Category Archives: DDoS Vendors

Linode Resets Customer Passwords After Breach, DDoS Attack

Cloud-based webhost Linode absorbed another body blow on Tuesday when it said it was resetting customer passwords after a suspected breach. The development compounded the company’s existing woes as it continues to battle a distributed denial-of-service attack that began on Christmas. A Linode representative said late Tuesday its executives were unavailable for comment and that an investigation was ongoing. The password breach was announced after the company said three accounts were accessed without permission and it discovered two Linode.com user credentials on an “external machine.” “This implies user credentials could have been read from our database, either offline or on, at some point,” Linode said in an advisory to customers. “The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.” Linode said it notified the customers whose credentials were found on outside machines and said there was no evidence of further intrusion into host or virtual machines. Linode markets its services toward developers and offers quick, scalable solid state driver server deployments. As of this morning, portions of the Linode website were still inaccessible, and the company said it has not been able to determine whether the DDoS attack and the password breach are related attacks. In the past, experts have warned that criminals will use easy-to-mount DDoS attacks against a target in order to distract IT and security staff away from the real target. “The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings,” Linode said. “You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.” Linode was relatively quiet about the DDoS attack until a New Year’s Eve blogpost from network engineer Alex Forster. Forster said that a criminal gang was using a botnet to fire bad traffic at Linode’s authoritative nameservers causing DNS outages. All public-facing websites and web and application servers were also targeted, taking down Linode Manager. The attackers also sent traffic at Linode’s colocation provider’s upstream routers and its internal network infrastructure causing packet loss. In all, Forster said there were more than 30 attacks carried out in the week between Christmas and New Year’s Eve. Source: https://threatpost.com/linode-resets-customer-passwords-after-breach-ddos-attack/115790/#sthash.PPbMALPg.dpuf

View post:
Linode Resets Customer Passwords After Breach, DDoS Attack

Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

Bitcoin exchange BTCC Technology Ltd. had an interesting time over the new year when it was targeted by a Bitcoin-for-DDoS (Distributed Denial of Service) attack, but in a great story we don’t see often enough, the company held steady and won, complete with a hilarious ending. The company first came under DDoS attack on December 31 when they received an email from an unknown source demanding they pay 1 Bitcoin ($430) in ransom or the attacks would escalate. Having ignored the demand, on New Years Day BTCC was targeted with a 10 Gbps DDoS attack, the strength of which was not expected by the company’s DDoS mitigation service. According to a post on Reddit, the DDoS protection provider said something along the lines of “This thing is huge! You guys aren’t paying us enough for this!” so BTCC paid them more, and the site stayed up. Naturally, as these things go, the second attack was followed by a new ransom demand by the hacker, who was now asking for a payment of 10 Bitcoin ($4300) to prevent a further attack. Instead of paying, BTCC just battened down the hatches waiting for the next attack. Another, more intense DDoS attack of several hours then followed, causing BTCC’s servers to experience some performance issues, including a partial loss of functionality. BTCC still refused to pay the ransom and instead upgraded their servers to cope even better with the increasing attacks. Another ransom email demand was received, with demand for  payment of 30 Bitcoins ($12924) with the hacker adding ““We will keep these attacks up until you pay!…. You had better pay up before you go bankrupt! Mwa ha ha!” BTCC once again ignored the demand, and the attacks recommenced, complete with more demands for Bitcoin. At this point BTCC had ramped up their mitigation efforts so much that no matter how much traffic the hacker sent it didn’t affect their service at all, to the point that the company stopped noticing many of the attacks as they usually failed to disrupt their networks for more than a few minutes after the upgrades they rolled out. Winning Around this point, despite his or hers best efforts and multiple demands, the hacker gave up trying to take the site down, but not before sending one last, hilarious plea to BTCC. “Hey, guys, look, I’m really a nice person. I don’t want to put you all out of business. What do you say we just make it 0.5 BTC and call it even?” This email was, like those before it, ignored by BTCC, which resulted in one final email from the now disgruntled, losing hacker: “Do you even speak English?” and that was that. Although DDoS attacks are serious business and not every company has the capacity to put into place defensive measures, sometimes a story just makes you want to smile. BTCC 1 vs hacker 0. Source: http://siliconangle.com/blog/2016/01/06/great-story-bitcoin-exchange-btcc-stands-firm-against-ddos-ransom-hacker-and-wins/

Link:
Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities

Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

Christmas is usually a very busy time for Valve because of the major sales that the company has a habit of running on the Steam digital distribution system, and this year the company had to deal with a set of problems linked to the service and with the way the user base perceived them as an attack that had the potential to affect their personal data. In a new official site article, the studio delivers more information about what happened on December 25, saying that between 11:50 and 13:20 Pacific Standard Time store page requests for around 34,000 users, containing personal information, were seen by others. Valve admits, “The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The company also delivers an apology to all those affected by the Christmas problem . Despite the fact that some sensitive information was shared with others, the company makes it clear that users have to take no further action because the Steam system does not allow for it. This means that even if there are plans to work with a third-party company and contact those affected once they have been identified, no action on their part is required to make sure that the accounts are safe. Valve also explains that the problem was created because of a DDoS attack that combined with increased Winter Sale traffic to affect the caching of pages and forced the company to take down the store and deal with the problem. The company makes it clear that such attacks have not managed to break its security and are routinely dealt with. Steam continues to dominate PC digital distribution Valve needs to maintain its services as secure as possible to keep it in the lead on the PC and to continue offering players a wide variety of video games and some spectacular price cuts on special occasions. The Winter Sale is running at the moment, with more than 10,000 video games offered at reduced prices each day and a set of special trading cards that gamers can earn and use to tweak their profile. In late 2015 Valve also introduced the Steam machines, created in collaboration with a wide variety of partners, and the special controller, which offers plenty of new options for PC gamers who want to stay away from their monitors or share a couch with friends. In 2016, the company is planning to also enter the virtual reality space with Vive, which is created in partnership with HTC and does not yet have an official launch date or an attached price. The device was expected to arrive before the end of 2015, but Valve decided to delay it because of a major tech-related breakthrough that’s supposed to improve the user experience once the headset is commercially available. Source: http://news.softpedia.com/news/valve-reveals-details-about-christmas-issues-personal-info-was-shown-ddos-attack-involved-498289.shtml

More:
Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved

BBC reports on BBC tweet about BBC websites DDoS

The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline. Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”. A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.” Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble. Among the Twitter users to pass comment was Stephen Fry. Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack. “They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information. “The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time. “So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.” Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive. One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website. But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?” Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”. He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists. “You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.” An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”. The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK. Twitter goes into meltdown As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending. The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”. It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack. Source: http://www.telegraph.co.uk/news/bbc/12075679/BBC-website-crashes-and-Twitter-goes-into-meltdown.html

Excerpt from:
BBC reports on BBC tweet about BBC websites DDoS

Linode Hit by DDoS Attacks

Cloud hosting company Linode has suffered a series of service interruptions due to distributed denial-of-service (DDoS) attacks launched against its infrastructure over the past few days. The campaign started on December 26 when the company reported that DDoS attacks had disrupted the Linode Manager and its website. On the same day, the attackers also targeted Linode’s DNS infrastructure, and the company’s data centers in Dallas, Atlanta, London and Newark. It took roughly 2-3 hours for Linode’s systems and network engineering teams and the company’s upstream providers to mitigate the attacks. On December 27, DDoS attacks were reported at the data centers in Atlanta, Newark, and London. Linode’s service status page shows that it took the company nearly four hours to mitigate the attack against the London datacenter, while network connectivity was restored in one hour, respectively two hours, in Atlanta and Newark. The attacks against various components of Linode’s infrastructure continued on Monday and Tuesday. In the early hours of Wednesday, shortly after announcing that a DDoS attack affecting Linode’s website had been mitigated, the company reported seeing continued attacks disrupting access to its web services. The latest update indicates that the Dallas data center was again targeted recently, causing packet loss. Kaspersky Lab reported in November that in the third quarter of 2015, Linux-based botnets accounted for nearly half of the total number of DDoS attacks. The most notable was the XOR botnet, which malicious actors leveraged to launch attacks that peaked at more than 150 Gbps. A Kaspersky report released in December showed that almost half of the organizations hit by DDoS attacks actually claimed to know the identity of the attackers. The study is based on information from more than 5,500 companies across 26 countries. Source: http://www.securityweek.com/linode-hit-ddos-attacks

Visit site:
Linode Hit by DDoS Attacks

Massive DDoS Attacks of Over 1 Million Queries Per Second Threaten Root Servers That Support The Global Internet

Today, we share a blog post from Looking Glass’ Director of Product Management, Patrick Lynch, as he discusses distributed denial of service (DDoS) attacks on DNS root servers. On Nov 30 and again on Dec. 1, massive DDoS attacks against several Internet based DNS root servers with volumes of over 1 million queries per second threatened the global Internet. There is speculation that the attack was initiated by ISIS (here). Not only is this a risk to the Internet as a whole, but also impacts the Internet Service Providers (ISPs) that are the unfortunate middle link in the attack and whom the majority of Internet access depends on. Although the target was the DNS root servers, the intermediate ISPs probably were more severely impacted by the sudden spike in the traffic load due to the relationship between DNS authoritative and recursive servers. Verisign provided additional information showing why the source IPs were spoofed, and the root servers’ users group also published some information. Arstechnica also has a description of the event. There are a number of actions that are available to an ISP that mitigate both the attacks on the DNS root servers, and on the ISP itself: Ingress filtering by source IP address – Routers can enforce BCP38 that only allows traffic to originate with source IP addresses that are valid for that ISP. This will also prevent source and destination addresses from being the same. If Ingress filtering is not practical, then having a DNS firewall will provide similar capabilities to ingress filtering as well as additional capabilities such as: Only allow queries from allowed IP ranges Rate limit queries by source IP or destination IP to prevent volumetric attacks Rules that prevent DNS responses (as opposed to queries) going to the root servers When an upstream DNS server is busy (as in a DDOS attack), automatically generate a server unavailable error and do not add to the DDOS attack Securing DNS is challenging given the nature of the protocol and the fact that the DNS ports must be left open to ensure continuous delivery of DNS services to Internet attached devices. Source: https://lgscout.com/massive-ddos-attacks-of-over-1-million-queries-per-second-threaten-root-servers-that-support-the-global-internet/

Read More:
Massive DDoS Attacks of Over 1 Million Queries Per Second Threaten Root Servers That Support The Global Internet

Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Turkey is suffering from a wave of cyber-attacks on financial and government websites which intensified over Christmas, resulting in the temporary disruption of credit card transactions. A video released this week and attributed to Anonymous vowed retribution for Ankara’s alleged ties with ISIS. The attacks on Turkish servers have been persistent in recent weeks, but on Christmas day Turkish banks suffered a website outage and reportedly saw sporadic disruption to credit card transactions. Isbank, Garanti and Ziraat Bank were among the targets, local media reported. “It is hard to determine where these attacks are coming from, with detailed work it will be understood whether these attacks are carried out by hackers or by certain groups” said the Minister of Communications Binali Yildrim. The DDoS attacks on Turkey’s “.tr” domain, Yildrim said were “serious” as they include domains of ministries, banks, and the military. The ministry asked Ankara’s Middle East Technical University (ODTU), which operates the “.tr” domain to step up security measures. ODTU’s analysis said that the attacks are coming from “organized sources” outside Turkey. Turkish Telecom, in a statement to Hurriyet daily, said that they are now on “24/7 defense” as they acknowledged facing “thousands of attacks.” Most Turkish institutions use Turk Telekom as their service provider. “The attacks are serious,” a spokesman for internet provider Turk Telekom, Onur Oz, told Reuters. “But the target is not Turk Telekom. Instead, banks and public institutions are under heavy attack.” The banking sector is one of the fastest growing areas of online services in Turkey and equates roughly to 1.5-2 billion transactions daily, according to Hurriyet. More than 85 percent of daily banking transactions in Turkey are carried out on digital platforms. “These attacks began two weeks ago but have intensified over the past two days,” said Burak Atakani, a network specialist from Istanbul Technical University. Some Turkish media outlets have speculated that the cyber-attacks might have been launched by Russia in retaliation to the downing of a Russian bomber by a Turkish fighter jet late in November over Syrian airspace. Meanwhile in a video, released this week allegedly by hacktivist collective Anonymous, hackers promised to take on the Turkish government over its alleged shady deals with Islamic State (IS, formerly ISIS/ISIL) terrorist organization. Anonymous especially threatened to bombard the banking sector. “Turkey is supporting Daesh [the Arabic name for IS] by buying oil from them, and hospitalizing their fighters. We won’t accept that [Recep Tayyip] Erdogan, the leader of Turkey, will help [IS] any longer,” says a video message from the group. “We will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.” Special Cyber government security units within the Information and Communication Technologies Authority (ICTA) and the Telecommunications Directorate (TIB) have been deployed to stop the attacks. “Turkey is not in a position to be powerless in the face of these attacks,” said Customs and Trade Minister, Bulent Tufenkci. “I think that we’ll have necessary response.” Source: https://www.rt.com/news/327119-turkey-banks-cyber-attacks/

Read More:
Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Xen Project blunder blows own embargo with premature bug report

Malicious guest could eat your virtual rigs from the inside The Xen Project has reported a new bug, XSA-169 , that means “A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.”…

Link:
Xen Project blunder blows own embargo with premature bug report

Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next

A DDoS attack initiated by grey-hat hacker group Phantom Squad may have taken Microsoft’s Xbox Live online network offline for at least 3 hours today. If the hacker group’s threats are to believed, Sony’s PlayStation Network (PSN) may be next. Gamers, look away. This is going to make for painful reading. For the second time in two years, a hacker group may be disrupting two of the most popular gaming networks in the console gaming world, Xbox Live and the PlayStation Network. Hacked reported on the DDoS threats made by Phantom Squad a few days ago, after a series of tweets posted by the hacker group that also took credit for knocking Reddit offline recently. In a case of history repeating itself, the group is doing what infamous hacking group Lizard Squad did last year in December, disrupting gamers’ plans of going online with their consoles by taking down Xbox Live and PSN for several days last year. While the new group Phantom Squad threatened to take down the gaming networks during Christmas, Xbox Live suffered an outage in certain parts around the world for a few years today. To nobody’s surprise, Phantom Squad took credit for the outage. An update posted today on Xbox’s status website read: Hey Xbox members, are you having trouble purchasing or managing your subscriptions for Xbox Live? Are you also having an issue with signing into Xbox Live? We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We’ll post another update when more information becomes available. The message made no reference to any disruptions or DDoS attacks targeting the network although Microsoft nor Sony seldom acknowledge such attacks, even if they were bearing the brunt of such attacks. For now, Xbox Live Status shows all services are up and running and it is likely that Microsoft has found an IP range or two to block the DDoS requests flooding the servers, a common defense strategy against such attacks. Meanwhile, Phantom Squad has claimed that it will DDoS both gaming networks this Christmas Day. So we are going to DDoS Xbox&PSN on Christmas Day We Dont Joke We Are Always Watching Christmas Day PSN&Xbox This Is Not A Bluff #Phantom — PhantomSquad (@PhantomLair) December 18, 2015 The hacking group claims that the disruptions are to bring attention to the lack of cybersecurity in the gaming networks but gamers will argue the group is doing it simply to annoy a large population of console gamers looking to wind down and play games during the holidays. Hacked has previously reported on several disruptive malicious hackers, including those from Lizard Squad who have been arrested not long after their antics from Christmas last year. One of the suspects was arrested in the UK in January this year while another was apprehended as a part of a wider operation in March 2015. Hacked will keep you updated on this story as it unfolds in the week leading to Christmas. Source: https://hacked.com/xbox-live-suffers-ddos-disruption-playstation-network-may-next/

Read this article:
Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next