Category Archives: DDoS News

FBI Links Chinese Government to DDoS Attacks on US Websites

The FBI says it has credible evidence to link the Chinese government to attackers who leveraged two Chinese telecom companies and the Baidu search engine to carry out recent distributed denial of service (DDoS) attacks targeting unnamed U.S. websites. The FBI issued a confidential Flash Alert to U.S. companies alleging that the Chinese government sanctioned activities in which Internet traffic was “manipulated to create cyber attacks directed at U.S.-based websites” using man-in-the-middle (MitM) techniques. “Analysis by the U.S. government indicated that Internet traffic which originated outside China, was intercepted and modified to make unsuspecting users send repeated requests to U.S.-based websites,” the Flash Alert reportedly said. “The malicious activity occurred on China’s backbone Internet infrastructure, and temporarily disrupted all operations on the U.S.-based websites.” Analysis of the attacks revealed that malware was injected into the browsers of users when web traffic reached China Unicom or China Telecom networks – both state-owned telecommunications companies – “at the same points in these routes that censor traffic for the Chinese government.” “The location of the [man-in-the-middle] system on backbone networks operating censorship equipment indicates that the [man-in-the-middle] attack could not have occurred without some level of cooperation by the administrators of these systems,” the Alert said. “The malicious Javascript would direct the unsuspecting user’s browsers to make repeated requests to targeted U.S.-based websites.” While the FBI Flash Alert did not specify which company’s websites were attacked, it is likely that the popular web-based software developers collaboration platform GitHub was among those targeted. Researchers from the University of California at Berkeley, the University of Toronto, and Princeton recently published details of a powerful Chinese MitM tool dubbed the “Great Cannon,” which was used in DDoS attacks targeting websites operated by the anti-censorship project GreatFire.org, and later connected to the attacks on GitHub. “Specifically, the Cannon manipulates the traffic of ‘bystander’ systems outside China, silently programming their browsers to create a massive DDoS attack,” the researchers said. “The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users.” GitHub was likely targeted because GreatFire.org had begun to mirror some content on the platform. The attacks against GreatFire employed the same techniques as those seen in the GitHub attack, which leveraged hijacked Internet traffic. “The web browser’s request for the Baidu javascript is detected by the Chinese passive infrastructure as it enters China. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user’s browser to continuously reload two specific pages on GitHub.com,” analysis of the attack revealed. This analysis aligns with details of the GreatFire.org attacks which was released previously. “Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyber-attacks against GreatFire.org’s websites. Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks,” officials at GreatFire.org said. “Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code.” GreatFire.org said it has conclusive evidence that the Chinese government using the nation’s infrastructure to conduct the attacks, and had previously published a detailed report, which was further backed up by the analysis provided by the university researchers. “We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the Great Cannon,” the researchers wrote. “The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.” Source: http://en.hackdig.com/06/23256.htm  

See the article here:
FBI Links Chinese Government to DDoS Attacks on US Websites

DDoS Attacks Continue To Plague Darknet Markets

The last week brought confirmation that the Agora online marketplace’s recent downtime has been due to a DDoS attack. It joins the long list of darknet services that have been hit by these recent attacks, which now appear to have mostly been based on the darknet markets being held for ransom by attackers. A string of articles on Deep Dot Web recently revealed the source of the issues. The truth was discovered when a market admin’s account was hacked by TheRealDeal, another marketplace, and the admin’s communication were revealed. It was back at the beginning of May when Mr Nice Guy was hit with DDoS attacks. The offenders demanded 8 bitcoins to be paid within an hour to end the assault; however, the admin had another plan in mind. He wanted to negotiate, and he was willing to pay. He offered the attackers $200 a day or $6000 a month to launch DDoS attacks against rival markets including Agora, Nucleus, BlackBank and AlphaBay. The last week brought confirmation that the Agora online marketplace’s recent downtime has been due to a DDoS attack. It joins the long list of darknet services that have been hit by these recent attacks, which now appear to have mostly been based on the darknet markets being held for ransom by attackers. A string of articles on Deep Dot Web recently revealed the source of the issues. The truth was discovered when a market admin’s account was hacked by TheRealDeal, another marketplace, and the admin’s communication were revealed. It was back at the beginning of May when Mr Nice Guy was hit with DDoS attacks. The offenders demanded 8 bitcoins to be paid within an hour to end the assault; however, the admin had another plan in mind. He wanted to negotiate, and he was willing to pay. He offered the attackers $200 a day or $6000 a month to launch DDoS attacks against rival markets including Agora, Nucleus, BlackBank and AlphaBay. The reputation of Mr Nice Guy has surely been greatly damaged by these events. While there is a great deal of competition between darknet markets for the multitude of customers that seek to buy and sell on the Deep Web, in the past similar attacks have been met with collaboration. The darknet markets, though they compete with each other for business recognize the necessity for cooperation, as it only takes a few markets to go down for the integrity of all markets to be questioned. Nowhere was this more evident than when the Evolution marketplace exit scammed, leaving with over $12 million dollars in bitcoin. The aftermath revealed a dark spell of the darknet markets as they all suffered a reduction in customers. In an interview with Deep Dot Web, the man behind Mr Nice Guy spoke about his remorse for what he had done. He said that it would be up to the Deep Web community whether they wished to trust him again. However, he did say that he had learned that the way to attract customers was increasing security as well as providing extra services; he stated that his is the only major marketplace offered in more than one language. While the DDoS attacks are still occurring to an extent, the loss of their contractor has reduced the efforts of the offenders somewhat, and most of the darknet markets have come back online. Yet this saga has definitely shown the weaknesses that exist in the system, and how one stray admin can do an awful lot of damage to the entire network. Source: http://darkwebnews.com/news/ddos-attacks-continue-to-plague-darknet-markets/

Visit site:
DDoS Attacks Continue To Plague Darknet Markets

DDoS Attack Update: Idaho Teen Faces Felony Charges After Unleashing a DDoS Attack on School District

In May 15, KTVB reported that a student recently launched a cyber-attack on one of Idaho’s largest school districts. The attack, which was identified as a Distributed Denial of Service (DDoS), practically rendered the entire district’s internet unable to function. The attack was so powerful that it caused internet problems for the affected school district for weeks without ceasing. A lot of Idaho students working on achievement tests lost all their data, and some even had to retake the exam multiple times because of the gravity of the attack. Even the administrative network itself, which, unfortunately, included the teachers’ payroll data was compromised. A DDoS attack occurs when multiple systems compromised by a Trojan are used by a host, or in this case, a channel, to target a single host simultaneously causing a denial of service. In simple terms, the attack floods a single network with immeasurable internet traffic until it simply stops dead on its tracks. Most of these attacks exploit problems within the victim computer’s TCP/IP system. Because a DDoS attack comes from hundreds, possibly even thousands of sources at once, it is practically impossible for any program on earth to track down the actual source of the problem. To make matters worse, a DDoS attack makes it impossible to identify actual, legitimate traffic, because everything gets lost in a haze of incoming data. Despite the overwhelming odds, the authorities managed to trace the attacker’s IP address back to the high school student. Today, he faces the possibility of expulsion, as well as 180 days in a juvenile detention center. Authorities say that he might even be facing serious federal charges. Moreover, the culprit’s parents will also be expected to pay any losses that the school district has incurred due to the attacks. A representative for the West Ada School District said that there might be other students within the area who know how to carry out this cyber-attack. Nevertheless, the spokesperson reassured everyone that further attacks will be dealt with more readily. The district also sent a message to parents of students enrolled in their schools, urging them to help keep their children from committing cyber attacks. Source: http://www.chinatopix.com/articles/51791/20150527/idaho-teen-felony-charges-ddos-attack.htm

Original post:
DDoS Attack Update: Idaho Teen Faces Felony Charges After Unleashing a DDoS Attack on School District

South Africa a target for DDoS

South Africa is the most targeted country in Africa when it comes to distributed denial-of-service (DDOS) attacks. This was revealed by Vernon Fryer, chief technology security officer at Vodacom, in a keynote address during ITWeb Security Summit 2015, in Midrand, this morning. In computing, a DDOS attack is an attempt to make a machine or network resource unavailable to its intended users. Such an attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Fryer was speaking with reference to statistics from the Vodacom Cyber Intelligence Centre, which the company established eight years ago to analyse the threat landscape on the African continent. He revealed over the past 18 months, there has been a marked increase in DDOS attacks on the continent, with a typical attack averaging 9Gbps. “There has been about a 150% increase in the number of DDOS [attacks] in the last 18 months in Africa,” he said. In terms of the number of attacks, Kenya, Uganda, Algeria, Nigeria and Tanzania respectively come after SA, said Fryer, pointing to the analysis done by the Vodacom Cyber Intelligence Centre last Thursday. According to Fryer, the majority of in-bound traffic to SA emanated mainly from China, Germany, Brazil, Vietnam, Russia, Cyprus, Turkey, Switzerland, Canada and the US. However, he noted, it was surprising Switzerland and Canada were featuring on the list this year, something never witnessed previously. Another unexpected trend showed traffic coming from Swaziland, he added, pointing out the growing number of Chinese communities in the country could be a reason for this spike. Describing some of the attack vectors cyber criminals were making use of in the region, Fryer pointed to scareware, ransomware, fake anti-virus, as well as TDSS Rootkit, among others. The trending malware included KINS Trojan, Skypot, VirRansom, SpyEye Trojan and the Chameleon Botnet. With regard to ransomware attacks in Africa, Tanzania is the most attacked on the African continent, Fryer said. He also noted the trending hacker groups in Africa include Anonymous, also known as the Lizard Squad, the Syrian Electronic Army, as well as the Yemen Cyber Army. Faced with the rise in the level and sophistication of attacks, Fryer said organisations need to constantly monitor the behaviour of their firewalls. Typically, he said, organisations take about five years without monitoring their firewall. “We need to understand if our firewalls are capable of handling today’s threats. Thus, the performance of firewalls needs to be constantly monitored,” he concluded. Source: http://www.itweb.co.za/index.php?option=com_content&view=article&id=143446:SA-a-target-for-DDOS&catid=234

Taken from:
South Africa a target for DDoS

Teen hires attacker to DDoS his school district

A high school boy might have to face state and federal charges for allegedly hiring a third party and launching a DDoS attack against the West Ada school district, Idaho, US. A 17-year old high school student (the name cannot be disclosed because of him being a minor) might be accused of launching a distributed denial of service (DDoS) attack after hiring a third party. The attack crippled operations at more than 50 schools of the district for a week previously this month. DDoS is a type of attack in which the servers of a particular online service are slowed to such an extent that their processing ability gets clogged up. According to KTVB report , the West Ada students suffered assorted misery due to the attack such as they lost their data on the Idaho Standard Achievement tests. Some of the students also had taken the tests multiple times. The attack lasted around a week and during this phase the online classes and textbooks could not be accessed. Moreover, the faculty and staff also experienced problems in accessing business and administrative systems such as payroll. The IP address from where the attack was launched was finally traced by the school district’s IT staff, which led them to the high schooler. The boy has been suspended from Eagle High but school administration suggested that he should be expelled. According to the Sheriff’s Office, the seventeen year old will most likely be charged with computer crime felony, which can send him to a juvenile detention facility for up to 180 days as the teenager paid someone to overwhelm the system with traffic from multiple sources. Additionally, the boy’s family will also be held responsible for a financial restitution for covering the losses since operations at around 50 schools got disrupted due to the attack. This is not the first time when a teenager attacked an educational institution. In April 12, 2015, Domanik Green, a 14-year-old student studying at Florida’s Paul R. Smith Middle School managed to bypass the school’s computer security network using just his computer skills and gained access to the server that contained FCAT (Florida Comprehensive Assessment Test) data. Source: https://www.hackread.com/teen-ddos-attack-school-district/

View the original here:
Teen hires attacker to DDoS his school district

High schooler allegedly hired third party to DDoS his school district

A 17-year-old high school boy may face state and federal charges for allegedly having paid a third party to launch a distributed denial of service (DDoS) attack that crippled the West Ada school district in Idaho, US, for a week and a half earlier this month. Because he’s a minor, he can’t be named. A DDoS is an attack wherein the servers of a targeted online service are slowed to a crawl with loads of pointless data like email or file uploads that clog up their processing ability. KTVB reports that West Ada students suffered assorted misery because of the attack, including losing their work on the Idaho Standard Achievement tests. Some students had to take the tests multiple times. Meanwhile, online classes and textbooks weren’t available for much of the week, and faculty and staff had problems accessing administrative and business systems, including payroll. The school district’s IT staff eventually traced an IP address back to the 17-year-old, who was suspended from Eagle High. School officials are recommending that he be expelled. The sheriff’s office told the TV station that the boy will likely be charged with a felony charge of computer crime, which is punishable by up to 180 days in a juvenile detention facility. In addition, his family will be responsible for financial restitution to cover costs incurred by the school district. Operations at more than 50 schools were disrupted because of the attack. As of Wednesday, investigators were also looking into whether a younger student – one attending Eagle Middle School – attempted a similar attack this week. School officials sent parents a letter on Friday that urged them to talk with their children about the consequences of committing cyber attacks such as this one. We can assure students and parents that the consequences associated with a DDoS attack are far from trivial. Examples include two online gaming programmers from Poland who were given 5-year jail sentences in December 2013 for DDoS and cyber-extortion of a UK online marketing company and a US internet software company. In that same month, a US man was fined $183,000 (£116,772) after joining, for merely 1 minute, an Anonymous DDoS of the enormous, multinational corporation Koch Industries. When it comes to DDoS, the law doesn’t spare you if you’re a kid. In fact, a 16-year-old London schoolboy was arrested under suspicion of involvement in the 2013 DDoS attack against Spamhaus: an attack of unprecedented ferocity. He pleaded guilty in 2014. Then too, a UK teenager was arrested in January for possibly having a hand in the PlayStation/Xbox Live DDoS that Grinched up gamers’ Christmas day playing. We often hear DDoS’ers trying to justify DDoSes under the premise that really, companies should be thanking the attackers for “raising awareness” of their vulnerability. That’s an old, tired spiel that we got from Lizard Squad members after they ruined Christmas with their XBox Live/PlayStation attack. Or, in the words of a man who claimed to speak for the attackers, they did it … …to raise awareness, to amuse ourselves… But as Naked Security’s Mark Stockley said at the time, a DDoS attack isn’t a skilful hack. You don’t need elite lock-picking skills to pull it off, because you’re not picking a lock. Rather, you’re blocking the door from the outside with as much garbage as you can pile up. Is DDoSing a company, or your school, or any online service, worth the lulz? For an answer, we can ask the LulzSec guys—If they’re out of prison, maybe they can let us know. Source: https://nakedsecurity.sophos.com/2015/05/22/high-schooler-allegedly-hired-third-party-to-ddos-his-school-district/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed

Read the article:
High schooler allegedly hired third party to DDoS his school district

DDoS attack downs University of London learning platform

A harsh lesson, now stand in corridor for four hours The University of London Computer Centre fell victim to a cyber-attack on Thursday.…

Read this article:
DDoS attack downs University of London learning platform

DDoS attacks double, old web application attack vectors still active

Akamai Technologies analyzed thousands of DDoS attacks as well as nearly millions of web application attack triggers across the Akamai Edge network. A surge in DDoS attack activity Q1 2015 set a…

Read the article:
DDoS attacks double, old web application attack vectors still active

Chinese cyber-spies hid botnet controls in MS TechNet comments

Online spooks hide ‘numbers station’ control node in plain sight Cyber-spies are increasingly attempting to hide their command and control operations in plain sight by burying their command infrastructure in the forums of internet heavyweights, including Microsoft.…

Read more here:
Chinese cyber-spies hid botnet controls in MS TechNet comments