Category Archives: Security Websies

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International  DOTA 2  tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Read More:
DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

FBI to Banks: DDoS Extortions Continue

Don’t Pay Attackers or Scammers, Security Experts Warn Numerous firms across the financial services sector – and beyond – continue to face a variety of distributed-denial-of-attack and data breach extortion attempts. Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data. Richard Jacobs, assistant special agenct in charge of the cyber branch at the FBI’s New York office, reports that the bureau continues to see a large number of related shakedown attempts, with attackers in April making DDoS extortion threats against more than 100 financial firms, including some big banks and brokerages, MarketWatch reports. Some firms have reportedly been hit with demands for tens of thousands of dollars, and the FBI says that some victims do pay, even though attackers might never have followed through on their threats. Likewise, the payoff sometimes leads attackers to blackmail victims for even more money. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs tells Marketwatch. Attacks on the Rise This is far from a new tactic for criminals operating online, and law enforcement experts have long warned organizations to not accede to attackers’ demands. “Extortion types of attacks have always been around,” says information security expert Brian Honan, who heads Dublin-based BH Consulting and also serves as a cybersecurity advisor to Europol. “They were quite popular during the 1990s and early 2000s, waned for a while, but are now gaining popularity again with criminals. We are seeing a rise in such types of attacks both in the U.S. and in Europe.” Large financial institutions in particular appear to be getting singled out by blackmailers, says financial fraud expert Avivah Litan, an analyst at the consultancy Gartner. “The large banks are under an onslaught of [such] attacks; the smaller banks, I hear mixed things from,” she says. But banks don’t talk about such attacks much, she adds, “because no one wants the public to know that they’re being extorted.” The growth of such shakedown attempts has been driven in part by the increasing availability and ease of use of DDoS-on-demand services, Litan says. “It’s always been easy to get DDoS attacks, but now it’s just more organized, more readily available, and you can say, ‘I want to do it against these particular U.S. banks or U.K. banks,’ for example,” she says. Sometimes, attackers do follow through on their threats by executing DDoS disruptions or leaking data. Earlier this year, for example, a hacking team calling itself “Rex Mundi” demanded a payment of 20,000 euros ($21,000) from French clinical laboratory Labio, or else it would release people’s blood test results. When Labio refused to pay, the hackers dumped the data. The “Pedro Batista” Scam But at least some of these shakedown attempts appear to be little more than bluster. For example, one threat researcher – speaking on condition of anonymity – reports that in recent months, an apparently Portugal-based attacker or middleman named “Pedro Batista” has attempted to extort both the Federal Savings Bank, plus the Industrial Bank in China. Batista claimed in an email – sent to the researcher – to have obtained root access to an FSB MySQL database, which supposedly contained extensive information about the firm’s clients. For the Industrial Bank of China, Batista also claimed to have stolen a database containing employees’ salaries, plus usernames and passwords. Neither of those firms responded to Information Security Media Group’s queries about whether they could confirm having received blackmail notices from Batista, or if they had given in to the extortion demands. But Mikko Hypponen, chief research officer at F-Secure, says the Pedro Batista shakedown is a scam. “Since 2013, an individual using this name has been contacting security experts, offering vulnerabilities or leaked databases for sale,” he tells Information Security Media Group. “Those that have kept up the communication with him have found out that he had no goods or very little goods to actually deliver. He might be able to do some SQL injections to gain partial access to some information, but for the most part, this seems to be some kind of a scam operation.” How To Respond: 5 Essentials Organizations can simply ignore those types of scams, security experts say. But dealing with DDoS threats requires a more structured response, says Honan, who offers the following recommendations: React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats. Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help. Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate. Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits. Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business. Litan likewise advocates technical planning as the primary way to defend against threatened or in-progress DDoS attacks. Furthermore, if an organization’s DDoS defenses do fail to mitigate the attack, she says an excellent fallback strategy is to redirect customers to a backup site that attackers don’t yet know about. “If you are under attack, you have a miniature website set up that you can immediately redirect your customers to, with most of the functions on the site, so you don’t have to deal with extortion attempts – go ahead and DDoS me, it doesn’t matter,” Litan says. “Some of the large banks have done that, and it has worked effectively.” Above all, Honan says that on behalf of all would-be victims, no targeted organization should ever give in to extortion attempts. “Needless to say, you should not pay the ransom, as you have no guarantee the criminals will not attack you anyway, or that other criminals may target you in the future,” Honan says. “And by paying the demands you simply motivate the criminals to carry out similar attacks against you and others.” Source: http://www.bankinfosecurity.com/fbi-to-banks-ddos-extortions-continue-a-8446

More here:
FBI to Banks: DDoS Extortions Continue

FBI Warns of Increase in DDoS Extortion Scams

Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar ploy of either holding a victim’s data for ransom or threatening some kind of attack if a ransom isn’t paid. Ransomware gangs have been running rampant in recent years, using various kinds of malware to encrypt victims’ data and then demand a payment, usually in Bitcoin, for the encryption key. The scam that the FBI is warning about isn’t as intrusive as that, but it can be just as damaging. The attackers in these cases are emailing people inside organizations and demanding that they pay a ransom or face a DDoS attack. “Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution,” an alert from the FBI says. The FBI says that it believes there are several people involved in these scams and they anticipate that they will expand the number of industries that they’re targeting in the near future. Organizations that haven’t paid the ransom have in some cases been hit with the threatened DDoS attacks, but the FBI said they typically don’t last very long. “Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the FBI alert says. There have been high-profile incidents like this in the recent past. Basecamp, a project management console, was hit with such an attack in 2014 when attackers tried to blackmail they company and then hit it with a DDoS attack. Source: https://threatpost.com/fbi-warns-of-increase-in-ddos-extortion-scams/114092#sthash.2CvEua2m.dpuf

See the original article here:
FBI Warns of Increase in DDoS Extortion Scams

New York Site DDoS attack After Massive Cosby Story Goes Online

At 9PM on Sunday night, New York Magazine published to the web one of its most ambitious and powerful stories of the year, an extended interview with 35 women who have accused Bill Cosby of sexual assault. Within minutes, writers and editors heaped praise on the feature, but later into the night, it mysteriously disappeared, along with everything else hosted at NYMag.com, victim to an apparent denial-of-service attack. On Twitter, accounts identifying themselves as the hackers gave a variety of conflicting and implausible explanations for the attack, ranging from general animosity toward New York City to a personal connection with one of the women involved. The magazine’s only official statement came at 3:32AM: “Our site is experiencing technical difficulties. We are aware of the issue, and working on a fix.” As of press time, the site is still offline. So far, the attack is consistent with a denial-of-service (or DDoS) attack — an unsophisticated flood of traffic that blocks users from accessing a specific address without compromising the site itself. DDoS attacks can be launched cheaply from nearly anywhere, making them a favored tactic for activists and criminals alike. Mitigation techniques have grown more advanced in recent years, but the sheer volume of requests is often enough to knock a site offline or slow response time for days at a time. Denial-of-service actions are occasionally used as cover for more sophisticated attacks, but the vast majority are simple brute force actions, overcome as soon as site managers are able to deploy mitigation measures or, in some cases, comply with extortion demands. But while NYMag.com is still unavailable, the story has continued to proliferate through other channels. New York ‘s Instagram account has published pictures and quotes from four of the women, which the magazine’s Twitter account has continued to promote throughout the outage. A cached version of the story is also available through Archive.org, although not all of the functionality is present. Print distribution of New York has been unaffected by the attack. Source: http://www.theverge.com/2015/7/27/9047765/new-york-magazine-bill-cosby-rape-story-ddos-attack

More:
New York Site DDoS attack After Massive Cosby Story Goes Online

Unhinged Linux backdoor still poses a nuisance, if not a threat

When is a door not a door? When slapdash coding turns it into a glorified ‘off’ switch Internet Igors have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.…

Taken from:
Unhinged Linux backdoor still poses a nuisance, if not a threat

Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia. To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS). The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.” Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat. Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective. Anonymous says it has several secret files. “We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an  interview conducted through encrypted communications. “This will be an ongoing operation with expected surprise as a critical element.” Government computers were breached in stages, over several months, the Anonymous spokesperson said, including during the Distributed Denial of Service (DDoS) attacks last weekend, organized in protest of the shooting. (DDoS is when multiple hijacked computers tie up the resources of a web site so the public cannot access it.) After the DDoS attacks, Public Safety Minister Steven Blaney told reporters that no personal information or government secrets were compromised. Jeremy Laurin, a spokesman for the minister, could say little about the veracity of the document or its response to the threat by Friday evening. “We are monitoring the situation closely,” said Laurin. “Our government takes cyber security seriously and operates on the advice of security experts.” The government has promised $235 million funding for a cyber-security ?strategy designed to defend against electronic threats, hacking and cyber espionage, he said. On Wednesday the minister said $142 million of that is to enhance security at several agencies, including the RCMP and CSIS. A well-placed government source said, “There has not been a hack of CSIS,” but was unable to say if other departments could make the same claim. Anonymous says the minister is incorrect in his assessment of recent cyberattacks. “In fact, part of what we were doing at that point were final penetration tests, not just for the Canadian government, but also with how the media would respond to Anonymous attacks,” the Anon spokesperson said. This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets. If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information. The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations. The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.” The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).” Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013. The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.” The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says. The sample document was provided to the Post with some elements redacted because the hackers were unsure what the markings mean and are concerned it could identify which machine or machines may have been compromised, the Anon spokesperson said. Source: http://news.nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist

Follow this link:
Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

Bitcoin Extortion Campaigns Expanding DDoS Attacks to a Wider Array of Business Sectors

Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well. First identified approximately one year ago, Bitcoin extortion campaigns originally focused on targets unlikely to contact law enforcement for assistance. In early April 2015, the extortion campaigns began regularly contacting legitimate businesses operating in the private sector. In a typical scenario, a short-term DDoS attack is conducted on a victim’s web site lasting for approximately one hour. The DDoS is followed by an e-mail containing an extortion demand for payment via Bitcoin. If the victim has not paid the demanded payment, there is usually a second, more powerful DDoS attack within 24 hours, which lasts for an additional hour. This is followed by a second e-mail warning and extortion demand with an increased price. In most cases, victim companies have successfully mitigated the attack using third party DDoS mitigating services rather than paying the ransom. Technical Details The first DDoS attack is usually delivered prior to the sending of a ransom demand at 20-40 Gigabytes per second (Gbps) with a duration of approximately one hour. After the initial DDoS attack, an extortion e-mail is sent to the victim introducing the attacker, highlighting the initial demonstrative DDoS attack, and demanding payment in Bitcoin (ranging from 20-40) to ensure no further DDoS attacks are conducted against the business. If payment does not occur within 24 hours, a second demonstrative DDoS is generally conducted at a higher rate (40-50 Gbps) for an additional hour followed by an additional extortion e-mail. The types of DDoS attacks primarily consist of Simple Service Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks with the occasional SYN-flood and, most recently, WordPress XML-RPC reflection/amplification attacks. Source: https://publicintelligence.net/fbi-bitcoin-extortion-campaigns/

Original post:
Bitcoin Extortion Campaigns Expanding DDoS Attacks to a Wider Array of Business Sectors

Anonymous in Cyberwar With Canadian Gov’t After Mountie Killed Activist

On Monday, hacktivists said they had stepped up their operation to gain access to Canadian government secrets after a mounted police officer shot and killed an activist at an environmental protest in BC. The million-strong army of Anonymous group hacktivists is waging a cyberwar on Canadian authorities and law enforcers after a Royal Canadian Mounted Police (RCMP) officer fatally shot an activist wearing a Guy Fawkes mask at an environmental protest in British Columbia last week.The shooting in Dawson Creek, which Anonymous says was unprovoked, triggered a vehement response from the group, who launched a massive cyberoperation codenamed AnonDown to force Canadian police to reveal the identity of the shooter. The declaration of war on Saturday was followed by a series of denial-of-service (DoS) attacks on RCMP web pages the next day, including on its national website, the Dawson Creek affiliate site and the RCMP Heritage Center page. On Monday, hacktivists said they had stepped up the operation to gain access to government secrets. “AnonDown has accessed docs marked ‘secret’ inside Canadian government. It’s not just a DDoS op anymore kiddos,” the activists said in a taunting tweet. Fatal Shooting The killing of the protester took place last Thursday when Canadian mounted police responded to a disturbance at a public hearing where a controversial dam project was being discussed. Upon arrival, police singled out a masked man who allegedly refused to surrender and was shot down, police said, adding that a pocket knife was later recovered at the scene. Anonymous, however, told the local Globe and Mail newspaper that lawmen gunned down the wrong man. The man who allegedly caused the disturbance during the dam debates had left by the time police moved in. They said the victim, who succumbed to the gunshot wound later at a hospital, was fired at while trying to put the knife on the ground. The policeman behind the killing has not been identified publicly. In a video statement, Anonymous vowed to “identify the RCMP officer involved and release the docs on the Internet because the world has the right to know every detail about killer cops.” Operation Begins In a Saturday video statement, Anonymous said they would seek justice for the slain activist and avenge him if their demands are not met. They also pledged to rally the entire collective of hacktivists to “remove the RCMP cyber infrastructure from the Internet.” The first “cyber-shots” were fired on Sunday when the main RCMP website and Dawson Creek detachment site could not be accessed for several hours. The group later claimed responsibility for the outages. The Globe and Mail cited a Twitter posting, associated with the hacker group, which suggested “turning it off and back on again.” The main RCMP website was online on Monday. But Anonymous warned that there was more such actions to follow. “Our vengeance will be swift and powerful but it will not include violence,” they tweeted. Not So Harmless Denial-of-access attacks that involve flooding the target website with communication requests are often used to crash a site for a short period of time. Nevertheless, hacktivists’ threats to disrupt the work of police websites should not be taken lightly, the Globe and Mail cited a cybersecurity expert from the Defence Intelligence firm as saying on Sunday. Defence Intelligence Chief Executive Keith Murphy told the outlet that the group had a global reach of about one and a half million, and had proven in the past to go through with their threats. Source: http://sputniknews.com/world/20150720/1024824329.html#ixzz3gSiu0DZW

See more here:
Anonymous in Cyberwar With Canadian Gov’t After Mountie Killed Activist

MLG Pro League Suffers Increase of DDoS Attacks

A recent increase of Distributed Denial of Service (DDoS) attacks, or getting “hit off,” is becoming a serious issue that teams are facing daily in the MLG Pro League for Advanced Warfare, resulting in some matches being postponed or delayed drastically. DDoS attacks are fairly common in the online gaming community and many players have been fighting the issue for years. There are only so many preventative measures you can take to ward off potential threats. In the past, a few league matches had some problems with players getting hit off, but were allowed to continue because the problems were eventually able to be resolved. However, during week three of season three, things went downhill. A standard league day of four scheduled matches turned into one match and one map being played because of players getting hit off. During FaZe Clan vs. Denial eSports, the only match that was fully played out, players from both teams were being relentlessly hit off. One map into the next series, and MLG decided to call it a night and postpone all other matches for the day. Players were being hit every few seconds, and it was just painful to watch. Sometimes the attacks are personal in nature and the victim may know the attacker. However, most of the time people getting hit off have no idea who is doing it or the reasons behind it. The reasons for the recent increase of DDoS attacks may surprise you. The Problem With the rise of the betting/fantasy league site Vulcun, spectators are getting malicious. Now that money is involved, people are doing anything to make sure the players on their fantasy team perform well. Even stooping as low as hitting players from the other team offline. If you’re unfamiliar with what this is, let me help you out a little bit. Hitting someone offline basically means finding a person’s IP address, and preventing that address from making legitimate requests to a server. This IP then cannot, in the case of a gamer, join a game without losing connection or having extremely slow connection. The problem here is obvious, but really the solution could be simple. The Solution The system in place for professional League of Legends play is the most secure of any pro league, but it is slightly impractical. All league matches are played on LAN at a single venue in California. The problem here is that all players basically live in or extremely close to California, and that’s honestly just a little ridiculous. Source: http://esports-nation.com/mlg-pro-league-suffers-increase-of-ddos-attacks/

See more here:
MLG Pro League Suffers Increase of DDoS Attacks

Cyber-security’s dirty little secret: It’s not as bad as you think

And as for botnets … on their way out A new research report from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer.…

Excerpt from:
Cyber-security’s dirty little secret: It’s not as bad as you think