Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

A month before Pakistan’s ceasefire violation on the eve of Independence Day, a silent battle was raging in Mumbai’s financial district. Two large private banks, a retail brokerage and a state-owned lender faced a cyberattack from hackers across the border that seriously slowed down all online customer transactions. In the world of cybercrime, such attacks, which could be mistaken as normal traffic overload on the Net, are known as ‘distributed denial of service’ or DDoS. Spread across the world, hackers, either sympathetic to lost causes or indulging in the game of extortion, virtually ‘take over’ thousands of computers in diverse destinations before unleashing a DDoS strike. As computers that are hacked into start behaving as robots – or, ‘botnet’ in cyberparlance, the hackers divert traffic from these terminals to clog the systems of targets like banks and even e-commerce firms. A bank that is invaded may be unaware of the attack and even take a while to sense that customers are struggling to put through a simple net banking fund transfer or credit card payment. The July attack On that day in July, it was no different. The financial institutions received advisory on the DDoS attack from the government’s Computer Emergency Response Team (CERT). Also, there were alerts that more attacks could follow over the next few hours, said a cybercrime expert. Speaking to ET on condition of anonymity , one of the senior most officials in the government’s cybersecurity establishment said, “There was an attack but this was effectively countered. Often these things are done with the intention to blackmail … But we have the systems to handle it. There have been finance ministry and RBI instructions to banks for taking necessary measures to protect against DDoS strikes.” According to cybersecurity head in one of the largest Indian banks, since April there have been several advisories from government agencies like CERT and National Critical Information Infrastructure Protection Centre on DDoS. “In a DDoS attack, if a bank can block the bogus traffic diverted by a hacker for the first 15 minutes, then the attacker typically moves away to a weaker target. But if an institution is unable to resist, then the attacker may demand ransom. Rogue hackers in places like Nigeria and East Europe want to be paid in Bitcoin. Since Bitcoin is based on what is known as block-chain technology, fund transfers leave no trail.” Safety measures As precaution, no bank, to begin with, should depend on a single internet service provider (ISP), he said. “Besides, banks are beginning to invest in anti-DDOS high-end appliances. Some are carrying out mock drills to test the technology. Here, a flood of traffic is diverted to banks’ own websites to figure out whether the ISP and banks’ internal cybersecurity teams are adequately alert,” said the banker who refused to be named. Until a hack attack is obvious, companies in India typically keep such incidents under wrap as regulators do not insist on mandatory reporting of security breach. Some of the US-listed Indian entities are even more reticent: Since a cyberattack is rarely disclosed due to fear that it could scare away customers, it becomes more difficult to admit the breach later. In DDoS attack, including the current one, there is no data compromise or cash theft. “The timing of the event suggests that it could be handiwork of some of the Pakistani hackers who may be located in the US and Europe. Typically, they are active before big festivals or in the run up to Independence Day or Republic Day. They have a specific point to prove,” said an ethical hacker, who advises several companies and agencies on cybersecurity . Types of hackers According to him, there are three broad types of hackers, differentiated by motives. First, the financially motivated cybercriminal, who are usually from Eastern Europe and are interested in stealing credit card information, or engage in identity theft etc. They are highly organized, infect thousands of systems across the globe in order to achieve their objectives, and even ‘rent’ access to an infected computer for an hourly fee for conducting DDoS. The second type are hacktivists or politically motivated hackers whose sole interest is in furthering a political agenda by defacing a site, or bringing a site down through DDoS attacks. Pakistani hackers fall in this category . The third and the most serious type are nation state attackers involved in corporate espionage. They gain access to competing companies in order to steal business strategy and intellectual property. Chinese hackers are well-known for this. Source: http://timesofindia.indiatimes.com/tech/tech-news/Prepare-a-new-dossier-Pakistans-cyber-Mujahideen-hit-India/articleshow/48739013.cms?

View post:
Prepare a new dossier! Pakistan’s cyber Mujahideen hit India

DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

No wonder the Pentagon has announced it’s working on a plan to fund tools and researchers to help organizations defend themselves against the pervasive threat of cyber assaults known as distributed denial-of-service (DDoS) attacks. In recent days, the agency said it’s looking to fund researchers who can come up with tools as part of a program starting next April that would, among other things, help organizations recover from DDoS attacks in a maximum of 10 seconds. And the acknowledgement of that hunt for researchers for the program, called Extreme DDoS Defense, arguably comes not a moment too soon. A few new industry reports are out that show the number of DDoS attacks is trending upward, even hitting new highs. Their provenance and targets take many forms – from organized, malicious hackers targeting sophisticated organizations to more isolated incidents where, experts say, the intent is to just find a weakness somewhere, anywhere. But the result is a kind of cyber blitz that’s growing in number and aggressiveness. New York Magazine was among those organizations recently hit by a DDoS attack, and at a critical moment. After publishing the blockbuster results of an interview with 35 women who’ve accused Bill Cosby of sexually assaulting them, the magazine’s website was knocked offline by what appeared to be a DDoS attack. Attacks like those, said Incapsula co-founder Marc Gaffan, are not only on the rise but “have essentially been going up for the last two years, quarter over quarter.” His company is a cloud-based application delivery service. According to another cloud services provider, Akamai Technologies, DDoS attacks were up 132% in the second quarter compared to the same period in 2014. During the period between April and June this year, Akamai’s research also found 12 attacks it described as “mega attacks” – which peaked at more than 100 gigabits per second and 50 million packets per second. What’s more, the company said, few organizations are able to mount a strong enough defense to keep attacks like that at bay. “The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter,” said John Summers, vice president of Akamai’s cloud security business unit. “Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.” Once upon a time, Gaffan said, the attacks were largely the work of hackers looking to make a name for themselves, to make some larger point or to go after a controversial target to inflict some degree of discomfort. “They’re also about extortion and ransom,” Gaffan said. “They can be used to stoke competitive feuds, as well as a diversion for a larger attack. When it comes to extortion, attackers are looking online for businesses who’d suffer significantly if their website is down. Most companies don’t pay the ransom. “Often, we also see ransom numbers so small, they try to make it low enough that it’s a no-brainer for organizations to pay. Companies also hire DDoS gangs to take competitors down. There was one organization that came to us and said, ‘We were attacked.’ Two minutes later, a competitor put on Twitter that they were going out of business, and that’s why their site was down.” Such attacks continue to be a costly problem for the organizations that end up as targets. The Q2 2015 Global DDoS Threat Landscape from Incapsula showed, of network layer DDoS attacks, the longest during the quarter lasted 64 days. A little more than 20% of all attacks lasted over five days. The report based its data on 1,572 network layer and 2,714 application layer DDoS attacks on websites using Incapsula services from March 1st through May 7th. According to the organization’s DDoS Impact Survey, an attack on average costs a business $40,000 per hour. Implications include the loss of consumer trust, data theft, intellectual property loss, and more, according to the report. The report went on to note the longest application layer attack it found lasted for eight straight days. The average duration stretched for just over two and a half hours. And in the second quarter, almost 15% of all application layer DDoS traffic came from China, followed by Vietnam, the U.S., Brazil and Thailand. “What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month,” the organization’s threat landscape report reads. “This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes.” Meanwhile, Arbor Networks Inc., a provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, found similar results. Its just-released Q2 2015 global DDoS attack data shows growth in the average size of attacks, with 21 percent of attacks during the quarter topping 1 gigabit per second. “One thing we see a lot of is just probing, just hitting the network as hard as they can to see where it will fall down,” said Gary Sockrider, principal security technologist at Arbor. “Another is where this is used for extortion. Where the business model is ok, now we’ve done this – pay us money.” Sockrider continued, “The lesson to take is this isn’t just a service provider problem. It’s no longer sufficient to leave it to deal with upstream. It’s everybody’s problem. You have to understand that threat, that you are a potential target, and bake that into your business resiliency planning.” Source: http://bgr.com/2015/08/31/ddos-attacks-report-2015-trends/

View post:
DDoS attacks are getting much more powerful and the Pentagon is scrambling for solutions

Six teens arrested in UK for using hacking group’s paid DDoS service

Six teenagers were arrested by British police on suspicion of attacking websites, the country’s National Crime Agency (NCA) announced on Friday. The teenagers were users of the hacking group Lizard Squad and used the Lizard Stresser tool, software that allowed them to pay to take websites offline for up to eight hours at a time, according to an NCA statement. The tool works by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users. Those arrested in the operation coordinated by NCA were all teenage boys aged from 15 to 18, while two other suspected users of Lizard Stresser were arrested earlier this year, the NCA said. The suspects are thought to have maliciously deployed Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous, the NCA also said. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers, according to the NCA. Lizard Squad became a well-known hacking group last year after it claimed responsibility for taking down the PlayStation Network and Xbox Live. The group later launched the Lizard Stresser tool. “By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit. Officers are also visiting some 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks. A third of the individuals identified are under the age of 20, according to the NCA. “One of our key priorities is to engage with those on the fringes of cyber criminality to help them understand the consequences of cyber crime, and how they can channel their abilities into productive and lucrative legitimate careers,” said Adams. Source: http://www.globalpost.com/article/6638281/2015/08/28/six-teens-arrested-uk-using-hacking-groups-paid-ddos-service

See the original article here:
Six teens arrested in UK for using hacking group’s paid DDoS service

BitTorrent patches reflective DDoS attack security vulnerability

A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks. The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks. According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem — which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request. Successful distributed denial-of-service (DDoS) and DRDoS attacks launched against websites flood domains with traffic, often leaving systems unable to cope with the influx and resulting in legitimate traffic being denied access to Web resources. The team said in a paper (.PDF) documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable. On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to “mitigate the possibility of such an attack.” Francisco De La Cruz, a software engineer from the uTorrent and BitTorrent team, wrote a detailed analysis of the attack and the steps the company has taken to reduce the risk of this vulnerability. The vulnerability lies within libµTP, a commonly used tool which can detect network congestion and automatically throttle itself — a useful feature when BitTorrent clients are being used on home networks. However, the way libµTP handles incoming connections allows reflectors to accept any acknowledgement number when receiving a data packet, which opens the doorway to traffic abuse. The success of a DRDoS relies on how much traffic an attacker can direct towards a victim, known as the Bandwidth Amplification Factor (BAF). The higher the BAF, the more successful the attack. In order to reduce the BAF ratio and mitigate the security issue, BitTorrent engineers have ensured a unique acknowledgement number is required when a target is receiving traffic. While this can still be guessed, it would be difficult and time-consuming to do so for a wide pool of victims. De La Cruz said: “As of August 4th, 2015 uTorrent, BitTorrent and BitTorrent Sync clients using libµTP will now only transition into a connection state if they receive valid acknowledgments from the connection initiators. This means that any packets falling outside of an allowed window will be dropped by a reflector and will never make it to a victim. Since the mitigation occurs at the libµTP level, other company protocols that can run over libµTP like Message Stream Encryption (MSE) are also serviced by the mitigation.” Regarding BTSync, BitTorrent says the severity of the vulnerability — even before recent updates were applied to the protocol — mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol’s design ensures that peers in a share are limited — keeping the potential attack scale down. According to the BitTorrent executive, the protocol therefore would “not serve as an effective source to mount large-scale attacks.” Averill commented: “This is a serious issue and as with all security issues, we take it very seriously. We thank Florian for his work and will continue to both improve the security of these protocols and share information on these updates through our blog channels and forums.” Source: http://www.zdnet.com/article/bittorrent-patches-reflective-ddos-attack-security-vulnerability/

Read the original post:
BitTorrent patches reflective DDoS attack security vulnerability

NCA arrests six Lizard Squad users after gaming firms, retailers targetted

Officers also visiting 50 addresses for a quiet word The National Crime Agency has arrested six users of a Lizard Squad DDoS attack tool, which had been used against a national newspaper, a school, gaming companies, and a number of online retailers.…

Read more here:
NCA arrests six Lizard Squad users after gaming firms, retailers targetted

NCA arrests six Lizard Squad users after gaming firms, retailers targeted

Officers also visiting 50 addresses for a quiet word The National Crime Agency has arrested six users of a Lizard Squad DDoS attack tool, which had been used against a national newspaper, a school, gaming companies, and a number of online retailers.…

Continue reading here:
NCA arrests six Lizard Squad users after gaming firms, retailers targeted

Spooks, plod and security industry join to chase bank hacker

Perp known as ‘DD4BC’ has some serious heat on his or her tail, with worse to come A group of security boffins have joined police and intelligence spooks in a clandestine mission to identify those behind distributed denial of service (DDoS) extortion attacks against major banks.…

More:
Spooks, plod and security industry join to chase bank hacker

81% of healthcare organizations have been compromised

Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…

Excerpt from:
81% of healthcare organizations have been compromised

DARPA wants to take the sting out of DDoS attacks

While posing a minor inconvenience compared to other more malicious cyberattacks, distributed denial of service attacks post enough of a threat that the Defense Advanced Research Projects Agency nonetheless is looking for innovative approaches to mitigate their effects.  The Extreme DDoS Defense (XD3) program is looking to the private sector for “fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions,” according to a recent broad agency announcement. While this BAA does not include detection and mitigation of DDoS-related malware on hosts or networked devices, DARPA listed five technical areas for which contractors can submit responses that focus on lessening the effect of DDoS attacks and improving recovery time.  For example, the solicitation seeks proposals to: Devise and demonstrate new architectures that physically and logically disperse these capabilities while retaining (or even exceeding) the performance of traditional centralized approaches.   Develop new cyber agility and defensive maneuver techniques that improve resilience against DDoS attacks by overcoming limitations of preconceived maneuver plans that cannot adapt to circumstances and exploring deceptive approaches to establish a false reality for adversaries.   Produce a response time of 10 seconds or less from attacks and at least a 90 percent recovery in application performance compared with hosts that do not have XD3 capabilities. DARPA believes XD3 concepts can be leveraged by the military, commercial network service providers, cloud computing and storage service providers and enterprises of all sizes. Given the threat and array of targets DDoS attacks pose, XD3 BAA responses will consider a wide range of network and service contexts, such as enterprise networks, wide?area networks, wireless networks, cloud computing and software-defined networks, to name a few. The response date is Oct. 13, 2015, and the proposers day will be held on Sept. 2, 2015. Source: http://gcn.com/articles/2015/08/26/darpa-xd3-ddos.aspx

See more here:
DARPA wants to take the sting out of DDoS attacks

The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

DDoS attacks are often seen as a global phenomenon that affects ISPs and large datacentres. But the daily damage is done by much smaller attacks on vulnerable, sometimes poorly defended resources such as websites belonging to well-known organisations. The UK has had more than its fair share of such attacks with hacktivism and occasionally extortion the main motivations. Here we chart some of the worst attacks that have affected UK organisations in recent years. DoS attack on CMP Media (UBM) – 1998 Proof that simple denial of service (DoS) attacks (if not DDoS) are far from new, a disgruntled magazine subscriber decided to barrage the email server and fax machines of the UK tech publisher CMP Media (later sold to UBM) with enough traffic to cut the company off from the world for most of two days. The ISP identified the likely culprit but in 1998 denial of service attacks were a civil rather than criminal matter and remained so until 2006. LulzSec ‘”Tango down” DDoS attacks – 2011 The group that gave the Anonymous movement its UK brand, the small collection of mainly British youths that hid behind the LulzSec moniker loved their DDoS. Several big UK organisations were targeted but the attack that downed the Serious Organised Crime Agency (SOCA) website in June 2011 was probably the last straw. Alleged UK GCHQ DoS attack on Anonymous – 2011 In 2014 Britain hater and anti-NSA campaigning journalist Glenn Greenwald alleged that GCHQ Joint Threat Research Intelligence Group (JTRIG) unit launched DDoS attacks to disrupt chatrooms used by hacktivists from Anonymous and LulzSec. It was pointed out that this was really a targeted DoS attack and not an indiscriminate DDoS. Attack on the BBC by Iran – 2012 Downplayed at the time but what hit the Beeb on 2 March 2012 was anything but for those on the receiving end. Downed the BBC’s email server for a while, disrupted its Persian Service (hence the blame being attributed to Iran, which hates the Service’s output) and even overloaded its exchange with large numbers of phone calls. DDoS attack on Oxford and Cambridge universities – 2012 A single 20-year old individual – later imprisoned for a range of cybercrimes – was blamed for the DDoS attacks on Oxford and Cambridge University that disrupted their websites for a period of days in 2011 and 2012. It was never clear why the named man attacked the universities but the ease with which one person could cause so much trouble for large institutions was noted at the time. DDoS on 123-reg domain registrar – 2012 A sign that DDoS attacks could take on even big Internet-facing businesses, in May 2012 the UK’s largest domain registrar was hit with enough traffic to take its site down for a reported 15 minutes with further problems throughout the day. Rivals were also targeted as crybercriminals tested their latest techniques against well-defended businesses. Spamhaus 325Gbps super-DDoS – 2012 The massive 325Gbps DDoS attack on UK anti-spam organisation Spamhaus remains probably the second or third largest of all time and was even ridiculously said to have ‘slowed the Internet’. Later blamed on Dutch national Sven Kamphuis, the Spamhaus attack was the first to use a technique called DNS amplification to such sensational effect. Julian Assange hacktivists turn on MI5 – 2012 Wikileaks’ founder Julian Assange was briefly a focus for anti-corporate rage, and his pursuit by the UK, the US and Sweden over rape allegations promoted a series of hacktivist DDoS attacks in late 2012. Predictable they might have been but also surprisingly successful – MI5’s public website was put out of action for several hours. Manchester casino extortion attack – 2013 A rare publicised example of DDoS in the service of extortion, the attack on a Manchester-based online casino came after the business refused to pay the owner refused to hand over half the business to Polish nationals Piotr Smirnow and Patryk Surmacki. The pair were eventually arrested at Heathrow Airport tying to leave the country and later jailed. Raspberry Pi Foundation DDoS – 2013 Not everyone likes the Raspberry Pi people it seems including a “lone sociopath” with issues. The individual concerned launched a flurry of bizarre grudge DDoS attacks on its website, with some success. The attacker even targeted a group of teens working on a 48-hour Python hackathon using RaspBerry Pis. The Foundation beat the attacks with the help of an understanding ISP. Carphone Warehouse data breach DDoS – 2015 In July 2015, major UK smartphone retailer Carphone Warehouse suffered a serious data breach which, it later transpired, might have been aided using a DDoS ‘distraction’ attack. Up to one in five DDoS incidents are later found to be part of a data theft snatch in which IT staff are occupied fending off the DDoS, giving attackers more opportunity to sneak in and out. Mumsnet DDoS attack by @DadSecurity – 2015 Who would attack a site as apparently innocuous as Mumsnet? In what must rank as the oddest ideological attack of recent times, a campaign group called ‘@DadSecurity’ is suspected of doing just that as part of a wider campaign of nuisance that included having an armed police team dispatched to the house of founder Justine Roberts. Came after earlier data breach in 2014. Source: http://www.techworld.com/picture-gallery/security/uks-12-worst-ddos-attacks-hacktivism-extortion-plain-malice-3623767/#12

Continue reading here:
The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice