The Anonymous hacker group that carried out Friday’s cyber attack on Ottawa’s City Hall has pledged attacks on eight more targets, including Ottawa Police and the Supreme Court. The group has taken responsibility for hacking Ottawa.ca, hijacking the site with a taunting image of a dancing banana, and naming an Ottawa police officer with the ominous message “You know what we want…” Anonymous launched the hacking campaign Operation Soaring Eagle two weeks ago, and claims they have already penetrated the Ottawa police server. The group taunted police to find a “digital footprint” left behind as proof of their capabilities, and threatened to deface the Ottawa police website, as well as publishing e-mail exchanges between officers and the home addresses of investigators. “For every one technical (expert) you think you have, we have 20.. 50.. 100.. Do you believe us now?” the group posted following Friday’s hack. “Are we serious enough? This is just the start, Operation Soaring Eagle will continue, until we see fit that it is completed. We will be taking over all ottawa police networks, shutdown communications on the internet, hijack domains, servers, and soo much more (sic). It all starts today (Friday).” Both Chief Charles Bordeleau and Supt. Tyrus Cameron were dismissive of Anonymous’ threats. “We’re investigating,” Cameron said Saturday, adding he doubts the hackers have infiltrated the Ottawa Police e-mail server and are prepared to post names and addresses of officers. “Police operations and systems continue to function normally.” Later, Anonymous carried through by posting the phone number and home address of the Ottawa police officer named during Friday’s cyber attack. The officer is one of the investigators in a massive joint investigation with the FBI that netted 60 charges against a Barrhaven teen in May. The teen is accused of “swatting,” which is a trend of making prank calls reporting fake bomb threats, hostage situations and active shootings, while impersonating another person, commonly an online gaming rival. Emergency personnel will then respond to the call in vast numbers ? often in SWAT teams ? only to discover the ruse on arrival. “(The officer) knows exactly why he forced this to happen,” Anonymous said Saturday. It is believed the group carried out the attack when new evidence that supposedly exonerates the Barrhaven teen ? and alleges another man in New Jersey is actually behind the swatting frame-up ? was ignored by investigators, as Anonymous alleges. Bordeleau would not comment on Anonymous’ claims. The family’s lawyer, Joshua Clarke, said his client has maintained his innocence “from the very beginning.” “While we don’t condone the actions and are in no way affiliated with Anonymous, we understand that this group exists and have chosen to assist my client,” Clarke said. A Twitter user under the handle Aerith, speaking on behalf of Anonymous, said the group offered information to Ottawa police that would prove the innocence of the teen. “Enough is enough. We offered to give (police) information on (the) real swatter… in exchange let (the Barrhaven suspect) go, they laughed… They questioned our skills… That young lad is innocent, this is just pure bull—-.” QMI Agency could not reach the New Jersey man named by Anonymous. Aerith said he was “happily going through every single (police) e-mail, and operation discussed in their e-mails, and preparing a press release.” The group also said it was planning on replacing the police home page with “a dancing hitler banana with ISIS logo just to piss off (Stephen) Harper.” In a lengthy anti-police and anti-establishment rant on Nov. 12, Anonymous warned that the hacker collective would be carrying out “DDoS attacks” targeting the servers of nine websites, notably Ottawa.ca, Ottawa Police and the Supreme Court. The group lists several other targets, including Guelph Hydro, the City of Waterloo, Telus, WindMobile, Koodo Mobile and Fido, though it is not immediately clear why those companies and institutions are targeted. On Saturday, after that first cyber-attack was verified, the group posted another message warning, “This is just the start… We will not rest.” The group signed off by warning of another attack coming on Monday, pledging, “We have a shocker planned.” Source: http://www.torontosun.com/2014/11/22/anonymous-pledges-more-attacks-in-canada
Continued here:
Anonymous pledges more attacks in Canada
A new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target—by stuffing it full of information from President Barack Obama’s press office. DNS reflection attacks (also known as DNS amplification attacks) use forged requests to a DNS server for the Internet Protocol address and other information about a specific host and domain name. For example, a response from Google’s DNS server typically returns something like this—a simple response with the canonical name (CNAME) of the DNS address sent in the request and an IPv4 or IPv6 address for that name: DNS requests are usually sent using the User Datagram Protocol (UDP), which is “connectionless.” It doesn’t require that a connection be negotiated between the requester and the server before data is sent to make sure it’s going to the right place. By forging the return address on the DNS request sent to make it look like it came from the target, an attacker can get a significant boost in the size of a DDoS attack because the amount of data sent in response to the DNS request is significantly larger. But this new attack pumps up the size of the attack further by exploiting the TXT record for a domain—a free-form text entry for a domain name. TXT records are used to provide “time to live” (TTL) information for caching of webpages, configuring anti-spam policies for e-mail service, and verifying ownership of domains being configured for Google Apps and other enterprise services. It can also be used to provide information about other services associated with a domain name. A TXT record for a domain can be up to 255 characters—a significant boost over the relatively small size of the request sent for it. In October, Akamai’s security team noticed a trend in DNS reflection attacks using TXT record requests to the domain “guessinfosys.com” and other malicious domains. The contents for those were not exactly what you’d expect in such a record—they contained text pulled from news releases on WhiteHouse.gov: These attacks lasted for over five hours during each episode, resulting in malicious traffic of up to four gigabits per second hitting their targets. The contents of the TXT records were apparently being updated automatically, possibly scraping data from the WhiteHouse.gov site. DDoS attacks, like many “reflection” attacks, are preventable by DNS server operators by blocking external DNS requests. The attacks can sometimes be stopped at the edge of the network, but that usually requires having more bandwidth available than the size of the attack—something smaller sites without DDoS protection from a content delivery network such as Akamai or CloudFlare may have some difficulty doing. Source: http://arstechnica.com/security/2014/11/dont-blame-obama-but-ddos-attacks-are-now-using-his-press-releases/