International Middle East Media Center back on-line after DDoS Attack

The website of the International Middle East Media Center (IMEMC) is back online after the Palestinian news service, under the auspices of the Palestinian Centre for Rapprochement between People, was forced off-line by a DoS attack and apparently let down by Hosting provider Bluehost. IMEMC and other new media came under increased attack during the Gaza war, while mainstream media were bleeding viewers, listeners and readers to new, alternative and independent news services. A several hundred percent increase in readers of news about the Gaza war may, ultimately, have prompted the UK parliament’s recognition of Palestine. The IMEMC website is under constant attack of one sort or the other, but these attacks increased significantly since the Gaza war, said the editor-in-chief Saed Bannoura to nsnbc. IMEMC’s website ultimately succumbed to a DoS attack on October 14, after the end of armed hostilities, but against the backdrop of the Swedish recognition of Palestine and the UK parliament’s yes vote to the recognition of Palestine on October 13. IMEMC, nsnbc, and a number of other new, independent or alternative media experienced a marked increase for the Palestine – Israel discourse. While nsnbc only registered a minor increase in daily readers, it noticed a marked increase in the number of read articles pertaining Palestine, Israel, and the related international discourse. IMEMC, which specifically covers Palestine and the Palestinian – Israeli discourse, experienced a significant increase in its number of readers and read articles. Saed Bannoura noted that IMEMC also experienced an increased interest in IMEMC’s Facebook page and Twitter account, adding, however, that there was a particular increase in interest for the IMEMC website. Bannoura said: “Our readership increased from two million hits per month to ten million hits per month … We have seen more and more reprints of our articles, and also, Abby Martin of Russia Today, was repeatedly quoting the IMEMC website, our statistics and our reports in her TV coverage” Saed Bannoura noted that IMEMC and other independent media often have people on the ground where major mainstream media are merely repeating the reports from establishment news agencies. It is noteworthy that the IMEMC website succumbed to the DoS attack on October 14, one day after the UK Parliament voted in favor of the recognition of Palestine and only two days after nsnbc published an article that documented an unprecedented level of harassment of alternative media, including IMEMC, nsnbc, Voltairenet, New Eastern Outlook, Land Destroyer Report, Infowars, Drudge Report and others. Mainstream media like the BBC, CNN and other were increasingly forced to adjust their coverage. This ”adjustment” and the flight away from the mainstream to alternatives is likely to have been a significant contributing factor to the landslide in public opinion in the UK, that led to the recognition of Palestine by the UK parliament. Speaking about the decades-long vilification of Palestinians and the misrepresentation of the Palestinian – Israeli discourse in Blockbuster Hollywood movies and mainstream media, Saed Bannoura said: “Well, it’s an unfortunate reality that most of the international media agencies are largely corporate owned and line-up with corporate lobbies. Therefore their coverage is poor to none, regarding Palestine issues, especially when it comes to Palestinian rights”. Another aspect of the involvement of strong corporate and government interest in media coverage is that alternative, internet-based media, are dependent on Hosting providers who often are in direct or indirect corporate relationship with, or dependent on business with major corporations which are known for their cooperation with intelligence agencies. One example is the well-documented cooperation between Google, Microsoft, Apple, and the U.S.’ National Security Agency. IMEMC’s now previous Hosting service, Bluehost, said Saed Bannoura, let IMEMC down when it was subjected to the DoS attack instead of providing any actionable help. Bannoura stressed, “that is their job, that is what we are paying them for”. It is noteworthy that Bluehost has a partnership with SiteLock, which also was involved in a harassment case pertaining nsnbc and others. October 18, nsnbc attempted to contact Bluehost via chat and phone. A sustained attempt to acquire the contact details of a media spokesperson or anyone who could speak on behalf of Bluehost failed. Also repeated direct calls to its violation of terms of service department were consistently answered by an answering machine, saying, “I’m sorry, that’s not a valid extension. Thank you for calling”. IMEMC has migrated the website to another hosting provider for now. Editor-in-chief Saed Bannoura agrees that alternative, new, and independent media could and maybe ought to form some kind of alliance with regard to negotiating with safe and ethical hosting service providers. The IMEMC website is on-line again, but the new media are likely to remain vulnerable as long as they don’t stand united against censorship and harassment. Source: http://www.imemc.org/article/69429

Visit link:
International Middle East Media Center back on-line after DDoS Attack

Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned. SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that the devices use in residential or small office environments are being co-opted into reflection and amplification distributed denial-of-service (DDoS) attacks since July that abuse communications protocols enabled on UPnP devices. “ The rise of reflection attacks involving UPnP devices in an example of how fluid and dynamic the DDoS crime ecosystem can be in identifying, developing and incorporating new resources and attack vectors into its arsenal ,” the advisory states. “ Further development and refinement of attack payloads and tools is likely in the near future. “ The weakness in the Universal Plug-and-Play (UPnP) standard could allow an attacker to compromise millions of its consumer and business devices, which could be conscripted by them to launch an effective DDoS attack on a target.   Attackers have found that Simple Object Access Protocol (SOAP) – protocol used to exchange sensitive information in a decentralized, distributed environment – requests “can be crafted to elicit a response that reflects and amplifies a packet, which can be redirected towards a target.” This UPnP attack is useful for both reflection attacks, given the number of vulnerable devices, and amplification as researchers estimate that it can magnify attack traffic by a factor of 30, according to the advisory. OVER 4.1 MILLIONS DEVICES VULNERABLE According to the security researchers, about 38 percent of the 11 million Internet-facing UPnP devices, i.e. over 4.1 million devices, in use are potentially vulnerable to being used in this type of reflection DDoS attack. “ The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch ,” said Akamai security business unit senior vice president and general manager Stuart Scholly. “ Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat .” MAJOR TARGETED COUNTRIES South Korea has the largest number of vulnerable devices, followed by the United States, Canada, and China, according to the advisory. This isn’t the first time when a security flaw in UPnP has allowed attackers to target home and business devices, back in January 2013, a flaw in UPnP exposed more than 50 millions computers, printers and storage drives to attack by hackers remotely.   Source: http://thehackernews.com/2014/10/reflection-ddos-attacks-using-millions_16.html

Link:
Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

How Russian hackers used Microsoft PowerPoint files to hack NATO computers

The ‘Patch Tuesday’ fixes included a patch for a vulnerability that a Russian Hacker team was using to target NATO. These attacks target high-profile organizations so you don’t have much of a reason to be worried (but please update!). So, no need to panic, this is just an interesting scenario that sheds some light on how computers can be compromised. The Russian team is called ‘Sandstorm Team’ and has been targeting organizations in Russia, the European Union, and United States since 2009. This attack used malicious PowerPoint documents. The Sandstorm Team crafted these PowerPoint files to install a malware called ‘Black Energy’ when opened. The malware installed is ‘bot-based’ and uses a plugin architecture that can be used for Distributed Denial of Service (DDoS) attacks, credential theft, or spam. Then, in a ‘spear-fishing’ attack, they sent these files to the employees of NATO and different telecom and energy companies. A ‘spear-fishing’ attack is when the attacker pretends to be a trustworthy source to trick the victim into opening malicious files, in this case, PowerPoint files which installed malware. Normally, you don’t want to run exe files that you don’t trust as they execute unrestricted code. But a PowerPoint file should just open a PowerPoint, so it’s safe, right? Wrong. You should never open files that are from questionable sources. This particular attack used a vulnerability in OLE that allowed the attacker to execute any command, which was used to install the malware through the mere opening of the PowerPoint file. OLE stands for Object Linking and Embedding, and is used in cases such as linking an Excel report in a PowerPoint document. This way, when the Excel report is updated, so is the data that shows up in the PowerPoint. It is a very useful feature, but the attackers found a vulnerability that lets them use it to install malware. This vulnerability in the OLE has now been patched. This was a ‘zero-day,’ which are attacks where the attacker finds a vulnerability first and be able to exploit it before anyone has any knowledge about it, let alone has a chance to fix it. These types of attacks happen all the time, and the only way to fix one is to detect the malware exploiting it and then patch the vulnerability. To help ensure the safety of your own system, don’t click on anything you don’t trust, and install updates as soon as possible. Source: http://www.winbeta.org/news/how-russian-hackers-used-microsoft-powerpoint-files-hack-nato-computers

See the original post:
How Russian hackers used Microsoft PowerPoint files to hack NATO computers

4 million UPnP devices may be vulnerable to attack

Akamai has observed the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including rou…

Continued here:
4 million UPnP devices may be vulnerable to attack

Hong Kong Protests: Anonymous Hackers Leak Chinese Government Data, Shutdown Websites

Hundreds of phone numbers, names, IP addresses and email addresses from Chinese government websites have been leaked online by the hacktivist collective Anonymous in support of pro-democracy protests in Hong Kong. Anonymous first threatened the attack last week through its ‘Operation Hong Kong’ affiliated branch, promising to leak government email address details and to shut down state websites through a Distributed Denial of Service (DDoS) attack. Over the weekend, shortly after a government statement condemning the threat of attack, personal details taken from the Ningbo Free Trade Zone in Zhejiang province and a job-search site were released by the group. “We cannot be with you on the streets. We cannot fight the police that are arresting you. But they cannot arrest an idea,” Anonymous said in a statement. “We have effectively hacked and shutdown government websites and their supporters. Some noticeable Chinese and Hong Kong government domains and networks have already acquired American services for their domains.” The group claims that such actions by the Chinese government prove that the attacks carried out “cannot be handled” and that the involvement of US-based providers prove that US corporations are complicit in supporting Beijing policy. The hacker group first announced its support for the pro-democracy protests in Hong Kong at the beginning of October, stating in a video at the time: “The time has come for democracy for the citizens of Hong Kong.” Five suspected members of Anonymous have since been arrested in the region in connection with hacking attacks. Due to the secretive nature of Anonymous, some security experts have said that it is difficult to prove that these attacks actually stem from them, rather than western governments. Protests in the former British colony started last month after Beijing decided it was to screen candidates for the first election in the territory in 2017. Source: http://www.ibtimes.co.uk/hong-kong-protests-anonymous-leaks-chinese-government-data-1469747

Read More:
Hong Kong Protests: Anonymous Hackers Leak Chinese Government Data, Shutdown Websites

InSerbia News under DDoS attack from Serbia

Internet portal InSerbia News was unavailable on Saturday for a few hours due to a DDoS attack. The attack was committed from IP addresses in the range that belongs to internet providers in Serbia, which says that the attack was not performed using “infected” computers (botnet) throughout the world, but that it was organized and maybe coordinated attack for which were used only computers from Serbia. InSerbia wrote on October 7th about “Valter” program, which could also have been used for an attack on InSerbia portal. The way the network of people who use “Valter” is organized, and all of them are from Serbia, increases suspicion that the same software was used against us this time. Because of the situation we are forced to block all IP addresses from Serbia, so visitors from this country must pass “Captcha” check before they enter the website. We apologize to our readers because of this measure. After blocking access to IP addresses from Serbia, the server continued to function normally. At the moment this article is being written (4pm CEST), the attack is still in progress. Source: http://inserbia.info/today/2014/10/inserbia-news-under-ddos-attack-from-serbia/

Read the article:
InSerbia News under DDoS attack from Serbia

Researcher makes the case for DDOS attacks

When you start with the premise that capitalism is illegitimate it’s easy to dismiss other people’s property rights. To some people, a political mission matters more than anything, including your rights. Such people (the Bolsheviks come to mind) have caused a great deal of damage and suffering throughout history, especially in the last 100 years or so. Now they’re taking their mission online. You better not get in their way. Molly Sauter, a doctoral student at the Berkman Center at Harvard (“exploring cyberspace, sharing its study & pioneering its development”), has a paper calling the use of DDOS (distributed denial of service) attacks a legitimate form of activism and protest. This can’t go unchallenged. Sauter notes the severe penalties for DDOS attacks under “…Title 18, Section 1030 (a)(5) of the US Code, otherwise known as the CFAA” (Computer Fraud and Abuse Act). This section is short enough that I may as well quote it here verbatim: (5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss. There are other problems with the CFAA with respect to some legitimate security research and whether it technically falls afoul of the act, but that’s not the issue here. Sauter goes on in some detail with the penalties under Federal law for violating this act and, no argument here, they are extreme and excessive. You can easily end up with many years in prison. This is, in fact, a problem generally true of Federal law, the number of crimes under which has grown insanely in the last 30 or so years, with the penalties growing proportionately. For an informed and intelligent rant on the problem I recommend Three Felonies a Day by Harvey Silverglate. Back to hacktivist DDOS attacks. She cites cases of DDOS attacks committed against Koch Industries, Paypal, the Church of Scientology and Lufthansa Airlines, some of these by the hacktivists who call themselves Anonymous. In the US cases of the attacks against Koch, Paypal and the Church, the attackers received prison time and large fines and restitution payments. In the Lufthansa case, in a German court, the attacker was sentenced to pay a fine or serve 90 days in jail; that sentence was overturned on appeal. The court ruled that “…the online demonstration did not constitute a show of force but was intended to influence public opinion.” This is the sort of progressive opinion, dismissive of property rights, that Sauter regrets is not happening here in the US. She notes, and this makes sense to me, that the draconian penalties in the CFAA induce guilty pleas from defendants, preventing the opportunity for a Lufthansa-like precedent. This is part and parcel of the same outrageous growth of Federal criminal law I mentioned earlier; you’ll find the same incentive to plead guilty, even if you’re just flat-out innocent, all over the US Code. I would join Sauter in calling for some sanity in the sentencing in the CFAA, but I part ways with her argument that political motives are a mitigating, even excusing factor. Sauter’s logic rises from a foundation of anti-capitalism: …it would appear that the online space is being or has already been abdicated to a capitalist-commercial governance structure, which happily merges the interests of corporate capitalism with those of the post-9/11 security state while eliding democratic values of political participation and protest, all in the name of ‘stability.’ Once you determine that capitalism is illegitimate, respect for other people’s property rights is no longer a problem. Fortunately, the law protects people against the likes of Anonymous and other anti-capitalist heroes of the far left. I would not have known or cared about Sauter’s article had it not been for a favorable link to it by Bruce Schneier. Schneier is a Fellow at the Berkman Center. Progressives and other leftists who think DDOS, i.e. impeding the business of a person or entity with whom you disagree in order to make a political point, should consider the shoe on the other foot. If I disagree with Schneier’s positions is it cool for me to crash his web site or those of other organizations with which he is affiliated, such as the Berkman Center, the New America Foundation’s Open Technology Institute, the Electronic Frontier Foundation, the Electronic Privacy Information Center and BT (formerly British Telecom)? I could apply the same principle to anti-abortion protesters impeding access to a clinic. I’m disappointed with Schneier for implying with his link that it’s legitimate to engage in DDOS attacks for political purposes. It’s worth repeating that Sauter has a point about the CFAA, particularly with respect to the sentences. It does need to be reformed — along with a large chunk of other Federal law. The point of these laws is supposed to be to protect people against the offenses of others, not to protect the offender. Source: http://www.zdnet.com/researcher-makes-the-case-for-ddos-attacks-7000034560/

See the original article here:
Researcher makes the case for DDOS attacks

.Anonymous threatens China, Hong Kong authorities with website blackout for DDoS attacks

Anonymous, the nebulous online activist group that uses hacking to further causes it supports, has threatened a major blackout of Chinese and Hong Kong government websites, and to leak tens of thousands of government email address details. The group, under the banner of ‘Operation Hong Kong’ or ‘#OpHongKong’ and ‘#OpHK’ on Twitter, said on Friday it will launch a mass effort against Chinese government servers to bring down their websites via Distributed Denial of Service (DDoS) attacks on Saturday. DDoS attacks attempt to cripple networks by overwhelming them with Internet traffic. “Here’s your heads up, prepare for us, try to stop it, the only success you will have will be taking all your sites offline,” an Anonymous statement posted online said. “China, you cannot stop us. You should have expected us before abusing your power against the citizens of Hong Kong.” Demonstrations in Hong Kong have seen the use of tear gas, violent clashes and mass disruptions to business and traffic as people campaign for the right to democratically elect the Asian financial hub’s leader. Hong Kong’s refusal so far to negotiate with protesters, and a police reaction that many labelled as heavy-handed, has sparked widespread condemnation that has now spread to Anonymous, which often campaigns for civil liberties by attacking people or institutions it sees as opponents of those rights. “If this is true, it will show that the Chinese government is a victim of internet hacking,” said Foreign Ministry spokesman Hong Lei at a daily news briefing. “ China has consistently stressed our opposition to all internet hacking attack activities. We rebuke the acts of this organisation.” The Chinese government’s Hong Kong Liaison Office also said its website had been attacked twice on Wednesday and Thursday, blocking visitors to the site for a time. “This kind of internet attack violates the law and social morals, and we have already reported it to the police,” it said, adding that the website was running normally again. Among the websites Anonymous said it would target are those of China’s Ministry of Public Security, the Ministry of Defence, Ministry of Justice and Hong Kong police. “Prepping for massive DDoS attacks, Database dumps, etc… Will be destroying #China Government,” wrote one Anonymous participant on Twitter. China’s Defence Ministry, in a statement sent to Reuters, said its website was subject to numerous hacking attacks every day from both home and overseas. “We have taken necessary steps to protect the safe operation of the Defence Ministry website,” it added. The State Internet Information Office, China’s internet regulator, declined to comment. The Ministry of Public Security declined to immediately comment by telephone. The Hong Kong Police Force was not available for immediate comment. The Ministry of Justice said it was not aware of the threat from Anonymous, and that its website wasn’t its responsibility to maintain. The Legal Network Media Beijing Company, which maintains the Ministry of Justice site, said it had not had official notice about any attack, nor had it detected any attacks on the website so far. “If there are future hacking attacks, we have confidence they can be resolved,” said a technician at the company who gave his surname as Zhong.   Source: http://uk.reuters.com/article/2014/10/10/uk-china-hongkong-internet-idUKKCN0HZ0KY20141010

See the original article here:
.Anonymous threatens China, Hong Kong authorities with website blackout for DDoS attacks

Interview with a DDoS troll: Meet ‘the Gods of the Internet’

DDoS attacks are a way to keep corrupt corporations honest, according to an anonymous member of DerpTrolling, who gives us an inside look at the self-proclaimed gods of the Internet. The man behind the curtain One of the first things he says is that he absolutely cannot offer proof. This makes a disappointing amount of sense: he is a self-confessed DDoS troll, a member of the infamous group DerpTrolling. Since distributed denial-of-service attacks could be considered a federal crime under US law — and, indeed, are an offence in many locations around the globe, including the UK and Australia — he, understandably, won’t give a name, location or even rough age. As a corollary, we have no way of knowing that he is who he says he is. We’ll call him Incognito. To talk to him, we plug into a private chat session from opposite sides of the globe (as indicated by time zones) using an encrypted Chrome add-on. “I’ve seen Anonymous at its best,” he tells us. “I participated in their major DDoS attacks against Visa and PayPal, although the role DerpTrolling played in those attacks is pretty much unknown. I’ve seen the rise and fall of LulzSec. So let’s just say I am old enough to know how to stay hidden.” One thing is clear from the outset: Incognito believes that what DerpTrolling does is for the good of everyone. “DerpTrolling as a group shows the world, particularly the gaming community, how big companies and corporations such as Riot or Blizzard only care about money,” he explains. “Our methods are forcing big companies and corporations to upgrade their servers and make sure their clients are their top priority.” DerpTrolling has been around since around 2011 or so, and Incognito has been a member since the beginning. Its method of attack, as mentioned above, is DDoS — overloading servers with external communication requests, rendering the target systems unusable for a period of time. DerpTrolling has attacked several high-profile servers over the years, including those of League of Legends, World of Tanks, EVE Online, DoTA 2, Blizzard, RuneScape and, more recently, Xbox Live and the Nintendo Web store. Although their actions may appear inscrutably juvenile and unwarranted — done for, as the saying goes, the lulz — the team identifies rather strongly with Richard Stallman’s assessment of DDoS as a form of protest against what it perceives as a callous disregard for gamers on the part of games publishers. “A company that doesn’t care only for money would make the effort, which includes time and money, to make sure their servers aren’t able to be crippled by a simple DDoS attack,” Incognito said. “We decided to take action because, if we had the capability to stop corporate greed and we did nothing, that in itself is a crime. We thought DDoS attacks were appropriate because they do not affect customers in a monetary way, unlike leaking data — although we are not opposed to leaking data.” Lines in the sand He is careful to point out that DerpTrolling is against doxxing — that is, the leaking of information about a specific individual, such as address, phone number, Social Security number, credit card and bank account details — and swatting, a term for calling the police to the home of said doxxed individual for spurious reasons. In one of the most famous incidents involving the group, though, one particular individual was doxxed and swatted — Twitch streamer PhantomL0rd. While DerpTrolling was attacking Battle.net, EA.com, Club Penguin and Riot, it was allegedly because those were games PhantomL0rd was playing. At some point during the DDoS activities, PhantomL0rd was doxxed on several gaming websites — and then someone called the police to his home, accusing the streamer of holding five people hostage. Incognito is cagey about the incident, and won’t comment on why the group targeted PhantomL0rd or what precisely DerpTrolling did do — only saying that there is no hard evidence connecting DerpTrolling to the actions. “Yes, Phantoml0rd was doxxed and swatted,” he said. “But we never threatened to harm him physically and we have never taken credit for that attack.” “We decided to take action because, if we had the capability to stop corporate greed and we did nothing, that in itself is a crime.” Incognito He seems determined to impress that there are lines DerpTrolling won’t cross — that what the group does, it does for the good of all. As an example, he mentions that the group is sitting on what could have been a significant customer data leak. “We are currently in possession of over 800,000 usernames and passwords from the 2K gaming studio. As of right now, our members as a whole have decided that leaking data is not what we do, and therefore we will not leak such damaging data,” he said, adding that he had contacted 2K to inform the publisher of the vulnerability in its system — and received no response. “I personally contacted them over a month ago. I did not send them an anonymous letter, I made sure they understood exactly who I was. And offered plenty of proof.” Unless the data is actually leaked, he believes that gaming companies are unlikely to spend the money to issue a fix. CNET has contacted 2K for comment and will update when we receive a reply. Incognito also goes out of his way to dissociate DerpTrolling’s activities from those of LizardSquad, the group that claimed responsibility for calling a bomb threat on a plane carrying Sony Online Entertainment president John Smedley. “I want to make it absolutely clear that DerpTrolling is in no way affiliated with LizardSquad,” he said. Although LizardSquad had requested that the two groups work together, DerpTrolling had refused, he said. “LizardSquad is a run by an extremist hacker who has close ties to UGNazi. You could say that the ISISGang is the elite ‘leaders’ of LizardSquad. We have no wish to associate with any individual or group that has ties with such extremists.” ISISGang has been accused of making prank calls that see their targets swatted and posing as Middle Eastern terrorists, while UGNazi is allegedly responsible for several doxxings and data leaks. Incognito seems quite firm that DerpTrolling wishes to commit no actual harm. The end and the means DerpTrolling has more up its sleeve. Attacks on Xbox Live and the Nintendo Web store on Saturday, September 28 were “test fire” for “upcoming attacks”, Incognito says — although he won’t go into any further detail about that. Nor is it easy to guess who the targets might be. DerpTrolling allows the community to select targets much of the time, Incognito said, via text or tweet. The fact that sometimes the attacks achieve a result justifies the work in his view; Incognito says that League of Legends and Xbox Live have both upgraded their servers in response to DerpTrolling DDoS attacks — in spite of negative public opinion. “Children do not know what is best for them. We are basically the Gods of the Internet, we know what is best for them.” Incognito “The public will always have an opinion that is based on what the media feeds them,” he says. “Children do not know what is best for them. We are basically the Gods of the Internet, we know what is best for them.” When asked if DDoS is a snake chasing its own tail — that is, if no one engaged in DDoS attacks, then companies would not have to dedicate resources to protecting against them — he once again pleads no comment. There is a condition under which DerpTrolling will cease operations: “If the presidents of Sony and Microsoft will wear a shoe on their heads, then DerpTrolling will disband and we will not attack any more servers.” As for Incognito himself, we suspect he might be around for a long time. When asked if he himself would ever hang up his hat, he seems baffled by the question. “Why would I want to stop?” Source: http://www.cnet.com/au/news/the-gods-of-the-internet/

Read More:
Interview with a DDoS troll: Meet ‘the Gods of the Internet’

Image DDOSpart3pic1.png

DDoS Attacks Can Take Down Your Online Services Part 3: Defending Against DDoS Attacks

Various defense strategies can be invoked to defend against DDoS attacks. Many of these depend upon the intensity of the attack. We discuss some of these in this article. Mitigation Strategies Some protection from DDoS attacks can be provided by firewalls and intrusion-prevention systems (systems that monitor for malicious activity). When a DDoS attack begins, it is important to determine the method or methods that the attacker is using. The web site’s front-end networking devices and the server’s processing flow may be able to be reconfigured to stop the attack. UDP Attacks UDP (User Datagram Protocol) attacks send a mass of UDP requests to a victim system, which must respond to each request. One example is a ping attack. It is an enormous influx of ping requests from an attacker that requires the victim server to respond with ping responses. Another example of a UDP attack is when the Internet Control Message Protocol (ICMP) must be used by the server to return error messages. The messages may indicate that a requested service is unavailable or that a host or router cannot be reached. An attacker may send UDP messages to random ports on the victim server, and the server must respond with a “port unreachable” ICMP message. Mitigation Strategy In the case of a UDP attack, the firewall could be configured to reject all UDP messages. True, this would prevent legitimate use of UDP messages, such as pings sent by monitoring services to measure the uptimes and response times of the web site. However, to be shown as failed by a monitoring service is much better than actually being down. SYN Attacks In a SYN attack, a mass of connection requests are sent to the victim server via SYN messages. Typically, the victim server will assign connection resources and will respond with SYN ACK messages. The server expects the requesting client to complete the connections with ACK messages. However, the attacker never completes the connections; and the server soon runs out of resources to handle further connection requests. Mitigation Strategy In this case, the server connection facility could be reconfigured so that it did not assign connection resources until it received the ACK from the client. This would slightly extend the time required to establish a connection but would protect the server from being overwhelmed by this sort of an attack. DNS Reflection Attack A DNS reflection attack allows an attacker to send a massive amount of malicious traffic to a victim server by generating a relatively small amount of traffic. DNS requests with a spoofed victim address are sent to multiple DNS systems to resolve a URL. The DNS servers respond to the victim system with DNS responses. What makes this sort of attack so efficient is that the DNS response is about 100 times as large as the DNS request. Therefore, the attacker only needs to generate 1% of the traffic that will be sent to the victim system. DNS reflection attacks depend upon DNS open resolvers that will accept requests from anywhere on the Internet. DNS open resolvers were supposed to have been removed from the Internet, but 27 million still remain. Mitigation Strategy A defense against DNS reflection attacks is to allow only DNS responses from the domain of the victim server to be passed to the server. Mitigation Services Given a sufficiently large DDoSattack, even the steps mentioned here may not protect a system. If nothing else, the attack can overwhelm the bandwidth of the victim’s connection to the Internet. In such cases, the next step is to use the services of a DDoS mitigation company with large data centers that can spread the attack volume over multiple data centers and can scrub the traffic to separate bad traffic from legitimate traffic. Prolexic, Tata Communications, AT&T, Verisign, CloudFare, and others are examples of DDoS mitigation providers. These services will also monitor the nature of the attack and will adjust their defenses to be effective in the face of an attacker that modifies its strategies as the attack progresses. Legality DDoS attacks are specifically outlawed by many countries. Violators in the U.K. can serve up to ten years in prison. The U.S. has similar penalties, as do most major countries. However, there are many countries from which DDoS attacks can be launched without penalty. With respect to the Spamhaus attack described in Part 1, the CEO of CyberBunker, a Dutch company, was arrested in Spain and was returned to the Netherlands for prosecution. Summary Companies must prepare for the likelihood of losing their public-facing web services and must make plans for how they will continue in operation if these services are taken down. This should be a major topic in their Business Continuity Plans. For instance, in the case of the bank attacks described in Part 1, many banks made plans to significantly increase their call center capabilities to handle customer services should their web sites be taken down by a DDoS attack. DDoS attacks are here to stay. They are motivated by too many factors – retaliation, political statements, aggressive competitors, ransom – and are fairly easy to launch. Botnets can be rented inexpensively. There are even sophisticated tools available on the darknet to launch significant attacks. The defenses against DDoS attacks are at best limited. The ultimate defense is to subscribe to a DDoS mitigation service that can be called upon when needed. Source: http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services-part-3-defending-against-ddos-attacks/

Read the article:
DDoS Attacks Can Take Down Your Online Services Part 3: Defending Against DDoS Attacks