Monthly Archives: June 2012

Indian ISPs targeted in Anonymous censorship protest

The websites of Indian government-run communications company Mahanagar Telephone Nigam and the Internet Service Providers Association of India faced DDoS (distributed denial of service) attacks from Anonymous on Wednesday as some Internet service providers continue to block file-sharing websites following a court order. ISPs are only following the orders of the court which are supreme, said Rajesh Chharia, president of ISPAI, who was doubtful that the association’s website had been affected by the hackers. The Indian arm of Anonymous previously attacked some government websites, and those of some political parties. Last month, users reported that the hackers tinkered with the service of a large ISP, Reliance Communications, redirecting its users from sites like Facebook and Twitter to a protest page. The hackers also claimed to have attacked the website and servers of Reliance, and got access to a large list of URLs blocked by the company. Reliance denied its servers were hacked. The attacks follow a March court order directing ISPs to prevent a newly released local movie from being available online in pirated versions. Some ISPs blocked some file-sharing sites altogether, rather than any offending URLs. The measures taken by the ISPs have differed depending on their interpretation of the order, Chharia said. Some websites such as The Pirate Bay continue to be blocked by some ISPs and carried the message, “This website/URL has been blocked until further notice either pursuant to Court orders or on the Directions issued by the Department of Telecommunications.” Pastebin is also not accessible through some ISPs. Internet service providers are against censorship, and also against piracy, Chharia said. “It is up to the government and various groups to come to a resolution,” he added. The responsibility of intermediaries has been a controversial issue in India, with some Internet companies including Google and Facebook sued in court late last year for objectionable content found on their sites. Their websites have been attacked as blocks on some file-sharing sites continue Anonymous meanwhile plans on June 9 what it describes as non-violent protests across many cities in India against censorship of the Internet in the country. It claims to have already received police permission for some of the protests. The scope of the protests has widened to include demands for changes in the India’s Information Technology Act, which among other things allows the government to block websites under certain conditions, and also allows the removal of online content by notice to ISPs. The government is also in the process of framing rules that will put curbs on freedom on social media, according to the hacker group. Source: http://www.computerworld.com/s/article/9227804/Indian_ISPs_targeted_in_Anonymous_censorship_protest

See more here:
Indian ISPs targeted in Anonymous censorship protest

Counting the cost of a DDoS attack

In the past month, the Information Commissioner’s Office (ICO), the Leveson inquiry website, Visa and Virgin Media have all been hit by distributed denial of service (DDoS) attacks. Much had been made of the motives for such attacks, and the methods that attackers use, but what impact do they have on the victim’s finances? John Pescatore, analyst at research firm Gartner, told Computing that there were three main costs associated with attacks. “There is the cost of the outage, as it means that a business’s customers cannot reach them through the internet. Then there is the cost of making the attack stop – and, often, a third cost in the form of a potential extortion fee,” he said. Obviously losses vary, depending on how much revenue is generated directly from a company’s web presence. John Roberts, head of managed services at MSP Redstone, said: “If a betting organisation trades £600m a year – or £2m a day in revenue terms – and 50 per cent of that comes from the web, then they are losing £1m a day.” Any web-dependent organisation within the global 1,000 might incur similar losses, he added. But there are some less obvious victims of these blunt-instrument attacks. “A Scottish football club who were playing in a European match had its website taken down by the opposing teams’ fans with a DDoS attack. The club was not able to generate significant revenue, because a number of its customers were signed up to stream live games on a monthly fee basis. So an organisation as innocuous as a football club can lose hundreds of thousands of pounds as well,” Roberts said. Public-sector bodies can also suffer substantial financial damage through loss of productivity. “There is a cost implication for local government as people will be looking to procure services over the internet. If those services are unavailable, public-sector staff will receive a lot more incoming phone calls,” he said. Other repercussions are harder to assess and quantify. For example, businesses can suffer reputational damage from DDoS attacks, said Andrew Kellett, analyst at research firm Ovum. “With [the attack on] the Serious Organised Crime Authority [SOCA], the issue was that this was not the first time it had been exposed to a DDoS attack. You would have thought that enough resilience would have been built after the first attack to deal with something similar a year later,” he said. But Gartner’s Pescatore said that reputational damage is often less severe than many organisations fear; customers are used to websites not working for any number of other reasons that are not related to DDoS attacks. “There is reputational damage if the website is defaced or if the website is attacked and customers’ financial information is disclosed, but DDoS generally does not have much of a reputational impact,” he argued. Kellett disagreed and emphasised that reputational damage can itself cause financial loss to enterprises, as their customers opt for an alternative service from a similar provider. He warned that DDoS attacks could also be used as cover for a simultaneous assault on the targeted business. “The noise around DDoS attacks can be used to hide another backdoor-style assault, such as data being stolen from within the organisation. “There is an example of clerical records, including credit card information, being stolen from an organisation when a DDoS attack was taking place. It was a hacktivist attack where the credit card details were used to make donations to a charity. For any organisation protecting those details it would be both embarrassing and expensive, as they could lose customers and have to repay anyone who has had money taken from their accounts,” he said. Pescatore said that, of the three costs typically associated with DDoS attacks, extortion attempts have reduced significantly. “In the last two years, businesses have not paid off extortion attempts and are focusing on putting in place services to mitigate DDoS attacks. Several years ago there were incidents where it was deemed less expensive to pay off the attackers as they would only be asking for €5,000,” he said. Source: http://www.computing.co.uk/ctg/analysis/2181680/analysis-counting-cost-ddos-attack

More:
Counting the cost of a DDoS attack

White House unveils initiatives to combat botnets

The Obama administration on Wednesday revealed new initiatives to combat botnets, believed to present one of the greatest threats to the integrity of the internet. Botnets are employed by cyber thieves to gain control of computers to perform illegal activities, including siphoning off assets, initiating denial of service (DoS) attacks, which could shut down a targeted website, or distributing spam. The initiatives stem from a voluntary public-private partnership between the White House Cybersecurity Office and the U.S. Departments of Commerce and Homeland Security (DHS), which coordinate with private industry to lead the Industry Botnet Group (IBG), a group of nine trade associations and nonprofit organizations representing thousands of companies. “The issue of botnets is larger than any one industry or country,” said White House Cybersecurity Coordinator Howard Schmidt at an event to announce the program (Schmidt recently announced his resignation). Also present at the event were Federal Communications Commission Chairman Julius Genachowski, Department of Homeland Security Secretary Janet Napolitano, Under Secretary of Commerce for Standards and Technology Patrick Gallagher, and a number of industry CEOs. According to an administration official who spoke with SCMagazineUS.com on Friday, “industry deserves credit for the real work in getting this done.” He said that the strategy goes back to a Commerce greenpaper on cyber security looking at areas where the government saw a solution in the private sector that could alleviate the botnet problem, but was not gaining traction and collective action. “Companies didn’t want to invest if other companies weren’t,” the administration official said. A call went out from the Departments of Commerce and Homeland Security to the private sector to find ways to build incentives for companies to implement best practices around botnets. “We were pleasantly surprised to find so much agreement,” the official said. A series of meetings at the White House followed, led by Schmidt, which led to the writing of IBG’s “Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace,” he said. “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners and every computer user,” Napolitano said at Wednesday’s event, according to a release. “DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” The Online Trust Alliance (OTA) was also at the event to support the IBG’s principles. “We have a shared responsibility to commit resources to address the growing threats from botnets, which threaten to undermine the digital economy,” Craig Spiezle, executive director and president, Online Trust Alliance, said in a statement. “Preserving online trust and confidence needs to be a priority and the broad adoption of the Industry Botnet Group principles is an important step toward protecting the internet.” Source: http://www.scmagazine.com/white-house-unveils-initiatives-to-combat-botnets/article/243712/

Continue Reading:
White House unveils initiatives to combat botnets

WHMCS under renewed DDoS blitz after patching systems

‘Undesirable people’ are all over us WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.…

Read this article:
WHMCS under renewed DDoS blitz after patching systems