Category Archives: DDoS Vendors

Saudi Web Sites Under DDoS Attack

The Saudi Interior Ministry said Friday that several government Web sites have come under attack in a campaign hackers are calling #OpSaudi. Hackers who identify with the loose hacking collective Anonymous have aimed at several government Web sites, including the Saudi Ministry of Finance, General Intelligence Presidency, the Ministry of Foreign Affairs, and the Directorate General of Passports, as well as sites for several major Saudi provinces, including Makkah and Jeddah. Most of the sites are facing distributed denial of service, or DDoS, attacks, in which hackers flood each site with traffic until they collapse under the load. But hackers claimed to have also broken into some sites through a so-called SQL injection, in which attackers exploit a software vulnerability and enter commands that cause a database to produce its contents. In one case, the Twitter account for @AnonySaudi claimed to delete the database of a Saudi Web server. Hackers say their motive is twofold. On Twitter, some claim the #OpSaudi campaign is in retaliation for unconfirmed reports of a rape and murder in Saudi Arabia. Some Tweets include links to YouTube videos which show images of a naked body dumped on the side of a road. The attacks also followed an announcement by Matthew Rosenfield, the well-known security researcher who goes by the hacker handle Moxie Marlinspike, that Mobily, a major Saudi telecommunications company, approached him about assisting in a continuing Saudi surveillance project. In a widely circulated blog post Monday, Mr. Marlinspike said he learned that on behalf of a Saudi “regulator,” Mobily is working to intercept mobile app data for communication tools including Twitter and free mobile messaging apps like Viber, Line and WhatsApp that send messages over the Web. He published his e-mail correspondence with an executive at Mobily, which showed the company is developing the ability to monitor mobile data communication and already has the ability to block it. Mr. Marlinspike told Yasser D. Alruhaily, a Mobily security executive, that he declined the job for privacy reasons. Mr. Alruhaily replied, “I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that’s why I took this and I seek your help,” he wrote. “If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.” Mobily spokesman denied contacting Mr. Marlinspike. ”Mobily or its employees never communicated with the author of this blog,” the company told Reuters. “Mobily communicates with information security companies only based on legal and lawful requirements. We never communicate with hackers. Moreover, it is not our job to spy on customers.” On Friday, the Mobily Web site was among the growing number of Saudi Web sites that #OpSaudi had taken offline. Source: http://bits.blogs.nytimes.com/2013/05/17/saudi-web-sites-under-attack-following-surveillance-accusations/

More:
Saudi Web Sites Under DDoS Attack

Paypal turns blind eye to payments totaling $35,000 for on-demand DDoS

It seems as though just about anyone with Internet access can set up a profitable online enterprise these days — including a criminal one. And for one Illinois teen, YouTube and PayPal have been all too happy to help him make a fast (albeit illegal) buck. Brian Krebs has been sleuthing once again, and his target this time was a “stress testing” service called Asylum Stresser . Stress testing, of course, is the thin veil that skiddies (script kiddies) like to drape over a for-hire DDoS attack setup. According to Krebs and his cohorts, Asylum looks like it’s been built using fairly run-of-the-mill cybercrime kitware that’s promoted in underground forum sites. Its servers are based in Romania, and appear to be nestled safely in a data center that is nothing if not criminal-friendly. Nothing shocking so far, right? Anyone who has a few extra bucks (or BitCoins) to white label someone else’s criminal back-end can do this stuff. But here’s the twist: the kid Krebs believes is running Asylum Stesser is accepting PayPal payments and advertising on YouTube. Recently, Asylum’s user database was leaked to the web and it revealed that more than $35,000 had been sent to one chandlerdowns1995(at)gmail.com. Downs also appears to have hired an eager infomercial actor over on Fiverr. While the promo spot is good for a chuckle, it’s hard to believe that YouTube will jump all over a 30 second fan-made video for copyright infringement, but has somehow allowed an ad for an illegal DDoS service to be viewed more than 42,000 times. Downs maintains that it’s not his fault if people use the service to launch illegal attacks. Asylum Stresser was launched so that law-abiding folk can make sure their websites are resilient. Maybe that’s why PayPal and YouTube have been fine with ignoring what’s gone on to this point. Former U.S. Justice Department attorney Mark Rasch, however, feels differently. He told Krebs that if Downs triggers an attack after being paid to do so, he is “criminally and civilly liable.” Downs didn’t exactly made it difficult for Krebs to connect the dots here. Let’s see if PayPal and YouTube get their heads out of the sand now and do something before an Illinois court orders them to. For protection against your eCommerce site click here . Source: http://www.geek.com/news/paypal-turns-blind-eye-to-payments-totaling-35000-for-on-demand-ddos-1554902/

See the original post:
Paypal turns blind eye to payments totaling $35,000 for on-demand DDoS

9 PH gov’t sites inaccessible due to DDoS Attack

Two days before the May 13 elections, the Commission on Elections (Comelec) and the Philippine News Agency websites appeared inaccessible to the public. Cursory inspections of the websites of the Philippines’ Departments of Interior and Local Government, National Defense, Foreign Affairs, and Science and Technology, showed they were also apparently inaccessible. The pages for the Philippine National Police, the Army and Navy, and the Philippine Information Agency also could not be accessed. As of 4:10 pm., the Department of Science and Technology (DOST) acknowledged and confirmed distributed denial of service (DDoS) attacks occurring against government sites, but they did not mention where the attacks came from. In a text message to Rappler, Roy Espiritu of the DOST ICT Office said the attacks started on May 10 on gov.ph, then to additional gov.ph-based websites on May 11. He added that the DOST was working on neutralizing the attacks and determining the source. They are also assisting government agencies outside their secured servers who have asked for help. Interaksyon.com earlier reported on the possibility of the downtime being caused by a cyberattack, but noted that the Facebook page of Anonymous Philippines, a hacker-activist group, stated they would undertake no operations during this time. GMA wrote that its technical team “detected an overnight cyberattack that was still ongoing as of posting time on numerous Philippine websites, including GMA News Online, ABS-CBN News, Philippine Airlines, Globe, Smart, and more than two dozen Philippine government websites.” Based on referrer tags and forum activity, GMA also added the attacks seem to have come from Taiwan, linking to a Taiwanese webpage that seems to have reacted positively to the Philippine site downtime. The possibility of a cyberattack related to Philippine-Taiwanese tensions resulting from the shooting of a Taiwanese fisherman was also raised. While no announcement has been made by the Philippine government, Comelec spokesperson James Jimenez mentioned previously to Rappler that the Comelec website may have downtime due to the number of people visiting it, as well as the location of the Comelec website servers. It also repeated this in a recent tweet. As of 2:30 pm., Rappler could access the site, which appears to have had a redesign in time for the elections. With regard to election issues, those seeking information from the Comelec about finding one’s voting precinct but cannot access their homepage can contact the Comelec through the following hotlines: 525335; 5259297; 5259301; 5259302; 5259345; 5271892; 5516552; 5521451; 5523044. – Rappler.com For protection against your eCommerce site click here . Source: http://www.rappler.com/nation/28804-philippine-government-sites-inaccessible

View original post here:
9 PH gov’t sites inaccessible due to DDoS Attack

Nationwide DDoS Attack Hits ReputationChanger.com

ReputationChanger.com was the most recent target in a string of high-profile cyber-attacks against U.S. web companies and governmental organizations. Reputation.com, LivingSocial and Name.com have all announced recently that they have been the targets of successful attacks by hackers. Tens of millions of consumers have been asked to change passwords in the wake of these attacks with large numbers of the population informed that personal data may have been accessed. A hack of the Associated Press account in Twitter resulted in a temporary loss on U.S. stock markets of $200 billion in late April. The U.S. Defense Department accused Chinese government-backed hackers this week of a sustained cyber campaign which successfully targeted governmental and defense contractor websites. The Chinese later denied these allegations. ReputationChanger.com was indeed targeted by an attack from a Chinese IP address that lasted most of the day. While the company’s public website was taken down for roughly half an hour in a distributed denial of service attack (DDoS), an investigation confirms that the company’s critical information — including client data — remained untouched. “The attack brought down our main website briefly but I think overall it revealed the strength and security of our operation in a way that we are truly proud of,” comments the company’s president, Michael Zammuto. “Because of the system set up, no client data was in danger of being accessed or compromised — and indeed, no client data was accessed or compromised. No action is required of any client although periodic password changes are always recommended.” Even a cyber-attack targeting the company’s Command Center, the firm’s online reputation management platform, could not have led to illicit data access. “The confidentiality of what we do is critical, and we are endlessly devoted to maintaining the complete privacy of our clients,” Zammuto offers. “As such, we have a highly distributed cloud system, response teams and processes in place to prepare for cyber threats.” Though the identity of the cyber assailant is yet unknown, Zammuto says the impetus for the attack is likely the high-profile client list that ReputationChanger.com maintains. “We were surely targeted because of the very important clients that we work with,” he affirms. ReputationChanger.com’s clientele encompasses governments, political figures, educational institutions, celebrities, and major, internationally-recognized businesses and brands. Despite the brief downtime experienced on the ReputationChanger.com website, Zammuto says that he is ultimately thrilled with how well the enterprise held up in the face of a malicious online assault. “I am very pleased with the performance of our network security team and partners,” he remarks. “It is a great reminder of how valuable investments are in these areas. They kept us safe from a vicious online enemy. It is because of their hard work and their expertise that ReputationChanger.com’s clients can rest assured that their confidential data is in the best possible hands.” ReputationChanger.com is the top rated online reputation management firm according to Top SEOs and was announced as a finalist for the Red Herring 100 earlier this week Both organizations citing the firm’s technology and its commitment to serving its clients. For protection against your eCommerce site click here . Source: http://online.wsj.com/article/PR-CO-20130509-912785.html?mod=googlenews_wsj

Visit link:
Nationwide DDoS Attack Hits ReputationChanger.com

Porn-downloading ransomware targets German users

The German Anti-Botnet Advisory Centre is warning (in German) users about a new ransomware / BKA Trojan variant that accuses users of being involved in the reproduction of pornographic material involv…

Porn-downloading ransomware targets German users

May 7th 2013 OpUSA: A Promise of Cyber Events to Come?

What will actually happen in (or to) cyberspace on May 7, 2013? That is the question that many are asking as they prepare for a promised attack from the hacktivist groups this coming week. According to an announcement in an April 24 Pastebin threat to US and Israeli Governments, “We gonna launch a big attack against The USA Network and we gonna make some Damages.” Some sources say that this is a serious threat, and government and banking enterprises need to be prepared. Govinfosecurity.com reported: “Security experts say that OperationUSA, a coordinated online attack against banking and government websites slated for May 7, is a serious threat. As a result, organizations should be upping their distributed-denial-of-service attack mitigation strategies to guard against the attacks, which are being coordinated by the hacktivist group Anonymous. Experts advise that call-center staff should be educated about DDoS attacks, in case customers call in about online outages or experience difficulty accessing accounts. And network and security teams should actively monitor Internet traffic on May 7 and take steps to block specific IP addresses.” A look at the Twitter-feed or OpUSA yields some interesting tweets, links to anti-USA videos and more. Here is one of those tweets from Cisco Security ?@CiscoSecurity: “Stay informed about the planned # OpUSA cyberattacks against government and banking infrastructure http://cs.co/9001Xc4N #security” Is the OpUSA Threat Overblown? And yet, Krebs on Security reported that the threat may be “more bark than bite.” Brian Krebs writes: “A confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks ‘likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message….’ In an interview with Softpedia, representatives of Izz ad-Din al-Qassam said they do indeed plan to lend their firepower to the OpUSA attack campaign.” My Reaction So what is Michigan government doing? While I won’t list every step taken here, I can say that we are hoping for the best, while preparing for potential issues to occur. There are a variety of scenarios, but I believe that governments need to be prepared for Distributed Denial of Service (DDoS) attacks and possibly worse. In my opinion, this is now the new normal in cyber threats, and enterprises must be prepared. I tend to also agree with DHS and Krebs that this may not be as big an issue on Tuesday as some predict. Nevertheless, we must treat this in the way that police regularly investigate other types of serious security threats. Another observation is that this may become the “new normal” regarding cyber threats. Government enterprises need to have procedures in place to react to these cyber threats and potential attacks. There are services that can be purchased from your ISP to address DDoS, and there are also other security steps that enterprises can take regarding people, process and technology improvements. Michigan has experienced a DDoS attack before, and we will likely see similar cyber attacks again. One final thought. The bad guys use these type of announcements to test our cyber defenses. They see what we do to mitigate risks or raise the alert levels on Tuesday. This information could be used in the future for unannounced online attacks. For that reason, I suggest that cyber teams deploy only the defense tool needed, when they are needed. We need to have adaptive cyber defenses that are appropriate for the specific attack situation. Or more simply, don’t openly “show your hand” to the adversary. What are you doing to prepare for Tuesday? Do you think these cyber threat announcements are becoming the new normal around the world? For protection against your eCommerce site click here . Source: http://www.govtech.com/blogs/lohrmann-on-cybersecurity/OpUSA-A-Promise-of-050413.html

Read the original post:
May 7th 2013 OpUSA: A Promise of Cyber Events to Come?

May 7 2013 OpUSA: A Promise of Cyber Events to Come?

View original post here:
May 7 2013 OpUSA: A Promise of Cyber Events to Come?

May 7th 2013: Mark Your Calendar (or Not) for OpUSA DDoS Attacks

CUNA made headlines with its warning about a planned May 7th DDoS – Distributed Denial of Service – attack that, said the trade group, was sufficiently worrisome that credit unions had to take steps to be ready. CUNA attributed the source of word of the threat to “chatter” that has been detec What chatter? That turns out to be comments not from the al Qassam Cyber Fighters – the group that has claimed the prior DDoS attacks that have knocked big U.S. banks and several credit unions offline in the past year. Sources pointed instead to OpUSA, a shadowy hacktivist group that is affiliated with Anonymous. OpUSA has claimed al-Qassam will be involved in the May 7 attacks, but al Qassam – a group often said to be allied with the Iranian government – has been less committal in its remarks. As for what OpUSA has planned for May 7, the group has offered its commentary on Pastebin, the website of choice for DDoS-related announcements. (Warning: there is substantial off color language here,) Aside from anti-Israel and anti-Obama commentary, there are no real details of what is planned for May 7. Anonymous, the supposed manpower behind OpUSA, is a group that has had successful takedowns of public websites – recently the Spanish parliament’s website became a victim. It has documented computer skills at very high levels. But the exact relationship between OpUSA and Anonymous is not presently known. So, what should a credit union do in the run up to May 7? Experts consulted by Credit Union Times indicated that at this late date, not much could in fact be done to ward off an unknown attacker unleashing an unknown attack vector in a little over a week. Were budgets unlimited, much could be done, said the experts, but with a typical credit union’s constrained IT budget, many will decide their best course of action is to wait this one out and see exactly what damage transpires on May 7. In the vast majority of cases, DDoS also has not been associated with data breaches. It has been an outage, plain and simple, noted one expert who indicated it was not that different from going down in an electrical storm. “Many – most – will decide to take this route,” he said. For protection against your eCommerce site c lick here . Source: http://www.cutimes.com/2013/04/29/may-7-mark-your-calendar-or-not-for-credit-union-d?ref=hp

Continue Reading:
May 7th 2013: Mark Your Calendar (or Not) for OpUSA DDoS Attacks

IRC/HTTP based DDoS bot nukes other bots

Online underground markets seem to offer anything and everything a budding cyber criminal might need. Compromised online accounts? They've got them. Malicious domain registering service? Here you …

Continue Reading:
IRC/HTTP based DDoS bot nukes other bots