There's been an increase in the use of outdated Routing Information Protocol version one (RIPv1) for reflection and amplification attacks, according to Akamai. RIPv1 is a fast, easy way to dynamica…
Original post:
Rise in DDoS reflection attacks using abandoned routing protocol
For Canadians, July 1 is Canada Day—but to Anonymous, it’s also the perfect occasion to launch a protest campaign of distributed denial of service (DDos) attacks. The internet activist group announced on Wednesday morning that it had planned #AntiCanadaDay protests in support of its #OpCyberPrivacy campaign, created in opposition to Canada’s controversial, recently-passed anti-terror legislation, Bill C-51. The bill grants the Canadian Security Intelligence Service (CSIS) broad powers—with judicial authoriziation—to do just about anything to “disrupt” and investigate terrorist plots and propaganda, both online and offline. “We protest against the systemic invasion of privacy by government and corperate [sic] entities around the world,” the announcement reads. “We stand ardent in our defiance to all those who would take away our rights and freedoms.” A full list of targets, posted shortly before the #AntiCanadaDay attacks began, lists the websites of Liberal party leader Justin Trudeau, Minister of Justice Peter McKay, the Canadian Security Intelligence Service (CSIS), and the Canadian Senate as “main targets.” A host of other lobbyist groups and senators who voted in favour of Bill C-51 are listed as targets too. “All Canadian government web assests [sic] are fair game,” read the statement. “Lazors free on all federal, provincial and municpal [sic] services.” Shortly after noon, accounts on Twitter associated with the campaign reported that multiple government of Canada websites had been taken offline. When Motherboard attempted to access sites such as Canada.ca and sencanada.ca, for example, pages either loaded slowly, displayed an error, or did not load at all. “Remember hold nothing down for protracted lengths,” said an operation admin in the group’s chat room. “This is after all just a protest.” In a separate chat room interview, members told VICE News reporter Hilary Beaumont that eight people belong to the core #OpCyberPrivacy team. “We all expect blowback for today,” wrote one of the users, but said that it was worth the risk. “This bill violates the charter of rights and freedoms, universal declaration of human rights,” a user said, citing the threat of more invasive spying offline, and the potential to be arrested without a warrant and held without charge. “They make the rules up as they go,” wrote another member. “So if I’m a perfectly law abiding citizen who is impacted greatly by something and I protest I can be arrested [because] criticizing that is terrorism.” By early afternoon, focus had shifted to sites such as the Canadian parliament domain parl.gc.ca, and Conservative party Prime Minister Stephen Harper’s domain pm.gc.ca. The admin said the government was “putting up a good fight.” “They are adding load balancers, moving servers, closing off access,” wrote another user. “Some of the pages up [at the moment] are only cached versions.” The protest is expected to continue until midnight. Source: http://motherboard.vice.com/read/anonymous-is-celebrating-canada-day-in-protest-with-attacks-on-government-sites?utm_source=mbtwitter
Read the original:
Anonymous celebrates Canada Day with DDos attacks
The website for CSIS, the Canadian Security Intelligence Service, appears to have gone down again — less than 24 hours after a suspected rogue hacker took the site down in a so-called denial of service attack. The website for Canada’s spy agency went offline shortly after 9 a.m. ET Tuesday. While the cause is still unknown, when the website went down Monday night, sources told CTV’s Mercedes Stephenson that a rogue hacker who had previously launched attacks on several municipal and police websites, had claimed responsibility for the CSIS attack. A denial-of-service attack is not technically a hack into the site, but the attack does prevent Internet users from accessing the website. “Experts I’ve spoken to say it is very hard to stop this kind of attack,” Stephenson told CTV News Channel Tuesday morning. “The level of sophistication and the number of ways they are attacking one website at one time to send it offline is very hard to prevent.” She says sources tell her that the hacker isn’t attempting to steal information in these attacks. “This is all about trying to embarrass the government, intelligence agencies and the police,” she said. The hacker is trying to draw attention to the controversial Bill C-51, as well as the case of an Ottawa teen who was charged in an alleged “swatting” incident. The hacker believes the teen was framed, sources tell CTV. A spokesperson for the Ministry of Public Safety and Emergency Preparedness, acknowledged in a statement Monday night that the CSIS website had gone “temporarily offline.” “No information has been breached. We are taking cybersecurity very seriously,” spokesperson Jean-Christophe de Le Rue said. The same hacker was previously connected to hacking group Anonymous, but appeared to be operating alone on Monday, sources said. The person believed to be responsible tweeted out several messages about the CSIS website Monday, including: “I’m deciding if I should let CSIS back online and hit another government website, or if I should keep it offline for a while.” Less than two weeks ago, several government websites — including ServiceCanada.gc.ca and Parl.gc.ca — were hit by a denial of service attack. Anonymous claimed responsibility. Source: http://www.ctvnews.ca/canada/csis-website-goes-down-again-1.2447166
Bad taste still lingers Botnet slaughterer Brian Wallace has created a module to detect when attackers are using the popular browser-busting BeEF hacking framework.…
Continue reading here:
Vegan eats BeEf, gets hooked
There are things in this world that are far less enjoyable than having your website knocked offline to be certain. That being said, it can have a massive impact to your day or that of a company trying to make a living by selling their wares online. I remember early on one of the first large scale distributed denial of service (DDoS) attacks to launch was aimed at the White House. This was an attack that was expected at the time to be a withering assault that could reduce the White House website to a pile of molten “cyber” in the guise of what was dubbed a “virtual sit-in”. This took place in May 1998. There was concern at the time since this was not something that people had really given a lot of thought to at the time. But, in the end the web server had it’s IP address changed. It was that simple. The attackers had planned to attack not the domain name but, the IP address that was associated with the site. Simple presto change-o and the problem was fixed. These days it isn’t that simple to avoid becoming the victim of a distributed denial of service attack. There are different manner of DDoS attacks that can victimize a website. The vast majority of DDoS attacks are designed to overwhelm a site at the infrastructure level. The idea being to render the website and it’s resources unusable to the customers and the company or organization that run the site. This is cyber security equivalent of having a bully sit on your chest and say “stop hitting yourself, stop hitting yourself”. These type of attacks invariably lead to bragging on the part of the instigators. There seems to be an innate inability on the part of these attackers to keep their mouths shut. They seem to be incapable of just launching the attacks and want to be giving recognition for their endeavors. This frequently leads to them getting some press cycles and then a visit from the local constabulary. Assuredly not their desired outcome. This sort of media whoring plays well with much of the press as it provides a morbidly curious pubic with some level of insight into the instigators. When you drive by an accident on the side of the highway most of will slow down to look. It is human nature. So too is our apparent fascination with these attackers. What once began as an attacker defacing a website, later graduated to launching DDoS attacks. Now, those very attackers have demonstrated that they are no longer satisfied with press exposure. Now we see evidence of attacks being launched for money. Case in point is a crew that have been dubbed DD4BC for their pattern of launching attacks in a bid to collect bitcoin. We first saw them in 2014 when they ran trial run attacks against various websites. The curious point at the time was that they demanded a paltry sum from their victims. They were kicking the tires on their new machine. How this type of extortion attack would work is that they would launch a small burst of traffic against an intended victim and email them to ask them to look at their logs. This was a step to demonstrate that they were serious. The proverbial “look at my gun” approach that has worked for bank robbers for decades. The DD4BC crew would demand money and in the event the website operators failed to cave in to their demands they would launch their attack. As time progressed the cost to stop the attack would rise. I sincerely hope that no one has in fact paid the ransom that they demanded. This would only encourage them to launch more attacks. Also, for any site that would pay their demands this would provide them no guarantees that the attackers wouldn’t return to demand more money. Attackers have evolved with the times and so to should website operators. The need to have a web site that is designed to fail is clear. If you come under attack today, how will you scale? How will you defend your website? Telling them to go away or you will taunt them again simply won’t suffice. Source: http://www.huffingtonpost.com/dave-lewis2/ddos-attacks-have-graduat_b_7639516.html
More here:
DDoS Attacks Have Graduated to Extortion
Turns out, it wasn’t that big of a deal after all The Register has discovered that the unspecified IT attack which left 1,400 passengers of LOT Polish Airlines stranded in Warsaw was a simple DDoS issue, which had so impeded the airline’s connection that it could not produce its flight plans in time for take offs.…
See more here:
Polish plane IT attack? Apparently not, just a simple DDoS
Roughly 1,400 passengers were temporarily stranded at Warsaw’s Frederic Chopin airport over the weekend after hackers were purportedly able to modify an entire airline’s flight plans via a distributed denial of service (DDoS) attack. On Sunday someone was able to infiltrate the computer system of the Polish airline LOT and successfully cancel 10 of the carrier’s flights. A dozen other flights were reportedly delayed, according to Reuters. Many passengers were able to board the flights — destined for Munich, Hamburg, Dusseldorf, and Copenhagen, among other cities — later in the day and regular service was resumed Monday according to LOT spokesman Adrian Kubicki. The airline insists that at no point was the safety of any ongoing flights at risk, nor were any other airports affected, but stressed that the attack could be a sign of things to come. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” Kubicki warned, adding that authorities were investigating the attack. LOT’s chief executive Sebastian Mikosz reiterated Kubicki’s sentiments in a press conference on Monday. “This is an industry problem on a much wider scale, and for sure we have to give it more attention,” Mikosz said, “I expect it can happen to anyone anytime.” Kubicki claimed the attack may have been the result of a distributed denial of service attack on Monday and that LOT experienced something he called “a capacity attack” that overloaded the airline’s network. While technical details around the incident have been scant, several security researchers agree it could be cause for alarm. Ruben Santamarta, a principal security consultant for IOActive has called the security of planes into question before and based on the statement given by LOT’s spokesman believes the airline may have fallen victim to a targeted attack. “Initially, it seems that flight’s plan couldn’t be generated which may indicate that key nodes in the back office were compromised,” Santamarta said Monday. “On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.” Last summer at Black Hat Santamarta described how aircraft — including passenger jets – along with ships, oil rigs, and wind turbines could be compromised by exploiting its embedded satellite communications (SATCOM) equipment. Andrey Nikishin, Director of Future Technology Projects at Kaspersky Lab, believes there could be two stories behind the hack. The incident could’ve come as a result of human error, or an electrical or hard drive malfunction, Nikishin claims, or perhaps stem from a “more Hollywood style scenario” wherein the attack is a precursor to a bigger, more significant disruption. “Warsaw airport is fairly small compared to Schiphol (Amsterdam) or Heathrow (London) and, depending on the time of day, there are only around 11 flights taking off every hour. ” “What if the incident was just a training action or reconnaissance operation before a more massive cyber-attack on a much busier airport like Charles de Gaulle in Paris or JFK in New York?” Nikishin said. “Regardless of the reason and the threat actors, we can see how our life depends on computers and how vulnerable to cyber-threats national critical infrastructure objects have become.” Earlier this year security researcher Chris Roberts made headlines by getting removed from an American Airlines flight and questioned by the F.B.I. after he claimed he was able to compromise its onboard infrastructure. Roberts told the F.B.I. that he managed to hack into several planes’ in-flight entertainment systems nearly 20 times from 2011 to 2014 although most airlines have refuted these claims. Source: https://threatpost.com/polish-planes-grounded-after-airline-hit-with-ddos-attack/113412
Read More:
Polish Planes Grounded After Airline Hit With DDoS Attack
Not the way you want to lead the world Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place.…
Original post:
US the world’s botnet mothership says Level 3
Around 1:30 pm ET on Tuesday afternoon, Canadian government websites became inaccessible due to a denial-of-service attack, The Globe and Mail reported. The attack affected industry, employment, national resources, fisheries and oceans, justice, labor, foreign affaisr, environment and transportation related websites. A denial-of-service attack, sometimes called a DOS attack, occurs when hackers flood a website with traffic, essentially leaving it unusable to normal users hoping to browse the site. It is unclear why Canada’s government websites faced this attack or who the hackers are. Source: http://www.newsweek.com/canadian-government-websites-inaccessible-following-denial-service-attack-344002
Link:
Canadian Government Websites Inaccessible Following DDoS attack
Voat was just a small Reddit knock-off before last week — but now it’s becoming overloaded as people threaten to leave the bigger site So many people are leaving Reddit that its closest competitor crashed and had to ask for donations to stay up. Many users of the site protested and left when last week it banned five subreddits for harassment. And since, users have been making good on threats to leave the site — going instead to a Swiss clone of the site, Voat. That site look almost exactly the same as Reddit, and features many of the same communities. But it is committed to a rule of “no censorship” — previously Reddit’s attitude, but one that it has moved away from as it has attempted to reduce the harassment and abuse on the site. So many people have moved to the Swiss knock-off that it has been down entirely many times since the Reddit bans. In response, the site asked for donations in bitcoin to pay for extra technology to keep the site up. That doesn’t seem to have worked, and the site says that it is now under a distributed denial of service attack, where users send a flood of requests to a website to take it down. But despite the problems, the site now has more than twice as many users as it did late last mnth, according to the site’s Twitter account. It had over 96,000 registered users last night, it said — far from the 172 million unique visitors that went to Reddit in the last month, but up many times over recent weeks. Voat’s founder said that the site was “not ready for such a huge influx of new users” and that it hadn’t “prepared for such a large and sudden increase either”. “We are sorry to see Reddit change like this, in this way, in such an accelerated fashion,” Atko wrote. “We would have never anticipated such events.” Source: http://www.independent.co.uk/life-style/gadgets-and-tech/news/reddit-alternative-breaks-because-so-many-people-leave-site-after-harassment-scandal-10321474.html
Read More:
DDoS Attack on Voat due to Reddit