Monthly Archives: November 2013

Google Nexus 5 vulnerable to DDoS attack

Google Nexus smartphones including the latest Google Nexus 5 running Android 4.4 KitKat are vulnerable to denial-of-service attack via Flash SMS messages; it has been revealed on Friday during DefCamp security conference in Bucharest, Romania. Bogdan Alecu, a system administrator working with Levi9 – an IT services company, performed a live test during the conference on a Nexus 4 phone running Android 4.3. Alecu showed through the test that after receiving 30 odd Flash messages, the smartphone became unresponsive. During this state the phone neither responded to screen taps nor was it able to receive any phone calls and had to be rebooted manually to get it in functional order. Flash messages are Class 0 SMS that gets displayed on phones’ screen directly without getting stored on the device. Users have the option to saving the message or dismissing it. According to Alecu, there have been instances during this tests that the phone behaves in a different manner at times and loses mobile network connectivity temporarily. The connectivity is restored in a short while with ability to place and receive phone calls, but internet connectivity is lost up until the phone is manually restarted. There are instances when the messaging app crashes and the Nexus smartphone reboots. The issue has been discovered over a year ago revealed Alecu and has been tested on all Google Galaxy Nexus smartphones running Android 4.x including the recently released Nexus 5. Alecu revealed that he has contacted Google multiple times just to receive automated response. Some one did respond that the issue will be resolved in Android 4.3, but unfortunately it still persists and has been passed onto Android 4.4 KitKat. There is no official fix for the vulnerability and till then the only workaround is an app named Class0Firewall (https://play.google.com/store/apps/details?id=com.silentservices.class0firewall&hl=en) developed by Michael Mueller, an IT security consultant from Germany in collaboration with Alecu. Source: http://www.techienews.co.uk/973439/google-nexus-5-vulnerable-denial-service-attack/

More:
Google Nexus 5 vulnerable to DDoS attack

Anonymous DDoS attack snowballs, affects several Microsoft services

Hacktivist collective Anonymous has taken credit for an attack that unintentionally affected a number of Microsoft services last week. On Monday, members of the loose-knit hacker group posted on Pastebin about how a distributed denial-of-service (DDoS) attack targeting Japanese Microsoft websites and servers had gone awry – resulting in several of the technology giant’s services going down. “A couple days ago a DDoS attack was launched at Japanese Microsoft (Domain) Websites and Servers,” according to the Anonymous post. “We are sorry to report that the Japanese Microsoft Websites and Servers did not go down as planned. Although something did go down. We took the pretty much the entire Microsoft domains down.” It appears the hackers had a motive. “The DDoS attack was launched in response to Taiji…Operation Killing Bay OR #OpKillingBay,” according to the post. Operation Killing Bay is an initiative protesting the slaughter of dolphins in the village of Taiji in Japan – a controversial topic that has gained a lot of coverage in recent years. “It’s the thought that counts right?” the hacktivists wrote, insinuating that they would strike against Taiji again. The claim explains why several people were reporting outages and disruptions of Microsoft services, including microsoft.com, outlook.com, msn.com, office365.com, Microsoft Developer Network, TechNet, SkyDrive, the Windows Store, sites hosted on Windows Azure, xbox.com and Xbox Live. Most of Microsoft’s affected services were restored quickly. Source: http://www.scmagazine.com/anonymous-ddos-attack-snowballs-affects-several-microsoft-services/article/322945/

See the original post:
Anonymous DDoS attack snowballs, affects several Microsoft services

DDos Is Hot, Planning Is Not

Distributed denial-of-service (DDoS) attacks continue to plague major corporations today, but half of organizations don’t have a plan or defense against DDoS attacks, a new survey found. Nearly 45 percent of organizations surveyed by Corero have no DDoS response plan, while some 21 percent don’t have a response team set up in the case of a DDoS attack targeting their networks. Around 60 percent say they don’t have a designated DDoS response team, and 40 percent say they don’t have a point of contact within their organizations when a DDoS hits, according to the survey of some 100 respondents. “Half of them aren’t really doing anything about DDoS. They’re just hoping nothing will happen to them, or they [will just be] putting up with inconvenience it’s causing in the meantime,” says Ashley Stephenson, CEO of Corero, which will release full data from the survey next month. Stephenson says he has seen cases where corporations had no idea that their own computing resources were being used in DDoS attacks against them. “A lot of people are not really paying attention to what’s going on, and that’s facilitating the malicious activity going on out there,” he says. More than 54 percent of the organizations surveyed say they have either an out-of-date network diagram of their infrastructures or no diagram at all. Some 66 percent don’t have statistics on network traffic patterns and traffic volume baselines to help identify when a DDoS is brewing. One of the reasons DDoS attacks have become so popular is that they are relatively inexpensive to pull off. “It’s a cheap resource being used to launch the attacks,” Stephenson says. “And the more we invest in good Internet [technology], the greater power is available for third parties to leverage it and do these attacks … [The attackers] are just cataloging all of these vulnerabilities and exploitable resources and calling on them when necessary to affect the attack.” Compromised desktop machines traditionally have been the most popular weapons for DDoSing a target, but, increasingly, attackers are deploying servers for more firepower. “That takes fewer bots but much more powerful [ones],” Stephenson says. A recent report by Dell SecureWorks revealed just how much DDoS-for-hire services cost in the cyberunderground. Those services cost only $3 to $5 per hour and $90 to $100 per day, Dell SecureWorks found. And a weeklong attack goes for $400 to $600. Source: http://www.darkreading.com/attacks-breaches/survey-ddos-is-hot-planning-is-not/240164306?utm_source=twitterfeed&utm_medium=twitter

Read this article:
DDos Is Hot, Planning Is Not

Want Cheaper Bitcoins? Hit Someone With a DDoS Attack

Two months ago, BTC-China was growing fast. It was on a blazing trajectory that would soon see it become the world’s largest Bitcoin exchange. With Bitcoin, the world’s most popular digital currency, in the midst of an tremendous upswing of its own, BTC was on the verge of hitting it very, very big. But before that, there would be the double-barreled rite of passage. First came the extortion attempt, and then the non-stop computer attacks, known as distributed denial of service (DDoS) attacks. The extortionists contacted BTC-China in mid-September. Over instant-message chats, they first said they wanted just a few hundred dollars — paid out in bitcoins, naturally — but the demands soon escalated. BTC-China CEO Bobby Lee doesn’t want to get into specifics, but he says that they claimed to have been hired by one of his competitors. He doesn’t believe this, but he thinks that other Bitcoin companies should be concerned. “The DDoS attackers are hitting more and more of us, and it’s going to be a widespread problem,” he says. Since, September, there have been dozens of these attacks on BTC-China. According to Lee, one of them used up a remarkable 100 G/bits per second in bandwidth. “They’re throwing big-time resources into these attacks,” says Marc Gaffan, co-founder of Incapsula, the company that Lee hired to protect his exchange from the criminals. “The attack on BTC-China was one of the largest ever.” Incapsula has about two-dozen clients that are involved in Bitcoin businesses, Gaffin says. A year ago, it had none. CloudFlare, another provider of DDoS protection services has seen a big jump in attacks over the past three months, says Matthew Prince, the company’s CEO. “We’re seeing daily attacks targeting Bitcoin related sites on our network, most of which are relatively small but some get to very high volumes.” Some attacks have even exceeded the 100 G/bits per second volume that hit BTC-China, he says. Yesterday, European payment processor BIPS said it had been hit with a DDoS attack, and then hacked to the tune of nearly 1,300 bitcoins, or $1 million. Last week, Bitstamp, another major Bitcoin Exchange, went offline temporarily. The company has not responded to requests for comment, but it blamed the outage on software and networking issues, not a DDoS. On most websites, hackers can steal credit card numbers or personal information, but these have to be sold somehow. When you break into a Bitcoin business and get access to digital wallets, as was the case with BIPS and an Australian company, Inputs.io, which was hit last month, you’re stealing money itself. “If a Bitcoin wallet can get compromised, then the hackers can actually steal real money and there’s no way to refund the money,” Lee says. In April, Mt. Gox got clobbered via DDoS. The point, the company speculated, was to destabilize Bitcoin, and fuel panic-selling. “?Attackers wait until the price of bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can,” Mt. Gox wrote on its website. Gaffan and Lee agree that, in addition to extortion, market manipulation is likely a motive with the recent DDoS attacks too. “It’s about trying to influence the market,” Gaffan says. “We see more Bitcoin exchanges going under attack.” Source: http://www.wired.com/wiredenterprise/2013/11/ddos_bitcoin/  

Read the original:
Want Cheaper Bitcoins? Hit Someone With a DDoS Attack

$1M lost in attack against Bitcoin Internet Payment Services

Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their c…

See the article here:
$1M lost in attack against Bitcoin Internet Payment Services

Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

Europe’s primary bitcoin payment processor for merchants and free online wallet service, BIPS, was the target of a major DDoS attack and subsequent theft in the past few days that saw 1,295 BTC (just over $1m on CoinDesk’s BPI) stolen. Kris Henriksen, BIPS’ CEO, said most of the missing funds were “from the company’s own holdings”. BIPS uses an algorithm, based on supply and demand, to work out the amount of bitcoins it needs to keep it in a ‘hot wallet’. The heist, however, was apparently not due to any vulnerability in the code itself. He also said merchants who had chosen to instantly convert their bitcoin to fiat currency bank accounts were not affected. Theft The Copenhagen, Denmark-based company was targeted on 15th November by a massive DDoS attack. Then on 17th November, it was followed up by a subsequent attack that disabled the site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” the company said in a written statement. BIPS believes the two attacks were connected, and at least the initial DDoS attack was “found to originate from Russia and neighboring countries”. The company moved fast to restore full merchant payment and transfer services by 19th November, but disabled all wallet functions in order to complete a full forensic analysis. Its help desk also went down for a few days, but was restored on 22nd November. Investigation Under BIPS’ privacy policy, it is not allowed to disclose users’ information to anyone, even the authorities. They will now set up a system for affected wallet users to voluntarily sign the required permission documents, to engage in a more thorough investigation with law enforcement to track down the culprits. Henriksen stressed that merchant processing “was restored very quickly, and if you had auto-convert on, there is nothing to worry about”. BIPS’ official statement on its site read: To protect the successful merchant processing business, BIPS has decided to temporarily close down its consumer wallet initiative. BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users. As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model. The consumer wallet initiative has not been BIPS’ core business and, as such, regrettably affecting several users has not affected BIPS merchant acquiring. All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted. Restoration of merchant services did little to comfort individual wallet owners, though. On the Bitcoin Talk forum, several users voiced anger at the prospect of losing their funds, and what they saw as unclear statements from BIPS about exactly what had been stolen, from whom, and how much. One member even created a ‘bips.me potential lawsuit signup form’ for users to input their contact details and number of bitcoins missing, in an effort to prompt a negotiated solution. Though the attack and theft highlights problems that some online wallet services have faced with security, it is significant given BIPS’ comparatively large user base and prominence in the market. As well as online accounts, BIPS had also offered a paper wallet function for those wishing for a safer long-term storage solution. Source: http://www.coindesk.com/bitcoin-payment-processor-bips-attacked-1m-stolen/

Read the original:
Bitcoin Payment Processor BIPS under DDoS Attack, Over $1m Stolen

Just ONE NSA operation press-ganged a 50,000-strong botnet last year

Government tools penetrated many a Brazilian, apparently America’s NSA had established 50,000-strong botnet by the middle of 2012 using malware infections, according to the latest Edward Snowden leaks.…

Read the original:
Just ONE NSA operation press-ganged a 50,000-strong botnet last year

Just one NSA operation created a 50,000-strong botnet last year

Government tools penetrated many a Brazilian, apparently The U.S. National Security Agency (NSA) had established 50,000-drone botnet by the middle of 2012, according to the latest Snowden leaks.…

Read More:
Just one NSA operation created a 50,000-strong botnet last year

What e-commerce companies think about DDoS protection

Prolexic announced the results of a survey of global e-commerce companies who were asked about DDoS protection and the effectiveness of different types of DDoS mitigation services. A cross-sectio…

Read the original:
What e-commerce companies think about DDoS protection

AFP and RBA websites hit by DDoS attacks

The websites for the Australian Federal Police (AFP) and the Reserve Bank of Australia were hit overnight by distributed denial of service attacks claimed to be brought about by Indonesians angry over the leaks that reveal Australian Signals Directorate (ASD) had been tapping the phones of high ranking Indonesian government officials, including President Susilo Bambang Yudhoyono. The AFP’s website was for some time overnight but was restored this morning, with one Twitter user claiming responsibility for bringing the sites down using the hashtags #AnonymousIndonesia and #IndonesiaCyberArmy. The AFP said it was taking the attack “very seriously” but said that no sensitive information was hosted on the public-facing website. “The AFP website is not connected to AFP IT systems. The AFP website is not hosted by AFP ICT infrastructure. It is hosted by a third party hosting provider,” the AFP spokesperson said in a statement. The spokesperson said he was not at liberty to divulge the name of the hosting company. The AFP said the attacks were irresponsible and would not influence government policy. “Activities such as hacking, creating or propagating malicious viruses or participating in DDOS attacks are not harmless fun. They can result in serious long-term consequences for individuals, such as criminal convictions or jail time,” he said. “AFP Cyber Crime Operations identifies, investigates and prosecutes individuals or groups for offences committed against Australian critical infrastructure and information systems.” The RBA’s website was affected by the DDoS attacks, but a spokesperson for the RBA denied that the website had been brought down. “There has been no outage but the Bank’s website has been experiencing access delays for some users,” the spokesperson said. “The bank has DOS protection for its website, which has been effectively deployed. The bank’s website and systems remain secure.” The attacks come as Australia’s relationship with Indonesia continues to strain in the wake of the phone tapping revelations leaked earlier this week by former NSA contractor Edward Snowden. Prime Minister Tony Abbott is facing increasing pressure from the Indonesian government to explain the revelations. Source: http://www.zdnet.com/au/afp-and-rba-websites-hit-by-ddos-attacks-7000023451/

Read the article:
AFP and RBA websites hit by DDoS attacks