Monthly Archives: May 2015

Google Chrome extension turned users into a DDoS botnet

Hola turned users’ PCs into a botnet, without their consent. Hola, an online service used for watching blocked videos and TV shows from websites outside of your country, has turned users’ PCs into a botnet without their consent. According to The Verge , the free-to-use software – which is available as a Chrome plugin – was secretly selling users’ “idle resources” (bandwidth), allowing anyone to buy traffic and redirect it to any site as a denial-of-service attack. This means that Hola users could have been part of a botnet attack. The reports came to light after sites were affected by the denial-of-service attacks from Hola’s network. Hola’s founder Ofer Vilenski said the site has “always made it clear” how its business model works. However, according to The Verge Hola’s users seem to have been almost universally unaware that their bandwidth was being sold off. Source: http://mybroadband.co.za/news/internet/127760-google-chrome-extension-turned-users-into-a-ddos-botnet.html

Continue Reading:
Google Chrome extension turned users into a DDoS botnet

How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon

In 2012, Anonymous introduced HOIC (high orbit ion cannon) as a replacement to LOIC (low orbit ion cannon). Unlike its predecessors, that were built upon C#, and later java. This new DDoS player was built upon the unsuspecting language of Visual Basic. Taught in high school classrooms, Visual Basic was largely seen by the programming community as a means for kids and young programmers to get their feet wet in the experience of programming. Considered by many programmers as grossly inefficient and a memory hog; Visual Basic was an unsuspected carrier for what would become one of the most powerful means of DDoS. One of the popular notions of HOIC has been its ability to randomize variables such as: user agent, referrer and URI, during an attack. In the same manner, an attack tool known as HULK (developed by: Barry Shteiman, 2012), written in Python, was developed in recent history. Within a controlled environment we tested these DDoS tools to judge their effectiveness and total output. In controlled trials the DDoS output of LOIC (Visual Basic on Windows) outperforms the DDoS output HULK (Python on Linux) by +40%. Figure 1: HOIC Test in Stable Windows Environment Figure 2: HULK Test While many of us in the Internet security industry ridicule and downplay the “kiddie hacker;” it is clear that it sometimes only takes a kiddie to build an empire. Lessons in open source economics teach us that in an open access environment, it takes only a small few to bring about radical change and innovation. Today HOIC has become one of the primary tools of groups such as anonymous. From this lesson, we can expect that challenges and sudden changes, will not come from those paid hundreds of thousands a year; but from those small few kiddies, whom are politically motivated and are paid nothing. Source: http://www.dosarrest.com/ddos-blog/how-visual-basic-broke-modern-python-welcome-to-the-world-of-high-orbit-ion-cannon/

Continued here:
How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon

DDoS Attack Update: Idaho Teen Faces Felony Charges After Unleashing a DDoS Attack on School District

In May 15, KTVB reported that a student recently launched a cyber-attack on one of Idaho’s largest school districts. The attack, which was identified as a Distributed Denial of Service (DDoS), practically rendered the entire district’s internet unable to function. The attack was so powerful that it caused internet problems for the affected school district for weeks without ceasing. A lot of Idaho students working on achievement tests lost all their data, and some even had to retake the exam multiple times because of the gravity of the attack. Even the administrative network itself, which, unfortunately, included the teachers’ payroll data was compromised. A DDoS attack occurs when multiple systems compromised by a Trojan are used by a host, or in this case, a channel, to target a single host simultaneously causing a denial of service. In simple terms, the attack floods a single network with immeasurable internet traffic until it simply stops dead on its tracks. Most of these attacks exploit problems within the victim computer’s TCP/IP system. Because a DDoS attack comes from hundreds, possibly even thousands of sources at once, it is practically impossible for any program on earth to track down the actual source of the problem. To make matters worse, a DDoS attack makes it impossible to identify actual, legitimate traffic, because everything gets lost in a haze of incoming data. Despite the overwhelming odds, the authorities managed to trace the attacker’s IP address back to the high school student. Today, he faces the possibility of expulsion, as well as 180 days in a juvenile detention center. Authorities say that he might even be facing serious federal charges. Moreover, the culprit’s parents will also be expected to pay any losses that the school district has incurred due to the attacks. A representative for the West Ada School District said that there might be other students within the area who know how to carry out this cyber-attack. Nevertheless, the spokesperson reassured everyone that further attacks will be dealt with more readily. The district also sent a message to parents of students enrolled in their schools, urging them to help keep their children from committing cyber attacks. Source: http://www.chinatopix.com/articles/51791/20150527/idaho-teen-felony-charges-ddos-attack.htm

Original post:
DDoS Attack Update: Idaho Teen Faces Felony Charges After Unleashing a DDoS Attack on School District

South Africa a target for DDoS

South Africa is the most targeted country in Africa when it comes to distributed denial-of-service (DDOS) attacks. This was revealed by Vernon Fryer, chief technology security officer at Vodacom, in a keynote address during ITWeb Security Summit 2015, in Midrand, this morning. In computing, a DDOS attack is an attempt to make a machine or network resource unavailable to its intended users. Such an attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Fryer was speaking with reference to statistics from the Vodacom Cyber Intelligence Centre, which the company established eight years ago to analyse the threat landscape on the African continent. He revealed over the past 18 months, there has been a marked increase in DDOS attacks on the continent, with a typical attack averaging 9Gbps. “There has been about a 150% increase in the number of DDOS [attacks] in the last 18 months in Africa,” he said. In terms of the number of attacks, Kenya, Uganda, Algeria, Nigeria and Tanzania respectively come after SA, said Fryer, pointing to the analysis done by the Vodacom Cyber Intelligence Centre last Thursday. According to Fryer, the majority of in-bound traffic to SA emanated mainly from China, Germany, Brazil, Vietnam, Russia, Cyprus, Turkey, Switzerland, Canada and the US. However, he noted, it was surprising Switzerland and Canada were featuring on the list this year, something never witnessed previously. Another unexpected trend showed traffic coming from Swaziland, he added, pointing out the growing number of Chinese communities in the country could be a reason for this spike. Describing some of the attack vectors cyber criminals were making use of in the region, Fryer pointed to scareware, ransomware, fake anti-virus, as well as TDSS Rootkit, among others. The trending malware included KINS Trojan, Skypot, VirRansom, SpyEye Trojan and the Chameleon Botnet. With regard to ransomware attacks in Africa, Tanzania is the most attacked on the African continent, Fryer said. He also noted the trending hacker groups in Africa include Anonymous, also known as the Lizard Squad, the Syrian Electronic Army, as well as the Yemen Cyber Army. Faced with the rise in the level and sophistication of attacks, Fryer said organisations need to constantly monitor the behaviour of their firewalls. Typically, he said, organisations take about five years without monitoring their firewall. “We need to understand if our firewalls are capable of handling today’s threats. Thus, the performance of firewalls needs to be constantly monitored,” he concluded. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=143446:SA-a-target-for-DDOS&catid=234

Taken from:
South Africa a target for DDoS

Teen hires attacker to DDoS his school district

A high school boy might have to face state and federal charges for allegedly hiring a third party and launching a DDoS attack against the West Ada school district, Idaho, US. A 17-year old high school student (the name cannot be disclosed because of him being a minor) might be accused of launching a distributed denial of service (DDoS) attack after hiring a third party. The attack crippled operations at more than 50 schools of the district for a week previously this month. DDoS is a type of attack in which the servers of a particular online service are slowed to such an extent that their processing ability gets clogged up. According to KTVB report , the West Ada students suffered assorted misery due to the attack such as they lost their data on the Idaho Standard Achievement tests. Some of the students also had taken the tests multiple times. The attack lasted around a week and during this phase the online classes and textbooks could not be accessed. Moreover, the faculty and staff also experienced problems in accessing business and administrative systems such as payroll. The IP address from where the attack was launched was finally traced by the school district’s IT staff, which led them to the high schooler. The boy has been suspended from Eagle High but school administration suggested that he should be expelled. According to the Sheriff’s Office, the seventeen year old will most likely be charged with computer crime felony, which can send him to a juvenile detention facility for up to 180 days as the teenager paid someone to overwhelm the system with traffic from multiple sources. Additionally, the boy’s family will also be held responsible for a financial restitution for covering the losses since operations at around 50 schools got disrupted due to the attack. This is not the first time when a teenager attacked an educational institution. In April 12, 2015, Domanik Green, a 14-year-old student studying at Florida’s Paul R. Smith Middle School managed to bypass the school’s computer security network using just his computer skills and gained access to the server that contained FCAT (Florida Comprehensive Assessment Test) data. Source: https://www.hackread.com/teen-ddos-attack-school-district/

View the original here:
Teen hires attacker to DDoS his school district

High schooler allegedly hired third party to DDoS his school district

A 17-year-old high school boy may face state and federal charges for allegedly having paid a third party to launch a distributed denial of service (DDoS) attack that crippled the West Ada school district in Idaho, US, for a week and a half earlier this month. Because he’s a minor, he can’t be named. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless data like email or file uploads that clog up their processing ability. KTVB reports that West Ada students suffered assorted misery because of the attack, including losing their work on the Idaho Standard Achievement tests. Some students had to take the tests multiple times. Meanwhile, online classes and textbooks weren’t available for much of the week, and faculty and staff had problems accessing administrative and business systems, including payroll. The school district’s IT staff eventually traced an IP address back to the 17-year-old, who was suspended from Eagle High. School officials are recommending that he be expelled. The sheriff’s office told the TV station that the boy will likely be charged with a felony charge of computer crime, which is punishable by up to 180 days in a juvenile detention facility. In addition, his family will be responsible for financial restitution to cover costs incurred by the school district. Operations at more than 50 schools were disrupted because of the attack. As of Wednesday, investigators were also looking into whether a younger student – one attending Eagle Middle School – attempted a similar attack this week. School officials sent parents a letter on Friday that urged them to talk with their children about the consequences of committing cyber attacks such as this one. We can assure students and parents that the consequences associated with a DDoS attack are far from trivial. Examples include two online gaming programmers from Poland who were given 5-year jail sentences in December 2013 for DDoS and cyber-extortion of a UK online marketing company and a US internet software company. In that same month, a US man was fined $183,000 (£116,772) after joining, for merely 1 minute, an Anonymous DDoS of the enormous, multinational corporation Koch Industries. When it comes to DDoS, the law doesn’t spare you if you’re a kid. In fact, a 16-year-old London schoolboy was arrested under suspicion of involvement in the 2013 DDoS attack against Spamhaus: an attack of unprecedented ferocity. He pleaded guilty in 2014. Then too, a UK teenager was arrested in January for possibly having a hand in the PlayStation/Xbox Live DDoS that Grinched up gamers’ Christmas day playing. We often hear DDoS’ers trying to justify DDoSes under the premise that really, companies should be thanking the attackers for “raising awareness” of their vulnerability. That’s an old, tired spiel that we got from Lizard Squad members after they ruined Christmas with their XBox Live/PlayStation attack. Or, in the words of a man who claimed to speak for the attackers, they did it … …to raise awareness, to amuse ourselves… But as Naked Security’s Mark Stockley said at the time, a DDoS attack isn’t a skilful hack. You don’t need elite lock-picking skills to pull it off, because you’re not picking a lock. Rather, you’re blocking the door from the outside with as much garbage as you can pile up. Is DDoSing a company, or your school, or any online service, worth the lulz? For an answer, we can ask the LulzSec guys—If they’re out of prison, maybe they can let us know. Source: https://nakedsecurity.sophos.com/2015/05/22/high-schooler-allegedly-hired-third-party-to-ddos-his-school-district/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed

Read the article:
High schooler allegedly hired third party to DDoS his school district

DDoS attack downs University of London learning platform

A harsh lesson, now stand in corridor for four hours The University of London Computer Centre fell victim to a cyber-attack on Thursday.…

Read this article:
DDoS attack downs University of London learning platform

DDoS attacks double, old web application attack vectors still active

Akamai Technologies analyzed thousands of DDoS attacks as well as nearly millions of web application attack triggers across the Akamai Edge network. A surge in DDoS attack activity Q1 2015 set a…

Read the article:
DDoS attacks double, old web application attack vectors still active

‘Millions’ of routers open to absurdly outdated NetUSB hijack

Vulnerability may allow ne’er-do-wells to access the 1990s SEC Consult Vulnerability Lab Stefan Viehbock says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks.…

Originally posted here:
‘Millions’ of routers open to absurdly outdated NetUSB hijack

DDoS reflection attacks are back

At the start of 2014, attackers’ favorite distributed denial of service attack strategy was to send messages to misconfigured servers with a spoofed return address – the servers would keep trying to reply to those messages, allowing the attackers to magnify the impact of their traffic. As those servers got patched, this strategy became less and less effective. But now it’s back, according to a new report from Akamai. Except this time, instead of hitting data center servers or DNS servers, the attackers are going after personal computers on misconfigured home networks. According to Eric Kobrin, Akamai’s director of information security responsible for adversarial resilience, the attackers are taking advantage of plug-and-play protocols, commonly used by printers and other peripheral devices. These attacks, known as Simple Service Discovery Protocol (SSDP) attacks, are now the single largest attack vector for DDoS attacks, accounting for 21 percent of all attacks, up from 15 percent last quarter, and less than 1 percent at this time last year. “There are infectable SSDP services all over the Internet,” he said. “As they are discovered, we help work with people to shut them down.” Although each particular device has just a fraction of the bandwidth available to data center-based servers, there are more of them. “There’s a fertile ground of home systems,” he said. “A property configured home firewall can block this, but there are many improperly configured home systems connected to the Internet – and there are also industrial systems that can be used to reflect attacks as well.” This attack source is also harder to shut down, he said. “It’s easier to go into the data center and have the service providers do the clean-up,” he said. Last quarter, SYN flood attacks – where “synchronize” messages are sent to servers – was the leading attack vector, accounting for 17 percent of all attacks, down slightly from 18 percent of all attacks at the start of 2014. There has also been a change in the size of the median attack, and the typical size range of attacks, Kobrin said, as defensive measures have improved. “The smallest effective attack size has increased, year over year,” he said. “It’s because the smallest attacks are no longer effective.” Another type of DoS attack has gained a foothold for the first time this year. SQL injections, normally used to gain access to systems for the purpose of stealing data, are now being used to shut down Web sites as well. Akamai saw more than 52 million SQL injection attacks during the first quarter of 2015, which accounted for 29 percent of all Web application attacks. The most common targets for SQL injection attacks were retail, travel and media websites. Finally, another attack vector that’s just now starting to make an impact is domain hijacking. “People are actually attacking the registries and getting their own information put in, so the big sites are losing control of their DNS infrastructure,” Korbin said. There have been a few high-profile cases so far, he said, mostly politically motivated, but not yet enough data to measure a trend. “We didn’t see it much in 2012, started seeing a little bit of it in 2013 and 2014, and seeing it more of it now,” he said. He recommended that companies switch on two-factor authentication for their email systems when available, ensure that employees don’t reuse credentials, ask their domain registrars to put a lock on their domains, and, finally, keep a close eye on traffic numbers to spot a drop-off as soon as it happens. With these domain redirects, the attackers are not only able to shut down the legitimate website, but also put up their own content under that website’s brand. Source: http://www.csoonline.com/article/2923832/business-continuity/ddos-reflection-attacks-are-back-and-this-time-its-personal.html

More:
DDoS reflection attacks are back