Monthly Archives: May 2014

DDoS attacks: Criminals get stealthier

There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these …

Read the original:
DDoS attacks: Criminals get stealthier

‘Anons’ cuffed by Australian Federal Police

Two arrested for attacks on Indonesian and Australian websites The Australian Federal Police (AFP) claim to have arrested two chaps who conducted defacement and denial of service attacks on Indonesian and Australian government websites while using the name and iconography of Anonymous.…

More:
‘Anons’ cuffed by Australian Federal Police

Australian Labor Party and the Bob Brown Foundation hit by DDoS attack

Inadvertent victims of “politically motivated” hack. A politically motivated DDoS attack on a US-based web hosting service has delivered global repercussions affecting a number of Australian websites including the homepages of the Australian Labor Party and the Bob Brown Foundation. Both organisations use the services of NationBuilder, a cloud-based web hosting and customer relationship management platform designed specifically for nonprofits, political parties and politicians. The ALP.org.au website was down for a few hours yesterday morning, its Canberra HQ confirmed. The Bob Brown Foundation site was also down yesterday and then again last night, said organiser Steven Chaffer, who had been contacted by a NationBuilder account rrepresentative. The state branches of the Labor Party also use NationBuilder, as does Victorian independent MP Cathy McGowan and the community services union United Voice. United Voice said it was not aware of any disturbance to its web presence. Yesterday NationBuilder was hit by a DDoS attack it believes to have been in protest against the political stance of one of its clients. “We are reasonably certain the attack is directed at one of our customers for their political beliefs, and is meant to disrupt upcoming elections,” wrote CEO Jim Gilliam on the NationBuilder website early this morning Australian time. He said the attack has caused “intermittent service outages” for the company’s clients but assured users that data and financial information was never exposed. “We know the impact is immeasurable and we are very, very sorry,” he said. “We are fiercely committed to serving all of our customers. Everyone has the right to organise – in fact, this is the very reason NationBuilder exists.” NationBuilder has not responded to iTnews’ requests to confirm the identity of the targeted client. However posts on the Anonymous hackers forum and from the self-professed antagonist on Twitter claim that the attack is targeting the British political party UKIP, which is taking its anti-immigration policy platform to elections for the UK membership of the European Union next week. The party’s leader Nigel Farage has been a controversial figure, branded as a racist by the UK Labor party. UKIP has been the subject of DDoS attacks before, and its website was one of many down intermittently yesterday and into today. Australian clients told iTnews that their services have now resumed. Source: http://www.itnews.com.au/News/386077,alp-bob-brown-sites-downed-by-ddos.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks

View the original here:
Australian Labor Party and the Bob Brown Foundation hit by DDoS attack

Dating Website Plenty Of Fish Hit By DDoS Attack

Add Plenty of Fish to the list of technology companies whose websites have come under DDoS attacks from unknown cybercriminals in recent days. The company says that it was the victim of a five-hour attack today that affected approximately 1 million users. Initially, the attacks took down the Plenty of Fish website, then later the company’s mobile apps on iPhone, iPad and Android. As per the usual M.O., the attacker first contacted the site to warn them of the impending DDoS at 6:45 AM PT, then the attack started at 8:13 AM PT where it continued for several hours, off and on. The company says it was only recently able to mitigate the flood, and is now fully up and running again. The attack was 40 Gigabits in size, which makes it larger than the attack which took Meetup.com offline for nearly five days last month – that attack was “only” 8 GBps, the company had said at the time. These DDoS attacks (distributed denial-of-service attacks) have become more powerful as of late, thanks to the way attackers are exploiting older internet protocols like Network Time Protocol, or NTP, to increase their size. That seems to be the case here, given the size of the attack that Plenty of Fish suffered. Other companies that have been attacked more recently include TypePad, Basecamp, Vimeo, Bit.ly, and as of this past weekend, marketing analytics software provider Moz, to name just a few. In Plenty of Fish’s case, the attacker demanded $2,000 to have them stop the attack. Want to know if your company is about to have a bad day? Look for an email like this: From: dalem leinda Date: Tue, May 20, 2014 at 12:09 PM Subject: Re: DDoS attack, warning If you feel ready to negotiate, I’m still here. For something around $2k, I will stop the current attack and I will not resume further attacks. The amount depends on how quickly you can make the payment. Source: http://techcrunch.com/2014/05/20/dating-website-plenty-of-fish-hit-by-ddos-attack/?ncid=rss

Read more here:
Dating Website Plenty Of Fish Hit By DDoS Attack

DOSarrest Rolls Out Cloud Based Layer 7 Load Balancing

DOSarrest has begun offering a Cloud based Layer 7 local and global Load balancing solution to its DDoS protection services customer base. The Load balancing service is a fully managed solution, whereby customers can create pools of servers; a pool can be 1 or many servers and can be located in multiple locations. Load balancing types available include: Round Robin, IP Hash, least connections, weighted. Other options include: By Domain or Host Header, allows customers to direct our servers to pick-up and cache content based on the domain name or host header that is being requested by the visitor. By Resource, allows customers to direct our servers to pick-up and cache content based on the resource being requested by the visitor. Mydomain.com goes to one server(s) mydomain.com/images goes to another server(s) and/or location. The load balancing solution also can be used as Active/Active -All servers are is use Or Active/Passive -some servers are only used when one or more have a failure. Health checks are all part of the service to determine if a particular server or instance is active or not. Jag Bains, CTO at DOSarrest comments “I used to be in the hosting game and when I see the advantages of our cloud based solution over a hardware based solution, this is definitely the way to go.” Bains also adds “There is no capital required, no technical expertise is needed, no single point of failure, it’s able to handle 100?s of millions of requests and can be setup in 5 minutes…top that.” General Manager at DOSarrest, Mark Teolis states “It’s a natural add-on to our DDoS protection services, which already incorporates extensive caching of customers content, this way customers can leverage any combination and location of VPS’s, Instances, private cloud and dedicated servers. I can’t see why anyone would want to buy or manage a Load balancing device again, it just doesn’t make sense anymore.” Details on this service can be found here: www.dosarrest.com/solutions/load-balancing/

See original article:
DOSarrest Rolls Out Cloud Based Layer 7 Load Balancing

TypePad Claims It Was Hit By Another DDoS Attack

A number of technology companies, including Meetup, Basecamp, Vimeo, Bit.ly and others, have undergone website-crashing DDoS attacks (distributed denial-of-service) in recent months, but SAY Media-owned blogging platform Typepad, apparently, has the dubious honor of being taken down for an extended outage more than once in just a few weeks. The company has confirmed to us this morning that it is again undergoing another DDoS attack, which has taken its service offline. However, until all the facts are in and TypePad can provide more info about the nature of this attack, which right now it’s unable to do, it’s unclear at this time that this morning’s network outage is definitely a DDoS attack — the same as before. Because it’s still early in the investigation, it’s possible the company is presuming a DDoS attack, where only a network outage was at fault. We’ll update when we — and they — know more. However, when asked around an hour ago, TypePad did say that it was indeed “under a DDoS attack.” In April, we reported that Typepad was undergoing an extended DDoS attack, which, at the time, had been underway off and on for nearly five days. The company explained that the attack was similar in style to that which had taken down Basecamp, and confirmed that it was working with technology providers, including CloudFlare and Fastly to help mitigate the attack and bring its service back online. Though TypePad never shared extensive technical details about the DDoS attack, the typical scenario — and one that Basecamp had faced, as well — involves an initial demand for some sort of “ransom” once the site and its related services have been knocked offline. The amount first requested is usually small, but once attackers know they have a willing victim, they’ll often increase the amount. SAY Media said it had also received a “ransom” note, and was cooperating with the FBI on an investigation. According to Paul Devine, VP of Engineering at Say Media, this new Typepad attack began at 6:00 AM PT and the company is again working with CloudFlare and Fastly to mitigate the situation. “[We] don’t expect these attacks to have longevity,” he tells us. “We’re looking forward to having the sites up and running as quickly as we can.” As of a few minutes ago, the company tweeted that blogs were loading. However, at the same time, the URL http://www.typepad.com was still largely crashed when we tried it ourselves. That is, instead of loading up properly, CloudFlare is providing a snapshot of the site through its “Always Online” service, which helps sites offer a webpage instead of an error message when taken down through cyberattacks like this. The www.saymedia.com website address came up, however, though a bit slowly. (SAY Media operates a number of brands, including ReadWrite, xoJane, Fashionista, Cupcakes and Cashmere, and others.) The site loads but a “fatal error” message appears at the bottom of the page. Thanks to newer, more powerful types of DDoS attacks that have emerged as of late, attacks that once would have been thought to be record-breaking in size are now becoming routine. For instance, Meetup’s attack was 8 Gigabits in size, and it’s not uncommon for NTP-based DDoS attacks (which exploit an older protocol called Network Time Protocol) to be 10 Gigabits in size. However, one side effect of these attacks is that when a company later experiences a network outage, they sometimes immediately presume that they’re being attacked again. It can be difficult to tell the difference, especially in the early hours of these sorts of situations. We’ll be looking for TypePad to provide its customers with a longer post-mortem following this morning’s outage. Given multiple attacks over the course of several weeks, the company has a responsibility to let their customers know whether or not they’re being targeted by criminals, or if unrelated network outages came into play this morning instead. Source: http://techcrunch.com/2014/05/19/typepad-claims-it-was-hit-by-another-ddos-attack/?ncid=rss

Continued here:
TypePad Claims It Was Hit By Another DDoS Attack

The evolution of an Iranian hacker group

Iran-based hacker groups have traditionally concentrated more on website defacement and DDoS attacks aimed at making a political statement, but as time passes, some of those groups and their attack me…

Follow this link:
The evolution of an Iranian hacker group

SNMP could be the future for DDoS attacks

DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront. Johannes Ullrich, dean of research with the SANS Technology Institute, told SCMagazine.com in a Monday email correspondence that SNMP, a UDP-based protocol used to read and set the configurations of network devices, hasn’t posed as big a threat as DNS and NTP attacks because there are not as many reflectors available as there are for other protocols. Ullrich said that most network-connected devices support SNMP in some form and, in a Thursday post, opined that it could be the next go-to vector for attackers after he observed a DDoS reflection attack taking advantage of an unnamed video conferencing system that was exposing SNMP. In this instance, the attacker spoofed a SNMP request to appear to originate from 117.27.239.158, Ullrich said, explaining that the video conferencing system receives the request and then replies back to the IP address with a significant reply. An 87 byte “getBulkRequest” resulted in a return of 60,000 bytes of fragmented data, Ullrich wrote in the post, adding that the individual reporting the attack observed roughly five megabits per second of traffic. “The requests are pretty short, asking for a particular item, and the replies can be very large,” Ullrich said. “For example, SNMP can be used to query a switch for a list of all the devices connected to it. SNMP provides replies that can be larger than DNS or NTP replies.” As people improve configurations, effectively causing those DNS and NTP reflectors to dry up, SNMP could be the attack vector of choice, Ullrich said – a point that John Graham-Cumming, a programmer with CloudFlare, agreed with in a Monday email correspondence with SCMagazine.com. “I think that attackers will turn to SNMP once other attack methods are thwarted,” Graham-Cumming said. “At the moment it’s easy to use NTP and DNS for attacks, so there’s no need for SNMP.” To get a jumpstart defending against this DDoS vector, Graham-Cumming suggested that network operators limit access to the SNMP devices on their networks. Ullrich went so far as to say that SNMP devices should not be exposed to the internet at all. Both experts added that the “community string,” which serves as a password for accepting requests, should not be so obvious. Source: http://www.scmagazine.com/snmp-could-be-the-future-for-ddos-attacks/article/346799/

Link:
SNMP could be the future for DDoS attacks

Linux distros get patching on terminal bug

Pseudo-terminal buffer bug from 2009 discovered Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel’s tty handling that can let local users create memory corruption leading to denial of service, unauthorised modification of data, and disclosure of information.…

More:
Linux distros get patching on terminal bug

5 People Arrested for Launching DDOS Attacks on Systems of Chinese Gaming Company

A total of five individuals have been arrested by Chinese authorities on suspicion of being behind distributed denial-of-service (DDOS) attacks launched against the systems of a Shanghai-based online gaming company. According to police in Shanghai ‘s Xuhui District, cited by Ecns.cn, the first suspect, surnamed Wu, was arrested in January, after the targeted company provided authorities with information needed to track him down. Wu told investigators that he had been hired by one of the targeted company’s competitors, an Internet firm based in the Henan Province operated by an individual called Tu. Tu’s firm offered not only online games, but also hacking services. The individuals he hired would hack into the systems of various organizations and use the hijacked computers to launch DDOS attacks against various targets. The attacks launched against the Shanghai online games company are said to have resulted in damage of close to 10 million Yuan ($1.6 million / €1.16 million). The attacks were aimed at the login page for an online game and prevented paying customers from accessing their accounts. Police detained Wu, Tu and three other individuals suspected of being responsible for the cyberattacks. The company operated by Tu is believed to be involved in other illegal activities as well, including hacking, distribution of obscene materials, and hosting illegal ads. Source: http://news.softpedia.com/news/5-People-Arrested-for-Launching-DDOS-Attacks-on-Systems-of-Chinese-Gaming-Company-441863.shtml

View original post here:
5 People Arrested for Launching DDOS Attacks on Systems of Chinese Gaming Company