Category Archives: DDoS Vendors

Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

San Francisco, CA – infoZine – Denial of service attacks – flooding websites with traffic in order to make them unavailable to the public – have become an increasingly popular way to take down or block Internet content. A new online guide from the Electronic Frontier Foundation (EFF) outlines how website operators can fend off these attacks and keep their sites alive and accessible. “Denial of service attacks have been used by governments to silence online criticism as well as by activists protesting companies and organizations they don’t like,” said EFF Director for International Freedom of Expression Jillian York. “Major websites often have the resources to keep running during a denial of service attack, but smaller sites – such as those belonging to independent media or human rights organizations – are sometimes taken down permanently. Our online guide is aimed at leveling the playing field.” EFF’s “Keeping Your Site Alive” guide includes tips on choosing an appropriate webhost to provide the security and technical assistance needed to weather an attack. The guide also gives advice on how to back up and mirror content so it can be made available elsewhere in case the site is compromised, and includes tutorial videos with background information on the technical concepts involved. Denial of service attacks are an issue for websites across the globe, so EFF’s guide is available in many different translations, including Chinese, Russian, Persian, and Arabic. “Lack of resources or knowledge can mean some websites are more vulnerable than others,” said EFF International Freedom of Expression Coordinator Eva Galperin. “We want to give website operators around the world the tools they need to protect their content and stay online.” Source: http://www.infozine.com/news/stories/op/storiesView/sid/52927/

View article:
Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

DDoS attacks protection advice from the EFF

Denial of service (DoS) and distributed denial of service (DDoS) attacks are increasingly common phenomena, used by a variety of actors—from activists to governments—to temporarily or indefinitely pre…

Read this article:
DDoS attacks protection advice from the EFF

India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

Earlier this year, India had an encounter with “Anonymous”, a diffuse alliance of what are commonly (and incorrectly) called hackers. In its much-publicized “Operation India”, Anonymous blocked public access to, hacked and defaced various websites in protest against the rising censorship of the Internet. This is a legitimate political cause. However, a movement cannot be judged purely by the legitimacy of its goals, and it is important to consider the legitimacy of the means used to achieve these goals. Anonymous used distributed denial of service ( DDoS ) attacks to submerge, albeit temporarily, many websites. The DDoS attack bombards the target website with more user requests than it can bear, until it becomes unavailable to all others. Many compare this to picketing, and use the term “virtual sit-in” for it. The DDoS attack does not breach a website’s security, and is therefore not hacking (more correctly called “cracking”). In contrast, defacement of websites, deletion of data or leaking restricted data, entails hacking, which involves breaching a website’s security and is more analogous to breaking and entering physical premises. Anonymous has done this too in India—defacing some websites and leaking confidential data from others. There are a few crucial differences between picketing as civil disobedience, and the DDoS attack. One is that picketing requires many people to come together and sit in protest. One or two peace protesters cannot successfully block a road. Although there was a time when DDoS attacks also required a large number of people to bombard the target, they can now be achieved by one person with the technological skills to “fire” a large number of computers at the target website.Therefore, a DDoS attack no longer implies that a sizeable section of the public cares enough to be part of a virtual sit-in. The second difference between DDoS attacks and civil disobedience lies in the “hacktivists” unwillingness to be accountable. Martin Luther King and Gandhi made it clear that civil disobedience includes accepting the penalty for breaking the law. Faceless untraceable hackers are far removed from this ethic. While it is true that they risk harsh reprisal if identified, the legitimacy and heroic aura of civil disobedience comes from the willingness to risk that reprisal. It may therefore be difficult to argue that even the DDoS attacks by Anonymous qualify as civil disobedience, which arguably is the most legitimate of the spectrum of options available to a political dissident. If political activists use varied and escalating tactics in the physical world, “hacktivists” use strategies ranging from DDoS to more intrusive defacement, disabling and leaking of data to draw attention to political causes. The legitimacy of these methods—the proportionality and justification of harm caused—can only be determined with reference to particular contexts. One has to evaluate the threat necessitating activism, innocent casualties of the activists’ actions and whether less harmful strategies have already been explored. This is difficult. For instance, the indirect repercussions of a DDoS attack or leaking data may not be apparent at first glance. Anonymous tried setting boundaries to avoid harming innocent citizens during Operation India. It declared that infrastructure websites such as the railway booking portal were not to be attacked, and it prevented disclosure of sensitive financial information when a cinema tickets database was hacked. These precautions, though laudable, are however not quite enough. The influential members of Anonymous cannot successfully identify every action that may cause public harm. For instance, when Anonymous attacked the Supreme Court of India and the Reserve Bank of India websites, it seemed ignorant of the potential impact on litigants and the economy. When it leaked confidential police records, it seemed unaware of the significant hazards of leaking people’s names, addresses and other private data. The precautions taken by Anonymous may vanish next time, since the loosely knit, ever-changing nature of Anonymous community means that power and influence can shift; splinter groups with fewer scruples can emerge. Anonymous cannot achieve the control and accountability possible in a more tangible organized group. This collective operates under disturbingly low levels of transparency and accountability, greatly exacerbated by its ability to veil itself in the shadows of the Internet. New recruits are sometimes endangered by misleading information about the legality and consequences of joining in DDoS attacks. Guerilla warfare is often used without properly exploring more peaceable means, thanks to the power and revenge mob-ethic by which Anonymous is driven. The use of technological arsenal to launch cyber-attacks ignores the likelihood of escalation— “hacktivists” tend to forget that technology is a neutral tool that governments can also use. The government may counter-attack, using its considerable resources to acquire the necessary technological capacity. Citizens may end up being the casualties of the exchange. Phase one of Operation India was riddled with moral ambiguity. If OpIndia participants wish to show the world that they are more than bored nerds playing at a social movement like it is a video game, with all the accompanying air-punching, adrenaline boosting, self-aggrandising thrills, they will ensure that phase two’s constructive and legitimate Right to Information campaign is a roaring success. For instant DDoS services against your e-commerce website click here . Source: http://www.livemint.com/2012/08/19212459/The-perils-of-8216hactivism.html

View post:
India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

The WikiLeaks website came back online last Tuesday after being down for almost a week due to Distributed Denial of Service Attack (DDoS). The secret-leaking organization says it has been targeted by DDoS making its website inaccessible or sluggish for several days. The attack was said to have began at the beginning of August and has intensified to affect other affiliated sites. A group calling itself “AntiLeaks” claimed responsibility for the attacks following their post on Twitter saying that they were against Julian Assange’s intention to seek political asylum in Ecuador. DDoS attacks work by sending heavy amount of traffic to the servers of a website in the hopes to overload them and to force them to shut down. Such type of attack is the most common form of cyber attacks. According to Wiki Leaks, its servers have been flooded with 10 gigabits per second of fake traffic from thousands of different machines. Experts monitoring the issue noted that the amount of traffic is larger than the usual attacks seen in the past few years. AntiLeaks claim it has no ties to the United States government or any other governments tagged as enemies of WikiLeaks. Many people thinks the DDoS attacks on WikiLeaks was a response to the whistleblower website’s posting of documents showing how TrapWire works. TrapWire is a system being utilized in the US to counter terrorism by collecting and analyzing footages from security cameras and license plate readers around the country. Details about the counterterrorism surveillance system were revealed by Anonymous following an email hacking incident on security intelligence firm Stratfor. WikiLeaks released the documents obtained by Anonymous early this year. Observers believe that it’s a secret digital surveillance effort currently being used around the world. For fast protection for DDoS for your e-commerce website click here . Source: http://thedroidguy.com/2012/08/wikileaks-back-in-business-after-being-hit-by-a-week-of-hacking-attack/

Taken from:
WikiLeaks Back In Business After Being Hit By A Week Of Distributed Denial of Service ‘DDoS’ attack

What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them

Never heard of a DDoS attack? Small companies that do business online ought to learn about this growing online threat — and figure out how they’ll respond should one ever hit them. Consider what happened to Los Angeles-based business-planning publishing and advisory company Growthink. Last September, a surprise flood of bogus traffic knocked its website off the internet for several days. Growthink turned to its hosting firm for help, only to have its website sidelined so other sites wouldn’t be collateral damage. It finally recovered by hiring a DDoS-protection firm, BlockDos, to filter out the bad traffic. Then it moved to a new hosting service, Rackspace, so it would be better prepared next time. “It was pretty intense,” says Kevin McGinn, Growthink’s IT director. “We had no idea why we were being singled out.” Growthink had suffered a “distributed denial-of-service” attack. In a DDoS attack, legitimate site visitors are denied access by hackers who immobilize the site either with a flood of bogus internet traffic or a surgical strike that exhausts the resources of a specific web application. Successful attacks can cripple business operations. Growthink estimates its website outage erased $50,000 in revenue. As Growthink discovered, it isn’t always clear who’s out to get you. Experts say e-commerce outfits and other businesses that rely heavily on the web for their livelihoods are most at risk. Smaller companies are most often attacked by unscrupulous competitors and extortionists, although disgruntled former employees, vandals and “hacktivists,” or hackers with a political agenda, are also known culprits. With both the number and ferocity of attacks rising, DDoS incidents are a growing threat. In the last year, CloudFlare, a San Francisco cloud-based web performance and security firm, said it has seen a 700 percent rise in DDoS traffic. Small companies are increasingly finding themselves in the crosshairs, experts say, as the cost of mounting attacks drops and large companies get better at stopping them. Attackers can rent “botnets” of 1,000 hijacked malware-infected home PCs capable of taking down sites of most small-to-medium-sized businesses for only $400 a week, according to Incapsula, a competitor to CloudFlare that’s a subsidiary of security firm Imperva, both of Redwood Shores, Calif. Even modest extortionists can profit. Australian e-commerce company Endless Wardrobe received an email in May demanding $3,500 via Western Union. When the firm didn’t comply, its site was knocked offline for a week by a torrent of bogus visits. The downtime cut revenue by at least the amount of the demanded ransom. Here are tips on how to survive if you find your business under a DDoS attack, too. Find a hosting service or ISP that will help. Many hosting services put large numbers of small websites on the same servers to boost efficiency. That’s fine until one site is attacked and the hosting company takes it offline so other customers on the server aren’t hurt as well. Check your contracts and speak with your hosting service or internet service provider, or ISP, to find out what it will do if you come under attack. Will it help you stop the attack and recover, and if so, at what cost? Will it send you a giant bill because an attack generated a ton of extra traffic to your site? A growing number of these service providers are offering security features, including DDoS protection, as a way to differentiate themselves in a crowded market. Such companies, which often employ technology from specialists such as Arbor Networks, include Firehost, Rackspace and iWeb. Hire Help. Companies that provide website acceleration services also often help fend off DDoS attacks. For instance, CloudFlare provides a free basic level of DDoS protection that it says will stop most attacks, and two tiers of service at $20 and $200 a month that can stop larger attacks. Incapsula includes DDoS protection as part of its Enterprise tier of service for an undisclosed fee. If you’re targeted with a highly sophisticated attack, however, you may want to consider hiring a DDoS-protection specialist, such as DOSarrest , a cloud-based security company based in Canada. Investigate ways to fortify your site. CloudFlare co-founder and CEO Matthew Prince suggests using nginx web server software — favored by the likes of Netflix and WordPress — because it can be more resistant to DDoS than other programs. He also recommends using the latest versions of your web software, such as WordPress and shopping carts, to prevent some application-based attacks. For fast protection DDoS protection for your e-commerce website click here . Source: http://www.entrepreneur.com/article/224099?cam=Dev&ctp=Carousel&cdt=13&cdn=224099

Continued here:
What Distributed Denial of Service ‘DDoS’ Attack Are and How to Survive Them

Indicted College Student Speaks Up About Her Case for involvement of distributed denial-of-service (DDoS) attacks

A college student arrested last year for alleged involvement in distributed denial-of-service (DDoS) attacks waged by Anonymous appeared publicly here Saturday on a panel discussing the hacktivist collective and online civil liberties. Mercedes Haefer, an undergraduate student at the University of Nevada Las Vegas who was indicted in July 2011 with 13 others for alleged conspiracy to commit DDoS attacks against PayPal’s website, spoke out briefly about her case in the panel session entitled “Anonymous and the Online Fight for Justice.” “I am charged with conspiracy to DDoS,” Haefer said during the panel discussion, noting that she found the charges “amusing.” She would not comment on the specific circumstances that led to her arrest. Anonymous talk at Def Con focused more on online civil liberties and activism, and came amid the backdrop of a screening of “We Are Legion” documentary held at the famed hacker conference. It was a far cry from last year’s Def Con, where some members donned their signature Guy Fawkes masks, while others shouted down speakers during a question-and-answer session on a panel about building a “better” Anonymous. Legal experts on Saturday’s panel pointed to a disparity in sentencing for physical activism versus hacktivism. Marcia Hoffman, a senior staff attorney at the Electronic Frontier Foundation, says the penalty for online civil disobedience is severe. “I’m not talking spending the night in jail. Federal hacking law [prescribes] up to 10 years in prison: That’s an incredibly harsh penalty,” Hoffman says. “It’s disconcerting that young people flexing their political muscle get 10 years in prison for [a] first-time offense.” Whether DDoS should be considered a legitimate form of protest was also debated. “Under certain circumstances, DDoS is protected political speech and should be afforded First Amendment rights,” said criminal defense attorney Jay Leiderman, who is representing Christopher Doyon, an alleged member of Anonymous who goes by the handle “Commander X.” Leiderman said an interview today that Commander X’s case and the PayPal case are classic examples of how some DDoS attacks should be treated as free speech. In the former, Commander X and others camped out for months in front of the Santa Cruz, Calif., courthouse protesting a crackdown on homeless people sleeping in the streets. “In the wake of more arrests, he and a small number of people allegedly DDoS’ed the County of Santa Cruz, slowing its server for 18 minutes,” he says. “That use of DDoS is a classic form of political speech, where the government is ignoring you and [you] get their attention in a nonharmful and noninvasive way with something to let them know you are out there.” Josh Corman, who has been researching Anonymous and, along with Brian Martin writing a series on “Building A Better Anonymous,” says the DDoS-as-free-speech argument made by the panel was interesting. Corman says he sees the disparity in a $250 fine for physical civil disobedience and a 10-year prison sentence for the digital equivalent. “I can see a reasonable argument that this is a legitimate form of free speech … I can see the disparity in the law there. Maybe they have a case there, but I’ll let people smarter than me decide,” Corman says. “[But] then I realize what a massive distraction that [argument] was.” The free speech DDoS argument distracts from the more malicious activity some members of Anonymous have conducted, he says. “And all of that drowns out the potentially noble” activity, he says. The bottom line is that DDoS doesn’t really accomplish what the hacktivists want it to, anyway, he says. “It doesn’t have any lasting damage at all. It’s a tool of fear” and is noisy, but hasn’t effected the type of change in the targeted organizations that the hacktivists had intended, Corman says. Sony, for example, suffered “orders of magnitude more” in financial losses from the massive earthquake in Japan than from the more than 21 DDoS attacks waged against it, he says. Meanwhile, Haefer offered a little insight into how Anonymous operates: In response to a question about how an Anonymous plan to out Mexican government officials with ties to drug cartels didn’t materialize, she said sometimes the intentions are there, but action may not be “feasible at that time.” “A lot of times where people start up an op with the intention of trying to do something, and someone will jump the gun and say, ‘We’re going to [f’ing] do it,’ and sometimes it’s not always possible with the people we have around and their lives” and other commitments, she said. At A Crossroads Corman says a small group of Anonymous members should define what free speech online means, and a find a better way to protest than DDoS attacks, he says. “I can envision truly noble online activism as transformative as a civil rights movement,” he says. Corman and others at an earlier panel at Def Con urged the security community to be aware and speak out about privacy and freedom concerns at the upcoming World Conference on International Telecommunications (WCIT-12) meeting. Experts say the meeting could result in the potential restructuring and governance of the Internet that could ultimately hamper user access and freedoms. The security community could be doing more to carry the torch here as a more formal means for Internet activism, he says. “The original Def Con crowd could be a force of organized chaos that keeps the peace actively or passively,” Corman says. And Anonymous, meantime, is at a crossroads, according to Corman. “Several [of them] are ready to engage on what a better Anonymous might look like,” he says. For fast DDoS protection against your website click here to view DOSarrest services. http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240004684/indicted-college-student-speaks-up-about-her-case-anonymous.html

View original post here:
Indicted College Student Speaks Up About Her Case for involvement of distributed denial-of-service (DDoS) attacks

Tablet’s Server Outages due to Distributed Denial of Service ‘DDoS’ attack

For the last several months, Tablet Magazine’s servers have been coming under recurring distributed denial-of-service attacks, or DDoS attacks . Yesterday we suffered two major attacks, the first around 1:30 p.m., shortly after we posted Michael C. Moynihan’s explosive article about the further dishonesty of Jonah Lehrer, the author and New Yorker writer. The Lehrer story brought us an unprecedentedly large legitimate traffic load. Some commentators and observers speculated that that’s what brought us down. It’s true that the rush of readers coming to the Lehrer story was much larger than normal, but I am assured by our IT team that we had more than sufficient bandwith and server memory to handle it. Notably, for several midafternoon hours, when we were not under attack, we served extraordinarily high traffic loads uneventfully. Our IT team strongly believes that what we were experiencing—and have been for some time—are sophisticated attacks specifically targeting Tablet, not just run-of-the-mill Internet-as-Wild-West hijinks. It is possible that whoever is out to get us seized on a moment when we had high publicity and high server demand to attack. It sounds a little paranoid, granted, but as the saying goes, just because you’re paranoid doesn’t mean they’re not out to get you. The romantic in me hopes it’s the Iranians. Meantime, we’re doing what we can to keep the site up, and we apologize for our no-doubt maddening unreliability. And if you’re a DDoS-mitigation expert who’s eager for some pro-bono work, you know where to find us. Source: http://www.tabletmag.com/scroll/107948/on-tablet%E2%80%99s-server-outages

Follow this link:
Tablet’s Server Outages due to Distributed Denial of Service ‘DDoS’ attack

DDoS crooks: Do you want us to blitz those phone lines too?

Miscreants offer to down mobe and fixed line services for $20 a day Cybercrooks are now offering to launch cyberattacks against telecom services, with prices starting at just $20 a day.…

Read More:
DDoS crooks: Do you want us to blitz those phone lines too?

Five Ways to Protect Against Distributed Denial of Service ‘DDoS’ attacks

Distributed denial of service (DDoS) attacks are able to take out an entire site in a matter of minutes. Firewalls and traditional tools like intrusion detection and prevention systems cannot always mitigate the security risks associated with these threats. New techniques and technologies in DDoS attacks can be more aggressive than their DoS predecessors and require a different kind of approach to network security. This slideshow features some of the tricks and tools, identified by Jim MacLeod, product manager at WildPackets, that can be employed to hinder the flow of a DDoS attack. 1. Understanding a DDoS attack The goal of any DDoS attack is to overwhelm a service to the point where it no longer works. While DDoS has historically been just an annoyance, there is usually a financial impact, such as lost sales or a spike in bandwidth costs. Cloud-hosted services, which charge by usage, are especially financially vulnerable to an onslaught of traffic. DDoS attacks use large numbers of computers simultaneously targeting a single service. The attack often comes from botnets, which are composed of PCs infected by a virus. Recently, DDoS has been used by political protesters, who crowdsource attackers through downloadable software. Older DoS attacks like SYN floods used limited numbers of attackers, so it was possible to use automatic per-client rate-limiting, or to block the IPs. Modern DDoS techniques try to avoid large amounts of traffic per attacker, and rely purely on large numbers. 2. Prepare in advance Many sites may think they’re too small to attract attention. However, DDoS isn’t a hard attack to perform. Ironically, DDoS is even available as a service. If your site is big enough to attract any business, it’s big enough to attract a potential attacker. Reducing the cost of an attack starts with early detection. There are simple techniques you can use to alert yourself to an attack. Run a script on your server that sends a message periodically with the recent traffic count: You’ll get a warning either if the count jumps significantly, or the message doesn’t arrive. Additionally, use a remote monitoring program that periodically checks the service’s availability. A large DDoS attack may block your management access if the site is remote. Try to make sure there’s a cost-effective out-of-band management solution. 3. Identify the attack fingerprint Once you detect a DDoS attack, the first step is to identify its unique characteristics. Despite the availability of cleverer techniques, DDoS usually relies on brute force – which means that the traffic from all of the attackers will have unique similarities. Because large numbers of attackers will be involved, scattered across the Internet, blocking the IP addresses will be nearly impossible. Instead, do a quick packet capture of the attack. Finding examples will be relatively easy, since most of the traffic will be DDoS traffic. Commonalities can often be found in the URI, user agent, or referrer. What you’re looking for is a pattern that you can block with your firewall, router ACL, IDS, etc. It will often be an ASCII or hex pattern at an offset. Become familiar with the capabilities of your equipment, and try some tests in preparation. 4. Block the rogue packets Once you have identified the attack fingerprint, it is time to set up a block within your firewall or router to drop the majority of packets. However, a high-bandwidth attack may simply exhaust your WAN link: You’ll have a clean LAN, but your service will still be unreachable. Contact your carrier now to figure out how to work with them during a DDoS attack, in case they need to do the blocking for you. Some service providers offer “clean pipe” hosting with automatic DDoS squelching. There are also companies who offer products and services to detect and prevent DDoS. Depending on the specifics of your service, it may make financial sense to pay for one of these solutions. Don’t forget the option of simply hosting the service somewhere large enough to absorb the attack – but remember that DDoS against sites that charge by bandwidth can result in unexpectedly high bills. 5. Surviving and cleaning up During and after a DDoS attack, ask for help. Your regional CSIRT (Computer Security Incident Response Team) should be alerted, as they have expertise and contacts that can not only help you during the attack, but also start the process of figuring out who did it and how. A global list is available here: http://www.cert.org/csirts/national/contact.html As cyber crimes get more sophisticated, businesses must be able to constantly adapt to these new security threats. While there are no methods or tools that can completely prevent DDoS attacks from happening, having a security “insurance policy” in place is the first step in ensuring that you are completely prepared. The ability to quickly suspend this new level of attack is tantamount to protecting company data as well as your business as a whole. Click here for DDoS protection. Source: http://www.itbusinessedge.com/slideshows/show.aspx?c=96534

Read More:
Five Ways to Protect Against Distributed Denial of Service ‘DDoS’ attacks