Monthly Archives: March 2013

DDoS Attack Strikes American Express site

American Express confirms it was hit by a distributed-denial-of-service attack that disrupted online-account access for about two hours during the late afternoon on March 28. AmEx spokeswoman Amelia Woltering says the card brand is still investigating the attack. She did not confirm whether the strike was linked to Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group that’s been targeting U.S. banking institutions since mid-September. But that group claims credit for this attack, as well as an unconfirmed attack against Bank of America, according to updates posted to a blog and on Twitter March 28. “The Bank of America and American Express have gotten out of reach today due to Izz ad-Din al-Qassam group’s attacks,” the blog posting says. “The Qassam group’s attacks to these banks have caused the banks to be unable to offer service to their customers and this [will] lead to their protests.” The attack began about 3 p.m. ET on March 28, Woltering says, and caused intermittent disruptions. She says there is no evidence to suggest that customer data or account information was exposed or compromised during the attack. “Our site experienced a distributed-denial-of-service (DDoS) attack for about two hours on Thursday afternoon,” AmEx says in a statement. “We experienced intermittent slowing on our website that would have disrupted customers’ ability to access their account information. We had a plan in place to defend against a potential attack and have taken steps to minimize ongoing customer impact.” Big Week for DDoS The attack comes just days after news of the Spamhaus DDoS attack , which caused a ripple effect that adversely affected online activity.   That attack saw unprecedented traffic of 300 gigabytes per second, three to five times greater than the biggest attacks against U.S. banks, says Dan Holden, an online security expert for DDoS-mitigation provider Arbor Networks. Still, the European attack – a strike against The Spamhaus Project , a Geneva-based not-for-profit organization dedicated to fighting Internet spam operations – is not believed to be related to the attacks on U.S. banks. “The DNS reflection attacks [like the one used against Spamhaus] can consume a great deal of bandwidth, but they are different than what we’ve seen against the banks,” Holden says. “These guys would not be able to do the sophisticated, targeted attacks that are being launched against U.S. banks.” The attacks against U.S. banks, experts say, are much more complex and sophisticated, and their intensity has escalated in the last week. Earlier this week, TD Bank and Keybank confirmed their online banking sites had been hit by DDoS attacks, and industry experts say hacktivists’ attacks waged during this so-called third campaign are becoming increasingly sophisticated. Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group taking credit for attacks against U.S. banking institutions, in an update posted to the online forum Pastebin on March 26, says it most recently targeted BB&T, PNC Financial Services Group, JPMorgan Chase & Co., Citibank, U.S. Bancorp, SunTrust Banks, Fifth Third Bancorp, Wells Fargo & Co., and others. Since Feb. 25, when the group launched its third phase of DDoS attacks , weekly updates have appeared on Pastebin on Mondays and Tuesdays about previous-week targets. The hacktivist group says its attacks are in protest of a YouTube movie trailer deemed offensive to Muslims. For DDoS protection click here . Source: http://www.bankinfosecurity.com/ddos-strikes-american-express-a-5645

Read this article:
DDoS Attack Strikes American Express site

BIGGEST DDoS in history FAILS to slash interweb arteries

Bombardment without collateral damage – amazing Analysis   The massive 300Gbit-a-second DDoS attack against anti-spam non-profit Spamhaus this week didn’t actually break the internet’s backbone, contrary to many early reports.…

More here:
BIGGEST DDoS in history FAILS to slash interweb arteries

Massive DDoS attack targets Spamhaus

The DDoS attacks mounted against Spamhaus over a week ago have escalated in the last few days, reaching a never previously experienced level of some 300 gigabits per second at peak hours, says Akamai.

Read More:
Massive DDoS attack targets Spamhaus

Wells Fargo warns of ongoing DDoS attacks

Wells Fargo warned on Tuesday that its website is being targeted again by a distributed denial-of-service (DDOS) attack. The bank said most of its customers were not affected. “For customers who are having difficulty accessing the site and mobile banking, we encourage them to try logging on again as the disruption is usually intermittent,” Wells Fargo said in a statement. Wells Fargo is one of several large U.S. banks that have been targeted by cyberattacks in the past six months. A group claiming responsibility for the attacks, the Izz ad-Din al-Qassam Cyber Fighters, said Wells Fargo is being targeted due to the continued availability online of a video clip that denigrates Islam. The 14-minute trailer, available on YouTube, caused widespread protests last September in predominantly Muslim countries. Google restricted viewing in countries including India, Libya and Egypt but kept it available in most countries because it didn’t violate the company’s guidelines. The Izz ad-Din al-Qassam Cyber Fighters wrote on Pastebin on Tuesday that it was also targeting Citibank, Chase Bank, SunTrust and others. The group drew up a mock invoice, calculating the cost to a bank of a DDOS attack at about US$30,000 per minute. It contained a formula for how much the banks should lose based on the number of times the offensive video has been watched. The group did not spell out how the attacks would cost the banks money or why it was attacking those banks. For DDoS protection click here . Source: http://www.itworld.com/security/349835/wells-fargo-warns-ongoing-ddos-attacks

Continued here:
Wells Fargo warns of ongoing DDoS attacks

Seal with Clubs goes down due to DDoS Attack

Bitcoin poker site, Seals with Clubs, was twice targeted by a Distributed Denial of Service (DDoS) attack this weekend – forcing it offline for three days. It is not known why the US-facing poker site was targeted for the DDoS attacks – in which multiple computer systems overload a single web site with incoming traffic – or who was responsible. The first attack started on Thursday evening (local time) when the site became inaccessible to regular players while those who were already logged in found that their games stalled and then the site crashed. Seal with Clubs´ CEO Bryan Micon was quick to re-assure players on the site that no accounts had been compromised and the Seals with Clubs Twitter account kept clients up to date with the progress of “Seal Team 6” as the site battled to get the software transferred to a new data centre. However, shortly after getting up and running on Sunday, Seals with Clubs was hit by a second, smaller DDoS attack which knocked out all the Sunday feature tournaments on the site. Protection Implemented Against Further Attacks [The first attack] was a large DDoS, very sophisticated and quite powerful enough to knock everything off, get an IP blackholed, all that good stuff, Micon said in a statement to PokerFuse.com. We have quickly, in the middle of the weekend, changed datacenters and have a new, beefier setup with all of our data intact and a sick DDoS protection layer. New software has also been integrated into the Seals with Clubs downloadable client to add further protection, and players have been advised that they will have to update their existing software to enable them to play on Seals with Clubs. An update to the Seals with Clubs Android App is also expected later today (Monday). The Seals are Back By late Sunday evening, Seals with Clubs was back online and saw more than 300 players on the cash game tables with several low-value tournaments under way. Due to the change of data centres, players who recently deposited into their accounts may have to wait until Monday to see the funds appear in the cashier; however facilities for getting Bitcoin funds out of players´ accounts are operating normally with withdrawal requests dealt with in a matter of hours. Players who were involved in poker tournaments at the time of the DDoS attack have been told that they will receive “generous refunds” in respect of their tournament buy-ins. Source: http://www.pokernewsreport.com/seal-with-clubs-gets-battered-in-ddos-attack-12029

Read more here:
Seal with Clubs goes down due to DDoS Attack

Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

The website of non-profit spam fighter Spamhaus is online again after a huge DDoS attack knocked it offline on Sunday, but attackers are continue to target another anti-spam sites that help ISPs combat spam from infected IP addresses. Spamhaus, which provides several anti-spam DNS-based blocklists and maintains the “register of known spam operations”, came under a huge DDoS attack on Sunday, which knocked its web server and mail server offline until Wednesday. Spamhaus spokesperson Luc Rossini on Monday denied a report that Anonymous was behind the attack and pointed to a “Russian criminal malware gang” as the source. On Tuesday Spamhaus sought cover from the attack with DDoS protection provider CloudFlare, which today reported the attack on Spamhaus reached a peak of about 75 gigabits per second. The attackers used a cocktail of DDoS attack methods, but the primary one that helped generate that volume of traffic was a “reflection attack”, according to Matthew Prince, CloudFlare’s CEO. “The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers,” Prince explained, noting that 30,000 open DNS resolvers were recorded in the attack, which used spoofed IP addresses CloudFlare had issued to Spamhaus. “The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers’ requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.” Source: http://www.cso.com.au/article/456917/anti-spam_spamhaus_up_again_after_75gbps_ddos_attack/

Read the original:
Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks