Author Archives: Enurrendy

Labour Party website DDoS’d by ruly democratic mob

Corbyn camp urges us to ‘get registering’ – we couldn’t agree more, Jeremy The intermineable registration process for voters for the new Labour Party leader’s election did not terminate this noon, as was planned, due to the party website dropping offline, following an effective, if accidental, DDoS attack from a flood of well-meaning visits generated by eager, if incredibly tardy, new supporters. The party website now informs visitors that “this morning we understand that some people have had problems trying to join or register as a supporter of the Labour Party. We are extending the deadline to join or register and be able to vote in the Leadership elections until 3pm.” If you are experiencing problems with the website, you can also register as a supporter with a £3 text. Text SUPPORT to 78555 and wait for a further text tomorrow on how to complete registration. According to the Guardian – which is live-Tweeting the event, now for another three hours – the party’s fear of entryists has resulted in “at least three of the camps” getting “in touch with each other to discuss their concerns about the running of the contest”. No accounts connected to Corbyn’s opponents have tweeted about the extension. Source: http://www.theregister.co.uk/2015/08/12/labour_party_wesbite_ddosd_by_mob_wanting_to_vote_for_new_leader/

Continue reading here:
Labour Party website DDoS’d by ruly democratic mob

Revisiting takedown wins: Are users in the developing world getting left behind?

We have all seen the headlines: another botnet dismantled, and we can all rest easy that the threat that has been plaguing us for all those years is now no longer an issue. After the headlines, howeve…

See the original article here:
Revisiting takedown wins: Are users in the developing world getting left behind?

Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Crims aim to cause just enough chaos to get in and out Hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen, before breaking into systems and stealing the personal details of 2.4m customers .…

Read the article:
Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Bunitu botnet crooks sell your unencrypted VPN traffic for £££

Unknowing proxies help zombie army lurch forward Cyber-crooks behind the Bunitu botnet are selling access to infected proxy bots as a way to cash in from their network.…

Visit site:
Bunitu botnet crooks sell your unencrypted VPN traffic for £££

Cloud security: Integrated global CDN with DDoS mitigation and WAF

Applications are becoming more accessible on the web across all industries including gaming, e-commerce, software, and media. This is great for reaching new customers around the globe, but along with …

Carphone Warehouse hackers used DDoS attack as smokescreen

Hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4 million people, according to sources with knowledge of the incident. The retailer revealed at the weekend that its security had been breached in a “sophisticated” attack. It is now thought that criminals used a cyber attack technique known as Distributed Denial of Service (DDoS) as a cover to help them infiltrate the retailer’s systems and perpetrate one of Britain’s biggest ever data thefts. To mount a DDoS attack, a global network of hijacked computers, known as a botnet, is used to bombard the target computers with traffic, overloading them and potentially forcing them offline. The ensuing technical problems can serve as a distraction for security staff, allowing hackers to exploit software vulnerabilities or stolen administrator credentials to break into systems and extract data undetected. A source with knowledge of the attack on Carphone said its online retail systems had come under bombardment before the major data theft was noticed on Wednesday last week. The millions affected are customers of OneStopPhoneShop.com , e2save.com and Mobiles.co.uk , as well as Carphone and its own mobile operator, iD Mobile. The systems broken into also held data for Talk Mobile and TalkTalk Mobile, the retailer said. Victims were advised to ask their bank to be on the lookout for suspicious activity, although on Monday there were no verified reports of fraud using the stolen data, sources said. Hackers who steal personal data often sell it in bulk on digital black markets to other criminals who seek to use it to commit fraud. According to internet security experts, criminals are increasingly using DDoS attacks to disguise their intrusions. In the most famous case, in 2011, Sony’s PlayStation Network, an online gaming service, was shut down for weeks after the personal and financial details of 77 million customers were stolen. The chief of the PlayStation division told the US Congress that a simultaneous bombardment of traffic against the network “may have made it more difficult to detect this intrusion quickly”. Subsequent examples of DDoS smokescreens include a 2012 attack on a bank during which card date was stolen and $9m drained from accounts via cash machines around the world. A warning that online bombardment can be a “diversionary tactic” for fraudsters is now part of official cyber security advice to US banks. Carphone Warehouse, which is contacting customers affected and co-operating with police and the Information Commissioner’s Office, declined to comment. Source: http://www.telegraph.co.uk/finance/newsbysector/epic/cpw/11794521/Carphone-Warehouse-hackers-used-traffic-bombardment-smokescreen.html

See the original post:
Carphone Warehouse hackers used DDoS attack as smokescreen

Hackers are blackmailing banks with threats of DDoS attacks

Hackers are threatening banks and other financial institutions with Distributed Denial of Service (DDoS) attacks if they don’t pay them tens of thousands of dollars, according to various reports More than 100 companies were threatened, according to MarketWatch, which cited a Federal Bureau of Investigation (FBI) agent. Among the companies being targeted were big banks and brokerages in the financial sector. A DDoS attack is when a hacker floods a website with traffic, forcing it offline. It is usually done with the help of multiple compromised systems, which are often infected with a Trojan. Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch these threats have been coming in since April. He added that in some cases, the companies have paid up. These companies end up facing further trouble as hackers know that they are willing to engage. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks. Companies are willing to pay large sums of money, as DDoS attacks could see them lose even more. A DDoS attack could see a company lose more than $100,000 an hour, according to Neustar, a Sterling, Va.-based information services and analytics company. Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down. “How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.” Yaroslav Rosomakho, Principal Consulting Engineer EMEA at Arbor Networks commented: “The fact hackers are planning on taking down websites with DDoS attacks unless organisations pay large sums of money is testament that hackers are becoming increasingly ruthless. Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business. “Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure. “Our research shows that DDoS attacks are continuing to grow in size, complexity and frequency with nearly half of businesses experiencing DDoS attacks last year. As attack size increases, so does the complexity of the hacker’s toolkit. “To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud and network-perimeter components to protect from stealthy application layer, state exhaustion and large volumetric attacks.” Source: http://www.itproportal.com/2015/07/31/hackers-threaten-banks-with-ddos-ask-for-ransom/

Read the original:
Hackers are blackmailing banks with threats of DDoS attacks

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

Organizations in the U.S. and China should be especially aware of distributed denial-of-service (DDoS) attacks, as more than half of them in Q2 of this year were aimed at the two countries. Kaspersky Lab’s “DDoS Intelligence Report Q2 2015” found that from April until the end of June this year, DDoS attacks impacted 79 countries, with most, 77 percent, affecting only 10 countries. In addition to China and the U.S., South Korea, Canada, Russia and France accounted for a large portion of attacks. The cybersecurity company defined a single attack as an incident during which there was “no break in botnet activity lasting longer than 24 hours.” If the same entity was attacked by the same botnet but with a 24 hour gap in activity, the two incidents would be considered separat e. The longest attack recorded during this past quarter lasted 205 hours, or eight and a half days. The peak number of attacks clocked in at 1,960 on May 7, and the low, at 73 attacks, occurred on June 25. The popularity of these attacks stems from the ease with which they can be arranged, said Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America, in emailed comments to SCMagazine.com. “Today, it is much easier to launch a DDoS attack,” he wrote. “Suddenly, you don’t have to be an expert in the field – all the power and potential damage is available to you with a few clicks. It’s also relatively cheap to commission a DDoS attack.” He noted that some online services charge as little as $50 for an attack that can cause serious damage to a company’s reputation, as well as financial losses. An average DDoS attack can range in cost to a company, depending on its size, anywhere from $52,000 to $444,000, Pozhogin said. As far as days of the week to be attacked, Sunday was the most popular day, accounting for 16.6 percent of them, and Tuesday was the least popular with 12.1 percent. Even as companies attempt to beef up their protection, it’s nearly impossible to stay ahead of the attackers and their tools. “As long as a company continues to focus on its core business it will not be able to match the resources poured into bypassing outdated protection and staying ahead of the attackers,” Pozhogin said. That said, cybersecurity firms’ technology can assist in keeping attackers at bay and enterprises’ sites running, he reminded. Source: http://www.scmagazine.com/kaspersky-lab-releases-q2-ddos-report/article/431034/

View article:
DDoS attacks rage on, primarily impacting U.S. and Chinese entities

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International DOTA 2 tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

In what it said was support for the ongoing curriculum protests, hacker group Anonymous Asia yesterday launched a third wave of distributed denial of service (DDoS) attacks against the Web sites of two political parties and a government ministry. The Web sites of the New Party, Chinese Nationalist Party (KMT), the KMT Taipei branch office and the Ministry of Economic Affairs were attacked for more than an hour. According to reports by Storm Media Group, Anonymous launched its first wave of DDoS attacks under the name “Anonymous #Op Taiwan” on Friday last week by locking down the Presidential Office and Ministry of Education Web sites for five hours. A notice released by the group said: “We are everywhere and nowhere. Taiwan’s police are not exempt [from our attacks], and all police must take responsibility for this incident. We cannot permit the use of violence or pepper spray on peacefully demonstrating people. When you hurt the Taiwanese people, revenge will be sought. We cannot forget, support us and the corrupt officials will be afraid of us. Taiwan’s government, expect us.” On Sunday, the group launched a second wave of DDoS attacks against the Ministry of Education, the Ministry of National Defense, the National Academy of Educational Research and CtiTV, a television station generally sympathetic toward the KMT, the report said. In a Facebook post on Sunday, New Party Chairperson Yok Mu-ming (???) said the DDoS attacks were serious national security concerns. “Do we not see China as our enemy and try to prevent Beijing hacking our Web sites? What I’m seeing now is like the opening salvoes of a Taiwanese civil war,” Yok said. Yok called on the public to put pressure on the Presidential Office and National Security Bureau to look into the attacks and find out who was behind them. “We must know if the motives are against curriculum changes or if there are other ulterior motives,” he said. Shortly after Yok’s Facebook post the New Party Web site was hacked. Anonymous Asia said on Facebook: “Yok Mu-ming, are you looking for us? Here we come.” Anonymous Asia is a loose coalition of hackers and Internet activists. The group describes itself as “an internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives” and has been known for high-profile public DDoS attacks on government, religious, and corporate Web sites. Source: http://www.taipeitimes.com/News/taiwan/archives/2015/08/04/2003624588

More here:
Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites