Category Archives: DDoS News

Threat of the Week: DDoS For Hire on the Rise

Just when you thought you could tune out the fears about DDoS (distributed denial of service) attacks, listen up: the risks for you suddenly are much graver, and it may be the time when defensive action on your part has become necessary. Yes, the fear-mongering over the May 7th DDoS blitzkrieg – which turned out to be a non-event – has prompted many credit union executives to turn off the DDoS discussion. That’s a mistake, however. “Three years ago I would have called DDoS a nuisance. Now it is a threat to many more businesses,” said Vann Abernethy, an executive with security firm NSFOCUS. A big change that is occurring, sources insist to Credit Union Times , is that for-rent DDoS networks – often costing spare change – are proliferating and they have plenty of firepower to take down most credit unions’ online presences. The scariest part: absolutely no technical skills are required to deploy what is being called DDoS as a service. All that’s needed is digital money – PayPal or BitCoin and there even are some providers that take MasterCard and Visa. Barry Shteiman, senior security strategist at Imperva, named names of sites that he said offer what seems to be DDoS for hire: SSH Booter, Empire Stresser, Quantum Stresser, Asylum Stresser, Titanium Stresser, Illuminati Stresser, Legion Stresser, Agony Stresser. The list is not complete. “There are dozens of companies selling DDoS as a service now,” said Sean Bodmer, chief researcher, Counter-Exploitation Intelligence, for CounterTack. Note: Almost all such sites claim to offer, not rogue DDoS for hire, but “stress testing” so that an organization – a credit union for instance – can check its DDoS defenses. Just one problem: sources insisted that the majority of stress-testing sites they are familiar with do no verification that the person buying the “stress test” has any affiliation whatsoever with the target. What’s fueled the rise in DDoS as a service? For one, the intense publicity for DDoS has just about everybody aware of the attack format. For two, “As email spam has become more and more a solved problem it has forced criminals with botnets to find other uses for them. DDoS lets them monetize their botnets,” said Matthew Prince, CEO of CloudFlare, a DDoS mitigation company. DDoS as a service prices are also tumbling. Hemant Jain, vice president of engineering for security company Fortinet, said that he has found providers who are selling an hour of DDoS for $5, a 24-hour day of it for $40 and a week for $260. Can’t these DDoS as service provider be shut down by law enforcement? It’s not that easy. Commented Carl Herberger, vice president of security solutions at mitigation provider Radware, “It’s important to note that ‘DDos for Hire’ websites move around in terms of their technical underpinning. They don’t stay in one area or one location for too long. It’s almost like a game of “Whack-a-Mole” – just when you think you’ve identified the location of the website, it’s already moved.” Added Chris Ensey, COO of security company Dunbar Digital Army, “These (DDoS as a service) sites are being resold like white-labeled products now. Most of the sellers are just affiliates who leverage another botnet or platform” – that is, they have none of their own infrastructure and, poof, they can be here today and back tomorrow under a new flag. That’s the problem: it is very hard to pinpoint the location of a DDoS command and control center and when it’s found, said sources, it generally is in a country with little or no law enforcement reciprocity with the United States. The bottom line for credit unions: “They have to take DDoS seriously. There is no turning this back,” said Shteiman. The good news: the attack throughputs via DDoS for hire are tiny fractions of what al Qassam is throwing at money center banks – 1% or 2% of the volume in many cases. But that is plenty to knock out a credit union that lacks defenses. As for what defenses are needed to thwart for hire DDoS, experts indicated that in most cases low-cost mitigation, within the budget of just about every credit union, ought to suffice. Talk with mitigation companies, also ask Web hosts what protections they have on hand or can line up, Small expenditures ought to bring peace of mind – at least that’s what the experts are saying today Source: http://www.cutimes.com/2013/05/28/threat-of-the-week-ddos-for-hire-on-the-rise?ref=hp

View the original here:
Threat of the Week: DDoS For Hire on the Rise

Iranian Hackers Launching Cyber-Attacks on U.S. Energy Firms: Report

Iranian hackers launched attacks as part of a campaign against the country’s oil and gas industry, according to current and former U.S. government officials. Iranian hackers have amped up a campaign of cyber-attacks against America’s energy industry, according to a report from The Wall Street Journal . Citing current and former U.S. officials speaking under the blanket of anonymity, the Journal reported that Iranian hackers accessed control system software that could have allowed them to manipulate oil or gas pipelines. The attacks raise the stakes in cyber-space between the U.S. and Iran, which has been accused by U.S. officials of being behind a spate of distributed denial-of-service attacks (DDoS) against U.S. banks stretching back to 2012. “This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow,” a source told the Journal . “What they have done so far has certainly been noticed, and they should be cautious.” Alireza Miryousefi, Iran’s spokesperson at the United Nations, denied any connection between hackers and the regime in an interview with the Journal . The officials who spoke to The Wall Street Journal did not name any of the energy companies targeted in the attacks. But two former officials said oil and gas companies located along the Canadian border were among those hit. Word of the attacks comes a week after Charles Edwards, deputy inspector general at the U.S. Department of Homeland Security, told members of a Senate subcommittee that industrial control systems were increasingly coming under attack in cyber-space in ways that could potentially cause “large-scale power outages or man-made environmental disasters.” Securing these systems is complicated, as many are more interconnected with the Internet than people realize, explained Tom Cross, director of security research at network security vendor Lancope. “It is also difficult to fix security flaws with these systems because they aren’t designed to be patched and restarted frequently,” he said. “It is extremely important,” he continued, “that operators of industrial control networks monitor those networks with systems that can identify anomalous activity that might be associated with an attack. Because of the relatively homogenous nature of network activity on many control systems networks, anomaly detection can be can be a powerful tool in an environment where other kinds of security approaches fall flat.” Much of the talk about improving the security of critical infrastructure companies has focused on information sharing between the government and private sector. Improving communication between government and business figured prominently in the executive order on cyber-security that President Barack Obama issued in February. However, many officials and security experts have said that the order does not undo the need for legislation. “The increases in cyber-assaults on our energy systems from Iranian-backed hackers are another signal to the government and the industry that measures must be taken to fortify the security of our critical infrastructure,” said Lila Kee, chief product and marketing officer at GlobalSign and a North American Energy Standards Board (NAESB) board member. “However, there is a fine line between cyber-security regulation and voluntary standards,” she said. “Regulations cannot be so rigid so as to prevent protection from today’s evolving advanced persistent threats, and voluntary standards cannot be so loose so as to provide no purpose. In today’s modern world of malware, solutions must be fluid and scalable to battle aggressive cyber-attacks.” Source: http://www.eweek.com/security/iranian-hackers-launching-cyber-attacks-on-us-energy-firms-report/

Read More:
Iranian Hackers Launching Cyber-Attacks on U.S. Energy Firms: Report

Legitimate online services enable DDoS-attacks-for-hire sites

A recent expose shines a light onto the strange world of “booter” or “stressor” web sites which offer DDoS-attacks-for-hire Is an online payment giant Paypal unwittingly enabling DDoS attacks? That’s the question posed by security researchers who have studied a small, weird corner of the market for distributed denial of service (DDoS) services: so-called “booter” or “stressor” web sites. Speaking at The Security B-Sides Boston security conference on Saturday, independent researchers Allison Nixon and Brandon Levene said that their investigation of booter sites found that many rely on legitimate online services, including Paypal to accept payment on behalf of customers interested in attacking web sites they do not own, and Cloudflare, a DDoS prevention service. The presentation was just the latest to peek into the strange world of “booter” or “stressor” web sites, which offer DDoS attacks for hire, often targeted at online gaming services popular with teenagers. In the past week, the web site krebsonsecurity.com published exposes on two such sites: assylumstressor.net and Ragebooter.net, both booter services for hire. In the process, Krebs revealed the identities of the purported owners of the sites and details of conversations he had with them about their services. In their presentation Saturday, Levene and Nixon, who assisted Krebs in his research, said that the booter sites were common online, but wholly different from the massive, 300Gbps attacks directed at Spamhaus, or the site-crippling DDoS attacks on leading banks and financial services firms like Citi, Chase, Wells Fargo and others in recent months. Rather, the services use mostly simple, reflected DNS and UDP flood attacks to knock small sites and residential home routers offline, the two researchers said. Many of the features of sites like Ragebooter.net are poorly designed or don’t work at all, said Nixon. Most victims are very often small websites hosting online gaming servers. In fact, the most reliable customers of booter sites are often other booter sites, said Nixon. The sites are not hugely profitable, but do generate some income. An analysis of data on the site Asylumstressor.com by Nixon and Levene suggest that site operators made, at most, $23,000 in 2012 – though probably much less. The sites operate more or less in the open. Speaking with Brian Krebs last week, a Tennessee man named Justin Poland, the operator of ragebooter.net, argued that the services were legal. “Since it is a public service on a public connection to other public servers this is not illegal,” Poland told Krebs in a Facebook chat. Poland even claimed to be working on behalf of the local FBI, turning over information gleaned from his service to law enforcement as needed. The Memphis FBI would not confirm or deny that Poland’s claims were true. Legal or not, most booter sites operate more or less in the open and with impunity, Nixon told an audience at B-Sides Boston, which was held at Microsoft’s New England Research and Development Center (NERD) in Cambridge. Site operators – many teenagers and 20-somethings with little technical sophistication – make little effort to conceal their identities. Paypal payments are often sent to e-mail accounts that are also associated with public Facebook profiles, making it easy to link booter sites to real world identities like Poland’s, she said. Law enforcement seems unconcerned with small scale attack sites like Ragebooter.net, or those who operate them, meaning that booter site operators continue to operate despite ample evidence about who they are and the illegal nature of their business, Nixon said. Similarly, services like PayPal and Cloudflare enable small-scale DDoS operations to continue, by turning a blind eye to the true nature of their businesses. Nixon said as many as 70 percent of booter sites use Cloudflare, a DDoS protection site. The service mainly protects booter sites from other booter sites, she said. Paypal isn’t the only online payment service, but it is easy and convenient to use and widely respected. Inexperienced booters who had to go through the trouble of setting up an account at a site like LibertyReserve might think twice, Nixon argued. In an e-mail statement to ITworld and other news outlets, Paypal said that it couldn’t discuss the specifics of customer accounts but that it “will review suspicious accounts for malicious activity and work with law enforcement to ensure cyber criminals are reported properly.” “We take security very seriously at PayPal,” the statement continued. “We do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down web sites.” Cloudflare CEO Matthew Prince said that his company protects millions of web sites – most of them legitimate private and public sector entities. However, his company doesn’t discriminate, and Prince admits that some sites protected by Cloudflare are troubling, including the booter and stressor sites. Cloudflare works closely with law enforcement and always responds promptly to requests for information from the courts or law enforcement offiicals. However, in the absence of any action by law enforcement, Prince said that it isn’t for him or his company to decide who to work with. “I do find it troubling when there are extralegal measures taken to determine what is and is not going on,” he said, in an apparent reference to the investigation by Krebs, Nixon and Levene. “How far do you go with that, if someone assumes XYZ shouldn’t be on the Internet? Should Google remove them from their search index?” he asked. “We believe in due process,” said Prince. Source: http://www.itworld.com/it-management/357306/legitimate-online-services-enabling-ddos-attacks-hire-sites

Read this article:
Legitimate online services enable DDoS-attacks-for-hire sites

Barracuda updates web application firewall

Barracuda Networks announced Barracuda Web Application Firewall 7.8, specifically aimed at reducing the impact of automated attack attempts from botnets. Automated botnet attacks recently have gain…

See more here:
Barracuda updates web application firewall

LulzSec Hackers Get Years Of Prison Time

Four men who took part in a significant number of cyber attacks on the likes of the NHS, Sony and the CIA received stern sentences today, following a lengthy trial into the activities of hacktivist crew LulzSec. News International and the UK Serious Organised Crime Agency (SOCA) were also hit by the hackers, who thought they were “latter-day pirates”, according to prosecutors speaking yesterday. Tough sentences for LulzSec Ryan Cleary, who was affiliated with LulzSec but not believed to be a leader, received the toughest sentence, with 32 months in prison. He let LulzSec members use his botnet to carry out distributed denial of service (DDoS) attacks. Cleary is also due to be sentenced over indecent images of children found on his computer at a later date. Ryan Ackroyd received a 30-month sentence for his part in researching and executing many attacks. Jake Davis, the spokesperson of LulzSec, is to serve 24 months in young offenders’ institution, whilst Mustafa Al-Bassamwas, who researched vulnerabilities for the attacks, was handed a 20-month suspended sentence of two years and 300 hours unpaid work. It is believed US law enforcement are keen to have some of the men extradited to face charges on US soil. However, Cleary’s legal team issued the following statement: “We believe the pleas that were entered today do cover all aspects of Mr Cleary’s criminality and therefore we do not anticipate that he will be in receipt of an application for extradition from the United States of America.” The notice, from Karen Todner Solicitors, also noted Cleary suffered from Aspergers Syndrome, but added he “does not seek to excuse his behaviour”. No laughing matter Charlie McMurdie, head of the Police Central e-Crime Unit, which carried out the investigation into the hackers alongside the FBI, said LulzSec had been “running riot, causing significant harm to businesses and people”. “Theirs was an unusual campaign in that it was more about promoting their own criminal behaviour than any form of personal financial profit,” added McMurdie, who is soon to retire from the force. “In essence, they were the worst sort of vandal – acting without care of cost or harm to those they affected, whether that was to cause a company to fold and so costing people their jobs, or to put at threat the thousands of innocent Internet users whose logins and passwords they made public. “They claimed to be doing it for ‘a laugh’ but real people were affected by their actions. Today’s convictions should serve as a deterrent to others who use the Internet to commit cyber attacks.” This might not be the denouement to the LulzSec saga, however, as hackers are threatening to take revenge. According to Sophos’ Graham Cluley, before the sentences were announced today, a group using the Twitter handle @LulzSecWiki said courts “could be in for ‘fun’” depending on their decision. Source: http://www.techweekeurope.co.uk/news/lulzsec-hackers-jailed-uk-116507

Taken from:
LulzSec Hackers Get Years Of Prison Time

Fraudster who hired hackers to manipulate stock prices goes to prison

The central organizer of a worldwide conspiracy to manipulate stock prices through a “botnet” network of virus-controlled computers was sentenced today to 71 months in prison and was ordered to pay a …

See the article here:
Fraudster who hired hackers to manipulate stock prices goes to prison

Paypal turns blind eye to payments totaling $35,000 for on-demand DDoS

It seems as though just about anyone with Internet access can set up a profitable online enterprise these days — including a criminal one. And for one Illinois teen, YouTube and PayPal have been all too happy to help him make a fast (albeit illegal) buck. Brian Krebs has been sleuthing once again, and his target this time was a “stress testing” service called Asylum Stresser . Stress testing, of course, is the thin veil that skiddies (script kiddies) like to drape over a for-hire DDoS attack setup. According to Krebs and his cohorts, Asylum looks like it’s been built using fairly run-of-the-mill cybercrime kitware that’s promoted in underground forum sites. Its servers are based in Romania, and appear to be nestled safely in a data center that is nothing if not criminal-friendly. Nothing shocking so far, right? Anyone who has a few extra bucks (or BitCoins) to white label someone else’s criminal back-end can do this stuff. But here’s the twist: the kid Krebs believes is running Asylum Stesser is accepting PayPal payments and advertising on YouTube. Recently, Asylum’s user database was leaked to the web and it revealed that more than $35,000 had been sent to one chandlerdowns1995(at)gmail.com. Downs also appears to have hired an eager infomercial actor over on Fiverr. While the promo spot is good for a chuckle, it’s hard to believe that YouTube will jump all over a 30 second fan-made video for copyright infringement, but has somehow allowed an ad for an illegal DDoS service to be viewed more than 42,000 times. Downs maintains that it’s not his fault if people use the service to launch illegal attacks. Asylum Stresser was launched so that law-abiding folk can make sure their websites are resilient. Maybe that’s why PayPal and YouTube have been fine with ignoring what’s gone on to this point. Former U.S. Justice Department attorney Mark Rasch, however, feels differently. He told Krebs that if Downs triggers an attack after being paid to do so, he is “criminally and civilly liable.” Downs didn’t exactly made it difficult for Krebs to connect the dots here. Let’s see if PayPal and YouTube get their heads out of the sand now and do something before an Illinois court orders them to. For protection against your eCommerce site click here . Source: http://www.geek.com/news/paypal-turns-blind-eye-to-payments-totaling-35000-for-on-demand-ddos-1554902/

See the original post:
Paypal turns blind eye to payments totaling $35,000 for on-demand DDoS

9 PH gov’t sites inaccessible due to DDoS Attack

Two days before the May 13 elections, the Commission on Elections (Comelec) and the Philippine News Agency websites appeared inaccessible to the public. Cursory inspections of the websites of the Philippines’ Departments of Interior and Local Government, National Defense, Foreign Affairs, and Science and Technology, showed they were also apparently inaccessible. The pages for the Philippine National Police, the Army and Navy, and the Philippine Information Agency also could not be accessed. As of 4:10 pm., the Department of Science and Technology (DOST) acknowledged and confirmed distributed denial of service (DDoS) attacks occurring against government sites, but they did not mention where the attacks came from. In a text message to Rappler, Roy Espiritu of the DOST ICT Office said the attacks started on May 10 on gov.ph, then to additional gov.ph-based websites on May 11. He added that the DOST was working on neutralizing the attacks and determining the source. They are also assisting government agencies outside their secured servers who have asked for help. Interaksyon.com earlier reported on the possibility of the downtime being caused by a cyberattack, but noted that the Facebook page of Anonymous Philippines, a hacker-activist group, stated they would undertake no operations during this time. GMA wrote that its technical team “detected an overnight cyberattack that was still ongoing as of posting time on numerous Philippine websites, including GMA News Online, ABS-CBN News, Philippine Airlines, Globe, Smart, and more than two dozen Philippine government websites.” Based on referrer tags and forum activity, GMA also added the attacks seem to have come from Taiwan, linking to a Taiwanese webpage that seems to have reacted positively to the Philippine site downtime. The possibility of a cyberattack related to Philippine-Taiwanese tensions resulting from the shooting of a Taiwanese fisherman was also raised. While no announcement has been made by the Philippine government, Comelec spokesperson James Jimenez mentioned previously to Rappler that the Comelec website may have downtime due to the number of people visiting it, as well as the location of the Comelec website servers. It also repeated this in a recent tweet. As of 2:30 pm., Rappler could access the site, which appears to have had a redesign in time for the elections. With regard to election issues, those seeking information from the Comelec about finding one’s voting precinct but cannot access their homepage can contact the Comelec through the following hotlines: 525335; 5259297; 5259301; 5259302; 5259345; 5271892; 5516552; 5521451; 5523044. – Rappler.com For protection against your eCommerce site click here . Source: http://www.rappler.com/nation/28804-philippine-government-sites-inaccessible

View original post here:
9 PH gov’t sites inaccessible due to DDoS Attack

Nationwide DDoS Attack Hits ReputationChanger.com

ReputationChanger.com was the most recent target in a string of high-profile cyber-attacks against U.S. web companies and governmental organizations. Reputation.com, LivingSocial and Name.com have all announced recently that they have been the targets of successful attacks by hackers. Tens of millions of consumers have been asked to change passwords in the wake of these attacks with large numbers of the population informed that personal data may have been accessed. A hack of the Associated Press account in Twitter resulted in a temporary loss on U.S. stock markets of $200 billion in late April. The U.S. Defense Department accused Chinese government-backed hackers this week of a sustained cyber campaign which successfully targeted governmental and defense contractor websites. The Chinese later denied these allegations. ReputationChanger.com was indeed targeted by an attack from a Chinese IP address that lasted most of the day. While the company’s public website was taken down for roughly half an hour in a distributed denial of service attack (DDoS), an investigation confirms that the company’s critical information — including client data — remained untouched. “The attack brought down our main website briefly but I think overall it revealed the strength and security of our operation in a way that we are truly proud of,” comments the company’s president, Michael Zammuto. “Because of the system set up, no client data was in danger of being accessed or compromised — and indeed, no client data was accessed or compromised. No action is required of any client although periodic password changes are always recommended.” Even a cyber-attack targeting the company’s Command Center, the firm’s online reputation management platform, could not have led to illicit data access. “The confidentiality of what we do is critical, and we are endlessly devoted to maintaining the complete privacy of our clients,” Zammuto offers. “As such, we have a highly distributed cloud system, response teams and processes in place to prepare for cyber threats.” Though the identity of the cyber assailant is yet unknown, Zammuto says the impetus for the attack is likely the high-profile client list that ReputationChanger.com maintains. “We were surely targeted because of the very important clients that we work with,” he affirms. ReputationChanger.com’s clientele encompasses governments, political figures, educational institutions, celebrities, and major, internationally-recognized businesses and brands. Despite the brief downtime experienced on the ReputationChanger.com website, Zammuto says that he is ultimately thrilled with how well the enterprise held up in the face of a malicious online assault. “I am very pleased with the performance of our network security team and partners,” he remarks. “It is a great reminder of how valuable investments are in these areas. They kept us safe from a vicious online enemy. It is because of their hard work and their expertise that ReputationChanger.com’s clients can rest assured that their confidential data is in the best possible hands.” ReputationChanger.com is the top rated online reputation management firm according to Top SEOs and was announced as a finalist for the Red Herring 100 earlier this week Both organizations citing the firm’s technology and its commitment to serving its clients. For protection against your eCommerce site click here . Source: http://online.wsj.com/article/PR-CO-20130509-912785.html?mod=googlenews_wsj

Visit link:
Nationwide DDoS Attack Hits ReputationChanger.com