The Host Guru are running an interview with Derek Raines of Gigenet which is well known for the DDoS attack filtering they offer their customers. Derek talks about the industry they are in, the types of customers they service, the attacks they have thwarted and whether or not fears of internet terrorism is driving sales.
CafePress.com, which provides online stores for thousands of blogs and web sites, has been hit with a distributed denial of service attack (DDoS) which has disrupted service for many of its merchants during the critical final shopping days before Christmas.
The attack began Tuesday evening and was continuing to cause “significant service interruptions” late Thursday. The cafepress.com main site and a sampling of online stores were accessible early Friday.
"EveryDNS, sister company to OpenDNS (which runs the PhishTank anti-phishing initiative), has been hit by a massive distributed denial-of-service attack. The attack started sometime Friday afternoon and, from all indications, was targeting Web sites that used free DNS management services provided by EveryDNS. At the height of the DDoS bombardment, EveryDNS was being hit with more than 400mbps of traffic at each of its four locations around the world. From the article: ‘"We were collateral damage," Ulevitch explained… Because law enforcement is involved, Ulevitch was hesitant to release details of the actual target but there are signs that some of the targets were "nefarious domains" that have since been terminated.’"
OpenDNS, which makes use of EveryDNS services, was affected for a time, until they spread their authoritative DNS more broadly. The EveryDNS site is now reporting that the attack is continuing but has been mitigated and is not affecting operations.
In case you were hoping to take advantage of the Amazon Customers Vote deal for a $100 Xbox 360 on Thanksgiving, Amazon.com was reportedly not reachable from least 2-2:15pm EST (11am-11:15am PST). Presumably, the traffic caused by the $100 Xbox seekers was simply too much.
Some people are complaining that they couldn’t even load the Amazon homepage…
Update: There are over 500 comments in a thread on the Amazon Customers Vote Forum with disgruntled customers chiming in, in addition to other blogs which have noted the outage. Plenty of people are not happy and some are filing Better Business Bureau complaints.
Looks like a great case of a traffic flood that caused DDoS like behavior.
Websites blocked by ISPs when under a distributed denial of service attack (DDoS) face millions of pounds in lost business because ISPs refuse to take responsibility for hosting infected computers on their networks.
Typically, a distributed denial of service attack relies on an attacker remotely controlling numerous and widely distributed computers infected by viruses and Trojans. The attacker uses these ‘botnets’ to send a flood of requests to a website, which is often unable to cope and its servers fail, taking the website offline.
It’s a relatively simple and cheap operation for the attacker. Keith Laslop, President of DDOS mitigation outfit Prolexic told us: ‘I’ve seen them on forums where you can hire bots for next to nothing. Four cents a bot. So you could take down a site very cheaply. You could get enough together for, say, a 50Mbits DDOS attack. You could take someone out with that.’
DOS attacks are also becoming increasingly common. During the first six months of 2006, Symantec observed an average of 6,110 DoS attacks per day.
Anti-DDoS firm not involved in criminal activity says spokesman
One of the indicted companies in the major Giordano Internet sports betting bust, Prolexic Technologies was quick to protest its innocence following the public announcement of the New York case this week.
Prolexic is a well respected company in the forensic and DDOS field, and it took immediate steps to point out that it was simply an anti-DDOS contractor to the Playwithal site.
In statement that claims it is wrongly accused of criminal activity, the company commented: "Earlier today, New York authorities issued a 33-count indictment regarding an illegal online gambling operation.
"Prolexic Technologies, which provides Distributed Denial of Service (DDoS) solutions, was named in the indictment as the Web host provider to an Internet sportsbook. Prolexic Technologies provides a service that, amongst other things, masks a client’s IP address in order to mitigate DDoS attacks. When a trace route is performed, it appears that Prolexic Technologies is the host server, when in fact that is not the case.
"Our job is to prevent DDoS attacks, which are one of the most costly cybercrimes on the Internet," said Keith Laslop, president of Prolexic Technologies. "Prolexic Technologies in the past has worked closely with U.S. and U.K. law enforcement agencies in regard to tracking DDoS attackers, and was instrumental in the arrest of a high-profile Russian mafia figure that used DDoS to take Web sites hostage until paid a ransom. We have a history of cooperating with law enforcement authorities, and our name will be cleared of any wrong doing. Meanwhile, we are continuing to operate, as the leader in DDoS defense services."
Just as Internet users learn that clicking on a link in an e-mail purporting to come from their bank is a bad idea, phishers seem to be developing a new tactic — launch a DDoS attack on the Web site of the company whose customers they are targeting and then send e-mails "explaining" the outage and offering an "alternative" URL.
Imagine this scenario: You try to log onto your online bank but find the site isn’t working. So you figure, oh well, I will pay the bills later. Let me check my e-mail.
As you wade through the spam in your inbox trying to find some genuine messages, you notice a new e-mail that seems to have been sent by your bank. Normally, you delete these without even reading them because they are obviously from phishers.
However, in this case, the subject line is: "YourBank: Un-planned online banking outage".
The body of the e-mail, which contains logos from the bank and is not littered with spelling errors and grammatical mistakes, goes something like this:
The online banking system is currently experiencing problems and will be unavailable for at least a few days.
Until we can restore our systems, we request that you connect to our alternate Web site which will act as a backup.
Bookmarks and direct access will not work to our main site and we apologise for any inconvenience caused.
Click here to access the temporary site.
Would you be tempted? Do you know anyone that may be fooled?
I sure do.
But is this threat real?
A law was passed yesterday that makes it an offence to launch a denial of service attack in the UK, punishable by up to ten years in prison.
There had been concern that Britain’s Computer Misuse Act, written in the days before the World Wide Web, allowed denial of service attacks to fall through a loophole. These are attacks in which a web or email server is deliberately flooded with information to the point of collapse.
The 1990 legislation described an offence of doing anything with criminal intent "which causes an unauthorised modification of the contents of any computer"; the question was whether that covered denial of service attacks. When a court cleared teenager David Lennon in November 2005 on charges of sending five million emails to his former employer – because the judge decided that no offence had been committed under the Act – the need for amendment seemed obvious.
Lennon’s lawyer had successfully argued that the purpose of the company’s server was to receive emails, and therefore the company had consented to the receipt of emails and their consequent modifications in data. District Judge Kenneth Grant concluded that sending emails is an authorised act and that Lennon had no case to answer, so no trial took place. That ruling was overturned and Lennon was sentenced to two months’ curfew with an electronic tag. But by that time, amendments to the 1990 legislation were already included in the Police and Justice bill.
It was passed yesterday, becoming the Police And Justice Act 2006. The Act also increased the penalty for unauthorised access to computer material from a maximum of six months’ imprisonment to two years.
The 2006 Act expands the 1990 Act’s provisions on unauthorised modification of computer material to criminalise someone who does an unauthorised act in relation to a computer with "the requisite intent" and "the requisite knowledge."
The requisite intent is an intent to do the act in question and by so doing:
* to impair the operation of any computer,
* to prevent or hinder access to any program or data held in any computer, or
* to impair the operation of any program or data held in any computer.
The intent need not be directed at any particular computer or any particular program or data.
The wording is wide enough that paying someone else to launch an attack will still be a crime, with a maximum penalty of 10 years in prison. Supplying the software tools to launch an attack or offering access to a botnet could be punished with up to two years in prison.
Messagelabs are reporting that cyber criminals are assembling a million zombies into one of the largest bot-nets ever. This article speculates that the purpose will be to launch phishing attacks against consumers who are ready to shop this holiday season. Other possibilities are spreading malware or launching massive DDoS (Distributed Denial of Service) attacks. One million bots is overkill for DDoS so the phishing attacks are more likely.
Or maybe in the spirit of fall harvest (here in the Northern Hemisphere) a group of pharmers are gathering in their herds ready to distribute them to the highest bidder in chunks of 20,000 or so. Either way, prepare for more attacks, more profits for cyber criminals, and more innovation as this year’s crop cyber attacks matures.
Perhaps it’s because people involved in the Internet gambling sector tend to be well briefed on the Distributed Denial of Services brand of cyber extortion, but a CBC report this week on a talk on the subject really contained nothing new or exciting.
Addressing the Nova Scotia Responsible Gambling Conference in Halifax, university criminologist researcher John McMullan said that his new research into cyber crime, conducted over the past five years, suggests the global, $10-billion-a-year online gambling industry is regularly held for ransom by sophisticated hackers and organised criminals.
McMullan shared the well known information that online gambling sites have been targeted for "digital shakedowns" at peak times, such as the approach of the Super Bowl and other major sporting events.
He goes on to describe the equally well known DDOS modus operandi of deploying zombie PC armies to swamp victim sites with unwanted electronic messages and virtually shut them down, followed by demands for cash – typically in the range $40-60 000 to cease the disruption.
McMullan told conference delegates that the hackers often have a business hierarchy, running organisations that are global and invisible, with the masterminds recruiting people, often via e-mail, to carry out the crime, never meeting in person.
"They recruited different people, like hackers and worm writers, and crackers. There were people who were involved in picking up the money, bankers who were able to move the money around," said McMullan, who is a criminologist at St Mary’s University in Halifax.
McMullan said there have been a number of arrests [more well reported information] in Latvia, Russia and Eastern Europe. In recent years, online betting websites have beefed up security, but McMullan said the criminals are getting smarter, too.
"For every ability to develop a better security architecture, you can be sure the hackers and cyber extortionists are out there scanning your security, trying to find out how to defeat it."
He said these modern criminal groups use the anonymity of the internet, as well as different bank accounts and shell companies, to skim the profits from online gambling.