Tag Archives: ddos

Unhinged Linux backdoor still poses a nuisance, if not a threat

When is a door not a door? When slapdash coding turns it into a glorified ‘off’ switch Internet Igors have stitched together a new Linux backdoor. Fortunately for internet hygiene the botnet agent – which packs a variety of powerful features – is faulty and only partially functional.…

Taken from:
Unhinged Linux backdoor still poses a nuisance, if not a threat

Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia. To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS). The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.” Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat. Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective. Anonymous says it has several secret files. “We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an  interview conducted through encrypted communications. “This will be an ongoing operation with expected surprise as a critical element.” Government computers were breached in stages, over several months, the Anonymous spokesperson said, including during the Distributed Denial of Service (DDoS) attacks last weekend, organized in protest of the shooting. (DDoS is when multiple hijacked computers tie up the resources of a web site so the public cannot access it.) After the DDoS attacks, Public Safety Minister Steven Blaney told reporters that no personal information or government secrets were compromised. Jeremy Laurin, a spokesman for the minister, could say little about the veracity of the document or its response to the threat by Friday evening. “We are monitoring the situation closely,” said Laurin. “Our government takes cyber security seriously and operates on the advice of security experts.” The government has promised $235 million funding for a cyber-security ?strategy designed to defend against electronic threats, hacking and cyber espionage, he said. On Wednesday the minister said $142 million of that is to enhance security at several agencies, including the RCMP and CSIS. A well-placed government source said, “There has not been a hack of CSIS,” but was unable to say if other departments could make the same claim. Anonymous says the minister is incorrect in his assessment of recent cyberattacks. “In fact, part of what we were doing at that point were final penetration tests, not just for the Canadian government, but also with how the media would respond to Anonymous attacks,” the Anon spokesperson said. This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets. If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information. The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations. The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.” The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).” Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013. The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.” The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says. The sample document was provided to the Post with some elements redacted because the hackers were unsure what the markings mean and are concerned it could identify which machine or machines may have been compromised, the Anon spokesperson said. Source: http://news.nationalpost.com/news/canada/anonymous-says-it-hacked-canadas-security-secrets-in-retaliation-for-police-shooting-of-b-c-activist

Follow this link:
Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist

NJ Casino’s DDoS Attack Still Under Investigation

On July 2, a cyber attack was coordinated against several New Jersey-based gambling websites and continued throughout the July 4th holiday weekend. At least four online casinos were affected and experience downtime, and we placed on alert as the State Division of Gaming Enforcement commenced their investigation. Although this is the first time the country had seen an attack on online gaming websites, it isn’t the first time that hackers have targeted casinos. Back in 2014, Sands Casino in Las Vegas had experienced an IT catastrophe that led to the shutdown of PCS and servers, wiping many of their hard drives clean. Bloomberg Business writers Ben Elgin and Michael Riley explained that this wasn’t an Ocean’s Eleven heist; someone had a personal vendetta against the company, specifically CEO and majority owner Sheldon Adelson. Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security, later disclosed that they believe this digital conflict was perpetrated by Iran. Many feared that this was the beginning of a cyber war, as the nation’s enemies discovered a way to injure American companies to the point that it would incite a government response. Surprisingly, Sands had managed to keep most of the details of the incident under wraps for almost a year. At the time, it was the biggest strike on US corporate infrastructure, prior to the Sony Pictures Entertainment hack from last November. Fast forward to this year’s July 4th weekend, David Rebuck of the State Division of Gaming Enforcement Director confirms that there was a Distributed Denial of Service (DDOS) attack, where the 30-minute downtime occurred due to the hackers flooding the sites with data, rendering the them inoperative. Atlantic City’s Bill Hughes Jr., head of Cybersecurity of law firm Cooper Levenson, compares the attack to a traffic gridlock, where “the parkway becomes a parking lot.” The hackers threatened to launch a more powerful attack within 24 hours and revealed they would sustain this breach unless the casino operators paid a ransom to be paid in bitcoins, an internet currency that has proven popular with online criminals even though it does have its legitimate uses. Luckily, no further attacks were reported to the State Division of Gaming Enforcement. While gambling was legalized in Atlantic City in 1976 according to information portal Mayfair Casinos, online casinos had only been legal since 2013 which makes this strike rather sudden. Sudden, maybe, but not random. Rebuck tells NJ.com that they have an idea of who was behind this hacking incident, saying that this individual is a known actor and has a history of this types of attacks. Rebuck did not divulge any more details of the perpetrator, along with the websites impacted and amount paid in ransom. Despite the occurrences in the past year, University of Nevada’s Center for Gaming Research Director David Schwartz says that American online casinos are still not a major target for hackers, unlike gaming sites hosted on servers outside of the country which usually have a demand for ransom. Source: http://www.casinoscamreport.com/2015/07/22/nj-casinos-cyber-attack-still-under-investigation/

Read the original:
NJ Casino’s DDoS Attack Still Under Investigation

It's official: The average DDoS attack size is increasing

New global DDoS attack data from Arbor Networks shows strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective. The largest attack monitor…

See the original post:
It's official: The average DDoS attack size is increasing

Anonymous in Cyberwar With Canadian Gov’t After Mountie Killed Activist

On Monday, hacktivists said they had stepped up their operation to gain access to Canadian government secrets after a mounted police officer shot and killed an activist at an environmental protest in BC. The million-strong army of Anonymous group hacktivists is waging a cyberwar on Canadian authorities and law enforcers after a Royal Canadian Mounted Police (RCMP) officer fatally shot an activist wearing a Guy Fawkes mask at an environmental protest in British Columbia last week.The shooting in Dawson Creek, which Anonymous says was unprovoked, triggered a vehement response from the group, who launched a massive cyberoperation codenamed AnonDown to force Canadian police to reveal the identity of the shooter. The declaration of war on Saturday was followed by a series of denial-of-service (DoS) attacks on RCMP web pages the next day, including on its national website, the Dawson Creek affiliate site and the RCMP Heritage Center page. On Monday, hacktivists said they had stepped up the operation to gain access to government secrets. “AnonDown has accessed docs marked ‘secret’ inside Canadian government. It’s not just a DDoS op anymore kiddos,” the activists said in a taunting tweet. Fatal Shooting The killing of the protester took place last Thursday when Canadian mounted police responded to a disturbance at a public hearing where a controversial dam project was being discussed. Upon arrival, police singled out a masked man who allegedly refused to surrender and was shot down, police said, adding that a pocket knife was later recovered at the scene. Anonymous, however, told the local Globe and Mail newspaper that lawmen gunned down the wrong man. The man who allegedly caused the disturbance during the dam debates had left by the time police moved in. They said the victim, who succumbed to the gunshot wound later at a hospital, was fired at while trying to put the knife on the ground. The policeman behind the killing has not been identified publicly. In a video statement, Anonymous vowed to “identify the RCMP officer involved and release the docs on the Internet because the world has the right to know every detail about killer cops.” Operation Begins In a Saturday video statement, Anonymous said they would seek justice for the slain activist and avenge him if their demands are not met. They also pledged to rally the entire collective of hacktivists to “remove the RCMP cyber infrastructure from the Internet.” The first “cyber-shots” were fired on Sunday when the main RCMP website and Dawson Creek detachment site could not be accessed for several hours. The group later claimed responsibility for the outages. The Globe and Mail cited a Twitter posting, associated with the hacker group, which suggested “turning it off and back on again.” The main RCMP website was online on Monday. But Anonymous warned that there was more such actions to follow. “Our vengeance will be swift and powerful but it will not include violence,” they tweeted. Not So Harmless Denial-of-access attacks that involve flooding the target website with communication requests are often used to crash a site for a short period of time. Nevertheless, hacktivists’ threats to disrupt the work of police websites should not be taken lightly, the Globe and Mail cited a cybersecurity expert from the Defence Intelligence firm as saying on Sunday. Defence Intelligence Chief Executive Keith Murphy told the outlet that the group had a global reach of about one and a half million, and had proven in the past to go through with their threats. Source: http://sputniknews.com/world/20150720/1024824329.html#ixzz3gSiu0DZW

See more here:
Anonymous in Cyberwar With Canadian Gov’t After Mountie Killed Activist

Image comparison-ddos-table-1.jpg

A comparative view of cloud-based DDoS protection services from Astute Hosting

Six months ago we experienced a 30Gb/sec and 60M PPS attack that was targeting over 1000 IPs on our network. Although we eventually stopped the attack with the aid of our upstream providers, a number of our customers asked us why we didn’t have a DDoS protection service in place. We decided on NTT’s service due to their scale and network capacity. However, this solution was meant only to protect our network in times of need, and not to protect individual customers on a 24/7 basis. One customer revealed that above all else, DDoS attacks are what keep him up at night. When it comes to specialized DDoS mitigation service providers, we only had some basic information from a handful of our customers. We passed this along when asked, but we hadn’t done any formal comparisons. It was time to change that. First, we needed to research the marketplace which we narrowed down to a few top contenders. We chose two of the largest players out there today: CloudFlare and Incapsula. We offer a range of Internet infrastructure services in seven locations globally: Vancouver, Seattle, LA, Toronto, NYC, Miami, and London UK. However, our main office is based in Vancouver BC, so we included DOSarrest, a local Vancouver-based company, to round out three different options to compare. Full disclosure, I worked at PEER1 Hosting for many years, and DOSarrest’s CTO headed my department. Since they’re local to us, we decided to also see how they compare to the two big dogs. Notes It’s clear that all three participants are in constant change/upgrade mode. We trialed each of them for one to three months and within this period they all had enhanced their service offering and/or dashboard. Incapsula added new graphs and upgraded some components, CloudFlare unveiled a completely new customer portal and DOSarrest upgraded so many different components their dashboard looked completely different then when we started our demo 30 days earlier. It shows this is an evolving field, as the attacks change so do the cloud-based DDoS protection companies. This article contains our observations, comments and recommendations. I’m sure other organizations would see, experience and rate everything differently. Given the complexity of these services, it would have been a major undertaking to test out every option available, and that was not our intention. Our goal was to get a taste of their services so we would be comfortable recommending them to our customers. The participants Cloudflare: Launched in late 2010 as a CDN with cloud based DDoS protection services, has evolved into a number of other services and has customers numbering a million+. They do offer a free subscription that does not include DDoS protection. Incapsula: Started in 2009 with the backing of Imperva, a security hardware manufacturer who has since acquired a majority interest in Incapsula. DOSarrest: Started in 2007 as one of a handful of companies at the time specializing in cloud based DDoS protection services. Under each category we rated the participants from 1-10, 10 being best. With each participant, we wanted to choose their tier or level of service that included a DDoS protection service, CDN for performance, and a WAF – all at a comparable protection level. Easier said than done. CloudFlare We chose their Business Option, which allows you to run one website on their service. Trying to get straight answers to simple questions proved to be a little more complicated than we anticipated. “How much clean bandwidth can you run?”, Cloudflare’s response “It’s unlimited”. When pressed further, they told us they measure bandwidth by the number of simultaneous connections.   “What is the maximum number of connections you can run?” The answer we received was: “We can’t tell you for security reasons”. We gave them a 9.0 as they were the lowest cost provider at $200/month if you only have one URL to protect. Their next tier of service starts at approximately $3,000-$5,000/month. Incapsula We chose their Enterprise account, which offers 25Mb/sec of clean bandwidth and 1 Gb/sec of DDoS protection for $500/month. Should you be unfortunate enough to be the victim of an attack over 1 Gb/sec, the attack traffic is sent back to your origin and you have to sign up for a one year contract on a tier of service that can accommodate the attack. Given that your monthly cost could go up substantially if you had a 8 Gb/sec attack or larger, we gave them a 7. DOSarrest This participant has only one tier of service, 10 Mb/sec of clean traffic. They only charge for traffic between your website and your visitors, not traffic between them and your server. They guarantee 200Gb/sec of attack traffic protection. There’s one caveat: they only protect website traffic. In other words HTTP and HTTPS TCP ports 80 and 443. You can’t run your mail server or DNS through their system. We gave them a 7.5 as there are no possible surprise costs that could hit you even if you experience a large attack. 1. Provisioning/setup Cloudflare : They’re very different than the other two participants. They use CNAMES, so you first have to add a TXT entry into your DNS records, to prove to them that you control the DNS for your domain. Once that’s done, they will give you a CNME to point your domain to, after that you are good to go. The CNAME is broadcast out of all of their nodes, and distributed around the globe. I really can’t see how some of our customers could easily navigate this process with speed and ease, especially under the stress of a DDoS attack. We gave them a 7.0. Incapsula : They assign a unique IP to point the A record to in your DNS for the domain you want to protect. They then anycast this IP on three of their nodes. Although they have 20+ global mitigation nodes, we only seemed to be using three of them, given our location in Vancouver they selectively broadcast our unique IP out of Seattle, San Jose and Los Angeles as far as we could tell. Pretty straight forward and easy, we gave them an 8.5. DOSarrest : They gave us a virtual IP which you point your domain to and they in turn anycasted this IP out all of their available scrubbing nodes, there are only four: London, NYC, LA and Singapore. Very easy and smooth setup, we gave them an 8.0. 2. The dashboard Cloudflare : During our testing they had one main dashboard with very minimal analytics and graphs. They did however have a second portal available that was in beta at the time, which was much better, so I’ll discuss it. Their new dashboard comes stock with some metrics. They focus on one metric, which is requests cached and non cached, the graph has a modern design, loads quickly and has historical statistics for the last 30 days. There are numerous widgets on the dashboard where you can view and make changes. There are so many different widgets each with selectable items, options and sub-options, it can be somewhat difficult to remember how to get back to where you were. Overall the dashboard is fast, easy to view, and has many tool-tips as well as some supplemental screens you can click, giving you more information on a particular function/option. We gave them an 8.0 on their dashboard, took a point off for being a little busy. Incapsula : The dashboard is very easy to navigate. Clicking on the various categories brings you to a views with more reporting, analytics or configuration screens. In general the dashboard is well designed and responsive, while some of the stock reporting seemed crammed in a bit. We gave them an 8.5. DOSarrest : Very different feel, no widgets! If you want to configure something you click configure. Joking aside, we thought it was very easy to view. Pretty much all of the analytics/reporting is also on the main dashboard view. You can go with the stock graphs, etc. or select from 13 different reporting visuals to have on your dashboard. The more you choose means you just have to scroll down, nothing is crammed in like with the others. We rated them an 8.5 as we thought it was the easiest to view and understand. 3. Reporting and analytics Cloudflare : Easy to read and view, the most basic of the participants. Analytical traffic reporting consists of total requests cached and un-cached, top threat IPs by country, top 5 countries of clean requests, and top 5 search engine traffic sources. Also up for viewing are total threats stopped, types of threats, and percentage of SSL traffic served. On the business plan you can only get stats for the last 6 hours, so seeing a real-time impact on any of these graphs/displays may not be apparent. You have a choice of the last 6, 12 or 24 hours, last week or last month. We gave them an 8.0, we took points off for lack of visual real-time reporting. Some of the information provided on limited screen real estate, such as search engine activity, was of little use. Some sample Cloudflare screenshots:       Incapsula : There was a good selection of traffic analytics, which included: visits, hits, bandwidth, requests, and a breakdown from which country they come from. There are performance metrics related to cached bandwidth and requests, and from which Incapsula node they are being served from. We couldn’t get a single TCP traceroute to end up in their Dallas node, although the display says 80% of our traffic was being sent out from Dallas. They had a single view threat page that we also liked where you could see all the threats and which type; you could even drill down for more details on each threat. There was an events page which had the same info but in a log style format in real-time where you could select on the source of the event. This was useful as we could focus in on WAF violations alone. It could get very busy though, and it seemed there was a little too much info on some views. Where Incapsula really shined in our opinion was that they had 30 days worth of historical reporting, not just a screen shot of last month’s data, with fast access. We gave them a 9.5 because some of the views only had a limited amount of items, the top 10 IPs were there, but some of the information was missing. A few sample screenshots from Incapsula: DOSarrest : These guys have the best design for reporting. You can toggle any metric or variable on or off on a graph to see the remaining metrics better, you can also get any of these stats based on any one of their nodes. The best thing about it? It’s all on one page – you select the graphs you’re interested in and it’s all displayed on one view, just keep scrolling to see them all. We took off points for historical (30 days+) reporting, which is by request, we gave them a 8.5. A few sample displays from DOSarrest: 4. Configuration/customization This is the most complicated item to evaluate as it can be as simple or as involved as you like, so I’m only going to give my general observations on the whole procedure. Cloudflare : Good IP whitelisting and blacklisting page – you can block or present a captcha for black listed IPs. There are many different icons, pages and subsections with options, which makes it difficult to get back to where you were to undo a change, or even view it again. The WAF section alone has literally 3,000+ signatures/items you can toggle on or off! To get the most out of their system you will need to invest some serious time going through the various pages. We gave them an 8.0 because there are just too many things and widgets some of which are not related to DDoS protection or even security. Incapsula : Configuration additions, changes and modifications are easy to use, almost instantaneous, and are described well. The security options are numerous and require some experimentation to understand. We only tried a few of the options available, but all seemed to function as advertised. There are many different views or screens to make changes and modifications, which can be confusing. Their WAF is much less complicated compared to Cloudflare’s, but it does require some time to master. We gave them an 8.5. DOSarrest : Their configuration screens had an industrial look and feel to them, we didn’t understand it at first, they call their options “features”. Once we found out how it worked, it all clicked. First you pick a location to apply a feature, you can choose the entire website site or a particular URI to apply the feature. Features are divided into two categories Security or Performance. With the other participants most of their options are applied to the entire website being configured. The other thing we liked was that we could view what was being applied from one screen, sounds simple but with Cloudflare we would have to go through 15-20 views/screens not including sub-options to see what if any options were turned on, not counting the WAF. If you have to manage multiple sites for multiple customers you don’t want to have to click 25 screens to see what’s on or what’s off. We gave them a 9.0 because of the simplicity and the fact they will actually do any configuration changes for you. They also said they can pretty much create a custom feature for you within 24 hours or less. 5. DDoS protection We tried to simulate a small DDoS attack as we knew we did not have the firepower to overcome any of them but we did test it somewhat. We went for a layer 7 attack and used a combination of JSLOIC and a web stress tool. No surprise it had zero effect on the website whatsoever on any of the participants. We actually received an email from a real person at DOSarrest during testing telling us there was an attack, and our site was unaffected. Incapsula had it recorded in one of their online reports as well. Everyone gets 9.0. 6. Performance On each participant we enabled the maximum amount of caching available. On Cloudflare we were unable to use their option “Railgun” (some sort of caching enhancement) as it requires a piece of code to be installed on your server. With Incapsula we used “aggressive” caching, which will override any cache control headers on your website and cache for a specified time interval. On DOSarrest we used a feature called “forced caching” which is similar to Incapsula’s “aggressive caching”. To perform the tests we used the Keynote systems standard 5 city test to measure performance, which measures load times and provides a detailed view of the time for every element on a webpage. We ran 10 tests in a row every day over a 10 day period. 10 tests X 5 cities X 10 days+ 500 samples from each. Some of the samples were way out so we just used a sample in each region. Cloudflare had some very wild fluctuations compared to DOSarrest and Incapsula. We broke it down by region as our server of origin is on the west coast of Canada. All of the performance was pretty close. The results were so close we gave everyone an 8.5. 7. Monitoring Cloudflare: There is no real-time performance monitoring of your website provided by Cloudflare. There is however an option to get basic monitoring through a third party (Pingdom). You have to register with them and pay extra for any serious monitoring. We gave them a 6.0. Incapsula: Their monitoring consisted of testing availability of the website from three of their nodes to the three nodes we were running on. They have since beefed this up and now have a more comprehensive performance/availability monitoring system but our demo was already finished and we didn’t see it. We gave them a 7.5. DOSarrest: They have the best system, completely separate from all of their nodes. It tracks response time, uptime, content changes, and SSL expiration. It calculates % uptime and other stats, and has up to one year of historical data. It’s fast and even has a smartphone app available. Notifications are sent by the 24/7 SOC and not through an automated system. However, because it’s a completely different system, you are redirected through the dashboard to another service website. Nonetheless, we gave them an 8.0. 8. Support Cloudflare: Very good email support! We needed help many times to get things working. We sent 10 different emails/tickets to their NOC and never waited more than 10 minutes for a response. In fact, some were answered in less than 5 minutes ! We would’ve given them a 10, but since there’s no phone support on the business package, we gave them a 9.0. Incapsula: We only used their tech support once and entered a high priority ticket which was because we couldn’t figure out how to turn off a captcha that we had enabled for testing purposes. It was an easy fix for them but it took 50 minutes to get a response back. We gave them a 7.5. DOSarrest: We used their support email and ticket system 5 times. We always received an answer within 15 minutes. Everything is fully managed, and on one occasion they went into our configuration and made the change for us, then notified us. They do have phone support, but we never used it. We gave them an 8.0. Overall impression Cloudflare: Their support by email/ticket system was great! I have never seen such consistent fast replies, from any service period. Our overall impression was that there was more steak than sizzle on the system as a whole. There are so many screens, options, add-ons, etc. it was a little confusing and complicated. DOSarrest: This was the big surprise for us. We didn’t expect too much, but found it easy and hassle free from start to finish. Their traffic analytics were the best, and because it’s fully managed you don’t even ever have to login. Their performance monitoring was best of the group, and the fixed cost was also a big plus. Incapsula We liked Incapsula, our techs found their dashboard easy to work with, and their weekly report would go over well with some of our customers. The only drawback was when were told that if an attack exceeded 1Gb/sec they would reroute the traffic back to us until we re-signed a revised one year agreement at a higher tier of service to handle the attack. The support was not as speedy as we would have liked. Conclusion and recommendations All of these participants have vast experience in dealing with DDoS attacks and are dealing with an amazing amount of granular data, which enables them to analyze and stop even the most sophisticated attacks. As is always the case, it’s a matter of price/performance and service/responsiveness and how comfortable you are with leaving your prized possession in their capable hands. We would recommend theses DDoS protection companies if the customer fits the requirements outlined here: Recommend Incapsula : Customer has some technical skills 2-3K+ a month budget (base protection is only 1Gb/sec at $500.00/month) More than 5 -10 domains to protect Does not require blazing fast support response Prefers to deal with a larger established organization Recommend DOSarrest : Customer has limited time or technical skills –it’s a fully managed service Has a need for fast(10-15 min) phone and email support Fixed budget with no surprises – there’s only 1 tier of service. $800.00/month Comfortable with a smaller organization Less than 10 domains to protect Recommend Cloudflare : Customer has limited budget ($200.00/month per URL) High technical skills Likes a feature rich environment May have a need for add-on services Does not require immediate setup/protection less than 15 minutes Very high risk customer, may be a target of 100Gb+/sec attacks Has clean traffic in the 50Mb/Sec + range Does not require phone support Has only 1 or 2 main URLs to protect. Overall scoring recap: We hope you found this information useful and encourage you to contact any of the three participants should you find yourself or your customers in need of a cloud based DDoS protection service. Source: http://www.net-security.org/article.php?id=2333&p=1

Link:
A comparative view of cloud-based DDoS protection services from Astute Hosting

MLG Pro League Suffers Increase of DDoS Attacks

A recent increase of Distributed Denial of Service (DDoS) attacks, or getting “hit off,” is becoming a serious issue that teams are facing daily in the MLG Pro League for Advanced Warfare, resulting in some matches being postponed or delayed drastically. DDoS attacks are fairly common in the online gaming community and many players have been fighting the issue for years. There are only so many preventative measures you can take to ward off potential threats. In the past, a few league matches had some problems with players getting hit off, but were allowed to continue because the problems were eventually able to be resolved. However, during week three of season three, things went downhill. A standard league day of four scheduled matches turned into one match and one map being played because of players getting hit off. During FaZe Clan vs. Denial eSports, the only match that was fully played out, players from both teams were being relentlessly hit off. One map into the next series, and MLG decided to call it a night and postpone all other matches for the day. Players were being hit every few seconds, and it was just painful to watch. Sometimes the attacks are personal in nature and the victim may know the attacker. However, most of the time people getting hit off have no idea who is doing it or the reasons behind it. The reasons for the recent increase of DDoS attacks may surprise you. The Problem With the rise of the betting/fantasy league site Vulcun, spectators are getting malicious. Now that money is involved, people are doing anything to make sure the players on their fantasy team perform well. Even stooping as low as hitting players from the other team offline. If you’re unfamiliar with what this is, let me help you out a little bit. Hitting someone offline basically means finding a person’s IP address, and preventing that address from making legitimate requests to a server. This IP then cannot, in the case of a gamer, join a game without losing connection or having extremely slow connection. The problem here is obvious, but really the solution could be simple. The Solution The system in place for professional League of Legends play is the most secure of any pro league, but it is slightly impractical. All league matches are played on LAN at a single venue in California. The problem here is that all players basically live in or extremely close to California, and that’s honestly just a little ridiculous. Source: http://esports-nation.com/mlg-pro-league-suffers-increase-of-ddos-attacks/

See more here:
MLG Pro League Suffers Increase of DDoS Attacks

Cyber-security’s dirty little secret: It’s not as bad as you think

And as for botnets … on their way out A new research report from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer.…

Excerpt from:
Cyber-security’s dirty little secret: It’s not as bad as you think

Three Israelis among dozens arrested in global sting on hacking forum

Israeli suspects include an Israeli Arab who is believed to have used his hacking prowess to assist a terror group hostile to Israel. Three Israelis – including an Arab Israeli accused of aiding a terror group – were arrested this week as part of a global sting led by the FBI against a hacking forum believed responsible for an unknown number of cybercrimes over the past several years, it was cleared for publication on Wednesday. The site www.Darkode.com” was taken down on Tuesday by a joint law enforcement effort led by the FBI in collaboration with Europol and law enforcement agencies in 18 countries, including the Israel Police cybercrimes unit. Over 70 suspects have been arrests since the raids began, including alleged hackers from the United Kingdom, India, South America, the United States, Eastern Europe, the Former Yugoslavia, Israel, and elsewhere. The homepage of Darkode.com currently shows a message from the FBI saying that the domain has been seized by the law enforcement agency and several others acting through Europol. Around the message are the seals of police departments from more than a dozen countries. The Israeli suspects include an Israeli Arab who is believed to have used his hacking prowess to assist a terror group hostile to Israel, either by passing on money or stolen data; though an official from the Israel Police cybercrimes unit said he could not disclose which group. The other two suspects are brothers from central Israel. The identities of all three suspects are not cleared for publication for the time being. All three were brought for a remand extension at the Tel Aviv Magistrate’s Court on Wednesday and were ordered kept in custody until Sunday. Since the site went online in 2007 its been used as a black market for hundreds of hackers to meet and collaborate, and buy and sell stolen data, including, but not limited to, credit card information, email addresses and passwords, and personal details to aid in identity theft. An officer from the Israel Police cybercrimes unit on Wednesday called the forum “a factory for the production of cyber weapons.” It was also a popular meeting place for hackers looking to contract other cyber criminals to carry out attacks for them. For instance, hackers looking to carry out a distributed denial of service attack (DDoS) could take to the forum and contract such attacks from other attackers, in exchange for payments made in bitcoins, the online currency. Payments were also made by way of money transfer to bank accounts, which Israel Police said indicates the level of freedom the forum members said they had operating on the website. The site was invitation only, and members could only gain access after two separate members recommended them and later showing examples of cyberattacks they had carried out in the past, a sort of “hacking portfolio” as one official from the Israel Police cybercrimes unit said Wednesday. The FBI on Tuesday sent agents from their Israel liaison office to the Lod headquarters of the LAHAV 433 unit, popularly referred to as “the Israeli FBI”, to watch the arrests take place in real time. In a situation room, the FBI agents and officers from the cybercrimes unit watched a screen that showed the countries worldwide where the raids were being carried out, as well as the names of the suspects being arrested and removed from the screen in real time, police said Wednesday. Source: http://www.jpost.com/Business-and-Innovation/Tech/Three-Israelis-among-dozens-arrested-in-global-sting-on-hacking-forum-409092

Continue Reading:
Three Israelis among dozens arrested in global sting on hacking forum

Bitcoin Exchange OKCoin’s Statement After July DDOS Attacks

Last week, bitcoin exchange OKCoin suffered a DDOS (distributed denial of service) attack, preventing users from accessing the platform for a while. On the afternoon of the attack, the company’s significant resources capable of defending against such attacks were able to limit the impact on the Chinese platform’s K-line. However, another stronger attack was made later on in the same day, leading the tech team to immediately set in motion the emergency response plan of switching to a highly secure server and enacting counter CC attack measures. This took some time to take effect so some users still encountered problems when it comes to accessing the bitcoin exchange. Bitcoin Exchange Compensation In a statement published on its blog, OKCoin shared the details on why some customers still had login problems even if the emergency measures were put in place. The company also addressed questions regarding trades that have gotten executed even during the attack and speculations against price manipulation. In addition, OKCoin shared that they will carry out proportioned compensation according to the user’s realized losses. Starting today, the bitcoin exchange will begin contacting customers who suffered losses as a result of being unable to access OKCoin’s futures platform on July 10th from 17:00 to 17:19. Aside from that, OKCoin will fund the purchase of 1000 bitcoins, while also using 1000 bitcoins from the clawback and vicious attack insurance fund to together create a 2000 bitcoin incident compensation fund. The company has also pledged to hand over the logged actions related to the attacks to the national police for an investigation of the source of these attack. In the meantime, the bitcoin exchange also decided to remind customers of the inherent risks associated with trading cryptocurrencies. The company emphasized that the digital currency industry is still in its early stages and firms are still adjusting to potential criminal attacks as they go along. Source: http://www.newsbtc.com/2015/07/13/bitcoin-exchange-okcoins-statement-after-july-ddos-attacks/

More here:
Bitcoin Exchange OKCoin’s Statement After July DDOS Attacks