Hundreds of phone numbers, names, IP addresses and email addresses from Chinese government websites have been leaked online by the hacktivist collective Anonymous in support of pro-democracy protests in Hong Kong. Anonymous first threatened the attack last week through its ‘Operation Hong Kong’ affiliated branch, promising to leak government email address details and to shut down state websites through a Distributed Denial of Service (DDoS) attack. Over the weekend, shortly after a government statement condemning the threat of attack, personal details taken from the Ningbo Free Trade Zone in Zhejiang province and a job-search site were released by the group. “We cannot be with you on the streets. We cannot fight the police that are arresting you. But they cannot arrest an idea,” Anonymous said in a statement. “We have effectively hacked and shutdown government websites and their supporters. Some noticeable Chinese and Hong Kong government domains and networks have already acquired American services for their domains.” The group claims that such actions by the Chinese government prove that the attacks carried out “cannot be handled” and that the involvement of US-based providers prove that US corporations are complicit in supporting Beijing policy. The hacker group first announced its support for the pro-democracy protests in Hong Kong at the beginning of October, stating in a video at the time: “The time has come for democracy for the citizens of Hong Kong.” Five suspected members of Anonymous have since been arrested in the region in connection with hacking attacks. Due to the secretive nature of Anonymous, some security experts have said that it is difficult to prove that these attacks actually stem from them, rather than western governments. Protests in the former British colony started last month after Beijing decided it was to screen candidates for the first election in the territory in 2017. Source: http://www.ibtimes.co.uk/hong-kong-protests-anonymous-leaks-chinese-government-data-1469747
Read More:
Hong Kong Protests: Anonymous Hackers Leak Chinese Government Data, Shutdown Websites
Various defense strategies can be invoked to defend against DDoS attacks. Many of these depend upon the intensity of the attack. We discuss some of these in this article. Mitigation Strategies Some protection from DDoS attacks can be provided by firewalls and intrusion-prevention systems (systems that monitor for malicious activity). When a DDoS attack begins, it is important to determine the method or methods that the attacker is using. The web site’s front-end networking devices and the server’s processing flow may be able to be reconfigured to stop the attack. UDP Attacks UDP (User Datagram Protocol) attacks send a mass of UDP requests to a victim system, which must respond to each request. One example is a ping attack. It is an enormous influx of ping requests from an attacker that requires the victim server to respond with ping responses. Another example of a UDP attack is when the Internet Control Message Protocol (ICMP) must be used by the server to return error messages. The messages may indicate that a requested service is unavailable or that a host or router cannot be reached. An attacker may send UDP messages to random ports on the victim server, and the server must respond with a “port unreachable” ICMP message. Mitigation Strategy In the case of a UDP attack, the firewall could be configured to reject all UDP messages. True, this would prevent legitimate use of UDP messages, such as pings sent by monitoring services to measure the uptimes and response times of the web site. However, to be shown as failed by a monitoring service is much better than actually being down. SYN Attacks In a SYN attack, a mass of connection requests are sent to the victim server via SYN messages. Typically, the victim server will assign connection resources and will respond with SYN ACK messages. The server expects the requesting client to complete the connections with ACK messages. However, the attacker never completes the connections; and the server soon runs out of resources to handle further connection requests. Mitigation Strategy In this case, the server connection facility could be reconfigured so that it did not assign connection resources until it received the ACK from the client. This would slightly extend the time required to establish a connection but would protect the server from being overwhelmed by this sort of an attack. DNS Reflection Attack A DNS reflection attack allows an attacker to send a massive amount of malicious traffic to a victim server by generating a relatively small amount of traffic. DNS requests with a spoofed victim address are sent to multiple DNS systems to resolve a URL. The DNS servers respond to the victim system with DNS responses. What makes this sort of attack so efficient is that the DNS response is about 100 times as large as the DNS request. Therefore, the attacker only needs to generate 1% of the traffic that will be sent to the victim system. DNS reflection attacks depend upon DNS open resolvers that will accept requests from anywhere on the Internet. DNS open resolvers were supposed to have been removed from the Internet, but 27 million still remain. Mitigation Strategy A defense against DNS reflection attacks is to allow only DNS responses from the domain of the victim server to be passed to the server. Mitigation Services Given a sufficiently large DDoSattack, even the steps mentioned here may not protect a system. If nothing else, the attack can overwhelm the bandwidth of the victim’s connection to the Internet. In such cases, the next step is to use the services of a DDoS mitigation company with large data centers that can spread the attack volume over multiple data centers and can scrub the traffic to separate bad traffic from legitimate traffic. Prolexic, Tata Communications, AT&T, Verisign, CloudFare, and others are examples of DDoS mitigation providers. These services will also monitor the nature of the attack and will adjust their defenses to be effective in the face of an attacker that modifies its strategies as the attack progresses. Legality DDoS attacks are specifically outlawed by many countries. Violators in the U.K. can serve up to ten years in prison. The U.S. has similar penalties, as do most major countries. However, there are many countries from which DDoS attacks can be launched without penalty. With respect to the Spamhaus attack described in Part 1, the CEO of CyberBunker, a Dutch company, was arrested in Spain and was returned to the Netherlands for prosecution. Summary Companies must prepare for the likelihood of losing their public-facing web services and must make plans for how they will continue in operation if these services are taken down. This should be a major topic in their Business Continuity Plans. For instance, in the case of the bank attacks described in Part 1, many banks made plans to significantly increase their call center capabilities to handle customer services should their web sites be taken down by a DDoS attack. DDoS attacks are here to stay. They are motivated by too many factors – retaliation, political statements, aggressive competitors, ransom – and are fairly easy to launch. Botnets can be rented inexpensively. There are even sophisticated tools available on the darknet to launch significant attacks. The defenses against DDoS attacks are at best limited. The ultimate defense is to subscribe to a DDoS mitigation service that can be called upon when needed. Source: http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services-part-3-defending-against-ddos-attacks/