‘That’s not us spamming, honest’ cries hosting firm Spammers are using loop holes in the internet routing registry to commandeer address space and pump out junk mail, and potentially launch denial of service attacks and steal traffic.…
Read the original:
Dormant IP addresses RIPE for hijacking
India stands first in a list of 50 countries where distributed denial-of-service (DDoS) originate and cybercriminals can get DDoS attacks on hire for Rs. 300 for a three-minute assault. These were the findings of a research titled ‘The continued rise of DDoS attacks’, conducted by engineers and analysts at Symantec, evaluating data between January and August 2014, based on its 41.5 million attack sensors and records of thousands of events per second in 157 countries. A DDoS attack is an attempt to deny a service to users by overwhelming the target with activity. Botnets bombard the server with requests which it is unable to understand or process. It is ‘distributed’ as multiple sources attack the same target. The legitimate user gets messages such as ‘the server is undergoing technical problems and will be right back’. Any home computer can be part of a botnet due to installation of malicious software. While the study said 26 of all the DDoS traffic originated in India, (followed by the U.S., Singapore, Vietnam and China), Tarun Kaura, director, Technology Sales, Symantec India, told The Hindu that it did not mean people launching DDoS attacks were located in India, as the attacks were orchestrated remotely. He said, “It does not mean the hackers are Indians or that the targets are Indians. But it indicated India’s emergence as a hotbed for launching the attacks due to low cyber security awareness and inadequate security practices. This is because sources for the attacks are countries that have a high number of bot-infected machines and a low adoption rate of filtering of spoofed packets.” In spoofed packets, a sender can make it appear like the data packet has arrived from a different source. The study further said “booter” services were available on rent so a DDoS attack could be “hired” at Rs. 300 ($ 5) for a few minutes against targets. Booter services are web-based services that do DDoS attacks for hire at low prices. Higher prices fetch longer attacks and gamers use them as a monthly subscription service to kick at competitors. DDoS attacks are a favourite with hacktivists and cyber gangs to threaten rivals, settle personal grudges, and to distract IT security response teams. Most attacked sectors globally are the gaming, software, and media industries. In future, attacks were likely to increase in mobile and Internet of Things (IoT) devices, and users should protect their servers and know their network’s “normal” behaviour to respond to attacks, the study said. Source: http://www.thehindu.com/news/cities/bangalore/your-computer-might-be-launching-a-ddos-attack/article6580933.ece
Dump docs on users’ disks using only ASCII art (°O°) Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation.…
Read the article:
Emoticons blast three security holes in Pidgin 🙁
On Saturday, an attacker and blackmailer “DD4BC” sent a note to the Bitalo Bitcoin exchange threatening distributed denial of service (DDoS). DD4BC demanded 1 Bitcoin (about £206, $326) as protection money and for “info on how I did it and what you need to do to prevent it”. Hello Your site is extremely vulnerable to ddos attacks. I want to offer you info how to properly setup your protection, so that you can’t be ddosed! My price is 1 Bitcoin only. Right now I will star small (very small) attack which will not crash your server, but you should notice it in logs. Just check it. I want to offer you info on how I did it and what you have to do to prevent it. If interested pay me 1 BTC to [Bitcoin address] Thank you. Bitalo CEO Martin Albert eschewed the offer for lessons on avoiding DDoS. Instead, the exchange slapped a bounty on DD4BC’s head, to the tune of 100x the ransom money. That price may seem steep, but this is serious business to Albert, who told Motherboard that his company wants to show that it’s serious. He noted that while its users’ funds were never at risk because of Bitalo’s multi-signature setup, extortionists like DD4BC nonetheless threaten the smaller startups that complete the global Bitcoin community. These kind of people can do much more harm to the community than any government by regulation or something like that, in my opinion. Fear and uncertainty take their toll as well: Bitcoin value plummeted after the fall of Mt. Gox. DD4BC’s DDoS attack on Bitalo lasted two days. Albert said that the company soon found out that the same attacker was behind threats to others: Immediately we figured out it was not an unknown guy; it was this guy who also threatened many other people. The list of DD4BC’s targets include exchange CEX.io and Bitcoin sportsbook Nitrogen Sports, Albert said. Now, the company is offering 100 BTC – about $32,859 or £20,599 at Tuesday’s exchange rates – through the Bitcoin Bounty Hunter site. This isn’t the first bounty for a Bitcoin burglar, but it’s the biggest by far. Other bounties include: ?37.6875 (approx. $12,331, £7,710) For help in catching whomever broke into the email accounts of Satoshi Nakamoto – the person or people who created the Bitcoin protocol and reference software – and Bitcoin angel investor, evangelist, the founder himself of the Bitcoin Bounty Hunter site, and a man known by some as the “Bitcoin Jesus”, Roger Ver. ?2.1249 (approx. $698, £434) For help in catching whomever’s behind the missing 600K BTC from Mt. Gox. Ver told Motherboard that he started the bounty site in September after somebody got into an old email account and started making threats: Somebody hacked an old email account of mine and then was claiming they were going to steal my identity. [They also demanded] that I pay them $20,000 worth of bitcoin or they were going to ruin my life and ruin my family’s life, and they made all sorts of nasty threats. At the time, Ver offered a 37 BTC reward in a Facebook post for “information leading [to] the arrest of the hacker.” The problem was that he didn’t know what to do with the information people sent him, he said, some of which appeared legitimate but some of which were clearly a joke. Thus was Bitcoin Bounty Hunter born: a site that allows anyone to offer information and claim a bounty anonymously. It relies on the site proofofexistence.com, which requires informants to send in details in a manner that proves that they know something without revealing what it is that they know. In order to claim any of the bounties, the culprit has to be arrested and convicted. Why not just go to the cops? Ver told Motherboard that when he’s been targeted by theft in the past, he had to track down the stolen parts himself before the police became interested. The police in California did absolutely nothing to help, they didn’t even lift a finger. Going to the police, traditionally, they don’t do much of anything to help at all. By providing a bounty I think you can provide an incentive to have anybody – including the police – to actually do the right thing and help victims of crimes. Albert said there haven’t been any real tips on the Bitalo attacker yet, but the company’s also analysing traffic to try to get at the blackmailer’s identity. Source: http://nakedsecurity.sophos.com/2014/11/05/100-bitcoin-bounty-slapped-onto-head-of-blackmailer-who-ddosed-bitalo/
Taken from:
100 Bitcoin bounty slapped onto head of blackmailer who DDoS attack Bitalo site
Now we’re not saying it was the Chinese government, but… Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye.…
More:
Pro-democracy Hong Kong sites DDoS’d with Chinese cyber-toolkit
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says. An unclassified portion of the White House network has been hit with what appears to be an ongoing cyberattack. Efforts to mitigate the threat have resulted in temporary system outages and loss of network connectivity for some users, a National Security Council spokeswoman confirmed Wednesday. The attacks have not caused any damage to White House computers or systems, though some elements of the unclassified network have been impacted, the official said. “The temporary outages and loss of connectivity for our users is solely the result of measures we have taken to defend our networks,” the spokeswoman stressed in an emailed statement to Dark Reading. The Executive Office of the President (EOP) routinely receives alerts about potential cyberthreats against White House systems and discovered the current attack while following through on one such alert. White House cyber security staff is still assessing the severity of the attack and ways to mitigate it, the statement added. “Certainly a variety of actors find our networks attractive targets and seek access to sensitive government information.” An internal White House memo to staff members obtained by The Huffington Post noted that EOP component heads and senior directors at the NSC have put in place several interim measures to help employees on high priority tasks to continue work as usual. Some of the system outages and connectivity issues resulting from the attack have been resolved while others are in the process of being remediated, the memo said. The White House has not released any details on the nature of the attack or the person or group that might be responsible for it. But some media reports citing unnamed White House sources have claimed that the attacks have been going on for at least two weeks. This isn’t the first time that the White House has been the target of a cyberattack. In 2012, malicious attackers used a spear phishing attack to gain access to a non-classified system used by the White House Military Office. In 2009, the main White House website was one of the targets of a distributed denial of service (DDoS) attack campaign that also targeted the Pentagon, the Department of Homeland Security, and several other government networks. A similar DDoS attack temporarily took down the whitehouse.gov website back in 2001. Cyberattacks against White House networks have invariably tended to be portrayed as significantly hostile actions against the US by unfriendly nations. Many have tended to blame China in particular for such attacks though the actual proof for such claims has been somewhat tenuous. News of the latest attack is sure to fuel similar speculation especially because it comes just one day after security vendor FireEye’s new report on APT28, a Russian hacker collective that is believed responsible for numerous attacks against government and other websites. The group is believed engaged in widespread espionage activities and appears to be sponsored by the Russian government, according to FireEye. Security analysts themselves have in the past cautioned against reading too much into reports of cyberattacks against the White House in the absence of any real information on the nature or scope of the attacks. “Government networks the world over are on the front lines of a digital conflict, so it’s no surprise the White House has been targeted, as it presents a very rich target,” said Chris Boyd, malware intelligence analyst at Malwarebytes Lab in emailed comments. Though no White House systems appear to have been compromised, the attack serves as a reminder of how geopolitical tensions are expressed these days, he said. John Pescatore, director of emerging security threats at the SANS Institute said reports of the attacks needs to be viewed in a slightly broader context given all that has been happening recently with White House security. “Given what seems to be a decrease in rigor around physical protection of the White House, I think we do have to be concerned about cyber security protection around White Houses computer systems,” Pescatore said. “I have no insight into what attacks actually occurred, but the reports make it sound like suspicious activity was detected and dealt with quickly. Those are good things. But that is what the first reports of the fence jumper said as well.” Source: http://www.darkreading.com/attacks-breaches/white-house-says-unclassified-network-hit-in-cyberattack/d/d-id/1317060?_mc=RSS_DR_EDT
Link:
White House Says Unclassified Network Hit In Cyberattack
As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks. Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited Discover how to implement multi-layered DDoS defense Identify best practice detection and classification techniques Discover how to implement resilient DDoS incident response practices Date: November 12th 2014 Time: 10:00AM EST/15:00 GMT Click here to register !
See more here:
Register for DDoS Protection and Response Strategies Webinar!
Ukraine’s election commission website has been attacked by hackers on the eve of the country’s parliamentary polls. According to Ukrainian officials, the website came under cyber attack on Saturday, just one day before Ukraine is set to hold general elections. “There is a DDoS attack on the commission’s site,” said the Ukrainian government information security service. A distributed denial-of-service (DDoS) attack slows down or disables a website by flooding it with communications requests. The security service labeled the attack as “predictable” and went on to say that the website’s design insures that it could not be completely taken down and that it is currently completely functional. “If a site runs slowly, that doesn’t mean it has been destroyed by hackers,” the statement added. As for reports that the site was in control of hackers, Markiyan Lubkivskyy, an adviser to the Ukrainian Security Service said, “Any statements regarding the alleged successful unauthorized intrusions into the cyber space of the Central Election Commission or the elements of the elections systems do not correspond to the facts. Hackers are controlling nothing.” Ukraine’s snap elections were called in August as President Petro Poroshenko came under pressure to purge the parliament of lawmakers allegedly tied to the overthrown government of Viktor Yanukovych. As many as 36 million Ukrainians are eligible to take part in the parliamentary elections. The leaders of the breakaway eastern regions of Donetsk and Lugansk have refused to allow the polls to be held in territories under their control, with a population of almost three million. Ukraine’s mainly Russian-speaking regions in the east have been the scene of deadly clashes between pro-Russia protesters and the Ukrainian army since the government in Kiev launched military operations in mid-April in a bid to crush the protests. Source: http://www.presstv.ir/detail/2014/10/25/383623/ukraines-election-website-hacked/
Read More:
DDoS attack on Ukraine election commission website
As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website. What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”. Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances. The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out. These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities. When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering. I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support. In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month. Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients. The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service. Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack. We also include an external monitoring account with our service called DEMS which stands for our D OSarrest E xternal M onitoring S ervice . This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions. We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients. DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us. Please feel free to reach out to me directly or anyone on our sales team at sales@dosarrest.com for further information on our service. Brian Mohammed Director of Sales for DOSarrest Internet Security LTD.
See original article:
The DDoS Protections Services Landscape
A basic premise of a democratic society gives its citizens rights to participate in debate and effect change by taking to the streets to demonstrate. In the U.S., this is enshrined in the Bill of Rights under the First Amendment. But what happens when we all effectively live, work, shop, date, bank and get into political debates online? Because online, as Molly Sauter points out in her book The Coming Swarm , there are no streets on which to march. “Because of the densely intertwined nature of property and speech in the online space, unwelcome acts of collective protest become also acts of trespass.” Sauter argues that distributed denial of service (DDoS) attacks are a legitimate form of protest. Or at least one that needs to be examined in a larger context of lawful activism, rather than hastily and disastrously criminalized under the Patriot Act. Sauter is currently doing her Ph.D. at McGill University in Montreal after completing her Masters at MIT. Prior to attending MIT she worked as a researcher at the Berkman Center for Internet and Society at Harvard. So she’s been thinking about civil disobedience and digital culture for a while, although she admitting during a recent phone interview that “adapting and re-writing a Masters thesis into a book during the first year of doctorate study is not recommended.” As Sauter examines in The Coming Swarm , DDoS campaigns are not new. In fact they’ve been used for almost 20 years in support of various political movements from pro-Zapatista mobilization to immigration policy in Germany and, most notably, at 2010 G20 in Toronto. “Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space,” she told PCMag. “Actions that take place in the online sphere can only ever infringe on privately held property. The architecture of the network does not, as of yet, support spaces held in common.” The book also delves into extensive technical discussion on the evolution of simple denial-of-service attacks, where a single computer and Internet connection breaches a firewall, floods a server with packets, and overloads the system so that it malfunctions and shuts down. According to Sauter, it was the switch to distributed denial-of-service attacks that really got the authorities’ attention. Mainly because the distributed nature of attack, using zombie machines to hide the original source of the activists’ IP addresses and often effect malware, made detection almost impossible. It was then that the nature of digital debate was re-framed as a criminal act rather than civil disobedience. Source: http://www.pcmag.com/article2/0,2817,2469400,00.asp
More:
DDoS Attacks: Legitimate Form of Protest or Criminal Act?