Category Archives: DDoS News

China online gambling bust; Korean site orders DDoS attacks on competitor

Authorities in China have broken up an international online gambling operation based in Hunan province. China’s official press agency Xinhua quoted Chinese police saying they’d detained 19 individuals following a two-month investigation. A further eight individuals have been targeted for arrest over their roles in the operation of the Shenbo Sun City website, whose servers were based outside the country. Police said the operation earned a profit of RMB 1.4b (US $$223m) between May 2013 and Oct 2014. Police have frozen approximately 1,000 bank accounts across China containing around RMB 200m. This marks China’s second major bust of 2015, having taken down a similarly large operation in Shandong province in January. Over in South Korea , authorities have arrested two ‘cyber security experts’ accused of targeting an online gambling site with distributed denial of service (DDOS) attacks. Intriguingly, the hackers were hired by another illegal online gambling operator intent on eliminating his competition. The Korea Times quoted the National Police Agency saying a man named Yang, the owner of an online security company, was paid a hefty KRW 1b (US $911k) since May 2014 to target the online gambling operator’s competitor on multiple occasions. Neither site operator was publicly identified by police. On Sept. 25, Yang reportedly hacked into 12k computers and commanded them to spam the targeted site with messages in order to crash its servers. Yang told police he’d agreed to don the black hat because his legal sources of income were “unstable.” Police are continuing to investigate to determine what other DDOS attacks Yang and his henchman might have launched. Source: http://calvinayre.com/2015/03/03/business/korean-gambling-site-ddos-attack-on-competitor/

Continue reading here:
China online gambling bust; Korean site orders DDoS attacks on competitor

Black hole routing: Not a silver bullet for DDoS protection

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks a…

Read this article:
Black hole routing: Not a silver bullet for DDoS protection

Hackers create tool that DDoS attacks on telephone lines

There are only the sites and services Internet which are subject to known denial of service attacks – common phones, whether mobile or not, are also subject to suffering such blows. That’s what the site revealed The Register that, on Monday (23), brought the story of TNT Instant Up, a device created by hackers Eastern Europe just facing this purpose. Sold on the Internet by values ??ranging between $ 500 and $ 1,200, the equipment uses an interconnected system of SIM cards and modems to bomb one or more numbers linked. Calls are empty and only serve to clog the lines, preventing legitimate users are able to access them The idea here is basically the same as any attack DDoS :. Prevent the use services. But, here, they are not removed from the air, but only end up congested and unusable for the duration of the attacks. The practice is being called TDOs, short for Telephone Denial of Service , or denial of telephone service. The problem is that in the new modality, the results would be much more dangerous . While most of the scams of this type cause financial losses to affected companies and inconvenience to its users, it TDOs would be able to, for example, block emergency services. Furthermore, the TNT Instant up would be simple enough to literally anyone could use it. In a demonstration video freely available on YouTube, one of tool vendors shows up with various cell at the same time, with numbers that are entered from a running software on a computer. Trading in the “merchant” happens ICQ or email and the product is sent by mail as any conventional electronic. The FBI would have identified at least two circumstances in which a device such as TNT Instant Up was used to prevent user access to health service plan or emergency lines. Nevertheless, did not identify crimes that were being made in relation to the attack and that would justify blocking the line and trying to prevent citizens to contact the police, for example. According to the information of IntelCrawler , a provider of systems and security solutions, as well as in denial of service attacks on the web, there are ways to protect against this new type of coup, unless, of course, disconnect the line to phone stops ringing nonstop. An alternative that simply does not exist for emergency services, especially now become more of a tool target that can be used by anyone, whatever her intent. Source: http://www.unlockpwd.com/hackers-create-tool-that-ddos-attacks-on-telephone-lines/

Originally posted here:
Hackers create tool that DDoS attacks on telephone lines

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say it’s not DDoS but a high volume of visitors, at the logs it showed [thousands] of connections from repeating IPs,” the notice said. The attack may be an outcome of last week’s disclosure that Superfish, pre-installed on new Lenovo laptops between September 2014 and this January, put users’ sensitive transactions at risk to man-in-the-middle attacks. Komodia’s SSL Digester, a self-proclaimed “SSL hijacker SDK,” is used by Superfish, which analyzes images on a website and serves up ads for products similar to the respective images. Komodia decrypts SSL traffic and does so without triggering a browser-based certificate warning. This enables Superfish, which uses the library, to sit in a man-in-the-middle position and see all traffic leaving the machine beyond online advertisements, putting banking, email and other private transactions at risk. Late last week, researchers uncovered that the Komodia library installs a self-signed root certificate. That same cert, protected by the same password, was shipped on all Lenovo machines. Researcher Rob Graham of Errata Security cracked that password late last week and published details. Attackers can use that information to read traffic that’s supposed to be protected, carrying out a man-in-the-middle attack. Shortly thereafter, researchers with Facebook’s Security Team reported that it had discovered more than a dozen other software applications using the Komodia library in question, along with a list of certificate issuers. That list includes: CartCrunch Israel LTD WiredTools LTD Say Media Group LTD Over the Rainbow Tech System Alerts ArcadeGiant Objectify Media Inc Catalytix Web Services OptimizerMonitor “Initial open source research of these applications reveals a lot of adware forum posts and complaints from people. All of these applications can be found in VirusTotal and other online virus databases with their associated Komodia DLL’s,” said Matt Richard, threats researcher at Facebook. “We can’t say for certain what the intentions of these applications are, but none appear to explain why they intercept SSL traffic or what they do with data.” Richard said the list represents certs on more than 1,000 systems on applications including games, popup generators, or behavior such as Superfish’s. “What all of these applications have in common is that they make people less secure through their use of an easily obtained root CA, they provide little information about the risks of the technology, and in some cases they are difficult to remove,” said Richard, adding that the SSL proxies aren’t likely to adopt advanced protections such as certificate pinning or forward secrecy. “Some of these deficiencies can be detected by anti-virus products as malware or adware, though from our research, detection successes are sporadic,” Richard said. Facebook said that the installer for the root CA includes a number of attributes that make it easy to detect, adding that most are designed to work with newer versions of Windows and won’t install on older versions. Source: https://threatpost.com/komodia-website-under-ddos-attack/111195

Read the original:
Komodia Website Under DDoS Attack

DDoS-for-hire cyberattacks are effective and cost-effective

DDoS-for-hire is a growing business for cybercriminals, and continues to prove effective Read more at http://www.tweaktown.com/news/43708/ddos-hire-cyberattacks-effective-cost/index.html Distributed denial of service (DDoS) cyberattacks have plagued consumers and businesses for quite some time, but the rising number of DDoS attacks available as a paid service is troubling. Clients can pay from $2 up to $5 per hour to launch DDoS attacks, or pay a subscription for prices as low as $800 per month. The Lizard Squad hacker group helped draw increased scrutiny to the underground cybercriminal activity – demonstrating its LizardStresser DDoS service in successful attacks against the Sony PlayStation Network and Microsoft Xbox Live. Meanwhile, the Gwapo DDoS service has been publicly advertised via social media and YouTube posted videos, with attacks starting at $2 per hour. “Since their inception in 2010, DDoS-for-hire capabilities have advanced in success, services and popularity, but what’s most unnerving is booters have been remarkably skilled at working under the radar,” according to the “Distributed Denial of Service Trends” report from Verisign. “Given the ready availability o DDoS-as-a-service offerings and the increasing affordability of such services, organizations of all sizes and industries are at a greater risk than ever of falling victim to a DDoS attack that can cripple network availability and productivity.” Source: http://www.tweaktown.com/news/43708/ddos-hire-cyberattacks-effective-cost/index.html

View original post here:
DDoS-for-hire cyberattacks are effective and cost-effective

Dutch government says DDoS attack took down websites for hours

Cyber attackers crippled the Dutch government’s main websites for most of Tuesday and back-up plans proved ineffective, exposing the vulnerability of critical infrastructure at a time of heightened concern about online security. The outage at 0900 GMT (0400 ET) lasted more than seven hours and on Wednesday the government confirmed it was a cyber attack. The United States has beefed up cybersecurity laws and created an intelligence-gathering unit to coordinate analysis of cyber threats after attacks against Sony Pictures and Home Depot. The outage affected most of the central government’s major websites, which provide information to the public and the media, but phones and emergency communication channels remained online. Other websites, including GeenStijl.nl, a popular portal which mocks politicians and religions, were also hit by the “distributed denial of service” (DDoS) attack, said Rimbert Kloosterman, an official at Government Information Service, which runs the websites. “Our people are investigating the attack together with the people from the National Centre for Cyber Security,” he said. The complexity and size of the government’s many websites had rendered the back-up useless, he said. Prolocation, the website host, said the attack had been a “complex” problem and that its phone lines had also gone down. “The initial symptoms pointed first to a technical problem, but it then emerged we were facing an attack from the outside,” the company said in a statement. But one computer security expert doubted that a DDoS attack, in which systems are overloaded with a flood of requests from hijacked computers, could have been hard to identify. “If you face a DDoS, you know it,” Delft Technical University cyber security specialist, Christian Doerr, said. Such attacks were hard to guard against and the software for such an attack could be bought illegally for as little as $25. “Even a 16-year-old with some pocket money can attack a website,” he said. Source: http://www.reuters.com/article/2015/02/11/us-netherlands-government-websites-idUSKBN0LF0N320150211

See original article:
Dutch government says DDoS attack took down websites for hours

Anonymous-linked hacker admits to DDoS of public services

Merseyside resident disrupted more than 300 sites with bogus traffic. A hacker with links to Anonymous has admitted conducting distributed-denial-of-service (DDoS) attacks against social services, crime prevention bodies and businesses. Ian Sullivan, a 51-year-old from Bootle in Merseyside, flooded more than 300 websites with bogus traffic in 2013, rendering them unusable for legitimate visitors, though the police said no data was stolen. Steven Pye, senior operations manager at the National Crime Agency’s (NCA) cybercrime unit, said: “Many DDoS attacks are little more than a temporary inconvenience, but in this case Sullivan’s actions are likely to have deprived vulnerable people of access to important information, ranging from where to get support on family breakup, to reporting crime anonymously.” “This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.” Sullivan was arrested on July 29, 2013 by the Police Central e-Crime Unit after the DDoS attacks were referenced by a Twitter account. Investigators found software on his computer capable of taking websites offline, as well as documents linking him to other campaigns run by hacking collective Anonymous. He will be sentenced at Liverpool Crown Court on May 1. Source: http://www.cbronline.com/news/security/anonymous-linked-hacker-admits-to-ddos-of-public-services-4507312

View article:
Anonymous-linked hacker admits to DDoS of public services

Hackers ransoming encryption keys from website owners

Hackers are finding even more ways to harm website owners, in a new report from security firm High-Tech Bridge hackers are switching encryption keys and then ransoming website owners for money. The attack—known as “RansomWeb”—manages to take the current encryption keys and swap them with non-working numbers. In order for the website owner to regain control, they are forced to pay the hackers. Encryption is the basis of modern internet security, but with this new hack it locks the website owner out and gives no way to get back in, without having even more security latched on top. Even if the website owner sends payment over, there is no guarantee they will get the website back, or any guarantee that the attacker will not launch the same attack later. “We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks.” Ilia Kolochenko, chief executive of High-Tech Bridge said. “RansomWeb attacks may cause unrepairable damage, they are very easy to cause and pretty difficult to prevent.” These hackers wait for months until new patches of encryption keys are added, before locking out the website owner. This gives them full control over the website and allows them to implement old keys that are invalid. Kolochenko claims this is a change in hacker identity, moving from chaos to financial motives. He believes the next slew of hackers will always look for ransoms and lock owners out, instead of simply defacing a website. This was first seen on the Sony Pictures hack, when the apparent hackers sent ransom messages to Sony executives three days before taking the entire system offline. The ever changing world of encryption makes it hard for security firms to properly defend customers, especially with this new RansomWeb attack. It may lead to firms like Google and Facebook offering security help for smaller sites, offering new encryption and security tools. Source: http://www.itproportal.com/2015/02/03/hackers-ransoming-encryption-keys-website-owners/

Read More:
Hackers ransoming encryption keys from website owners

Latest Lizard Squad hack shows increasing strength of DDoS attacks

Bill Barry, executive vice president, Nexusguard, has prepared a comment in light of the recent Lizard Squad hack on Taylor Swift’s Twitter account: “The hack on Taylor Swift proves that the Lizard Squad has another string to its bow, having previously used DDoS attacks to bring down the Sony Playstation, Microsoft Xbox and Malaysian Airlines systems rather than infiltrating them. “It’s time for businesses and brands to realise the multi-faceted security threats presented by sophisticated cyber criminals. “The DDoS for hire space has become so lucrative that these mayhem-for-sport acts of hacking  a celebrity Twitter account is a way to build brand recognition and raise awareness that anyone, anywhere could be the victim of cyber attacks. “This heightened market awareness becomes a dangerous marketing engine to allow anyone with a slight motive to launch their own attacks at intended targets. “Using this tactic has meant that in a short time over 14,000 customers have signed up to use the Lizardstresser DDoS tool. “The Lizard Squad has proved, if nothing else, that DDoS attacks are becoming more effective. The methods used by DDoS networks to locate vulnerabilities within security systems are more sophisticated and automated. “Leveraging zero-day and zero-plus vulnerabilities in unprotected networks means that they are able to recruit and add infected computers to their attack army at an ever-alarming rate. “This increased rate of botnet recruitment not only gives the attacker a flexible arsenal of attacks for causing mayhem, but increases the overall effectiveness and success rate of each attack. “Imagine the leverage a group such as The Lizard Squad could gain by bringing down a betting website on Grand National Day, for example. “The best way to guard against zero-plus attacks to is to always be vigilant and proactively try to identify vulnerabilities and weaknesses in your system before the attackers do. For an enterprise,  this may mean compiling rules and guidelines on which online applications are approved for use, and implementing proactive monitoring at an application level to detect abnormalities as early as possible. “However, this is just the first layer of total protection – an effective defence requires in-depth, tailored implementation, not a one-size-fits-all mitigation solution. “With multi-vector attacks, all avenues of attack must be detected and mitigated. For example, sophisticated attackers like the Lizard Squad may be using a mixture of DDoS and hacking – no off-the-shelf product is likely to deal with such an approach effectively. “Best practice is to seek the guidance of a security specialist that can design and customise a solution specific to your business.” Source: http://www.itproportal.com/2015/01/30/latest-lizard-squad-hack-shows-increasing-strength-ddos-attacks/

View original post here:
Latest Lizard Squad hack shows increasing strength of DDoS attacks