Author Archives: Enurrendy

Image gfw-logs.jpg

Great Firewall of China blasts DDoS attacks at random IP addresses

An upgrade to China’s Great Firewall is having knock-on effects all over the internet, with seemingly random sites experiencing massive traffic spikes. One site owner in North Carolina, Craig Hockenberry, has written up how, after he looked into why his mail server was down, he found 52Mbps of search traffic piling into his system: 13,000 requests per second, or roughly a third of Google’s search traffic. The post goes into some detail over howHockenberry managed to deal with the firehose-blast of requests, all of it coming from China and much of it trying to find Bittorrents or reach Facebook. Short version: he blocked all of China’s IP blocks. Hockenberry is not the only one dealing with a sudden flood of requests, though. There are numerous reports of sysadmins finding that their IP address has appeared in front of the headlights of the Chinese government’s censorship juggernaut, causing them to fall over and forcing them to introduce blocking measures to get back online. After a number of different theories about what was happening, including focussed DDoS attacks and “foreign hackers” – that suggestion courtesy of the Chinese government itself – the overall conclusion of the technical community is that bugs have been introduced into China’s firewall. Particularly, something seems to have gone wrong in how it uses DNS cache poisoning to redirect users away from sites the government doesn’t want them to see. Poison China uses a weak spot of the DNS system to intercept requests coming into and going out of the country. If it spots something it doesn’t like – such as a request for “facebook.com” or “twitter.com” – it redirects that request to a different IP address. For a long while, China simply sent these requests into the ether – i.e. to IP addresses that don’t exist, which has the effect of causing the requests to time out. However, possibly in order to analyze the traffic more, the country has started sending requests to IP addresses used by real servers. Unfortunately, it seems that there have been some configuration mishaps and the wrong IP addresses have been entered. When one wrong number means that a server on the other side of the world suddenly gets hits with the full stream of millions of Chinese users requesting information, well then … that server falls over. The situation has had a broader impact within China. Tens of millions of users weren’t able to access the Web while the government scrambled to fix the problem. According to one Chinese anti-virus vendor, Qihoo 360, two-thirds of Chinese websites were caught up in the mess. China’s DNS infrastructure experts started pointing the finger at unknown assailants outside its system. “The industry needs to give more attention to prevent stronger DNS-related attacks,” said Li Xiaodong, executive director of China’s Internet Network Information Center (CNNIC). Your own medicine The reality, however, is that China has seen the downside to its efforts to reconfigure the basic underpinnings of the domain name system to meet political ends. The network is designed to be widely distributed and route around anything that prevents effective communication. By setting itself up as a bottleneck – and an increasingly huge bottleneck as more and more Chinese users get online – the Chinese government is making itself a single point of failure. The slightest error in its configurations will blast traffic in uncertain directions as well as cut off its own users from the internet. For years, experts have been warning about the “balkanization” of the internet, where governments impose greater and greater constraints within their borders and end up effectively breaking up the global internet. What has not been covered in much detail is the downside to the countries themselves if they try to control their users’ requests, yet make mistakes. Source: http://www.theregister.co.uk/2015/01/26/great_firewall_of_china_ddos_bug/

View article:
Great Firewall of China blasts DDoS attacks at random IP addresses

Malaysia Airlines Website Hacked by Group Calling Itself ‘Cyber Caliphate’

Airline’s Site Attacked by Group Claiming to Be Aligned With Islamic State Malaysia Airlines had its website hacked by a group that appeared to be trying to settle a score with a U.S. videogame company. Most visitors to MalaysiaAirlines.com for several hours Monday saw a message that said “ISIS WILL PREVAIL” at the top of their browser’s window, and the airline’s ticket booking and other services were unavailable. Instead, a large picture of a Malaysia Airlines Airbus Group NV A380 plane and the messages “404-Plane Not Found,” and “Hacked by Cyber Caliphate,” were displayed. Later, the site displayed a different image: a tuxedo-adorned, pipe-smoking lizard sporting a top hat and monocle. “Hacked by Lizard Squad, Official Cyber Caliphate,” it said, giving the Twitter handle for a group called Lizard Squad. A group calling itself Lizard Squad in December claimed responsibility for a cyberattack on videogame servers of Sony Corp. and Microsoft Corp. Later Monday, the carrier replaced the hacked version of its site with a pared-down version that allowed users to book flights. Both images displayed the Twitter handles for the accounts of what appear to be two men who work for Roxana, Illinois-based U.S. gaming company UMG, which hosts videogame events across the U.S. “We were not involved in any website being hacked in any way,” one of the men, Chris Tuck, told The Wall Street Journal via a direct message on Twitter. “The group who did it is a group of kids who aren’t fond of our company,” he said. “I presume they added our names to either scare us or warn us.” The other man whose handle was shown, UMG Chief Executive Robert Terkla, couldn’t be reached for comment. The Twitter timeline for Lizard Squad revealed recent Tweets directed at the two men about the alleged banning from events of certain gamers. It was unclear whether the gamers allegedly banned were involved with Lizard Squad. The owner or owners of the Lizard Squad Twitter account didn’t immediately respond to a request for comment via Twitter. It was unclear why Malaysia Airlines was targeted. The airline’s loss of two aircraft last year, which left 537 people dead or missing, brought global attention to Malaysia Airlines, which to that point hadn’t been widely known outside the region. In a statement, the company said its web servers are “intact” and customer bookings and data are secure. It said that its domain name system was compromised. Malaysia Airlines said the matter was immediately reported to CyberSecurity Malaysia, a forensics and analysis agency under the Ministry of Science, Technology and Innovation, and the Ministry of Transport. CyberSecurity Malaysia Chief Executive Amirudin Abdul Wahab said its investigation determined that it was a case of domain hijacking. Domain name servers are Internet phone books that translate Web domain names, such as MalaysiaAirlines.com, into numeric addresses computers use to reach individual machines. Tampering with domain names to divert traffic from the intended site would generally require less sophistication than a more complex breach in which a company’s servers are compromised and data is exposed. In December a group called Lizard Squad claimed responsibility for attacking Sony’s PlayStation Network and Microsoft’s Xbox Live videogame services. The group said that attack was a distributed denial of service attack, which disrupts websites by overwhelming them with data traffic. Source: http://www.wsj.com/articles/malaysia-airlines-website-hacked-by-group-calling-itself-cyber-caliphate-1422238358

More here:
Malaysia Airlines Website Hacked by Group Calling Itself ‘Cyber Caliphate’

DDoS dilemmas: how far can you predict attacks, and what can be done?

Distributed Denial of Service (DDoS) attacks are back in the news; it seems that barely a month goes by without media reports of a website or service being brought down by a DDoS attack. Sony’s PlayStation Network again became the victim of such an attack recently, while hacking group Anonymous is on a disabling offensive of extremist websites. DDoS attacks can come in a variety of shapes and sizes. However, the aim of a DDoS attack is always the same: to saturate a server with so many requests that it simply cannot cope, leaving legitimate users unable to connect. Attackers will sometimes use their own network of computers to launch DDoS attacks, but what is now more common is for them to use a network of PCs across the world that have been infected with malware that is capable of joining in a DDoS attack without the owner’s knowledge. We’ve written before about the easy availability of DDoS attack kits, which anyone can download and use to launch their own attacks. DDoS attacks were one of the primary methods used by Anonymous and LulzSec to tackle their victims: the Vatican, the Church of Scientology, the Australian government were all hit, as were Amazon, PayPal, MasterCard and Visa in response to their perceived lack of support for whistleblowing website WikiLeaks. Some of these big name companies could perhaps have predicted a DDoS attack was on its way; taking a stance against Anonymous would often leave a company in its firing line. In fact, Anonymous often warned targets that an attack was imminent. But for many other businesses, predicting a DDoS attack is difficult, and the results can be disastrous: loss of revenue-generating applications as well as reputational damage can negatively impact a business for years. Why would a company be a target for DDoS attacks? Hacktivism is certainly one reason, competition with rival businesses is another. But beyond that, it is tough to establish whether a business is at risk and, if so, from whom? With the exception of the aforementioned Anonymous messages, DDoS attacks can start without warning. So while predicting an attack may be difficult, protecting against one is less so. There are ways a company can keep its applications, services and even its whole network online without stopping legitimate traffic. A sophisticated firewall manager, application security manager and local traffic manager combined provide the protection needed to mitigate DDoS attacks, from blocking attack traffic to re-routing legitimate requests to ensure uptime. Analysis is also key: understanding who is attacking you, as well as how and why, can help prevent an attack from causing too much damage and can help protect against future attacks. Establishing which layer is being attacked (application, network or session, for example) will help a company know where to focus its resources, and intelligent firewall management will be able to inspect all traffic coming into a network and stop traffic that is coming from a DDoS attack. Source: http://memeburn.com/2015/01/ddos-dilemmas-how-far-can-you-predict-attacks-and-what-can-be-done/

Continue reading here:
DDoS dilemmas: how far can you predict attacks, and what can be done?

The Dirty hit by DDoS attack

The FBI is on the hunt for hackers who shutdown Nik Richie ‘s website The Dirty … and the reality star tells us he’s hemorrhaging money. The Dirty has been down for weeks after a team of hackers began hitting the site with a DDoS attack — which basically floods a server with so many requests it shuts down. Nik tells us he contacted FBI investigators and they’re on the case. Richie says he’s lost $250-300K this month alone in Super Bowl ads he couldn’t deliver. He’s also losing out because of cancelled appearances because he promotes them on his site. Nik is blunt … “These hackers are hypocrites. My website promotes free speech. F****** losers.” Source: http://www.tmz.com/2015/01/20/the-dirty-hacked-nik-richie-fbi-investigation-ddos-attack/

Continue Reading:
The Dirty hit by DDoS attack

French DDoS attacks spike after terror protest

The firm leveraged its Arbor Atlas initiative, which receives anonymised internet traffic and DDoS event data from 330 internet service providers (ISPs) worldwide, to view events in France in the days after the protest, which was in response to the Charlie Hebdo shootings that left 20 people dead. The magazine was targeted by ISIS sympathisers and others unhappy with the satirical magazine’s ridiculing of Islam, including its depiction of the Prophet Muhammed. The publication also satirised other religions. Comparing the DDoS attacks between January 3-10 and 11-18, the US security firm found that there were 1,342 unique attacks – an average of 708 attacks a day – during the two week period. However, the firm noted in a recent blog post that the number of DDoS attacks after the march rose by 26 percent with the average size of DDoS attack growing 35 percent. In the eight days prior to the attack, the average size was 1.21Gbps but this later increased to 1.64Gbps. The vast majority of these DDoS attacks were low-level although the number of attacks larger than 5Gbps did double in the days after the protest. Arbor reports that one attack measured as high as 63.2 Gbps on January 11. “This is yet another striking example of significant online attacks paralleling real-world geopolitical events, wrote Arbor’s threat intelligence and response manager Kirk Soluk. Speaking to SC after it first emerged that ‘thousands’ of French websites were facing cyber-attacks, Corero Network Security CEO Ashley Stephenson said that DDoS attacks were increasingly being used as an attack tool during international conflicts. “Whatever the motivation – cyber-terrorism, retaliation, religious incitement, radicalisation… It is clear that modern conflicts will be fought in the cyber-world as well as the real world,” he said via email. “The internet should be better protected against all of these associated cyber-threats. Increasingly we are seeing DDoS used as a tool in and around these conflicts and we should be prepared to institute increased cyber-security to protect this vital resource.” Last week, Admiral Arnaud Coustilliere, head of cyber-defence at the French military, said that about 19,000 French websites had faced cyber-attacks in the days after the shootings, although one source closely connected with the clean-up operation for some of these sites later told SC that hacking groups from Tunisia, Syria, Morocco, the Middle East and Africa had largely ignored DDoS as an attack vector because such attacks “didn’t work”. Instead, Gérôme Billois, senior manager of Solucom, said that these groups – also believed to often be ISIS sympathisers – had looked to scan thousands of websites to identify and exploit common WordPress, Joomla and other content management system (CMS) vulnerabilities. Source: http://www.scmagazineuk.com/french-ddos-attacks-spike-after-terror-protest/article/393796/

Read this article:
French DDoS attacks spike after terror protest

2014 in infosec: Spammers sneak small botnets under the wire, Java is dull

Crims also move to Silverlight, according to Cisco Cisco’s annual report on the state of global cybersecurity claims spammers just won’t die and are using new tactics to avoid detection by filters; malware programmers are abandoning exploiting Java; and there’s a possible silver cloud in the Sony Pictures hacking storm.…

See the article here:
2014 in infosec: Spammers sneak small botnets under the wire, Java is dull

City of Fort Lauderdale Spends $430,000 on Cyber Security After DDoS Attack from Anonymous

After getting hacked by cyber activist group Anonymous last month for its homeless laws, the City of Fort Lauderdale beefed-up its cyber security network with a hefty $430,000 worth of improvements. But city officials say it wasn’t the Anonymous attack that made them spend almost half a million dollars on computer upgrades – they were planning on doing it anyways. Back on December 1, hacktivists attacked the city’s main website – fortlauderdale.gov – and the Fort Lauderdale PD’s website – flpd.org – with a distributed denial-of-service (DDoS) hack, which bombarded the websites with so much traffic that they had to shut down. The attack only lasted a few hours, however, and the sites were back up by evening.   In a video warning of the attack, a masked hacker wearing the Guy Fawkes mask that has become synonymous with Anonymous demanded that the city drop the three controversial ordinances in the next 24 hours. “It has come to our attention that Mayor John P. Seiler has become an embarrassment to the good law-abiding citizens of Fort Lauderdale,” the hacker says. “You should have expected us, Mayor John Seiler.” City officials hope the new upgrades will be able to prevent this and other types of attacks in the future. But Seiler is quick to point out that these plans were in the works before a group of hackers in plastic masks made good on a threat to shut down an entire city’s web presence if laws against feeding homeless people weren’t struck down. “Certainly, Anonymous probably expedited the work that needed to be done and probably exposed some areas that needed to be addressed,” Seiler tells the Sun-Sentinel . “I wouldn’t say that [the expense] was all tied to Anonymous in any way, shape, or form.” The vast majority of Fort Lauderdale’s computer upgrade bill is going for consulting and oversight. From the Sentinel : City manager Lee Feldman broke down the emergency expenses: $366,989 for specialized security consulting and oversight services; $45,398 for software licenses to manage and control computer activities; and $17,907 for hardware to strenghten the computer infrastructure. The City of Fort Lauderdale is just one of the latest victims of Anonymous’ DDoS attacks. Past victims include credit card giants Visa and Mastercard, as well as online payment system Paypal, which lost almost $6 million in 2010. The reason for the hack was because Visa, Mastercard, and Paypal decided to stop allowing people to donate to Wikileaks via its systems. Two of the three hackers, who are from the United Kingdom, were caught and sentenced to prison terms of seven months and eighteen months. And Fort Lauderdale isn’t the first city to be targeted by Anonymous DDoS attacks, either. That distinction is shared with Albuquerque’s police department, whose website was crashed in March, 2014 in retaliation for the police-killing of James Boyd, an unarmed, mentally ill homeless man who was shot to death. Source: http://blogs.browardpalmbeach.com/pulp/2015/01/city_of_fort_lauderdale_spends_430000_on_cyber_security_after_hacktivst_group_anonymous_attack.php

View article:
City of Fort Lauderdale Spends $430,000 on Cyber Security After DDoS Attack from Anonymous

Nice SECURITY, ‘Lizard Squad’. Your DDoS-for-hire service LEAKS

You just exposed your users to world+dog, buddy A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users’ login credentials.…

More:
Nice SECURITY, ‘Lizard Squad’. Your DDoS-for-hire service LEAKS

Lizard Squad’s DDoS website hacked, unencrypted customer database stolen

The hacker group that calls itself the “Lizard Squad” has received another serious blow: LizardStresser(dot)su, the website where customers go to rent their DDoS service powered by a botnet of mostly …

Read More:
Lizard Squad’s DDoS website hacked, unencrypted customer database stolen