlands, as well as many other countries. Source: http://www.rt.com/news/dutch-party-d66-ddos-legalized-protest-541/

Follow this link:
Legalization of Distributed Denial of Service ‘DDDoS’ attacks as a form of protest

RBS & NatWest Web services knocked out; Oslo Bors hit by DDoS attack

Royal Bank of Scotland (RBS) and its NatWest and Ulster Bank subsidiaries have been hit by “technical issues” that have left customers unable to access online services. In a statement, RBS says: “We are currently experiencing technical issues which mean that a number of customer account balances have not yet been updated and some of our online services are temporarily unavailable.” A similar message appears on the NatWest Web site, with the bank adding: “We are working hard to fix this issue as soon as possible and will keep you updated on progress. We are experiencing very high call volumes as a result.” In a later update, RBS has revealed that the issue “was caused by a failure of our systems to properly update customers’ balances overnight. The main problem customers are having is that where people have had money go into their accounts overnight, there may be a delay in it showing up on their balance.” The problems have been ongoing for several hours, with NatWest first acknowledging the issue on its Twitter feed at 08.43, eliciting responses from customers complaining that payments have not been processed and wages not paid. The ongoing crisis has forced the bank to take drastic measures, promising to keep over 1000 branches open until 19:00BST on Thursday to assist short-changed customers. Daoud Fakhri, a senior analyst at Datamonitor says the episode is emblematic of wider problems facing the banking sector as a whole. “Many providers, being early adopters of IT systems when the technology was still in its infancy, have been left saddled with inflexible core systems that are often several decades old, and that are increasingly unable to cope with the demands being placed on them,” he says. “The growing expectations of consumers around online and mobile banking means that the tensions between the provision of ever more sophisticated services and the capability of core systems to satisfy these demands are close to breaking point, and this increases the likelihood of episodes such as the NatWest mishap happening again. Separately, the Web site of Norwegian bourse Oslo Børs has been knocked off line, apparently by a DDoS attack . Spokesman Per Eikrem told local outlet NTB that the hit is only affecting the exchange’s site and not its trading, messaging or monitoring systems. Source: http://www.finextra.com/News/Fullstory.aspx?newsitemid=23830

See more here:
RBS & NatWest Web services knocked out; Oslo Bors hit by DDoS attack

Twitter down: Sporadic outage leads to speculation of DDoS attack

The social networking service Twitter suffered sporadic outages Thursday, leading some to speculate about a hacker attack. Access came and went, with reports that users were being affected around the world. In a brief update, the company acknowledged some people were having issues using the service. “Users may be experiencing issues accessing Twitter,” they said in a statement. “Our engineers are currently working to resolve the issue.” A micro-blogging service that allows users to send short messages, Twitter has been likened to an international party line. There are myriad running conversations, to which anyone can contribute. As of March there were 140 million active users who generated over 340 million tweets daily, Twitter says. Not long after its initial message, Twitter said that the issue had been “resolved” and that all services were operational. Users often are quick to turn to Twitter to pose questions about emerging events. But in an ironic twist, Thursday’s outage was initially so pervasive that users couldn’t take to the twitterverse to discuss what was happening. But on message boards, comment fora and other social networking services people voiced their concern. Some wondered if the site had been attacked by a distributed denial of service attack by the hacker group Anonymous. Others bemoaned the lack of access. “I’m losing my mind!” Matt Gio wrote at mashable.com. “I have so much to talk about today and I have an important blog post scheduled.” But some took the outage humourously in stride. Olivia Bovery posted at Facebook that she was “going through withdrawal” and going to step outside. “There is this bright yellow ball in the sky that must be investigated. Seems to be giving off a lot of heat. Wonder what it is.” Moments later she followed up. “Finally, its back up! Back to twitter. Yellow ball will have to wait. Source: http://www.theglobeandmail.com/technology/omg-twitter-down-sporadic-outage-leads-to-speculation-of-hacker-attack/article4360263/?cmpid=rss1

View article:
Twitter down: Sporadic outage leads to speculation of DDoS attack

Financial Gain is Main Motivation for Cyber Criminals

Announcing the findings of “The Impact of Cybercrime on Businesses” survey, carried out by Ponemon Institute, Check Point Software Technologies revealed that 65% of the organizations which experienced targeted attacks reported that an attacker’s primary objective was to make a financial gain. Disrupting business operations and stealing customer data were attributed as the next likely motivation for attackers, as stated by 45 % of the surveyed organizations. The report also stated that only around 5% of security attacks were driven by political or ideological agendas. The report, which surveyed 2,618 C-level executives and IT security administrators in the US, United Kingdom, Germany, Hong Kong and Brazil across organizations of various types and sizes, showed that companies reported an average of 66 new security attack attempts per week. Respondents in all countries stated that the most serious consequences of such attacks were disruption of business and loss of sensitive information, including intellectual property and trade secrets. Diminished reputation and impact on brand name were the least of their worries, with the exception of respondents in the UK. Successful attacks could end up costing businesses anywhere between $100,000 and $300,000: the participants estimated the average cost of such an attack at $214,000 USD. Tomer Teller, security evangelist and researcher at Check Point Software Technologies, was quoted in the press release as saying, “Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly-skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack.” “For the most part, the goal of attackers is to obtain valuable information. These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email log-ins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000,” he added. While Denial of Service (DoS) attacks were seen as the type of cyber crime that posed the greatest risk to organizations, SQL injections were cited, by 43% of the respondents, as the most serious types of attack organizations had experienced in the last two years, the report stated. Other threats cited in the survey included APTs (Advanced Persistent Threats), botnet Infections and DoS attacks cited by 35%, 33%, and 32% of the respondents respectively. On the threats posed by activities of their employees, organizations, across all the surveyed countries, unanimously cited the use of mobile devices such as smartphones and tablet PCs as the biggest concern, followed by the use of social networks and removable media devices such as USB sticks. Hong Kong and Brazil reported on an average the highest percentage of mobile devices infected through an act of cyber crime, at 25 percent and 23 percent, respectively. The U.S. and Germany had the lowest average of infected mobile devices and machines connected to the network at 11 percent and nine percent respectively. The report found that for protecting themselves from these threats, a majority of organizations have instituted Firewall and Intrusion Prevention solutions. However, at the same time, less than half of the surveyed organizations have implemented the necessary protections to fight botnets and APTs. “Cybercrime has become a business. With bot toolkits for hackers selling today for the mere price of $500, it gives people insight into how big the problem has become, and the importance of implementing preemptive protections to safeguard critical assets,” Teller stated. It was pointed out that only 64% of companies said that they have current training and awareness programs in place to prevent targeted attacks. “While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising,” Dr. Larry Ponemon, chairman and founder, Ponemon Institute, was quoted as saying in the press release. “Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks.” For fast DDoS protection click here . Source: http://www.computerworld.in/news/check-point-survey-financial-gain-main-motivation-cyber-criminals-12922012

See original article:
Financial Gain is Main Motivation for Cyber Criminals

Check Point releases new DDoS Protector appliances

Check Point introduced a new line of security appliances designed to fight DDoS attacks. The DDoS Protector appliances deliver multi-layered protection and up to 12 Gbps of throughput to help business…

More:
Check Point releases new DDoS Protector appliances

Asia to see rise in cloud DDoS security biz

COMMUNICASIA, SINGAPORE–With the rise of cloud services adoption, businesses also have escalating security concerns over distributed denial of service (DDoS) attacks, and that presents an opportunity for carrier service providers to offer cloud-based DDoS protection, which one industry executive adds is set to gain traction in Asia. Among enterprises, the constant discussion around cloud to make it “sexy and pervasive” to customers cannot ignore the question of what happens when the cloud service becomes unavailable due to an attack, said Lau Kok Khiang, director for Asia-Pacific IP division at Alcatel-Lucent. There is hence “strong pent-up demand” for cloud-based DDoS protection, for which carrier cloud services are in a good position to provide, he said. Lau was presenting at the Telco Rising Cloud conference in CommunicAsia here Tuesday. Large attacks have become commonplace, and enterprises are basically losing the arms race in the Internet security space, Lau described. Among the various DDoS attacks in 2011 alone that saw businesses worldwide suffer a “great amount of damage” involved Sony PlayStation Network, the Hong Kong stock exchange, Visa, MasterCard, PayPal, and WordPress, he pointed out. The executive emphasized that cloud-based DDoS security was a “win-win” scenario for both the service provider and enterprise customers. For the service provider, it is a new revenue opportunity, which also complements existing enterprise services such as virtual private network (VPN) and business broadband. Additionally, this could help drive customer stickiness, Lau said. That is because from the customers’ point of view, having cloud-based DDoS protection ensures 24-by-7 availability of the cloud services they use, which mean better safeguards for their enterprise assets such as confidential client data, he added. On the event sidelines, Lau told ZDNet Asia that cloud DDoS security is set to gain traction in Asia, due to increasing awareness of the risks and prevalence of DDoS. This will prompt companies to consider cloud DDoS protection as added security measures, in order to ensure their service availabilities meet customer demands as well as industry-specific regulations. Also, apart from commercial entities, governments in the region are also pushing the message that organizations need to protect themselves from becoming the next victim of an attack, he added, referring to the massive DDoS attacks that disrupted Internet services in Myanmar in November 2010. Another speaker at the conference, Anisha Travis, partner at law firm Webb Henderson, said while the cloud has benefits and opportunities for businesess, they should go into space with “their eyes open”. In other words, they need to understand and prepare for mitigate the major risks associated with cloud, one of which is service levels, she pointed out during her presentation. It is essential that service level agreements (SLAs) are well-drafted for specific service levels and must also include “practical remedies” when there is downtime or outage, Travis advised. Customers cannot rely solely on the service provider, and should do their due diligence in clarifying ownership, consequences, and failures, she added. Source: http://www.zdnetasia.com/communicasia/asia-to-see-rise-in-cloud-ddos-security-biz-62305165.htm

More here:
Asia to see rise in cloud DDoS security biz