BBC website and iPlayer suffer weekend outage: ‘severe load’ on servers suggests DDoS attack

The BBC hit technical problems over the weekend leaving its website and the iPlayer catch-up service unavailable to some users. Gremlins have managed to find their way into the BBC’s systems causing technical problems which are still ongoing days later. The broadcaster confirmed on Friday that it was working to fix problems causing some section of BBC online to be inaccessible. Much to their dismay, users were confronted with messages stating that content wasn’t available. “We’re fixing a problem that means some people can’t access parts of BBC Online. As soon as it’s fixed we’ll let you know.” said the BBC iPlayer Twitter account on 19 July. More than 48 hours later the BBC apologised to viewers for a lack of resolution, tweeting: “Apologies. We know some users are still unable to access BBC iPlayer. We’re working hard to resolve the issues. Thanks for your patience.” It’s unclear how many users were and still are affected by the outage but it appears to be widespread. The BBC was forced to use a simplified version of its website due to the problem. The BBC said, “engineers noticed that there was a ‘severe load’ on the servers underlying the video-on-demand system.” This suggests the problem could have been down to a DDoS (distributed denial-of-service) attack. The web iPlayer appears to be working properly now but the basic website is still in use stating: “Due to technical problems, we are displaying a simplified version of the BBC Homepage. We are working to restore normal service.” Source: http://www.pcadvisor.co.uk/news/internet/3531696/bbc-website-iplayer-suffer-weekend-outage/

View article:
BBC website and iPlayer suffer weekend outage: ‘severe load’ on servers suggests DDoS attack

Mayhem malware ropes Linux, UNIX servers into botnets

A new malware that researchers have dubbed Mayhem is being used to target Linux and Unix web servers and has so far compromised over 1,400 Linux and FreeBSD servers around the world, warn researchers …

Read the article:
Mayhem malware ropes Linux, UNIX servers into botnets

Image akincilar-graphic-message-protesting-against-treatment-palestinians-has-replaced-homepage.jpg

#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites

Hacker collective Anonymous has announced that it has taken down over a thousand of crucial Israeli websites in a huge new coordinated cyber-attack called #OpSaveGaza on 11 July and 17 July, in support of the people of Palestine. Some of the websites, such as the Tel Aviv Police Department’s online presence, are still offline two days after the distributed denial of service (DDoS) attacks, and numerous Israeli government homepages have been replaced by graphics, slogans, and auto-playing audio files made by AnonGhost, the team of hackers who coordinated the attack. The official Israeli government jobs website has had its homepage replaced by a graphic titled “Akincilar”, which is Turkish for the Ottoman Empire’s troops. Akincilar: A graphic and message protesting against the treatment of Palestinians is still replacing the homepage of certain Israeli government websites A message written in English and Turkish – presumably by Turkish hackers – and accompanied by pictures of Palestinians suffering says: “The Jerusalem cause is Muslims’ fight of honour” and says that people who fight for Palestine are “on the side of Allah”. Another Israeli government website now bears an AnonGhost graphic and lists the usernames of 38 hackers. An audio file that auto-plays when the page loads plays music and a synthesized newsreader clip, together with a message beseeching human rights organisations, hackers and activists to attack Israeli websites to become the “cyber shield, the voice for the forgotten people”. AnonGhost’s #OpSaveGaza message has been displayed on many Israeli websites Many of the websites have since been restored. The hackers have also leaked lists of Israeli government email addresses obtained by hacking websites of the Ministry of Immigrant Absorption, the Ministry of Justice, the Ministry of Culture and Sport, the Ministry of Housing and Construction and much more. Israeli websites belonging to restaurants, local businesses, associations, societies, academic foundations and even a symphony orchestra were also attacked, as well as a subdomain belonging to MSN Israel. A message on the main Pastebin page and some of the hacked websites reads : “The act of launching rockets from Gaza sector to Israhell is an acceptable and normal reaction against those pigs, it’s called Resistance and not terrorism. “Israhell never existed its only Palestine, it’s our home. If you are a Hacker, Activist, a Human Right Organisation then hack israel websites and expose to the world their crimes, show to the world how much blood is on their hands, blood of innocent children and women.” Anonymous has previously run another campaign in April targeting Israeli websites, although on a smaller scale. About 500 websites went offline during the OpIsrael campaign and the hackers released the phone numbers and email addresses of some Israeli officials. Source: http://www.ibtimes.co.uk/opsavegaza-anonymous-takes-down-1000-israeli-government-business-websites-1457269

View article:
#OpSaveGaza: Anonymous Takes Down 1,000 Israeli Government and Business Websites

“Chinese YouTube” Used as DDoS attack Machine

Even the biggest websites in the world are vulnerable to DDoS. Want proof? Well, all throughout this past April, a hacker took advantage of a hole in Sohu.com’s security to launch Persistent Cross-Site Swapping (XSS) attacks against various targets across the globe. Sohu.com, in case you don’t know, is one of the largest websites in the world – in fact 24th largest, according to Alexa Top 100 Ranking. But, for all its size and multi-billion dollar net worth, Sohu could be exploited by hackers who managed to convert its popularity into a massive Persistent XSS enabled DDoS attack. Devastating New DDoS Attack Method At its basis, Persistent XSS is a crafty type of malicious code injection. This injection method involves convincing a server to save data from an outside source (the hacker) and then refresh the data every time a new browser accesses the page. In this attack, the hacker saved to Sohu’s server a JS script that runs a DDoS tool. To do this, he placed a malicious JS script within the avatar image of a fabricated user profile. As with most video sites, this infected user picture would then show up next to any comments wrote by this profile, on Sohu’s video pages. The hacker was smart enough to write a JS script that would hijack every new browser that accessed a video page with the infected comment, forcing it to run a sent DDoS to the target site. The hacker programmed the script to send GET requests to the target once a second. Imagine; thousands of users watching a video on Sohu sending malicious GET requests every second. These bad requests add up quickly, quickly growing to millions every minute. Interestingly enough, the hacker also had the brains to put his infected comment on the most popular and longest playing videos, so the viewers would rack up DDoS requests even faster. This large security event goes to show that even powerful websites can be manipulated by hackers. Where Will the Next Attack Come From? It’s difficult to say. This case study shows that hackers will use whatever means necessary to take down their targets. Without 3rd party protection services, most websites can only defend what they’ve seen already–they can only react after they have been hit. In this instance, the hacker was clever enough to fly under the radar and avoid detection by Sohu’s watchful IT team. If the hacker had chosen a target without a DDoS protection service, Sohu might still be a giant DDoS machine causing havoc on innocent websites. Source: http://www.economicvoice.com/chinese-youtube-used-as-ddos-machine/  

Continue Reading:
“Chinese YouTube” Used as DDoS attack Machine

Botnets gain 18 infected systems per second

“According to industry estimates, botnets have caused over $9 billion in losses to US victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each y…

More:
Botnets gain 18 infected systems per second

100+ DDoS events over 100GB/sec reported this year

Arbor Networks released global DDoS attack data derived from its ATLAS threat monitoring infrastructure. The data shows an unparalleled number of volumetric attacks in the first half of 2014 with over…

Read More:
100+ DDoS events over 100GB/sec reported this year

Gameover ZeuS botnet pulls dripping stake from heart, staggers back from the UNDEAD

Zombies twitch, lurch to feet after FBI takedown The Gameover ZeuS malware is back from the dead just six weeks after a takedown operations that aimed to put a stake through the heart of the botnet, which is linked to the even more infamous CryptoLocker ransomware.…

Continue Reading:
Gameover ZeuS botnet pulls dripping stake from heart, staggers back from the UNDEAD

DoJ provides update on Gameover Zeus and Cryptolocker disruption

The Justice Department filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the Gameover Zeus botnet an…

Original post:
DoJ provides update on Gameover Zeus and Cryptolocker disruption

17-Year-Old Behind Norway DDoS Attacks This Week

On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country. The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents. On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.” Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up. Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced. According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help. After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.” The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time. Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult. The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air. The website of the largest telecommunications company in Norway, Telenor, was also affected. Source: http://news.softpedia.com/news/17-Year-Old-Behind-Norway-DDoS-Attacks-this-Week-450391.shtml

Read the article:
17-Year-Old Behind Norway DDoS Attacks This Week