Two arrested for attacks on Indonesian and Australian websites The Australian Federal Police (AFP) claim to have arrested two chaps who conducted defacement and denial of service attacks on Indonesian and Australian government websites while using the name and iconography of Anonymous.…
Category Archives: DDoS Criminals
Australian Labor Party and the Bob Brown Foundation hit by DDoS attack
Inadvertent victims of “politically motivated” hack. A politically motivated DDoS attack on a US-based web hosting service has delivered global repercussions affecting a number of Australian websites including the homepages of the Australian Labor Party and the Bob Brown Foundation. Both organisations use the services of NationBuilder, a cloud-based web hosting and customer relationship management platform designed specifically for nonprofits, political parties and politicians. The ALP.org.au website was down for a few hours yesterday morning, its Canberra HQ confirmed. The Bob Brown Foundation site was also down yesterday and then again last night, said organiser Steven Chaffer, who had been contacted by a NationBuilder account rrepresentative. The state branches of the Labor Party also use NationBuilder, as does Victorian independent MP Cathy McGowan and the community services union United Voice. United Voice said it was not aware of any disturbance to its web presence. Yesterday NationBuilder was hit by a DDoS attack it believes to have been in protest against the political stance of one of its clients. “We are reasonably certain the attack is directed at one of our customers for their political beliefs, and is meant to disrupt upcoming elections,” wrote CEO Jim Gilliam on the NationBuilder website early this morning Australian time. He said the attack has caused “intermittent service outages” for the company’s clients but assured users that data and financial information was never exposed. “We know the impact is immeasurable and we are very, very sorry,” he said. “We are fiercely committed to serving all of our customers. Everyone has the right to organise – in fact, this is the very reason NationBuilder exists.” NationBuilder has not responded to iTnews’ requests to confirm the identity of the targeted client. However posts on the Anonymous hackers forum and from the self-professed antagonist on Twitter claim that the attack is targeting the British political party UKIP, which is taking its anti-immigration policy platform to elections for the UK membership of the European Union next week. The party’s leader Nigel Farage has been a controversial figure, branded as a racist by the UK Labor party. UKIP has been the subject of DDoS attacks before, and its website was one of many down intermittently yesterday and into today. Australian clients told iTnews that their services have now resumed. Source: http://www.itnews.com.au/News/386077,alp-bob-brown-sites-downed-by-ddos.aspx?utm_source=feed&utm_medium=rss&utm_campaign=editors_picks
View the original here:
Australian Labor Party and the Bob Brown Foundation hit by DDoS attack
Dating Website Plenty Of Fish Hit By DDoS Attack
Add Plenty of Fish to the list of technology companies whose websites have come under DDoS attacks from unknown cybercriminals in recent days. The company says that it was the victim of a five-hour attack today that affected approximately 1 million users. Initially, the attacks took down the Plenty of Fish website, then later the company’s mobile apps on iPhone, iPad and Android. As per the usual M.O., the attacker first contacted the site to warn them of the impending DDoS at 6:45 AM PT, then the attack started at 8:13 AM PT where it continued for several hours, off and on. The company says it was only recently able to mitigate the flood, and is now fully up and running again. The attack was 40 Gigabits in size, which makes it larger than the attack which took Meetup.com offline for nearly five days last month – that attack was “only” 8 GBps, the company had said at the time. These DDoS attacks (distributed denial-of-service attacks) have become more powerful as of late, thanks to the way attackers are exploiting older internet protocols like Network Time Protocol, or NTP, to increase their size. That seems to be the case here, given the size of the attack that Plenty of Fish suffered. Other companies that have been attacked more recently include TypePad, Basecamp, Vimeo, Bit.ly, and as of this past weekend, marketing analytics software provider Moz, to name just a few. In Plenty of Fish’s case, the attacker demanded $2,000 to have them stop the attack. Want to know if your company is about to have a bad day? Look for an email like this: From: dalem leinda Date: Tue, May 20, 2014 at 12:09 PM Subject: Re: DDoS attack, warning If you feel ready to negotiate, I’m still here. For something around $2k, I will stop the current attack and I will not resume further attacks. The amount depends on how quickly you can make the payment. Source: http://techcrunch.com/2014/05/20/dating-website-plenty-of-fish-hit-by-ddos-attack/?ncid=rss
Read more here:
Dating Website Plenty Of Fish Hit By DDoS Attack
The evolution of an Iranian hacker group
Iran-based hacker groups have traditionally concentrated more on website defacement and DDoS attacks aimed at making a political statement, but as time passes, some of those groups and their attack me…
Follow this link:
The evolution of an Iranian hacker group
SNMP could be the future for DDoS attacks
DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront. Johannes Ullrich, dean of research with the SANS Technology Institute, told SCMagazine.com in a Monday email correspondence that SNMP, a UDP-based protocol used to read and set the configurations of network devices, hasn’t posed as big a threat as DNS and NTP attacks because there are not as many reflectors available as there are for other protocols. Ullrich said that most network-connected devices support SNMP in some form and, in a Thursday post, opined that it could be the next go-to vector for attackers after he observed a DDoS reflection attack taking advantage of an unnamed video conferencing system that was exposing SNMP. In this instance, the attacker spoofed a SNMP request to appear to originate from 117.27.239.158, Ullrich said, explaining that the video conferencing system receives the request and then replies back to the IP address with a significant reply. An 87 byte “getBulkRequest” resulted in a return of 60,000 bytes of fragmented data, Ullrich wrote in the post, adding that the individual reporting the attack observed roughly five megabits per second of traffic. “The requests are pretty short, asking for a particular item, and the replies can be very large,” Ullrich said. “For example, SNMP can be used to query a switch for a list of all the devices connected to it. SNMP provides replies that can be larger than DNS or NTP replies.” As people improve configurations, effectively causing those DNS and NTP reflectors to dry up, SNMP could be the attack vector of choice, Ullrich said – a point that John Graham-Cumming, a programmer with CloudFlare, agreed with in a Monday email correspondence with SCMagazine.com. “I think that attackers will turn to SNMP once other attack methods are thwarted,” Graham-Cumming said. “At the moment it’s easy to use NTP and DNS for attacks, so there’s no need for SNMP.” To get a jumpstart defending against this DDoS vector, Graham-Cumming suggested that network operators limit access to the SNMP devices on their networks. Ullrich went so far as to say that SNMP devices should not be exposed to the internet at all. Both experts added that the “community string,” which serves as a password for accepting requests, should not be so obvious. Source: http://www.scmagazine.com/snmp-could-be-the-future-for-ddos-attacks/article/346799/
Linux distros get patching on terminal bug
Pseudo-terminal buffer bug from 2009 discovered Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel’s tty handling that can let local users create memory corruption leading to denial of service, unauthorised modification of data, and disclosure of information.…
5 People Arrested for Launching DDOS Attacks on Systems of Chinese Gaming Company
A total of five individuals have been arrested by Chinese authorities on suspicion of being behind distributed denial-of-service (DDOS) attacks launched against the systems of a Shanghai-based online gaming company. According to police in Shanghai ‘s Xuhui District, cited by Ecns.cn, the first suspect, surnamed Wu, was arrested in January, after the targeted company provided authorities with information needed to track him down. Wu told investigators that he had been hired by one of the targeted company’s competitors, an Internet firm based in the Henan Province operated by an individual called Tu. Tu’s firm offered not only online games, but also hacking services. The individuals he hired would hack into the systems of various organizations and use the hijacked computers to launch DDOS attacks against various targets. The attacks launched against the Shanghai online games company are said to have resulted in damage of close to 10 million Yuan ($1.6 million / €1.16 million). The attacks were aimed at the login page for an online game and prevented paying customers from accessing their accounts. Police detained Wu, Tu and three other individuals suspected of being responsible for the cyberattacks. The company operated by Tu is believed to be involved in other illegal activities as well, including hacking, distribution of obscene materials, and hosting illegal ads. Source: http://news.softpedia.com/news/5-People-Arrested-for-Launching-DDOS-Attacks-on-Systems-of-Chinese-Gaming-Company-441863.shtml
View original post here:
5 People Arrested for Launching DDOS Attacks on Systems of Chinese Gaming Company
Point DNS blitzed by mystery DDoS attack assault
Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours. The size of the attack and techniques used – much less who might be behind the attack – remains unclear. Several Reg readers got in touch to notify us about the issue and the company confirmed the attack online. “We’re experiencing a DDoS attack on all DNS servers we are working hard mitigate the attack,” Point DNS said in a update to its Twitter profile. “We’re still working through a massive DDoS. We’re adding more nameservers and working with our network providers,” it added. The firm, whose services are used by more than 220,000 domains, was badly affected by the attack. This had a knock-on effect on firms who used its services – while websites were up and running as normal attempts to reach them by typing in a name to a browser would not resolve as normal. The snafu also means email won’t be delivered as normal to affected sites, with early indications suggesting clients clustered in Asia and Europe were worst affected. Security specialists Incapsula spotted a similar attack, which peaked at 25 million packets per second. It reported seeing floods of non-spoofed IP data coming from two DDoS protection services as the cause of the outage. “DNS flood have been around for a while but now the modern high-capacity servers take the attack to a new level,” Incapsula product evangelist Igal Zeifman told El Reg in a statement. “Unlike amplification attacks, that could be easily spotted and filtered on-edge, DNS flood queries can’t be dismissed before they could be allowed to be processed by the server. With powerful botnet machines pumping millions of malicious request each second, and aiming them directly and the most vulnerable server resources (eg CPU), the old threat is now making a comeback in a very dangerous manner.” Source: http://www.theregister.co.uk/2014/05/09/point_dns_ddos/
Point DNS blitzed by mystery DDoS assault
DNS flood washes over company servers Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours.…
Originally posted here:
Point DNS blitzed by mystery DDoS assault
Majority of UK firms unprepared for DDoS attacks, study finds
New research released by Neustar suggests that the majority of UK businesses are unprepared to cope with the threat of DDoS attacks. Distributed Denial of Service (DDoS) attacks are a common method for cyberattacks to disrupt an online businesses. A DDoS attack uses compromised computer systems to attack a single target, sending traffic from multiple points of origin in a flow, which often overwhelms a system, causing it to deny authentic traffic access to services. According to research released by Neustar, a third of UK businesses estimate losses of £240,000 per day when hit with DDoS attacks. After surveying 331 companies in the United Kingdom across numerous industries including financial services, technology, and the public sector, the analytics provider says larger DDoS attacks are becoming more frequent with a 200 percent increase in attacks affecting bandwidth between 1-20Gbps, in addition to a significant increase in attacks on bandwidth with a magnitude of 100Gbps or more. Neustar’s report, “ United Kingdom DDoS Attacks & Impact Report. 2014: The Danger Deepens ,” also states that DDoS attacks are a “growing threat to organisations with potentially calamitous consequences for companies” without proper protection. Not only can DDoS attacks have an immediate impact on sales and business revenue, they can have long-lasting detrimental effects on brand value, customer trust, and public reputation. Key findings from the survey include: DDoS attacks often disrupt multiple business units, with public-facing areas like call centres, customer service, and marketing absorbing over 40 percent of DDoS-attack related costs. Over 35 percent more UK companies were hit by DDoS attacks in 2013 compared with 2012. In 2013, there was an increased number of longer attacks, with 28 percent lasting up to two days or more. Once attacked, there is an estimated 69 percent chance of a repeat attack. While 31 percent of these companies were DDoS-attacked once, over 48 percent were targeted two to 10 times. In 2013, attacks requiring over six people to mitigate rose to 39 percent compared to 25 percent in 2012, a 56 percent increase. In addition, Neustar’s research highlights an increase in a trend dubbed “smokescreening.” These types of DDoS attacks are used by cybercriminals in order to divert IT department attention while malware and viruses are inserted within a business network, with the overall aim of stealing valuable data or funds. Rodney Joffe, Senior Vice President and Technology Fellow at Neustar commented: Organisations must remain constantly vigilant and abreast of the latest threats. As an example, Neustar’s UltraDNS network suffered an attack just last week peaking at over 250Gbps — a massive attack by industry standards. Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape. In February, Web performance company CloudFlare reported the mitigation of a DDoS attack on a French website which reached a record-setting attack of at least 325Gbps, and a potential reach of 400Gbps. Source: http://www.zdnet.com/majority-of-uk-firms-unprepared-for-ddos-attacks-study-finds-7000029178/
More:
Majority of UK firms unprepared for DDoS attacks, study finds