Author Archives: Enurrendy

oneZero outages the result of Chinese DDoS attacks

Continuing our exclusive coverage of the events unfolding at forex solutions provider oneZero, LeapRate has learned that the outages hitting oneZero and thereby some of its hosted clients over the past week are the result of distributed denial-of-service (DDoS) attacks being made against the company. After engaging multiple security contractors, the company has isolated the attacks and has determined that they originate out of China. A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate. oneZero management indicated to LeapRate that the attack against them has been made with a very high level of sophistication, but that the company is working very closely with security contractors and with its clients and expects the situation to be resolved. The attack against oneZero appears to be solely targeting connectivity, and has not at all affected the company’s own systems, so that no company or client data has been compromised. And so far, there has been no attempt to exploit the attack – DDoS hackers often try to blackmail their targets, requiring some sort of ransom to be paid in order to remove the attacks. Source: http://leaprate.com/2015/10/onezero-outages-the-result-of-chinese-ddos-attacks-leaprate-exclusive/

Read this article:
oneZero outages the result of Chinese DDoS attacks

Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day

Over the weekend video gamers who enjoy exploring the galaxy in Star Trek Online and fighting orcs with swords in Neverwinter Online found themselves briefly unable to do so. Some players described lag spiking so high that characters began “rubber banding”–or repeatedly teleporting back every time a player tries to move somewhere else. Cryptic Studios, Inc., the developer of Star Trek Online and Neverwinter quickly tweeted about the problem. The attack, a distributed denial of service (DDoS) attack hit the servers affecting both games and caused the network supporting them to crumble. The first hit the servers at approximately noon PST on Sunday and the second at 8pm PST on the same day. These sorts of attacks are commonly used by Internet trolls and rabble rousers to attract attention such as the likes of Lizard Squad, DerpTrolling, and LulzSec. Gaming networks are particularly susceptible to DDoS attacks with potentially thousands (or hundreds of thousands) of players expecting a flawless experience that requires the quick response of networks and servers. The attacker who claimed responsibility in the case of the Cryptic Studio’s properties is named NeverGodz (@NeverWinterGod) and may have only targeted Neverwinter Online –the effect on Star Trek Online ’s servers mere collateral damage in the attack. Due to the nature of DDoS, the damage rarely affects just one service, and can disrupt the entire data center or network node adjacent to the target. There were two separate attacks committed by @NeverwinterGod. Both attacks lasted long enough to bring both games down and make it difficult for players to log in or play. Players of both games went to Reddit ( Neverwinter Online , Star Trek Online ) and Twitter to voice their confusion as to the server issues and cited the tweets from Cryptic when they did. Some, such as STO commentator Lootcritter expressed curiosity over the reason for the attacks. So far, most attackers who hit online games have appeared to claim they do it “for the lulz,” or because the attacker is having fun. Although some, like Lizard Squad, claimed to do it to show how security at these sites is lax and unable to withstand attacks. Surviving DDoS attacks has nothing to do with traditional cybersecurity, however, and everything to do with the power and reaction time of network engineers. Most of the Internet mayhem crews and DDoS attackers to hit online games have been young, male and out to make names for themselves by causing disruption. The claims and trumpets of @NeverWinterGod looks no different. DDoS attacks easier, on the rise and a constant threat to online games In 2013, CloudFlare, Inc. CEO Matthew Prince predicted that DDoS attacks would only expand in scope and ease in 2014 and this has remained true for 2015. In April of this year, Arbor Networks, Inc. reported one of the largest DDoS attacks ever detected at 334Gbps. Akamai Technologies Limited backed up these figures stating that attacks had increased in volume and quality, the report stated that the total number of DDoS attacks increased 132.43 percent compared to Q2 2014. As for ease, one of the takeaways from Lizard Squad’s arrival was the launch of the Lizard Stresser DDoS-for-hire service, it is still online today. Although few would be foolish enough to use it after it’s previous hacks. According to Nexusguard Inc. there is a thriving market in DDoS-for-hire services even before Lizard Squad came on the scene, but if an ad hoc Internet mayhem crew could build one it shows how easily such a setup can be built. DDoS attacks are not easy to stop. Due to their distributed nature it’s impossible to squash them at the source, since the attack uses thousands to millions of computers across the globe to produce garbage connections and data directed at the target. Halting the attack at the target is difficult because all that garbage traffic can saturate the network across multiple tiers. Network engineers from anti-DDoS outfits such as Nexusguard need to work with upstream providers to filter out the garbage traffic before it reaches the smaller networks. Stopping a DDoS attack takes a lot of coordinated effort across region-spanning networks and affects more properties than just the intended target. Much in the same way a traffic jam in a city can make multiple exits from a freeway inaccessible. Efforts continue to attempt to thwart DDoS attacks, but it looks as if 2015 will continue to be a year when the volume and capabilities of attacks will rise. Update 09/14/2015 2:25pm PST: Star Trek Online and Neverwinter Online are under DDoS attack again today starting at approximately 1:45pm PST. Tweets suggest that the attacker is targeting Cryptic Studio’s Boston datacenters but did not last long, a mere 20 minutes. The attacker has shown an interest in knocking the servers offline repeatedly so there may be further attempts today. Source: http://siliconangle.com/blog/2015/09/14/star-trek-online-neverwinter-online-struck-by-ddos-attacks-twice-in-one-day/

Visit site:
Star Trek Online, Neverwinter Online struck by DDoS attacks twice in one day

UK, US law enforcement agencies disrupt Dridex botnet

The UK's National Crime Agency is spearheading an onslaught against the Dridex (aka Bugat, aka Cridex) banking malware and the criminals that wield it. “Dridex malware, also known as Bugat and Crid…

More:
UK, US law enforcement agencies disrupt Dridex botnet

Alleged Ukrainian botnet herder faces 43 years after Italian job snafu

Hacker fingered for heroin stunt takes the stand A Ukrainian man extradited from Italy has gone on trial in New Jersey accused of running a botnet and dealing in stolen credit cards.…

See more here:
Alleged Ukrainian botnet herder faces 43 years after Italian job snafu

Rutgers Students Want Refunds After Fifth DDoS Attack in One Year

Over 1,000 People Have Signed Change.org Petition Following September Cyberattack Rutgers students are frustrated with the university’s lackluster cybersecurity, considering the school raised tuition in part to fund $3 million worth of network upgrades after several cyberattacks brought the school to a screeching halt last semester. But on September 28, Rutgers University experienced another distributed denial of service (DDoS) attack, the fifth such attack in less than a year.  That attack shut down the school’s wireless internet service, and many other services from 1 a.m. to 2 a.m. and again from 10 a.m. to approximately 3 p.m. The university acknowledged that it was “not well protected” during the first four attacks, but had said it had since begun pouring millions of dollars into its cybersecurity efforts, as we reported. This spending was cited as one of the main reasons Rutgers University’s Board of Governos approved a 2.3% increase in tutition for the 2015-2016 year. Rutgers engineering student Riccardo Mui started a change.org petition imploring Rutgers President Robert Barchi to refund the ineffectual tuition hike. Mui comes from a humble background, raised by an immigrant father who could not support him through college. This is his take on the DDoS attack: Since I came to college, I expected at least decent internet speeds, and while it usually holds up, we get DDoS attacks every time an exam rolls around. Now I would not say anything, yet I feel the need to tell all the students to join together to either get a refund or to make Rutgers change something on their own time. Why? Because Rutger’s spent over 3 million on upgrading the network, yet only 160,000 actually went to physical upgrades. Also, they used Incapsula as a DSoS attack defender, which is decent for websites, but definitely not for a University. Besides, we literally wasted all of our money because as soon as an attack was launched, it took down the network. Since there was a tuition increase, it is only fair that we get that money back. The petition reached 300 signatures within an hour, and 750 signatures within the first fifteen hours, and now has more than 1,000 signatures. The “Reasons for Signing” section is telling.  Some students were simply angry that the university did not provide what they felt they deserved. Others suspected that the school did not even invest the money in cybersecurity at all. David Park commented, “Only a small percentage of the 3 million raised was actually used to improve Rutgers’ cyber defense system. If Rutgers doesn’t actually use all the money it’s raised from increasing the tuition for its actual purpose, refund the students.” Several students brought up Rutgers’ habit of spending big on athletics. For example, Chetan Kini wrote, “You can’t increase my tuition and then have something like this occur; it’s unacceptable. I’m pretty sure you gave my money to the damn football team since that’s where all our funding goes.” As Leslie Brighton said, “If Don Smith [Rutgers’s Vice President of Information Technology] was doing his job, I wouldn’t even know who he was.” Source: http://newbrunswicktoday.com/article/rutgers-students-want-refunds-after-fifth-ddos-attack-one-year

Originally posted here:
Rutgers Students Want Refunds After Fifth DDoS Attack in One Year

Poker Players Behind DDoS Attacks?

Have you ever wondered who exactly is responsible for the rash of Distributed Denial of Service (DDoS) attacks being aimed at online poker sites ? Such attacks have hit a number of poker rooms in recent months, including the big boys such as PokerStars and Partypoker . Even the regulated poker sites in New Jersey faced a DDoS incident over the summer, with the attackers demanding a ransom be paid in Bitcoin. Of course, the ransom was not paid, and likely never will be whenever computer miscreants attempt such schemes now or in the future. The DDoS attackers must know that taking poker sites hostage won’t result in a big payday via extortion. But could their motive be the possibility of a large payday in some other fashion? WPN a Frequent Victim Take, for instance, the case of the Winning Poker Network . WPN’s Million Dollar Sunday tournaments that guarantee a $1 million prize pool and $200,000 to the winner have repeatedly fallen victim to DDoS attacks. As I understand it, last Sunday’s event was hit once again, although WPN was apparently able to mitigate the damage and keep the tournament rolling. That was not the case last year, when WPN had to cancel such an event after several hours of play, much to the chagrin of players who were stoked and ready to take a shot at that huge prize money. It seems that someone out there has a real vendetta against WPN , targeting those $1 million guaranteed tourneys in particular. Sheldon Adelson Cleared Who could hate online poker so much to want to snuff out the only million-dollar guaranteed tournaments available to U.S. players? Ah, Sheldon Adelson certainly comes to mind. He of the Coalition to Stop Internet Gambling who has vowed to spend whatever it takes to do so. But we can likely rule out the billionaire octogenarian. His knowledge of computers and how they work is obviously lacking. Anyone who believes that youngsters can lose their parents’ house with the click of a mouse certainly wouldn’t understand the finer points of a DDoS attack and how it might be carried out. Poker Players to Blame?  Which leads us to what might be the real motive behind the DDoS attacks at WPN. Many believe that the culprits are computer hackers bent on creating havoc and destruction. But could it be that poker players hoping to scare other players away from the Million Dollar Sundays are taking aim at the network? After all, the last two events featured overlays of over $200,000 . Those are nice-sized overlays, which may be the result of players avoiding Million Dollar Sundays due to the cancellation of a $1 million guaranteed event last year and the repeated DDoS attacks that WPN has been subjected to on Sundays this year. Would poker players do such a thing? Nah, they are all upstanding citizens who don’t need to resort to such tactics for monetary gain Source: http://www.pokerupdate.com/news/industry-and-market-analysis/poker-players-behind-ddos-attacks/

View the original here:
Poker Players Behind DDoS Attacks?

DDoS defences spiked by CloudPiercer tool – paper

70% of sites trying to hide true IP address cough their secrets The real IP addresses of some 70 per cent of websites protected by popular distributed denial of service attack protection providers like CloudFlare, Prolexic and Incapsula can be revealed using a simple web tool built on newly uncovered flaws, according to a recent paper.…

Read More:
DDoS defences spiked by CloudPiercer tool – paper

Five detained in KPN, Ziggo DDoS cyberattack

Four underage boys and one man were arrested for cyberattacks on the internet service providers Ziggo and KPN. The five were interrogated by the police department’s High Tech Crime Team (THTC) throughout Tuesday following the arrest for Distributed Denial-of-Service (DDoS) attacks on both companies. All suspects were released Tuesday night after questioning. Two attacks on Ziggo in August left internet and email users without services for days, affecting a recorded 1.8 million of the company’s customers, including hospitals and medical facilities. Ziggo previously said they would not be refunding customers for their time without service. The quintet is also accused of posting videos that threatened DDoS attacks against both KPN and Ziggo, although they tried to remain unidentifiable in the video threat. Journalists at the NL Times viewed the videos at the time of the attacks on YouTube. At the time of the cyberattacks, videos surfaced online claiming responsibility, and an allegiance to hacktivist collective Anonymous. Police reported that their impression was that “The boys wanted to show that they were capable of great things.” The three youths aged between 14 and 17 years and the 21-year-old man hail from the Gelderland towns of Berkelland and Lochem, the Noord-Holland municipalities Den Helder and Schoorl, and Vinkeveen in Utrecht. Their computers, mobile phones, external hard drives and USB memory sticks were all seized from their families’ homes. The prosecutor assigned to the case decided they will wait to proceed further until investigators conclude their analysis. Police and the Public Prosecutor have urged that this is not a game and carries a criminal prosecution with up to 10 years imprisonment and the possibility of financial compensation for the damage done. Source: http://www.nltimes.nl/2015/10/07/five-detained-in-kpn-ziggo-ddos-cyberattack/

View article:
Five detained in KPN, Ziggo DDoS cyberattack

Gamers DDoS Thai government sites to protest “Great Firewall of Thailand”

Gamers and privacy campaigners in Thailand have claimed responsibility for the recent take down of several government websites in a coordinated DDoS attack last week. The attacks were in protest at government plans to route the entire country’s Internet through a single gateway, creating what has become known as “The Great Firewall of Thailand” in a nod to China’s strict control over Internet services. According to Al Jazeera, the Anti-CAT Tower Mob—which includes e-sports gamers amongst its ranks—along with the Citizens Against Single Gateway Facebook groups called upon their hundreds of thousands of Facebook fans to execute a simple DDoS attack. The fans were instructed to visit official government websites while constantly refreshing the page, causing them to crash. Over half a dozen government sites, including the Ministry of Defence, and the main government website, were taken down. In response, Thai Police announced that those targeting government sites could be charged under Article 10 of the Computer Crimes Act of 2007, and face up to five years in prison. While the controversial act has resulted in some amusing law enforcement moments in the past—including Thai military leaders warning against “underboob selfies,” it has also been used to ban Bitcoin, Uber, and dictator-simulation game Tropico 5. An estimated 110,000 websites were blocked as of 2010. With e-sports rapidly growing in popularity across Thailand, gamers have been one of the bigger online groups to oppose the single gateway. They have even personified the gateway plans themselves in the form of an anime-style villain called Nong Kalaland, who’s said to hold “the power to control the internet in her fist.” Her namesake headpiece, a coconut shell (kala), is meant to represent Thailand’s self-obsession and wilful ignorance of the larger world, according to Thai site Khaosod. The Thai government has since backed down from its single gateway plans, with the Minister of Information and Communication Technology, Uttama Savanayana, saying that the plans were simply intended to increase Thailand’s competitive edge in the online economic sector. He added that the single-gateway concept was the prime minister’s idea, and would ensure that young people who used the Internet were shielded from abuse. He also promised that the government would not infringe on the public’s right to privacy and freedom of expression. Source: http://arstechnica.co.uk/tech-policy/2015/10/gamers-ddos-thai-government-sites-to-protest-great-firewall-of-thailand/

Follow this link:
Gamers DDoS Thai government sites to protest “Great Firewall of Thailand”