Monthly Archives: October 2006

Claranet offers DDoS Protection

Claranet, one of Europe’s largest Managed Services Provider (MSP) has announced a partnership with Prolexic Technologies to provide its clients with the highest level of protection against Distributed Denial of Service (DDoS) attacks.

Gaming and payment solution providers have typically been prime targets for web attacks.

Claranet is adding to its existing DDoS mitigation with Prolexic’s Clean Pipe solution. The solution responds in real time to DDoS attacks, impeding them at multiple layers and enabling legitimate traffic to continue to reach its destination.

Other DDoS mitigation solutions – in particular hardware devices – are unable to withstand the rapidly increasing magnitude of today’s attacks.

Marino Zini, Claranet Director of Managed Services said, ‘DDoS is an escalating problem and we have a responsibility to provide our customers with clean, consistent bandwidth.’

Gus Cunningham, UK MD, Prolexic said, ‘With online gaming businesses at particular risk and the increasing ferocity of attacks we have been seeing, it is essential that ISPs look at a dynamic solution that can cope with large and persistent attacks.’

Canadian academic talks on cyber extortion

Perhaps it’s because people involved in the Internet gambling sector tend to be well briefed on the Distributed Denial of Services brand of cyber extortion, but a CBC report this week on a talk on the subject really contained nothing new or exciting.

Addressing the Nova Scotia Responsible Gambling Conference in Halifax, university criminologist researcher John McMullan said that his new research into cyber crime, conducted over the past five years, suggests the global, $10-billion-a-year online gambling industry is regularly held for ransom by sophisticated hackers and organised criminals.

McMullan shared the well known information that online gambling sites have been targeted for "digital shakedowns" at peak times, such as the approach of the Super Bowl and other major sporting events.

He goes on to describe the equally well known DDOS modus operandi of deploying zombie PC armies to swamp victim sites with unwanted electronic messages and virtually shut them down, followed by demands for cash – typically in the range $40-60 000 to cease the disruption.

McMullan told conference delegates that the hackers often have a business hierarchy, running organisations that are global and invisible, with the masterminds recruiting people, often via e-mail, to carry out the crime, never meeting in person.

"They recruited different people, like hackers and worm writers, and crackers. There were people who were involved in picking up the money, bankers who were able to move the money around," said McMullan, who is a criminologist at St Mary’s University in Halifax.

McMullan said there have been a number of arrests [more well reported information] in Latvia, Russia and Eastern Europe. In recent years, online betting websites have beefed up security, but McMullan said the criminals are getting smarter, too.

"For every ability to develop a better security architecture, you can be sure the hackers and cyber extortionists are out there scanning your security, trying to find out how to defeat it."

He said these modern criminal groups use the anonymity of the internet, as well as different bank accounts and shell companies, to skim the profits from online gambling.

Florida man charged in botnet attack on Akamai

A federal court in Boston on Tuesday heard charges that 32-year-old John Bombard of Seminole used a variant of the Gaobot e-mail worm to turn computers–including systems at two universities whose names have not been disclosed–into an arsenal of "zombies" or "bots" that he could control remotely.

He then used this network of hijacked computers, known as a "botnet," to send a massive amount of traffic to the domain name system (DNS) servers of the Global Traffic Management division of Akamai, prosecutors alleged. Cambridge, Mass.-based Akamai provides caching services for Web sites belonging to big-name companies like Yahoo, Google, Microsoft and Apple Computers, among others.

This distributed denial-of-service attack, launched June 15, 2004, rendered many of Akamai’s clients’ Web sites temporarily inaccessible, according to the charges.

The charges of hacking, or "intentionally accessing a protected computer without authorization," carry potential penalties of up to two years’ imprisonment and a $200,000 fine.

The case comes as botnet controllers are using increasingly sophisticated tactics. Major arrests were made over the summer, but attackers have kept up by writing new worms to maintain their zombie armies. In the meantime, Web browser manufacturers are striving to introduce more secure upgrades, like Microsoft Internet Explorer 7.

National Australian Bank hit by DDoS Attack

The attack, which was first detected at 6am, saw the blocking of access
to the NAB’s site and slow log-ons for the bank’s internet banking
customers occured intermittently throughout the day, NAB spokesperson
Megan Lane said.

far, the NAB was not aware of the source or motivation of the attack,
Lane said, but the event had been referred to the Australian High Tech
Crime Centre (AHTCC) – a section of the Australian Federal Police.

incident was not the first time the NAB had been targeted by a DoS
attack, she said, but this instance was one of the “more significant”
efforts to block access to the company’s website.

AFP spokesperson Nicholas Pedley confirmed that a referral from the NAB
had been received and said the AFP was investigating this matter.

AFP takes any activity of this nature seriously and is working closely
with the NAB to resolve the matter as quickly as possible,” he said.

In announcing the DoS attack, the NAB has renewed its campaign warning of the dangers of hoax emails, Lane said.

the bank was uncertain as to whether the DoS attack was being used as a
pretext to soften up customers for a phishing attack through creating
the expectation of special emails from the bank explaining the
interruptions to the website.

“We just think it’s timely to remind customers that we will never ask them for their details,” she said.



Wales takes lead in combating e-crime

As the use of the internet, online banking and transfer of valuable
information becomes ever more pervasive, so increasing numbers of
individuals and businesses are becoming victims of electronic crime.
E-crime, as it is more popularly known, comes in a variety of guises,
from identity theft and fraudulent financial activities through to
hacking into IT systems and launching denial-of-service attacks to
bring down IT systems.

In a recent survey of businesses some 83 per cent of the respondents
admitted to being victims of some form of hi-tech crime during the
year. Of these companies, 77 per cent had suffered a virus attack, 20
per cent a denial of service attack, 17 per cent financial fraud and 15
per cent saw a corporate website being spoofed.

Now Wales has taken the lead in fighting back against e-criminals
who are inflicting major damage on both businesses and the community
with the announcement of the E-Crime Wales partnership, a three year
action plan designed to protect organisations from on-line crime. This
will be achieved through a package of quality advice, awareness
raising, information sharing, staff training, tighter procedures and
Wales is the first region of the UK to develop such an initiative; it
is being driven by the E-Crime Wales Steering Group, compromising the
Welsh Assembly Government, the four Welsh Police Forces, the National
High Tech Crime Unit (now SOCA), lawyers Morgan Cole, HSBC and SERCO.

The central plank of the initiative will be the establishment of
the Multi-Agency E-Crime Wales Unit. The Unit will consist of three
permanent posts to manage and implement the E-Crime action plan for
Wales. There will also be a dedicated budget designed to enable the
secondment of individuals with specific expertise from the different
agencies for specific projects. In addition, up to five police officers
will be resourced as ‘regional investigators’ to investigate and record
incidents of e-crime occurring in Wales and to provide a focal point
for e-crime awareness activities.

Islamic hackers hit Vatican site– unsuccessfully

computer hackers tried to disrupt the Vatican web site earlier this
week, but failed, according to a report in the ANSA news service.

an online forum for militant Muslims, a group announced plans for an
assault on the Vatican computer network, which was said to be a form of
retribution for Pope Benedict’s criticism of Islam in his Regensburg
speech. Police later confirmed that there had been a concerted effort
by hackers to penetrate the Vatican site, but computer-security experts
were able to detect and repel the attack.

nature of the attempted attack was not clear. Some observers in Rome
believed that the Islamic group was planning a "denial of service"
attack, in which a web site is bombarded with many thousands of
simultaneous visits, overloading the available bandwidth and making it
impossible for others to reach the site.

fact the Vatican site has functioned normally, with minimal noticeable
slowdowns, through the week. Vatican security personnel are remaining
vigilant in case of another effort by the hackers.

IntruGuard Devices Announces Managed Security Services Partnership Program

IgIntruGuard Devices, Inc., a leading provider of distributed denial of service (DDoS) firewall security appliances, recently announced the debut of a managed security services partnership (MSSP) program. IntruGuard’s appliances, dedicated to automatically blocking denial of service attacks in seconds, are now available for integration and delivery in a managed security services solution. The program offers a combination of a low cost entry point with proven technology in stopping one of the largest sources of hacker attacks today. IntruGuard solutions are deployed directly in the data path at up to full-duplex gigabit throughputs and block any level of malicious attacks including all network floods, protocol anomalies, and scans. Working with IntruGuard, managed security service partners can enable their customers to:

    * Eliminate the DDoS attack risk without expenditures of capital equipment budgets.
    * “Manage by Exception” with the additional benefit of expert advice when there are decisions to make.
    * Receive detailed network security event reports and notifications through SNMP and E-mail.
    * Fully outsource a rapidly evolving, network security threat without impacting staff training requirements.

Day Zero DDoS threats are evolving at greater rates than ever before. Common practices of using firewalls, routers and unified threat management devices are not adequate for the current strain of threats and are not architected properly to counter future threats. Most of these solutions use general-purpose processors and operating systems and therefore cannot handle the processing demands required. They add significant latency to network service flows, thereby impacting the performance of applications such as VoIP. The manual nature of these approaches drives up IT administration expenses and yet do not mitigate the latest evolution of threats. IntruGuard’s advanced DDoS firewall solutions represent a best-of-breed approach to network security and now the MSSP partners are armed with the tools to offer customers a dedicated solution to network flood protection. IntruGuard has made significant technology investments to ensure its solutions provide the best possible support for MSSP partners. These partners also benefit from IntruGuard’s investment in ASIC based designs ensuring performance, simplified installation, configuration, management, and utilize a straightforward user interface.

“The IntruGuard MSSP Program offers service providers the leading DDoS firewall appliance used by organizations worldwide,” said Tom Bleier, Vice President, Marketing and Business Development” of IntruGuard Devices. “The program is designed to offer MSSP partners a solution that can be installed in minutes with no network changes and employ a `set and forget’ methodology with thresholds that self-adjust. The secure, out-of-band role based remote management and detailed reports and graphs allow for fast drill downs into the network traffic situation. This combination yields a two second attack response time for the customer, with a low cost of operations for the service provider.”

Now, IT management staff of e-commerce companies, enterprises and other targets of malicious DDoS attacks, can fully outsource this necessary network protection. A customer simply utilizes the protection service from one of the partners to fully offload all installation, configuration, event management, monitoring, and elimination of all such DoS/DDoS assaults.

Airline foils hackers with latest high-tech defences

A private airline which faced financial ruin after a hacking gang
brought its computers to a halt during three months of sustained
attacks, claims to have turned the tables on the hackers by installing
the latest high-tech defences.

The airline, which runs shuttle services between Italy and Albania,
narrowly survived after the gang bombarded the company’s systems with
millions of requests during its busiest booking period.

Small companies which rely on the web for business are particularly
vulnerable to denial of service attacks, but it is rare for firms to
talk publicly about their experiences. Online sports betting sites,
including Paddy Power, were hit by a spate of attacks two years ago from
gangs demanding the payment of a ransom.

In an interview with Comptuer Weekly, Albatros Airlines, said it lost
€20,000 a day after the attackers left its website inaccessible to
travellers and travel agents for weeks at a time.

"There was total disruption of sales. We could not sell anything
via our system, and had to wait for phone calls from travel agencies,"
said Erion Elmasllari, head of IT at the airline. "Basically our
sales were really dropping."

The airline, based in Tirana, first realised that something was amiss
in December when it received a cryptic e-mail which read, "I notify
you that attacks will not stop! but if you want to do a counterattack,
just tell me … for money everything can be done :)."

The attacks failed to register until May, when the company’s servers
in southern Italy were hit by a massive denial of service attack
launched from thousands of infected PCs controlled by the hacking group.

The company, which had a 2Mbytes line, increased its line capacity to
10Mbytes and moved its servers to a hosting centre in Northern Italy,
but the hackers responded by stepping up the intensity of their attacks.

At its peak, the hackers bombarded the company with messages from
7,000 computers, bringing down both the company’s systems and its
internet service provider.

"At one point we managed to set up firewall filters, so only the
agencies that work with us were allowed on our website. Then the
unthinkable happened. The providers in Albania changed their DNS
numbers, which meant the firewalls had to be reprogrammed, which took
another week," said Elmasllari.

The airline finally shifted its servers to a London hosting firm,
VistaLogic, which agreed to install specialist technology to protect the
servers from the attacks. The technology, supplied by Webscreen, is able
to distinguish between normal customer behaviour and an attack.

"After we started protecting them, the hacker started using
different strategies. He has tried every single strategy possible,
ranging from bot nets, synflooding, rests, and malformed packets,"
said Mustafa Ozkececigil, chief executive of the hosting firm..
"The worst attack we have had is 200Mbytes a second. That is a
substantial amount of traffic."

Andy Beard, advisory services director at Pricewaterhouse Coopers,
said it was rare for companies that have been hit by denial of service
attacks to talk about their experience.

"While the defences have got better, the determined attackers are
getting better. The sheer number of potentially compromised machines
[which can be used to launch an attack] is huge," he said.

Russian cyber-blackmailers sent to the Gulag

Authorities in Russia have gaoled a gang of cyber-criminals who blackmailed online companies through distributed denial-of-service (DDoS) attacks.

The gang is said to have extorted more than $5000 from British online casinos and betting shops after threatening to attack their websites and render them inaccessible to the outside world.

Ivan Maksakov, Alexander Petrov and Denis Stepanov were each sentenced to eight years in prison and fined nearly $5000.

Victims of the online blackmail gang included Canbet Sports Bookmakers, which refused to pay a $12,500 ransom demand and had its website taken out of action by the hackers.

The DDoS attack coincided with the Breeders’ Cup, costing Canbet more than $250,000 in lost business for each day of downtime.

According to prosecutors, the gang made over 50 similar blackmail attacks in 30 countries during their six-month spree.

"Malicious DDoS attacks on commercial websites can cause serious financial damage to the businesses affected, and are a major nuisance to internet users," said Graham Cluley, senior technology consultant at Sophos.

"These sentences should send a strong message to other hackers considering online blackmail, that they can expect stiff sentences if caught.

"However, many gangs may believe that the relative anonymity of the internet gives them carte blanche to carry on. All computer users should ensure that they have secure defences in place to protect against abuse like this."

Philippine Data Center Launch Anti-DDOS Security

Internet data center services provider IP-Converge Data Center, Inc. has signed a deal with security firm Prolexic to build Asia’s first large-scale anti-DDOS (distributed denial of service) platform to prevent IP-Converge customers from experiencing DDOS attacks.

According to a reports, DDOS attacks is the most common and worst type of network security problems global network infrastructures.

IP-Converge chief technology officer Warren Liu said the platform is scheduled to go live at the end of 2006 and will start in points-of-presence facilities that will be established by the company in Asian key cities, with the first one to be built in Hong Kong, China.

He said they want to integrate DDOS mitigation strategies in their network to prevent the operations of their customers from stopping when attacked by DDOS.