Category Archives: DDoS Vendors

Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

Lack of some elementary security measures can risk your router’s security and this has stemmed to grow into a large-scale denial-of-service (DDoS) attacks using these hacker-controlled routers. A web security firm Incapsula has discovered a new router based botnet Mr Black while investigating some DDoS attacks against its customers since this December. Hackers exploited routers’ negligent security measures to launch these attacks all over the world. According to this report published by the security firm, the routers made by Ubiquiti Networks had DDoS malware installed on them. The routers were not hacked due to some vulnerability in the hardware. Instead, it happened because of the deployment of the router in an insecure manner that exposed their management interfaces using the default credentials over SSH and HTTP. The routers that were inspected were found to have 4 versions of Mr Black, a DDoS program and altogether thirty-seven variations of Mr Black were detected. Other DDoS programs included DoFloo, Mayday and Skynet (a remote sensing tool). In some earlier versions of the report, Incapsula said that it believed that the hacktivist group Anonymous was one of the few groups those used the compromised routers. It is yet not clear that why Anonymous was highlighted in the report, but it is certain that few people who call themselves “Anonymous” were using the routers. The original article on the Daily Dot was edited to remove the fact that botnet directs to irc (dot) anonops (dot) com. Total 40,269 different IP addresses were detected from 1,600 ISPs spread across 109 countries. The main affected countries were Thailand (64%), Brazil (21%), United States (4%) and India (3%). To control these routers, 60 servers were hacked and majority of these were in China and the U.S. To save themselves from the DDoS attacks, users must make sure that their routers’ management interfaces aren’t exposed over HTTP or SSH to the internet. They can also use some tools available to scan their router’s IP for open ports and change their default login credentials. With inputs from Anon.hq Source: http://omdpatel.blogspot.tw/2015/06/anonymous-hijacks-thousands-of-insecure.html

Read more here:
Anonymous Hijacks Thousands of Insecure Routers to Power Its DDoS Tools

DD4BC Shifts Focus to Businesses, Continues DDoS Attack

Cybercriminals and extortionists demanding Bitcoin as ransom is on the rise these days. Due to the easy of transfer and pseudonymity associated with Bitcoin transactions, it has become the currency of choice for them. We have been hearing about ransomware, hacking incidents where sensitive data is stolen from computers and even extortion by threatening to physically harm an individual, the only common factor in all these cases is the ransom, to be paid in Bitcoin. There is one such cybercriminal group called DD4BC who have made it a regular habit to launch Distributed Denial of Service (DDoS) attacks on the websites belonging to Scandinavian companies. Once they launch an initial DDoS attack, they will blackmail these companies to pay about 40 bitcoins to avoid further attacks on their IT infrastructure. In most cases, the group sends out emails to the targeted firm within hours of launching the first DDoS attack. These emails, demanding ransom in Bitcoins also promises the victims that it is a one-time thing and if they pay the ransom, DD4BC will not attack them again. DD4BC also claims in the mail that even though they do bad things, they are going to keep their word. It is surprising that the group which was targeting European banks and financial institutions all these days has suddenly shifted their target to businesses in Scandinavia. Recently DD4BC allegedly tried to extort money from Bitalo Bitcoin Exchange – 1 BTC in exchange for information on how to prevent DDoS attack. But the plan seemed to backfire when the CEO of the Exchange, Martin Albert announced a bounty of 100 BTC for information about the person/people behind DD4BC. Among the list of Bitcoin sites targeted by DD4BC includes CEX.io and Bitcoin sports book Nitrogen Sports. Recently an Australian company was hacked into by unidentified perpetrators. They allegedly stole sensitive data, asking for ransom. They have also threatened to harm family members of one of the top officials from that company. Source: http://www.livebitcoinnews.com/dd4bc-shifts-focus-to-businesses-continues-ddos-attack/

Read More:
DD4BC Shifts Focus to Businesses, Continues DDoS Attack

Cost to launch DDoS attack from botnets for hire

Could you pass up a $40,000 return on a $20 investment? Odds are you couldn’t if you enjoy wreaking havoc on a business. New research released today by Incapsula shows distributed denial of service (DDoS) assaults continue to be expensive nuisances for online businesses — and that the attacks can be launched from botnets-for-hire for around $38 a month. A DDoS attack costs a business $40,000 per hour in terms of lost business opportunities, loss of consumer trust, data theft, intellectual property loss and more, Incapsula estimates. When you consider top attacks last for days and that half of all targets are repeatedly hit, it’s easy to see how quickly costs escalate. A Lot for a Little “What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month. This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes,” the security firm noted in its 2015 DDoS Threat Landscape Report (registration required). Last year Incapsula reported a 240 percent increase in DDoS activity. This year, although DDoS activity is still rising, Incapsula highlighted shifts in the methods, length and types of attacks. Incapsula defines an attack as a persistent DDoS event against the same target (IP address or domain). It is preceded by a quiet (attack free) period of at least 10 minutes and succeeded by another such period of the same duration or longer. The study differentiates between network layer and application layer attacks. These definitions refer to the Open Systems Interconnection model (OSI Model), which conceptualizes the process of data transmission by segmenting packets into seven layers. Network layer attacks target the network and transport layers (OSI layers 3 and 4), while application layer attacks target OSI layer 7. The analysis is based on data from 1,572 network layer and 2,714 application layer DDoS attacks on websites using Imperva Incapsula services from March 1 through May 7. “Assaults against network infrastructures continue to grow in size and duration. Those aimed at applications are both long in duration and likely to be repetitive. The upshot for organizations of all sizes is that simply weathering the storm is no longer a viable strategy — the impact will be big, durable and likely recurring,” the report notes. On That Depressing Note Here are a few of the report’s key findings: Once a target, always a target: 20 percent of websites are attacked more than five times DDoS attacks can last a long time: While 71 percent of all network layer attacks last under three hours, more than 20 percent last more than five days Some attacks are exceptionally long: The longest attack was 64 days DDoS for hire is more readily available than ever: Botnet-for-hire fingerprints are on roughly 40 percent of all attacks Five countries create most DDoS botnet traffic : 56 percent of DDoS bot traffic emerged from China, Vietnam, US, Brazil and Thailand What’s a Botnet-for-Hire? Opportunistic cybercriminals have the botnet-for-hire business model, a subscription scheme that provides each user with limited access to the botnet resources (usually for a cumulative duration of no more than 60 minutes per month). “During these short periods, individuals with little or no DDoS skill are able to execute assaults using one of the few available scripts (which are reminiscent of our definition of attack vectors),” the report notes. The average cost to rent-a-botnet for an hour each month through a DDoS subscription package is around $38, with fees as low as $19.99. The takeaway: It costs very little to bring down a website. “Perhaps putting a price tag on the damage caused by such services will bring more public attention to their activity, and to the danger posed by the shady economy behind DDoS attacks,” the report notes. Source: http://www.cmswire.com/information-management/you-can-bring-down-a-website-for-38/

Continue Reading:
Cost to launch DDoS attack from botnets for hire

DDoS attack on DigitalOcean for Alleged on-campus rape

Denial of service attack staged against DigitalOcean, which hosts video stemming from Columbia University student’s protest about alleged on-campus rape The service provider hosting the latest visual art project by Columbia University graduate Emma Sulkowicz has confirmed the site was temporarily disabled by a sophisticated cyberattack after the film which she warns “may resemble rape” was published online last week. Sulkowicz graduated from Columbia in May after completing a year-long performance art project in which she carried a dorm room mattress everywhere she went on campus to protest about the school’s refusal to expel the man she accuses of raping her. The website hosting Sulkowicz’s video, titled Ceci N’est Pas Un Viol, French for This Is Not a Rape, was hit by a denial of service (DoS) attack, in which hackers attempt to force a targeted website offline, according to Keith Anderson, platform support lead at DigitalOcean, where Sulkowicz site is hosted. “We can confirm that there was a denial of service attack on Thursday,” Anderson said. “On Friday there was also a spike in outbound bandwidth coming from the website, likely due to a sudden increase in traffic and unrelated to the attack, so we worked with their web team to resolve the issue and their site is back up and running.” Sulkowicz told the Guardian that she has no doubt the cyberattack was deliberate. But she said she was prepared for it. Her accusation that a classmate raped her was met with a backlash, counter-accusations and trolling. In the video Sulkowicz and an unidentified man engage in a sexual encounter that appears to begin consensually before turning violent. During the act the man slaps her multiple times, ignores her protests and and continues to have violent sex. Sulkowicz and her mattress became a powerful symbol of the movement to reform campus responses to sexual violence after vowing to carry it around campus as her visual arts senior thesis. The video is the artist’s first major work since the conclusion in May of her performance art piece Mattress Performance: Carry That Weight. Sulkowicz accuses Paul Nungesser of raping her in August 2012 at the start of their sophomore year. Columbia investigated the incident and later cleared Nungesser of all responsibility during a campus tribunal. Nungesser has maintained that the encounter was consensual and has since filed a lawsuit against the university, its president and an art professor alleging that the school enabled a harassment campaign. Sulkowicz called the experience of making the video “terrifying” and “traumatizing” but said she was determined to make it because she believed so strongly in its importance. “I was in a very scared, emotional state for days,” Sulkowicz told the Guardian. Sulkowicz said she conceptualized the project in December and pitched it to artist Ted Lawson, whom she met through performance artist Marina Abramovi?. While collaborating on a separate project with Lawson, Sulkowicz said she suggested the video and asked him to direct it. In an interview with ArtNet News, Lawson said: “It was a super risky piece and I thought very courageous, so of course I agreed.” They filmed the video in one of the university’s dorm rooms over spring break, Sulkowicz said. The male actor remains anonymous and his face is blurred in the video. The timestamps on the videos are blurred. Though Sulkowicz said her friends and family have been very supportive in private, she said it can hurt when they don’t support her publicly online. “The trolls don’t upset me as much as when my friends don’t support it,” she said. “I expect the trolls but to see my friends not support it [vocally] is upsetting.” Sulkowicz has said the encounter with Nungesser began consensually but then turned violent. The video echeos her account of that night in August 2012. Though Sulkowicz says it is not a re-enactment, she does appear in the video. Introductory text for the video contains a trigger warning: “The following text contains allusions to rape.” In complementary text published with the video Sulkowicz writes: “Ceci N’est Pas Un Viol is not about one night in August, 2012. It’s about your decisions, starting now. It’s only a re-enactment if you disregard my words. It’s about you, not him.” She characterized reaction to her latest piece as “somber”. Asked what that meant, she said: “With this piece there’s really nothing to rally behind. It’s really more of a quiet, reflective type of support.” Sulkowicz said she was working on a new art piece that she expects to publish soon. She would not give any hints about the theme of the new project. “It’s a different piece,” she said, “but I have only one body and one history to work with.” Source: http://www.theguardian.com/us-news/2015/jun/09/emma-sulkowiczs-this-is-not-a-site-taken-down-by-cyberattack

Taken from:
DDoS attack on DigitalOcean for Alleged on-campus rape

Unable to log on to online games? Blame cheap-rate DDoSers

Laying waste to human, elf, dwarf and orc alike, all for the love of gold Running botnets-for-hire to mount DDoS attacks has become cheaper and easier than ever, according to a new research.…

See original article:
Unable to log on to online games? Blame cheap-rate DDoSers

Bitcoin blackmail gang start hurling DDoSes at Scandinavia

Cough up or we’ll blitz you again, scum tell hapless marks Bitcoin extortionists DD4BC have begun targeting Scandinavian companies with complex DDoS attacks.…

Visit site:
Bitcoin blackmail gang start hurling DDoSes at Scandinavia

Google Chrome extension turned users into a DDoS botnet

Hola turned users’ PCs into a botnet, without their consent. Hola, an online service used for watching blocked videos and TV shows from websites outside of your country, has turned users’ PCs into a botnet without their consent. According to The Verge ,   the free-to-use software – which is available as a Chrome plugin – was secretly selling users’ “idle resources” (bandwidth), allowing anyone to buy traffic and redirect it to any site as a denial-of-service attack. This means that Hola users could have been part of a botnet attack. The reports came to light after sites were affected by the denial-of-service attacks from Hola’s network. Hola’s founder Ofer Vilenski said the site has “always made it clear” how its business model works. However, according to The Verge Hola’s users seem to have been almost universally unaware that their bandwidth was being sold off. Source: http://mybroadband.co.za/news/internet/127760-google-chrome-extension-turned-users-into-a-ddos-botnet.html

Continue Reading:
Google Chrome extension turned users into a DDoS botnet

How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon

In 2012, Anonymous introduced HOIC (high orbit ion cannon) as a replacement to LOIC (low orbit ion cannon). Unlike its predecessors, that were built upon C#, and later java. This new DDoS player was built upon the unsuspecting language of Visual Basic. Taught in high school classrooms, Visual Basic was largely seen by the programming community as a means for kids and young programmers to get their feet wet in the experience of programming. Considered by many programmers as grossly inefficient and a memory hog; Visual Basic was an unsuspected carrier for what would become one of the most powerful means of DDoS. One of the popular notions of HOIC has been its ability to randomize variables such as: user agent, referrer and URI, during an attack. In the same manner, an attack tool known as HULK (developed by: Barry Shteiman, 2012), written in Python, was developed in recent history. Within a controlled environment we tested these DDoS tools to judge their effectiveness and total output. In controlled trials the DDoS output of LOIC (Visual Basic on Windows) outperforms the DDoS output HULK (Python on Linux) by +40%. Figure 1: HOIC Test in Stable Windows Environment Figure 2: HULK Test While many of us in the Internet security industry ridicule and downplay the “kiddie hacker;” it is clear that it sometimes only takes a kiddie to build an empire. Lessons in open source economics teach us that in an open access environment, it takes only a small few to bring about radical change and innovation. Today HOIC has become one of the primary tools of groups such as anonymous. From this lesson, we can expect that challenges and sudden changes, will not come from those paid hundreds of thousands a year; but from those small few kiddies, whom are politically motivated and are paid nothing. Source: http://www.dosarrest.com/ddos-blog/how-visual-basic-broke-modern-python-welcome-to-the-world-of-high-orbit-ion-cannon/

Continued here:
How Visual Basic Broke Modern Python: Welcome to the World of High Orbit Ion Cannon