Monthly Archives: September 2015

Single gateway protest halts government websites into DDoS attacks

Internet users Wednesday night protested the plans for a single gateway by attacking and bringing down the main websites of the prime minister, the Defence Ministry and the Ministry of Information and Communication Technology. Communications experts said “denial of service” attacks flooded the three sites, effectively making them impossible to access. The sites began to recover early Wednesday. The three sites went offline at about 10pm Wednesday, after netizens warned they intended to attack, and the government said such attacks would be treated as violations of the Computer Crime Act. The ICT deputy permanent secretary, Somsak Khaosuwan, claimed his ministry’s site did not crash because of an attack, but because it was overloaded by visitors monitoring the planned attack. Sites affected as of early Wednesday were the main government information website thaigov.go.th, the ICT ministry’s site at mict.go.th and the defence ministry’s website, mod.go.th. By early Wednesday, however, only the MICT site remained inaccessible, possibly because authorities had actually taken it offline. Warnings on Wednesday afternoon from credible sources in the Thai hacking community said they planned to attack government websites to protest the recent disclosure of government plans to reduce internet access to a single gateway, controlled by CAT Telecom Co. It appeared that the government site takedowns were by internet users, who answered calls on social media to go on online and continuously click refresh, causing overloads on the three targeted sites. The simultaneous denial-of-service attack works like normal attacks by over-exceeding a website’s capacity to handle internet traffic. But whereas normal attacks are carried out by a program or bot, Wednesday night’s protest was carried out by thousands of online users. After the secret plan was accidentally disclosed by a government press release, authorities sent out Deputy Prime Minister Prajin Junthong to try to spin the plan. He said that the single gateway initiative was only a proposition and that no “firm decisions have been made.” Critics of the plan idea contend it will take away freedom of information, with some even comparing it to the tightened grip of a communist country. A change.org petition opposing the single gateway initiative passed 100,000 signatures as of Wednesday. Source: http://www.bangkokpost.com/news/security/714432/single-gateway-protest-halts-government-websites

Read the original post:
Single gateway protest halts government websites into DDoS attacks

Thai government websites offline in suspected DDoS attack

Several Thai government websites went offline on Wednesday evening (Sep 30) in an apparent Distributed Denial of Service (DDoS) attack. The websites of the Information and Communication Technology (ICT) ministry, the state-owned CAT Telecom and the Internal Security Operations Command (ISOC) were among those affected. The Thai government’s main website and the finance ministry website also went offline later on Wednesday. The alleged DDoS attacks came after online communities threatened action to protest the government’s Single Gateway plan, which aims to “control inappropriate websites and information flows from other countries via the Internet”, according to an ICT statement. According to online sources, the activists had planned to start the attacks at 10pm (11pm Singapore time), but the ICT Ministry website was already affected at 7pm. Tens of thousands of people have signed a petition against the proposal, dubbed the “Great Firewall of Thailand”, with critics saying it will allow the military to further increase censorship as well as leave the country’s IT hub status vulnerable if the gateway fails. Source: http://www.channelnewsasia.com/news/asiapacific/thai-government-websites/2161566.html

Visit site:
Thai government websites offline in suspected DDoS attack

Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet

Should have stayed under the skirt of Mother Russia. Just a thought Dimitry Belorossov – a Russian cyber-criminal who used the Citadel banking trojan – has been sentenced to four years and six months in a US prison after pleading guilty to conspiring to commit computer fraud.…

See the article here:
Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet

Linux botnet observed launching powerful DDoS attacks

Threat actors are leveraging a botnet made up of infected Linux machines to launch powerful distributed denial-of-service (DDoS) attacks against as many as 20 targets per day, according to Akamai’s Security Intelligence Response Team (SIRT). The botnet is composed of Linux machines infected with a stealthy trojan identified in 2014 as “XOR DDoS.” The threat was observed altering its installation depending on the victim’s Linux environment and running a rootkit to avoid detection. According to an advisory published on Tuesday, Akamai’s SIRT has seen DDoS attacks – SYN and DNS floods were the observed attack vectors – that reached anywhere from a few gigabits per second (Gbps) to nearly 179 Gbps. Although the advisory said that 90 percent of targets are located in Asia, Tsvetelin Choranov, security intelligence response engineer with Akamai’s SIRT, told SCMagazine.com in a Tuesday email correspondence that a very small number of attacks have been launched against entities in the U.S. “The target industries confirmed from our standpoint are online gaming and education,” Choranov said, adding, “We don’t have a defined number of systems infected by this malware. Some of the source IPs that we are seeing actively producing malicious traffic have spoofing capabilities.” The advisory noted that evidence suggests the malware is of Asian origin, but Choranov said that Akamai’s SIRT has not heard of anyone claiming responsibility for the DDoS attacks. He added that there is also no known reason for the attacks, such as extortion. Unlike a lot of malware, XOR DDoS is not spreading via exploitation of vulnerabilities. “Rather, it populates via Secure Shell (SSH) services that are susceptible to brute-force attacks due to weak passwords,” the advisory said. “Once login credentials have been acquired, the attackers [use] root privileges to run a Bash shell script that downloads and executes the malicious binary.” The advisory outlines two methods for detecting the malware. “To detect this botnet in your network, you can look for the communications between a bot and its C2, using the Snort rule shown in [the advisory],” the advisory said. “To detect infection of this malware on your hosts you can use the YARA rule [also in the advisory].” XOR DDoS is persistent, meaning it runs processes that will reinstall deleted files. Removing the threat involves identifying malicious files in two directories, identifying the processes responsible for persistence of the main process, killing those processes, and deleting the malicious files. “XOR DDoS malware is part of a wider trend of which companies must be aware: Attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns,” the advisory said. Source: http://www.scmagazine.com/linux-botnet-observed-launching-powerful-ddos-attacks/article/441750/

Originally posted here:
Linux botnet observed launching powerful DDoS attacks

Linux-powered botnet lets rip on victims with 180Gbps network floods

Enormous network of hijacked zombie servers threatens to batter everything in its path Cybercrooks have built a network of compromised Linux servers capable of blowing websites and other systems off the internet with at least 150Gbps of junk traffic.…

More:
Linux-powered botnet lets rip on victims with 180Gbps network floods

XOR DDoS botnet launching attacks from compromised Linux machines

Attackers have developed a botnet capable of 150+ Gbps DDoS attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems, according to Akamai. What is XOR DDoS? XOR DDoS is a T…

Read the article:
XOR DDoS botnet launching attacks from compromised Linux machines

New DDoS attack uses smartphone browsers to flood site with 4.5bn requests

Researchers have found that smartphone browsers can deliver a powerful flooding attack. Researchers suspect a mobile advertising network has been used to point hundreds of thousands of smartphone browsers at a website with the aim of knocking it offline. According to distributed denial-of-service protection service CloudFlare, one customer’s site recently came under fire from 4.5 billion page requests during a few hours, mostly from smartphone browsers on Chinese IP addresses. As CloudFlare’s Marek Majkowski notes, browser-based ‘Layer 7? flood attacks have been viewed as a theoretical threat for several years, but haven’t become a reality due to difficulties in efficiently distributing malicious JavaScript to force a large number of browsers to make HTTP requests to a targeted site. Security researchers have previously suggested web ads as an efficient way to distribute malicious JavaScript. Analysing the log files, Majkowski found the smartphone browser attack peaked at over 275,000 HTTP requests per second, with 80 percent coming from mobile devices and 98 percent from a Chinese IP address. The logs also reveal mobile versions of Safari, Chrome, Xiaomi’s MIUI browser, and Tencent’s QQBrowser. “Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” Majkowski said. Majkowski speculates that the attack was made possible by an ad network, and believes the reason so many mobile browsers visited the attack page hosting the malicious JavaScript was due to ads shown in iframes, either in mobile apps or mobile browsers. Here’s how the attack works: when a user opens an app or browses the web, they are served an iframe with an ad whose content was requested from an ad network. The ad network then forwards the request to a third-party that successfully bids for that inventory and then forwards the user to an attack page. “The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers,” explained Majkowski. The attack site itself hosting the malicious JavaScript included instructions to launch an XHR in a loop. Source: http://www.zdnet.com/article/new-ddos-attack-uses-smartphone-browsers-to-flood-site-with-4-5bn-requests/

Read More:
New DDoS attack uses smartphone browsers to flood site with 4.5bn requests

Hacker Exfocus Blamed For Knocking Rutgers University Offline With DDoS Attack, Even After Expensive Upgrade

Someone is tormenting Rutgers University. The New Jersey school announced Monday it was fending off a distributed denial-of-service attack that crippled its Internet and Wi-Fi access. The latest cyberattack on a major U.S. research institution comes after a number of similar hacks against Rutgers, a school of approximately 65,000 undergraduate students. “We are currently experiencing a denial-of-service event affecting Internet connectivity and Wi-Fi access,” Rutgers said on its Facebook page. “OIT is working to resolve the issue, and we will inform the Rutgers community as soon as we have more information.” The outage also affected Sakai and eCollege, two online learning tools used to administer homework, tests and other communication, according to student complaints on social media. A previous outage limited the school’s ability to accept credit cards. It appears to be the first attack on Rutgers since the university invested $3 million to better protect its computer networks after at least four attacks during the past school year. That upgrade was the primary reason Rutgers raised tuition and fees by 2.3 percent for the 2015-16 school year, NJ.com reported in August, with a hacker known as Exfocus claiming responsibility for the problems. “Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department,” Exfocus wrote in a post on Pastebin in April. “I could run circles around all of you with my eyes closed, and one leg amputated.” A DDoS attack occurs when a hacker takes control of thousands (or millions) of computers and aims them at a single server, overwhelming that network with traffic and ultimately knocking it offline. Similar methods have been used by the Chinese government and the Anonymous hacking collective. Exfocus tweeted: “Did you miss me?” before deleting the message Monday. Student chatter on the anonymous Yik Yak social network also said Exfocus had been bragging there, though the most anyone seems to know about Exfocus came in an interview where he said he was being paid in bitcoin by someone with a grudge against the school. “When I stop getting paid — I’ll stop DDoSing lol. I’m hoping that RU will sign on some DDoS mitigation provider. I get paid extra if that happens,” Exfocus told APollonsky.me before being asked if he wished to share anything else with the Rutgers community. “I’m a fan of Taylor Swift.” Source: http://www.ibtimes.com/hacker-exfocus-blamed-knocking-rutgers-university-offline-ddos-attack-even-after-2117247

Read More:
Hacker Exfocus Blamed For Knocking Rutgers University Offline With DDoS Attack, Even After Expensive Upgrade

Anonymous Launches DDoS Attacks Several Saudi Arabian Websites, Brings Focus to a Teen’s Execution #OpNimr

In taking a stand and making a direct protest against the death sentence handed in 2012 to a 17-year old teenager Mohammed al-Nimr, Anonymous has crippled multiple Saudi Arabian government websites. It is a case described as “a possible breach of international law,” by a group of UN human rights experts. Ali Mohammed al-Nimr was arrested and sentenced to death after being accused of partaking in pro-democracy demonstrations during the Arab Spring of 2012. At the time, Nimr was 17. In joining the international outcry against the sentence of execution by beheading and crucifixion, hacktivist group Anonymous has taken down multiple Saudi Government websites with an operation called #OpNimr. The hashtag has since gone viral and adopted by activists around the world. #OpNimr Anonymous announced #OpNimr by inundating government websites with DDoS attacks and taking them offline, along with the following video that demanded the release of Nimr. The statement released on the video said: Ali Mohammed al-Nimr, an innocent young teenage boy has been sentenced to death in Saudi Arabia and we will not stand by and watch. “Hundreds of innocent people die each year because of the Saudi Government, and they (the Saudi Government) will now be punished for their actions,” Anonymous said. Nimr’s final appeal against his execution was dismisbsed by Saudi courts in September 2014 for his part in attending a rally during the Arab Spring. At the time, a Saudi court judgement read: “[Nimr] encouraged pro-democracy protests [using] a Blackberry.” “Naturally, the sentence was appealed but the appeal hearing was held in secret and apparently dismissed,” added Anonymous in their video message. A second video was released by Anonymous days after their first, this time directly addressing King Salman and the Saudi Arabian Government. “13 judges have already approved the death sentence of Ali Mohammed al-Nimr, meaning only King Salman bin Abdulaziz Al Saud has to approve it,” Anonymous said. We cannot and will not allow this to happen. The Ministry of Justice was taken offline a few days ago, and we will continue to do this to other government websites. Some of the websites taken down include: The Ministry of Justice (saudinf.com) The Ministry of Civil Service (mcs.gov.sa) The General Administration of Education (tabukedu.gov.sa) Saudi Airlines (saudiairlines.com) A complete list of the targeted websites has been published by Anonymous in Pastebin, here. “We hope you listen to us this time and release the young man. You will be treated as a virus, and we are the cure,” concluded Anonymous in their statement. Several activist groups and human rights groups including Amnesty International have claimed that Nimr was not granted the means to a lawyer and that he was forced into signing a “confession” after suffering torture by prison officers. At the time, a Saudi court judgement read: [Nimr] encouraged pro-democracy protests [using] a Blackberry. Amnesty International recently released a report that proclaims Saudi Arabia as “one of the most prolific executioners in the world.” Between January 1986 and June 2015, at least 2,200 known people were executed, half of whom were foreign nationals. Executions were carried out for “crimes” such as witchcraft, sorcery and adultery. According to news reports, Saudi Arabia will imminently behead and then crucify Al Nimr, now 20, today or later this week. Source: https://hacked.com/anonymous-attacks-several-saudi-arabian-websites-brings-focus-teens-execution-opnimr/

More:
Anonymous Launches DDoS Attacks Several Saudi Arabian Websites, Brings Focus to a Teen’s Execution #OpNimr

Mobile ad network exploited to launch JavaScript-based DDoS attack

A type of DDoS attack that has until now been mostly theoretical has become reality: CloudFlare engineers have spotted a browser-based Layer 7 flood hitting one of its customers with as many as 275,00…

More here:
Mobile ad network exploited to launch JavaScript-based DDoS attack