Category Archives: DDoS Vendors

The “Great Cannon”: How China Turns Its Web-sites Into Cyberweapons

When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling… When anti-Chinese censorship services got hit with a crippling distributed-denial-of-service attack last month, researchers promptly pegged China as the culprit. Now, Citizen Lab has pinpointed the Chinese tool that produced this attack occur. They’re calling it the Fantastic Cannon. Separate from but positioned within China’s Wonderful Firewall, this “Great Cannon” injects malicious code as a way to enforce state censorship, by working with cyberattacks to damage solutions that help folks inside China see banned content. The Excellent Cannon is not merely an extension of the Fantastic Firewall, but a distinct attack tool that hijacks website traffic to (or presumably from) person IP addresses, and can arbitrarily replace unencrypted content material as a man-in-the-middle. With this most recent DDoS attack, the Wonderful Cannon worked by weaponizing the internet site visitors of visitors to Baidu or any website that utilised Baidu’s comprehensive ad network. This suggests any one visiting a Baidu-affiliated from anyplace in the planet was vulnerable to obtaining their internet visitors hijacked and turned into a weapon to flood anti-censorship internet sites with too a lot targeted traffic. This distinct attack had a narrow target: Particular web sites recognized to circumvent Chinese censorship. But Citizen Lab thinks the Terrific Cannon could be utilised in a substantially broader way. Due to the fact it is capable of making a complete-blown man-in-the-middle attack, it could be made use of to intercept unencrypted emails, for example. The attack launched by the Good Cannon seems somewhat apparent and coarse: a denial-of-service attack on services objectionable to the Chinese government. However the attack itself indicates a far far more significant capability: an potential to “exploit by IP address”. This possibility, not yet observed but a function of its architecture, represents a potent cyberattack capability. As Citizen Lab’s researchers note, it’s fairly strange that China would show off this strong weapon by applying it in such a pointed attack. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Online to co-opt arbitrary computer systems across the net and outside of China to obtain China’s policy ends. The only silver lining here is that this could prompt a far more urgent push to switch to HTTPS, given that the Good Cannon only operates on HTTP. This attack tends to make it painfully apparent that utilizing HTTPS isn’t just a smart safeguard— it is a required precaution against effective state-sponsored cyberattacks. Source: http://www.eaglecurrent.com/technology/the-quotgreat-cannonquot-how-china-turns-its-web-sites-into-cyberweapons-h4121.html

Read more here:
The “Great Cannon”: How China Turns Its Web-sites Into Cyberweapons

Polymorphic Beebone botnet sinkholed in international police operation

On April 8, a global operation targeted the Beebone (also known as AAEH) botnet, a polymorphic downloader bot which installs various forms of malware on victims’ computers. Initial figures show tha…

Visit link:
Polymorphic Beebone botnet sinkholed in international police operation

iOS, OS X apps sent into infinite dizzy DoS by this one weird kernel bug

Apple patches OOB boob to stop API noobs being duped Kenton Varda has found a ‘weird’ kernel bug used in Apple gear that could result in trivial denial of service by remote attackers.…

Originally posted here:
iOS, OS X apps sent into infinite dizzy DoS by this one weird kernel bug

Denial of service attacks pour through rift in Network Time Protocol

Mismatched clocks allow poison packets to prevent synching, and sink you Red Hat security chap Miroslav Lichvar has revealed two vulnerabilities in the Network Time Protocol (NTP) that allow attackers to get clients to execute unauthenticated packets.…

View post:
Denial of service attacks pour through rift in Network Time Protocol

DOSarrest External Monitoring Service launches iOS and Android App

VANCOUVER , April 8, 2015 /PRNewswire/ – DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest’s industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors. Jag Bains, CTO of DOSarrest says “This application is beneficial to all of our clients who have a mission critical website that requires 100% uptime. Unlike other monitoring services, this service is fully managed 24/7/365. Should anything unexpected occur, our engineers will investigate, pinpoint and advise the client on a solution in near real-time. No other vendor in this industry offers this level of customer service.” “We have a number of clients who depend on this service and some have subscribed to it that aren’t even using our DDoS protection service,” says Mark Teolis , CEO of DOSarrest. “With the new mobile application, in one click on your smart phone, you can view what sites are up or down and why in real-time, whenever and wherever you are. It’s like the laptop version in your pocket.” Teolis adds “As I far as I know, no other DDoS protection service or CDN offers any such complimentary service that compares to our External Monitoring Service, with 8 globally distributed sensors completely independent of any of our scrubbing nodes.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C. , Canada , is one of only a couple of companies worldwide to specialize in cloud based DDoS protection services .  Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF), V ulnerability T esting and O ptimization (VTO) as well as cloud based global load balancing. SOURCE: http://www.prnewswire.com/news-releases/dosarrest-external-monitoring-service-launches-ios-and-android-app-499026641.html

Read More:
DOSarrest External Monitoring Service launches iOS and Android App

Day FOUR of the GitHub web assault: Activists point fingers at ‘China’s global censorship’

Code repository warns of ‘evolving’ attacks With the GitHub distributed denial-of-service (DDoS) attack nearing its fifth day of bombardment, the code-sharing upstart said it is holding up well under fire.…

More:
Day FOUR of the GitHub web assault: Activists point fingers at ‘China’s global censorship’

Botnets inflating Twitch audiences help broadcasters earn money

Most people dream about earning a living by doing something they enjoy. For some gamers, that dream is achievable by using Twitch, the game streaming service that offers gamers with a big-enough follo…

See more here:
Botnets inflating Twitch audiences help broadcasters earn money

GitHub recovering from massive DDoS attacks

The attacks were aimed at two GitHub-hosted projects fighting Chinese censorship Software development platform GitHub said Sunday it was still experiencing intermittent outages from the largest cyberattack in its history but had halted most of the attack traffic. Starting on Thursday, GitHub was hit by distributed denial-of-service (DDoS) attacks that sent large volumes of Web traffic to the site, particularly toward two Chinese anti-censorship projects hosted there. Over the next few days, the attackers changed their DDoS tactics as GitHub defended the site, but as of Sunday, it appears the site was mostly working. A GitHub service called Gists, which lets people post bits of code, was still affected, it said. On Twitter, GitHub said it continued to adapt its defenses. The attacks appeared to focus specifically on two projects hosted on GitHub, according to a blogger who goes by the nickname of Anthr@X on a Chinese- and English-language computer security forum. One project mirrors the content of The New York Times for Chinese users, and the other is run by Greatfire.org, a group that monitors websites censored by the Chinese government and develops ways for Chinese users to access banned services. China exerts strict control over Internet access through its “Great Firewall,” a sophisticated ring of networking equipment and filtering software. The country blocks thousands of websites, including ones such as Facebook and Twitter and media outlets such as The Wall Street Journal, The New York Times and Bloomberg. Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects. The tracking code was written by Baidu, but it did not appear the search engine — the largest in China — had anything to do with it. Instead, Anthr@X wrote that some device on the border of China’s inner network was hijacking HTTP connections to websites within the country. The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing. “In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech,” Anthr@X wrote. GitHub has not laid blame for the attacks, writing on Saturday that “based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.” The attackers used a wide variety of methods and tactics, including new techniques “that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic,” GitHub said. In late December, China cut off all access to Google’s Gmail service, after blocking Facebook’s Instagram app, and the phone messaging app Line. A month prior, it appeared many non-political sites supported by the U.S. content delivery network EdgeCast Network were blocked. EdgeCast may have been a casualty because its cloud services are often used to host mirror sites for ones that have been banned. Source: http://www.computerworld.com/article/2903318/github-recovering-from-massive-ddos-attacks.html

Originally posted here:
GitHub recovering from massive DDoS attacks

Indiana’s website taken out by DDoS in response to ‘religious freedom’ law

The state’s website was up and down for most of the early afternoon on Friday The state of Indiana is having a bad week. First, Governor Mike Pence signed a controversial “religious freedom” bill into law; earning the state a black eye for taking step backwards on civil rights. Now, twenty-four hours later, the state’s website was knocked offline by a group taking up another person’s protest against Religious Freedom Restoration Act. The group responsible for taking IN.gov offline has targeted 34 other state, local, tribal, and territorial government websites this month. Going by the name @YourVikingdom on Twitter, the group targeted Indiana’s website after another user suggested that a campaign against the state be mounted in response to recently enacted discriminatory law. Senate Bill 101, also known as the Religious Freedom Restoration Act, was surrounded by controversy in the days leading up to its signing. Businesses and organizations on both sides of the debate, including religious groups such as The Christian Church (Disciples of Christ) urged Gov. Pence to veto the bill. The problem most people have with the new law is that it opens the door for business owners to deny services to the LGBT community for religious reasons. The law, said to be nothing short of legalized discrimination, has caused business leaders to react, including Salesforce CEO Marc Benioff, who stated that employees and customers would no longer be sent to Indiana. Salesforce bought ExactTarget, an Indiana-based marketing software company, for $2.5B in 2013. “Today we are canceling all programs that require our customers/employees to travel to Indiana to face discrimination,” Benioff said via Twitter. There’s no way to prove it, but the DDoS attack against Indiana’s primary website might have been avoided. The group responsible has no real purpose. Despite their outlandish claims, the reality is they attack vulnerable infrastructures – or low-hanging fruit as it were – for fun. There is no cause for them to support, just their own amusement. All of their victims, especially the government websites, have little to no anti-DDoS protection. Indiana is no different. Yet, because of the backlash against Indiana over the ‘religious freedom’ law, @YourVikingdom took notice and flooded the website with traffic to the point that it collapsed. The site was able to recover, but the damage had already been done. Then again, the ‘religious freedom’ law might have been nothing more than an excuse. As low-hanging fruit, Indiana’s servers were always a possible target, especially given the established pattern set by @YourVikingdom. Indiana’s website was offline at 2:00p.m. EST, and recovered 45 minutes later, but remained sluggish for another half-hour while the Indiana Office of Technology worked to resolve the issue. Source: http://www.csoonline.com/article/2903314/business-continuity/indianas-website-taken-out-by-ddos-in-response-to-religious-freedom-law.html

Continue reading here:
Indiana’s website taken out by DDoS in response to ‘religious freedom’ law