Category Archives: Security Websies

Linode Resets Customer Passwords After Breach, DDoS Attack

Cloud-based webhost Linode absorbed another body blow on Tuesday when it said it was resetting customer passwords after a suspected breach. The development compounded the company’s existing woes as it continues to battle a distributed denial-of-service attack that began on Christmas. A Linode representative said late Tuesday its executives were unavailable for comment and that an investigation was ongoing. The password breach was announced after the company said three accounts were accessed without permission and it discovered two Linode.com user credentials on an “external machine.” “This implies user credentials could have been read from our database, either offline or on, at some point,” Linode said in an advisory to customers. “The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.” Linode said it notified the customers whose credentials were found on outside machines and said there was no evidence of further intrusion into host or virtual machines. Linode markets its services toward developers and offers quick, scalable solid state driver server deployments. As of this morning, portions of the Linode website were still inaccessible, and the company said it has not been able to determine whether the DDoS attack and the password breach are related attacks. In the past, experts have warned that criminals will use easy-to-mount DDoS attacks against a target in order to distract IT and security staff away from the real target. “The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings,” Linode said. “You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.” Linode was relatively quiet about the DDoS attack until a New Year’s Eve blogpost from network engineer Alex Forster. Forster said that a criminal gang was using a botnet to fire bad traffic at Linode’s authoritative nameservers causing DNS outages. All public-facing websites and web and application servers were also targeted, taking down Linode Manager. The attackers also sent traffic at Linode’s colocation provider’s upstream routers and its internal network infrastructure causing packet loss. In all, Forster said there were more than 30 attacks carried out in the week between Christmas and New Year’s Eve. Source: https://threatpost.com/linode-resets-customer-passwords-after-breach-ddos-attack/115790/#sthash.PPbMALPg.dpuf

View post:
Linode Resets Customer Passwords After Breach, DDoS Attack

Linode forces password reset for all users due to suspected breach

New Jersey-based virtual private server provider Linode can't seem to catch a break. After being repeatedly hit with DDoS attacks from December 24 to early January, the company announced on Tuesday th…

Continue Reading:
Linode forces password reset for all users due to suspected breach

Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

Bitcoin exchange BTCC Technology Ltd. had an interesting time over the new year when it was targeted by a Bitcoin-for-DDoS (Distributed Denial of Service) attack, but in a great story we don’t see often enough, the company held steady and won, complete with a hilarious ending. The company first came under DDoS attack on December 31 when they received an email from an unknown source demanding they pay 1 Bitcoin ($430) in ransom or the attacks would escalate. Having ignored the demand, on New Years Day BTCC was targeted with a 10 Gbps DDoS attack, the strength of which was not expected by the company’s DDoS mitigation service. According to a post on Reddit, the DDoS protection provider said something along the lines of “This thing is huge! You guys aren’t paying us enough for this!” so BTCC paid them more, and the site stayed up. Naturally, as these things go, the second attack was followed by a new ransom demand by the hacker, who was now asking for a payment of 10 Bitcoin ($4300) to prevent a further attack. Instead of paying, BTCC just battened down the hatches waiting for the next attack. Another, more intense DDoS attack of several hours then followed, causing BTCC’s servers to experience some performance issues, including a partial loss of functionality. BTCC still refused to pay the ransom and instead upgraded their servers to cope even better with the increasing attacks. Another ransom email demand was received, with demand for  payment of 30 Bitcoins ($12924) with the hacker adding ““We will keep these attacks up until you pay!…. You had better pay up before you go bankrupt! Mwa ha ha!” BTCC once again ignored the demand, and the attacks recommenced, complete with more demands for Bitcoin. At this point BTCC had ramped up their mitigation efforts so much that no matter how much traffic the hacker sent it didn’t affect their service at all, to the point that the company stopped noticing many of the attacks as they usually failed to disrupt their networks for more than a few minutes after the upgrades they rolled out. Winning Around this point, despite his or hers best efforts and multiple demands, the hacker gave up trying to take the site down, but not before sending one last, hilarious plea to BTCC. “Hey, guys, look, I’m really a nice person. I don’t want to put you all out of business. What do you say we just make it 0.5 BTC and call it even?” This email was, like those before it, ignored by BTCC, which resulted in one final email from the now disgruntled, losing hacker: “Do you even speak English?” and that was that. Although DDoS attacks are serious business and not every company has the capacity to put into place defensive measures, sometimes a story just makes you want to smile. BTCC 1 vs hacker 0. Source: http://siliconangle.com/blog/2016/01/06/great-story-bitcoin-exchange-btcc-stands-firm-against-ddos-ransom-hacker-and-wins/

Link:
Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins

Under-attack Linode resets passwords after logins leak onto web

DDoS’d virtual server host’s hell continues Linode’s woes continue: the server hosting biz has just run a system-wide password reset on customer accounts after two Linode.com user credentials were discovered “on an external machine.”…

Read more here:
Under-attack Linode resets passwords after logins leak onto web

DDoS gang takes down BBC websites, Donald Trump’s campaign site over holiday weekend

A group of computer criminals used two separate distributed denial-of-service (DDoS) attacks to bring down all of the BBC’s websites and Donald Trump’s main campaign site over this past holiday weekend. The story begins on New Year’s Eve, when all BBC sites, including its iPlayer service, went dark for three hours. At the time, the UK-based news organization reported that the outage was the result of a “technical issue”. It later stated that a group calling themselves the “New World Hackers” had claimed credit for launching a DDoS attack against the broadcaster, as a “test of its capabilities” Since then, one of the group’s members who identified himself as “Ownz” took the opportunity to send a screenshot to ZDNet of the web interface that was used to attack the BBC. If the screenshot is legitimate, the group allegedly employed their own tool called BangStresser to launch an attack of up to 602 Gbps – a volume of traffic that well-surpasses the largest attack on record at 334 Gbps, as documented by Arbor Networks in the middle of year. Not untypically, BangStresser is itself protected from DDoS attacks by CloudFlare – one of the popular DDoS mitigation services often deployed by websites keen to protect themselves from attackers. The attack apparently made use of two Amazon Web Services servers, but managed to skirt around the company’s automated misuse detection systems as Ownz explained in an interview with ZDNet : “We have our ways of bypassing Amazon. The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it.” No other information has yet been provided about the attack. But whatever else transpired, the group was sufficiently pleased that they decided to use BangStresser to launch a DDoS against Donald Trump’s official campaign website, donaldjtrump.com, just a few days later. According to Softpedia , Trump’s website went down immediately on Saturday, January 2 and remained dark for several hours until DDoS mitigation solutions were put in place. The attacks, however, remained ongoing throughout the day against mail.trump.com domain, the Trump Organization’s Webmail service. Trump’s camp has yet to officially address the incident. A statement posted on Saturday by Trump’s campaign advisers (and redistributed via HackRead ) attributed the downage to “an unusually high volume of traffic” only. On Monday, Real Forums sat down with members of the group to inquire about their New Year’s exploits. Here’s what they had to say: “Our reasons behind the BBC attack was just a test of our capabilities. Although, the Trump site was the target. He can be very racist. We didn’t mean to cause as much damage as we did to BBC, but for Trump, Yes.” The group goes on to state that it plans to launch additional DDoS attacks against Trump and other large organizations like the BBC . The group also specifically mentions ISIS and the Ku Klux Klan as future targets. We’re not a week into 2016, and we’ve already witnessed DDoS attacks that have succeeded in taking down the websites of major news organizations and U.S. political candidates. It just goes to show that while malware is on the rise, DDoS attacks are not going anywhere in the New Year. As we all get back to work, we should therefore take the time to make sure our enterprises have the necessary DDoS mitigation technologies in place. Source: https://www.grahamcluley.com/2016/01/ddos-gang-takes-bbc-websites-donald-trumps-campaign-site-holiday-weekend/

Continue reading here:
DDoS gang takes down BBC websites, Donald Trump’s campaign site over holiday weekend

BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities

Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities

Linode Hit by DDoS Attacks

Cloud hosting company Linode has suffered a series of service interruptions due to distributed denial-of-service (DDoS) attacks launched against its infrastructure over the past few days. The campaign started on December 26 when the company reported that DDoS attacks had disrupted the Linode Manager and its website. On the same day, the attackers also targeted Linode’s DNS infrastructure, and the company’s data centers in Dallas, Atlanta, London and Newark. It took roughly 2-3 hours for Linode’s systems and network engineering teams and the company’s upstream providers to mitigate the attacks. On December 27, DDoS attacks were reported at the data centers in Atlanta, Newark, and London. Linode’s service status page shows that it took the company nearly four hours to mitigate the attack against the London datacenter, while network connectivity was restored in one hour, respectively two hours, in Atlanta and Newark. The attacks against various components of Linode’s infrastructure continued on Monday and Tuesday. In the early hours of Wednesday, shortly after announcing that a DDoS attack affecting Linode’s website had been mitigated, the company reported seeing continued attacks disrupting access to its web services. The latest update indicates that the Dallas data center was again targeted recently, causing packet loss. Kaspersky Lab reported in November that in the third quarter of 2015, Linux-based botnets accounted for nearly half of the total number of DDoS attacks. The most notable was the XOR botnet, which malicious actors leveraged to launch attacks that peaked at more than 150 Gbps. A Kaspersky report released in December showed that almost half of the organizations hit by DDoS attacks actually claimed to know the identity of the attackers. The study is based on information from more than 5,500 companies across 26 countries. Source: http://www.securityweek.com/linode-hit-ddos-attacks

Visit site:
Linode Hit by DDoS Attacks

Rutgers University Suffers Sixth DDoS Attack This Year

Three cyber-security firms could not handle the attack Rutgers University’s IT department has managed to restore all services after a large-scale DDoS attack kept some of its systems down for four days between December 24 and December 28. This is not the first time Rutgers University has been hit with a DDoS attack, having already reported on a similar incident back at the end of September . Earlier this year, at the end of March and start of May, university staff also suffered four similar attacks, with the longest one lasting for five full days. Sixth time this year, nobody has claimed responsibility yet The first five attacks were claimed by a hacker that went by the name of Exfocus, who admitted in an interview that he was hired via an underground forum to carry out the DDoS bombardment, and later paid in Bitcoin. Unlike in the case of the first five attacks, Exfocus has not come forward to claim responsibility. The Rutgers IT staff said the attack targeted the sakai.rutgers.edu URL, the University’s Sakai portal. Sakai is an open source, self-hosted Java-based course learning environment used primarily by academic institutions. The DDoS attack did not affect student activities since students are away for Christmas break, which started on December 24 and will end on January 5. A $3 million investment in IT security systems did not help at all Last August, Rutgers management spent $3 million / €2.67 million on security measures to bolster their online platform. According to NJ.com, the University hired three cyber-security firms. The unplanned investment was motivated by the March and May attacks. Despite this, the University’s DDoS mitigation provider has failed to live up to its job, both in September and in this most recent four-day-long attack. In his interview, Exfocus said that he controlled a botnet of 85,000 machines, and was able to launch DDoS attacks of around 25 Gbps, which is considered to be of a medium scale. The proper law enforcement agencies have been notified of the attack. Softpedia has reached out to Exfocus on Twitter. We’ll update the article if we uncover any new information. Source: http://news.softpedia.com/news/rutgers-university-suffers-sixth-ddos-attack-this-year-498229.shtml

See more here:
Rutgers University Suffers Sixth DDoS Attack This Year

Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC.tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group. In a video uploaded by Anonymous, the hacktivists said that their attack on Turkish servers was part of their ongoing operation #OpISIS. According to the video message, “We won’t accept that Erdogan, the leader of Turkey, will help ISIS any longer. The news media has already stated that Turkey’s Internet has been the victim of massive DDOS attacks . This lead Turkey to shut down it’s internet borders and deny anybody outside the country to access Turkish websites.” The hacktivists also warned the government that if Turkey didn’t stop aiding Daesh or ISIS the attacks will continue and target airports, banks, government and military servers. “If you don’t stop supporting ISIS, we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous. The cyber attack on Turkish root DNS servers took place last week which forced 40,000 .tr domains to go offline. Though the targeted domains were back online they same day however the accesses to those sites was kept limited. The state of Turkey has been accused of aiding and buying oil from the Daesh terrorist group. Some also accuse Turkey of being a safe passage for the groups recruitment in Syria. Source: https://www.hackread.com/anonymous-40-gbps-ddos-attack-on-turkish-servers/

More:
Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas

Hacker group Phantom Squad plans to shut down Xbox Live and PlayStation Network on Christmas. Forget the Grinch, there’s someone else who wants to steal Christmas. Phantom Squad, an online hacker group, has threatened to shut down Xbox Live and the PlayStation Network this Christmas by unleashing a series of DDoS (distributed denial of service) attacks — coordinated barrages of falsified incoming server traffic that causes the system to crash. DATA BREACHES AND CYBERATTACKS IN 2015 “We are going to shut down Xbox Live and PSN this year on Christmas,” the hackers tweeted. “And we are going to keep them down for one week straight. #DramaAlert.” We are going to shut down Xbox live and PSN this year on christmas. And we are going to keep them down for one week straight #DramaAlert — Phantom Squad (@PhantomSqaud) December 9, 2015 This could cause a big problem, because a lot of people are expecting to receive new gaming consoles on Dec. 25. If Phantom Squad is successful, this would be the second year in a row that these gaming networks go offline. Last year, the infamous hacker group Lizard Squad took credit for shutting down Xbox Live and PSN for two days. The group demanded more retweets and Twitter followers in exchange for restoring the servers. Phantom Squad, which said it has no relation to Lizard Squad, claims they’ve previously performed smaller outages on the gaming community servers, as well as other website such as Reddit. The group also explained in a tweet why it is that they perform these attacks. “I get asked a lot on why we do this? Why do we take down PSN and Xbox Live?” the tweet reads. “Because cyber security does not exist.” Sony and Microsoft have both received a series of attacks over the past year, but it’s still unknown what tactics they’ve developed to try and avoid these issues. Kim Dotcom, the infamous Internet entrepreneur behind Megeupload, has warned Sony and Microsoft that the attack could be avoided if they update their servers. “Warning @Sony & @Microsoft. You had 1 year to upgrade your networks. If Lizard Squad takes down PSN & XBOX this Xmas, we’ll be pissed! RT!,” Dotcom tweeted. Dotcom, who is also a gamer, helped stop last year’s attack by promising the hackers 3,000 accounts on his encrypted upload service Mega. While Sony and Microsoft work on strengthening their servers, people who bought a console as a gift this Christmas can unbox it, plug it in, and download all the updates as soon as they buy it. This process will let them at least play games offline on Christmas. Otherwise, if the hackers release a DDoS attack, the console will be useless without being powered on and updated. Source: http://www.nydailynews.com/news/national/hackers-plan-ddos-attack-psn-xbox-live-christmas-article-1.2467876

Link:
Hacker squad plans DDoS attacks on PlayStation Network, Xbox Live this Christmas