Tag Archives: ddos

Six teens arrested in UK for using hacking group’s paid DDoS service

Six teenagers were arrested by British police on suspicion of attacking websites, the country’s National Crime Agency (NCA) announced on Friday. The teenagers were users of the hacking group Lizard Squad and used the Lizard Stresser tool, software that allowed them to pay to take websites offline for up to eight hours at a time, according to an NCA statement. The tool works by using Distributed Denial of Service (DDoS) attacks, which flood web servers or websites with massive amounts of data, leaving them inaccessible to users. Those arrested in the operation coordinated by NCA were all teenage boys aged from 15 to 18, while two other suspected users of Lizard Stresser were arrested earlier this year, the NCA said. The suspects are thought to have maliciously deployed Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous, the NCA also said. Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers, according to the NCA. Lizard Squad became a well-known hacking group last year after it claimed responsibility for taking down the PlayStation Network and Xbox Live. The group later launched the Lizard Stresser tool. “By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” said Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit. Officers are also visiting some 50 addresses linked to individuals registered on the Lizard Stresser website, but who are not currently believed to have carried out attacks. A third of the individuals identified are under the age of 20, according to the NCA. “One of our key priorities is to engage with those on the fringes of cyber criminality to help them understand the consequences of cyber crime, and how they can channel their abilities into productive and lucrative legitimate careers,” said Adams. Source: http://www.globalpost.com/article/6638281/2015/08/28/six-teens-arrested-uk-using-hacking-groups-paid-ddos-service

See the original article here:
Six teens arrested in UK for using hacking group’s paid DDoS service

BitTorrent patches reflective DDoS attack security vulnerability

A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks. The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks. According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem — which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request. Successful distributed denial-of-service (DDoS) and DRDoS attacks launched against websites flood domains with traffic, often leaving systems unable to cope with the influx and resulting in legitimate traffic being denied access to Web resources. The team said in a paper (.PDF) documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable. On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to “mitigate the possibility of such an attack.” Francisco De La Cruz, a software engineer from the uTorrent and BitTorrent team, wrote a detailed analysis of the attack and the steps the company has taken to reduce the risk of this vulnerability. The vulnerability lies within libµTP, a commonly used tool which can detect network congestion and automatically throttle itself — a useful feature when BitTorrent clients are being used on home networks. However, the way libµTP handles incoming connections allows reflectors to accept any acknowledgement number when receiving a data packet, which opens the doorway to traffic abuse. The success of a DRDoS relies on how much traffic an attacker can direct towards a victim, known as the Bandwidth Amplification Factor (BAF). The higher the BAF, the more successful the attack. In order to reduce the BAF ratio and mitigate the security issue, BitTorrent engineers have ensured a unique acknowledgement number is required when a target is receiving traffic. While this can still be guessed, it would be difficult and time-consuming to do so for a wide pool of victims. De La Cruz said: “As of August 4th, 2015 uTorrent, BitTorrent and BitTorrent Sync clients using libµTP will now only transition into a connection state if they receive valid acknowledgments from the connection initiators. This means that any packets falling outside of an allowed window will be dropped by a reflector and will never make it to a victim. Since the mitigation occurs at the libµTP level, other company protocols that can run over libµTP like Message Stream Encryption (MSE) are also serviced by the mitigation.” Regarding BTSync, BitTorrent says the severity of the vulnerability — even before recent updates were applied to the protocol — mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol’s design ensures that peers in a share are limited — keeping the potential attack scale down. According to the BitTorrent executive, the protocol therefore would “not serve as an effective source to mount large-scale attacks.” Averill commented: “This is a serious issue and as with all security issues, we take it very seriously. We thank Florian for his work and will continue to both improve the security of these protocols and share information on these updates through our blog channels and forums.” Source: http://www.zdnet.com/article/bittorrent-patches-reflective-ddos-attack-security-vulnerability/

Read the original post:
BitTorrent patches reflective DDoS attack security vulnerability

Spooks, plod and security industry join to chase bank hacker

Perp known as ‘DD4BC’ has some serious heat on his or her tail, with worse to come A group of security boffins have joined police and intelligence spooks in a clandestine mission to identify those behind distributed denial of service (DDoS) extortion attacks against major banks.…

More:
Spooks, plod and security industry join to chase bank hacker

81% of healthcare organizations have been compromised

Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…

Excerpt from:
81% of healthcare organizations have been compromised

DARPA wants to take the sting out of DDoS attacks

While posing a minor inconvenience compared to other more malicious cyberattacks, distributed denial of service attacks post enough of a threat that the Defense Advanced Research Projects Agency nonetheless is looking for innovative approaches to mitigate their effects.  The Extreme DDoS Defense (XD3) program is looking to the private sector for “fundamentally new DDoS defenses that afford far greater resilience to these attacks, across a broader range of contexts, than existing approaches or evolutionary extensions,” according to a recent broad agency announcement. While this BAA does not include detection and mitigation of DDoS-related malware on hosts or networked devices, DARPA listed five technical areas for which contractors can submit responses that focus on lessening the effect of DDoS attacks and improving recovery time.  For example, the solicitation seeks proposals to: Devise and demonstrate new architectures that physically and logically disperse these capabilities while retaining (or even exceeding) the performance of traditional centralized approaches.   Develop new cyber agility and defensive maneuver techniques that improve resilience against DDoS attacks by overcoming limitations of preconceived maneuver plans that cannot adapt to circumstances and exploring deceptive approaches to establish a false reality for adversaries.   Produce a response time of 10 seconds or less from attacks and at least a 90 percent recovery in application performance compared with hosts that do not have XD3 capabilities. DARPA believes XD3 concepts can be leveraged by the military, commercial network service providers, cloud computing and storage service providers and enterprises of all sizes. Given the threat and array of targets DDoS attacks pose, XD3 BAA responses will consider a wide range of network and service contexts, such as enterprise networks, wide?area networks, wireless networks, cloud computing and software-defined networks, to name a few. The response date is Oct. 13, 2015, and the proposers day will be held on Sept. 2, 2015. Source: http://gcn.com/articles/2015/08/26/darpa-xd3-ddos.aspx

See more here:
DARPA wants to take the sting out of DDoS attacks

The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

DDoS attacks are often seen as a global phenomenon that affects ISPs and large datacentres. But the daily damage is done by much smaller attacks on vulnerable, sometimes poorly defended resources such as websites belonging to well-known organisations. The UK has had more than its fair share of such attacks with hacktivism and occasionally extortion the main motivations. Here we chart some of the worst attacks that have affected UK organisations in recent years. DoS attack on CMP Media (UBM) – 1998 Proof that simple denial of service (DoS) attacks (if not DDoS) are far from new, a disgruntled magazine subscriber decided to barrage the email server and fax machines of the UK tech publisher CMP Media (later sold to UBM) with enough traffic to cut the company off from the world for most of two days. The ISP identified the likely culprit but in 1998 denial of service attacks were a civil rather than criminal matter and remained so until 2006. LulzSec ‘”Tango down” DDoS attacks – 2011 The group that gave the Anonymous movement its UK brand, the small collection of mainly British youths that hid behind the LulzSec moniker loved their DDoS. Several big UK organisations were targeted but the attack that downed the Serious Organised Crime Agency (SOCA) website in June 2011 was probably the last straw. Alleged UK GCHQ DoS attack on Anonymous – 2011 In 2014 Britain hater and anti-NSA campaigning journalist Glenn Greenwald alleged that GCHQ Joint Threat Research Intelligence Group (JTRIG) unit launched DDoS attacks to disrupt chatrooms used by hacktivists from Anonymous and LulzSec. It was pointed out that this was really a targeted DoS attack and not an indiscriminate DDoS. Attack on the BBC by Iran – 2012 Downplayed at the time but what hit the Beeb on 2 March 2012 was anything but for those on the receiving end. Downed the BBC’s email server for a while, disrupted its Persian Service (hence the blame being attributed to Iran, which hates the Service’s output) and even overloaded its exchange with large numbers of phone calls. DDoS attack on Oxford and Cambridge universities – 2012 A single 20-year old individual – later imprisoned for a range of cybercrimes – was blamed for the DDoS attacks on Oxford and Cambridge University that disrupted their websites for a period of days in 2011 and 2012. It was never clear why the named man attacked the universities but the ease with which one person could cause so much trouble for large institutions was noted at the time. DDoS on 123-reg domain registrar – 2012 A sign that DDoS attacks could take on even big Internet-facing businesses, in May 2012 the UK’s largest domain registrar was hit with enough traffic to take its site down for a reported 15 minutes with further problems throughout the day. Rivals were also targeted as crybercriminals tested their latest techniques against well-defended businesses. Spamhaus 325Gbps super-DDoS – 2012 The massive 325Gbps DDoS attack on UK anti-spam organisation Spamhaus remains probably the second or third largest of all time and was even ridiculously said to have ‘slowed the Internet’. Later blamed on Dutch national Sven Kamphuis, the Spamhaus attack was the first to use a technique called DNS amplification to such sensational effect. Julian Assange hacktivists turn on MI5 – 2012 Wikileaks’ founder Julian Assange was briefly a focus for anti-corporate rage, and his pursuit by the UK, the US and Sweden over rape allegations promoted a series of hacktivist DDoS attacks in late 2012. Predictable they might have been but also surprisingly successful – MI5’s public website was put out of action for several hours. Manchester casino extortion attack – 2013 A rare publicised example of DDoS in the service of extortion, the attack on a Manchester-based online casino came after the business refused to pay the owner refused to hand over half the business to Polish nationals Piotr Smirnow and Patryk Surmacki. The pair were eventually arrested at Heathrow Airport tying to leave the country and later jailed. Raspberry Pi Foundation DDoS – 2013 Not everyone likes the Raspberry Pi people it seems including a “lone sociopath” with issues. The individual concerned launched a flurry of bizarre grudge DDoS attacks on its website, with some success. The attacker even targeted a group of teens working on a 48-hour Python hackathon using RaspBerry Pis. The Foundation beat the attacks with the help of an understanding ISP. Carphone Warehouse data breach DDoS – 2015 In July 2015, major UK smartphone retailer Carphone Warehouse suffered a serious data breach which, it later transpired, might have been aided using a DDoS ‘distraction’ attack. Up to one in five DDoS incidents are later found to be part of a data theft snatch in which IT staff are occupied fending off the DDoS, giving attackers more opportunity to sneak in and out. Mumsnet DDoS attack by @DadSecurity – 2015 Who would attack a site as apparently innocuous as Mumsnet? In what must rank as the oddest ideological attack of recent times, a campaign group called ‘@DadSecurity’ is suspected of doing just that as part of a wider campaign of nuisance that included having an armed police team dispatched to the house of founder Justine Roberts. Came after earlier data breach in 2014. Source: http://www.techworld.com/picture-gallery/security/uks-12-worst-ddos-attacks-hacktivism-extortion-plain-malice-3623767/#12

Continue reading here:
The UK’s 12 worst DDoS attacks Summarized – hacktivism, extortion and plain malice

Ziggo suffers new DDoS attack

Dutch cable operator Ziggo has experienced network problems for a second time in a week, following a DDoS attack. Service disruptions were experienced throughout the country, and Ziggo said around 60 percent of its customers were affected, NU.nl reports. A Ziggo spokesman said the latest attack was worse than the first. The attack targeted Ziggo’s DNS servers, leaving many customers without internet access. At around 04.00 hours 20 August the company brought the attack under control. The company said it’s started an investigation into the attack and measures it can take to prevent future incidents. In a notice to customers, the company said it was doing everything it could to put an end to the problems and it would be implementing changes to its network as a result of the attack. This will result in a restart of customer modems, which may be without service for several minutes while the changes are implemented. The company said in a statement that it was also working with the National Cybersecurity Centre and Ministry of Justice after several videos with threats against Ziggo’s office were placed on social media. Ziggo said it was taking the threats very seriously and had filed a complaint with the police. Meanwhile the Dutch mobile operators KPN, Vodafone and T-Mobile reported a sharp increase in data traffic during both Ziggo attacks. A spokesman for Vodafone said data traffic doubled both times on its network. Source: http://www.telecompaper.com/news/ziggo-suffers-new-ddos-attack–1098223

Originally posted here:
Ziggo suffers new DDoS attack

Hackers exploiting wide-open Portmap to amp up DDoS attacks

Careless net adminds leave systems with cleartext trousers down Security watchers have warned about a new class of DDoS amplification attack threat which only exists because too many users are failing to follow basic safeguards.…

See original article:
Hackers exploiting wide-open Portmap to amp up DDoS attacks

RPC Portmapper Abused for DDoS Attack Reflection, Amplification

Malicious actors have started abusing the Portmapper service to amplify their distributed denial-of-service (DDoS) attacks and hide their origin, Colorado-based telecommunications company Level 3 Communications has warned. RPC Portmapper, also referred to as rpcbind and portmap, is an Open Network Computing Remote Procedure Call (ONC RPC) service designed to map RPC service numbers to network port numbers. When RPC clients want to make a call to the Internet, Portmapper tells them which TCP or UDP port to use. When Portmapper is queried, the size of the response varies depending on the RPC services present on the host. In their experiments, Level 3 researchers obtained responses of between 486 bytes (amplification factor of 7.1) and 1,930 bytes (amplification factor of 28.4) for a 68 byte query. The average amplification size obtained by Level 3 in tests conducted across its network was 1,241 bytes (18.3 amplification factor), while in the actual DDoS attacks seen by the company the value was 1,348 (19.8x amplification). Malicious actors can use Portmapper requests for DDoS attacks because the service runs on TCP or UDP port 111. Since UDP allows IP spoofing, attackers can send small requests to Portmapper using the target’s IP address and the server sends a larger response to the victim. Level 3 has observed an increasing number of DDoS attacks leveraging this vector over the summer, with the largest attacks taking place in August 10-12. The attacks were mainly aimed at the gaming, hosting, and Internet infrastructure sectors. Organizations are advised to keep an eye out for potentially malicious Portmapper requests, but Level 3 has pointed out that for the time being the global volume of Portmapper-based traffic is still small compared to other UDP services abused in DDoS attacks, such as DNS, NTP and SSDP. “Portmapper is so small it barely registers as the red line at the bottom of the graph. This shows, despite its recent growth, it is a great time to begin filtering requests and removing reflection hosts from the Internet before the attack popularity grows larger and causes more damage,” Level 3 said in a blog post. “We recommend disabling Portmapper along with NFS, NIS and all other RPC services across the open Internet as a primary option. In situations where the services must remain live, firewalling which IP addresses can reach said services and, subsequently, switching to TCP-only are mitigations to avoid becoming an unknowing participant in DDoS attacks in the future,” experts advised. There are several services that malicious actors can abuse for DDoS attack reflection and amplification. Researchers revealed at the USENIX conference last week that vulnerable BitTorrent protocols can also be leveraged for DDoS attacks. Source: http://www.securityweek.com/rpc-portmapper-abused-ddos-attack-reflection-amplification

Originally posted here:
RPC Portmapper Abused for DDoS Attack Reflection, Amplification