Tag Archives: ddos

Teenager who launched Distributed Denial of Service ‘DDoS’ attack on high profile websites says life is ‘serene’ offline

A Scots teenager who admitted hacking into the websites of the Serious Organised Crime Agency (Soca) and other prominent organisations said life is “serene” without access to the internet. Jake Davis, 19, admitted conspiring to carry out a “denial of service” attack on the crime agency at Southwark Crown Court in June. He also admitted hacking the NHS website. Davis, from the island of Yell, faced five charges following a Met Police investigation into the hacking groups LulzSec and Anonymous. The groups have been linked to a number of cyber-attacks on government agencies and multi-national companies. LulzSec has also been linked to hacking attempts on Sony and The Sun newspaper. Davis told the Observer newspaper: “The last time I was allowed to access the internet was several moments before the police came through my door in the Shetland Isles, over a year ago. One of my co-defendants and I have also been indicted with the same charge in the United States, where we may possibly be extradited, and if found guilty I could face several decades in an American prison. “Now I am on conditional bail and have to wear an electronic tag around my ankle. I’m forbidden from accessing the internet. “I’m often asked: what is life like without the net? It seems strange that humans have evolved and adapted for thousands of years without this simple connectivity, and now we in modern society struggle to comprehend existence without it. In a word, life is serene. “I now find myself reading newspapers as though they weren’t ancient scrolls; entering real shops with real money in order to buy real products, and not wishing to Photoshop a cosmic being of unspeakable horror into every possible social situation. Nothing needs to be captioned or made into an elaborate joke to impress a citizenry whose every emotion is represented by a sequence of keystrokes.” He added: “Things are calmer, slower and at times, I’ll admit, more dull. I do very much miss the instant companionship of online life, the innocent chatroom palaver, and the ease with which circles with similar interests can be found. Of course, there are no search terms in real life – one actually has to search. However, there is something oddly endearing about being disconnected from the digital horde. “It is not so much the sudden simplicity of daily life – as you can imagine, trivial tasks have been made much more difficult – but the feeling of being able to close my eyes without being bombarded with flashing shapes or constant buzzing sounds, which had occurred frequently since my early teens and could only be attributed to perpetual computer marathons. “Sleep is now tranquil and uninterrupted and books seem far more interesting. The paranoia has certainly vanished. I can only describe this sensation as the long-awaited renewal of a previously diminished attention span.” He said people’s attentions spans had suffered since the advent of the internet. “A miracle cure or some kind of therapeutic brilliance are not something I could give, but I can confidently say that a permanent lack of internet has made me a more fulfilled individual. And as one of many kids glued to their screens every day, I would never before have imagined myself even thinking those words. “Before, the idea of no internet was inconceivable, but now – not to sound as though it’s some kind of childish and predictable revelation spawned as a result of going cold turkey – I look back on the transcripts of my online chats (produced as legal evidence in my case, in great numbers) and wonder what all the fuss was about.” He added that he hoped others involved in the hacker community could take a short break from the internet to see if they could feel similar effects adding he had “forgotten how easy it was simply to close a laptop lid”. For fast DDoS protection against your eCommerce site click here . Source: http://news.stv.tv/north/189464-teenager-who-hacked-major-websites-says-life-is-serene-without-web-access/

See the original post:
Teenager who launched Distributed Denial of Service ‘DDoS’ attack on high profile websites says life is ‘serene’ offline

Arizona man sentenced for Distributed Denial of Service ‘DDoS’ attack

A man who was reportedly part of one of the first “DDOS-for-hire” electronic attack hit squads will serve two-and-a-half years in prison for selling access to malware-infected computers. Joshua Schichtel, 30, of Phoenix, AZ, was sentenced on Sept. 6 to 30 months in prison for selling command-and-control access to, and use of, thousands of malware-infected computers, announced Assistant Attorney General Lanny Breuer of the Justice Department’s Criminal Division and U.S. Attorney for the District of Columbia Ronald Machen, Jr. Schichtel was also ordered to serve three years of supervised release. Schichtel pleaded ea on August 17, 2011, to one count of attempting to cause damage to multiple computers without authorization by the transmission of programs, codes or commands, a violation of the Computer Fraud and Abuse Act. Schichtel was allegedly part of one of the first “DDOS-for-hire” rings uncovered in 2004. He was caught up in an investigation into a Massachusetts businessman’s scheme to launch an organized Distributed Denial of Service (DDOS) attack on his competitors by hiring hackers who knew how to perform the electronic assaults. According to court documents, Schichtel sold access to “botnets,” which are networks of computers that have been infected with a malicious computer program that allows unauthorized users to control infected computers. Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets. Specifically, said the documents, Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.

Visit site:
Arizona man sentenced for Distributed Denial of Service ‘DDoS’ attack

Arizona man goes to prison for selling access to botnets

Joshua Schichtel was sentenced to 30 months in prison for selling command-and-control access to and use of thousands of malware-infected computers. In addition to his prison term, Schichtel was ordere…

Originally posted here:
Arizona man goes to prison for selling access to botnets

How cybercriminals and hacktivists use DDoS tools to attack

Network professionals know that distributed denial-of-service attacks are an ever-growing danger. The recent assault on Twitter is just the latest evidence. Using a mushrooming array of advanced tools, including pay-per-use services and mobile devices, attackers are taking down websites, DNS and email servers, often using these tools to destroy a company’s online revenue, customer service and brand reputation. But the technology is only half the story. The thinking that shapes attacks an evolving blend of careful planning, probing and improvisation is often the difference between duds and strikes that leave victims begging for mercy. So who launches DDoS attacks and why? The most common profiles: extortionists, ruthless competitors and “hacktivists,” those attacking not for money, but in the name of social or political protest. The latter gets the most press, thanks to the media-savvy tactics of groups that have punished the likes of Bank of America and the US Chamber of Commerce. However, even though reliable statistics about attacks are hard to find, it’s likely that money, not justice, is the main motive. Regardless of the attacker’s identity or incentive, criminals use common tools and tactics in varying combinations. Many of these tools are cheap or free and easily available. They also require no more specialised skill than typing in the target’s name and hitting “enter.” The low-orbit ion cannon (LOIC), for example, is an open-source DDoS application which floods a server with enough UDP or TCP packets to disrupt service. The LOIC even offers multiple attack vectors. Attackers can send anything from packets with the text of their choice to random HTTP GET requests which imitate legitimate application-layer traffic. The future of malware The means to launch an assault doesn’t stop there though, as there are many other resources for attackers to use. If someone rents a server from a hosting company, but doesn’t secure it, an attacker could obtain administrative rights to the server, load scripts onto it and execute them at will. This is known as accessing a “shell booter.” There are also remote-access Trojans and DDoS bots, both forms of malware that infect PCs and mobile phones, letting criminals control them remotely to execute attacks. A group of such computers is a “botnet” and each computer infected is a “zombie.” Each family of malware has its own destructive capabilities. The most advanced the ones that avoid detection the longest and support the most types of attacks are often sold as software or as a complete pay-by-the-hour service. Attackers can also infect mobile phones to be used as extra resources. It’s the same idea as launching attacks with other people’s computers in a botnet. However, the added benefit is that there are billions of smartphones in use all around the world. And unlike desktop computers and laptops which are shut off for hours each day, mobile phones are always on, connected and able to abet attacks. In the DDoS world, it’s all about how much traffic you can generate, which depends on the number of hosts under your control. Mobile phones are simply too tempting to resist, and a new weapon that network security personnel have to keep an eye out for. However, before going through choosing a weapon and firing, the smartest attackers do their homework first. After all, there’s a ton of public information available about any business, including yours. For instance, a simple DNS look-up can reveal a lot of information about your public-facing assets. Attackers will also check your infrastructure for open ports, protocols, applications and firewalls. By doing recon on your infrastructure and understanding what it’s built to support ecommerce, customer service or public information, let’s say the bad guys will assess what’s at risk and will look for the best ways to exploit these weak spots in your infrastructure. In the ramp-up to an attack, you might notice bursts of heavier traffic in key areas of your network. The attacker is probing, trying to find a way in. While some will simply try to flood you, others will try to find a little crack in your network defenses, some piece of infrastructure too tempting to ignore. If you’re a retailer, for example, and someone succeeds in bringing down your point-of-sale applications, the pain could be acute. For the attacker, it’s well worth the time investment and ensures that your entire organization will take notice of the attack. Know your network and security inside-out Everything’s not all doom and gloom though. While criminals have many tools at their disposal, understanding what’s at risk, and how it will be attacked, allows you to understand how to take the first steps in order to protect it. For starters, make sure your team knows not only your network inside-out but also your security set-up. Conduct a security assessment, either in-house or with third-party experts who can give independent validation. Use these findings to help optimize your systems. It’s also critical to monitor traffic, so you know what’s normal and what’s not. With a clear baseline, you’ll be able to spot and mitigate DDoS attacks faster. Maybe most important of all, devise a DDoS response plan to counteract some of the tactics described here, listing procedures to follow and which team members are responsible for what. And practice executing this plan regularly. If you have to dust it off in the midst of an attack, you’re inviting chaos. Run regular drills including simulated communications with customers, so you can become adept at managing their expectations. At the end of the day, it’s not only attackers whose thinking makes a difference. Companies that invest more brainpower in understanding how DDoS attacks work, to better protect themselves are also more skilled in deploying the technologies designed to keep their online presences safe. For DDoS protection against your e-commerce site click here . Source: http://features.techworld.com/security/3378864/how-cybercriminals-hacktivists-use-ddos-tools-attack/

Read the original:
How cybercriminals and hacktivists use DDoS tools to attack

Distributed Denial of Service ‘DDoS’ attack stymies vote in Miss Hong Kong beauty contest

Residents of the island, a Special Administrative Region of China, are up in arms after plans for a popular vote in the Miss Hong Kong beauty pageant were sidelined by a distributed denial-of-service attack that knocked the voting system offline. The attack on Sunday evening swamped systems used for the vote with millions of bogus votes – far more than contest organizers had anticipated. Organizers were forced to cancel the online vote and ask the pageant judges to elect the winner themselves, according to a story in The Standard . Hong Kong Station TVB issued a statement on Monday apologizing for the wrinkle in the first ever Idol-style vote for the island’s beauty queen, putting the blame on audience reaction that was more “warm” than expected. The voting snafu forced organizers to throw the decision to the pageant judges, who chose a winner based on the three finalists overall performance. (Isn’t that how it’s supposed to work, anyway?) According to a story in The Standard , however, the “overly warm” response from viewers was, in fact, a DDoS attack against the pageant’s Microsoft Azure cloud-based voting system that flooded the servers with millions of votes, knocking them offline. The RC station planned for around half a million viewers to vote during a 10-minute slot Sunday evening, but actual traffic far exceeded that, according to TVB’s deputy director for foreign affairs Tsang Sing-ming, who is quoted by the media. Another station official, TVB general manager Cheong Shin-keong, is quoted saying that the extra traffic was “deliberately made” and that the station had hired an outside firm to investigate. The controversy over the apparent DDoS attack was exacerbated by the judges’ decision to choose contestant Carat Cheung Ming-nga as the next Miss Hong Kong, rather than Tracy Chu Chin-suet, the public’s favorite, who was second runner-up, The Standard reported. A related contest to give a Mini Cooper car to an online voter, selected at random, was cancelled after the voting system went down. Immediately after the vote, Hong Kong’s Communications Authority was flooded with more than 400 complaints on Monday about the aborted voting. The incident was a black eye for Microsoft, as well. That company partnered with TVB, lending its Azure cloud based infrastructure to host the voting system. Outraged viewers also left comments on TVB’s webpage, castigating the station for its mistake, for its reliance on Microsoft and – not least – for picking the wrong gal. Once a British colony, Hong Kong transferred to China in 1997 and has been run as one of two Special Administrative Regions ever since, following a “one government, two systems” policy under which residents enjoy greater freedom of expression and political voice than their countrymen on the Chinese mainland. However, that system is slowly changing, with the Communist Party slowly exerting control over more facets of life on the island. In July, thousands of citizens took to the streets to protest changes to Hong Kong’s public schools and school curriculum that was seen as emphasizing Communist Party orthodoxy and downplaying Hong Kong’s unique history. Hong Kong being Hong Kong, the parallels between the aborted Miss Hong Kong vote and the island’s larger political context weren’t lost on viewers. “Prove in Hong Kong does not have universal suffrage!” wrote one viewer on the TVB website. For fast DDoS protection against your e-commerce site click here . Source: http://nakedsecurity.sophos.com/2012/08/28/ddos-hong-kong-beauty/

Excerpt from:
Distributed Denial of Service ‘DDoS’ attack stymies vote in Miss Hong Kong beauty contest

Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

San Francisco, CA – infoZine – Denial of service attacks – flooding websites with traffic in order to make them unavailable to the public – have become an increasingly popular way to take down or block Internet content. A new online guide from the Electronic Frontier Foundation (EFF) outlines how website operators can fend off these attacks and keep their sites alive and accessible. “Denial of service attacks have been used by governments to silence online criticism as well as by activists protesting companies and organizations they don’t like,” said EFF Director for International Freedom of Expression Jillian York. “Major websites often have the resources to keep running during a denial of service attack, but smaller sites – such as those belonging to independent media or human rights organizations – are sometimes taken down permanently. Our online guide is aimed at leveling the playing field.” EFF’s “Keeping Your Site Alive” guide includes tips on choosing an appropriate webhost to provide the security and technical assistance needed to weather an attack. The guide also gives advice on how to back up and mirror content so it can be made available elsewhere in case the site is compromised, and includes tutorial videos with background information on the technical concepts involved. Denial of service attacks are an issue for websites across the globe, so EFF’s guide is available in many different translations, including Chinese, Russian, Persian, and Arabic. “Lack of resources or knowledge can mean some websites are more vulnerable than others,” said EFF International Freedom of Expression Coordinator Eva Galperin. “We want to give website operators around the world the tools they need to protect their content and stay online.” Source: http://www.infozine.com/news/stories/op/storiesView/sid/52927/

View article:
Keep Your Content Online in Case of a Distributed Denial of Service ‘DDoS’ attack

Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

The hacktivist group Anonymous staged a number of DDoS attacks on UK government websites yesterday in an apparent show of support for the controversial WikiLeaks founder Julian Assange, who remains stuck inside his Ecuadorean embassy bolt-hole as he attempts to avoid extradition to Sweden. Anonymous, who have been associated with numerous distributed denial of service attacks in the past, yesterday claimed to have taken down a number of high profile government sites in the UK, including the Justice Department website and “Number 10”, the official website of Britain’s prime minister. In addition, it’s believed that the hacktivist collective was also responsible for taking down the UK’s Department of Work and Pensions website on the same day. The group later claimed through its @AnonIRC Twitter that the attacks were part of “#OpFreeAssange, in reference to the WiliLeaks founder that they have long supported. The Ministry of Justice later confirmed the attack in the following statement: “The Ministry of Justice website was the subject of an online attack last night at around 2000 hours. This is a public information website and no sensitive data is held on it. No other Ministry of Justice systems have been affected. Measures put in place to keep the website running mean that some visitors may be unable to access the site intermittently. We will continue to monitor the situation and will take measures accordingly.” As of this morning, it appears that the Department of Work and Pensions site is now running normally, but the Ministry of Justice said that it’s still experiencing some problems with its website, and that it cannot give a time frame for when the problems might be solved. Number10.gov.uk also remains down, with no word from the government as to when it might be back. Source: http://siliconangle.com/blog/2012/08/21/opfreeassange-anonymous-ddos-attacks-take-down-3-uk-sites/

Read the original:
Anonymous Distributed Denial of Service ‘DDoS’ Attacks Take Down 3 UK Sites

India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

Earlier this year, India had an encounter with “Anonymous”, a diffuse alliance of what are commonly (and incorrectly) called hackers. In its much-publicized “Operation India”, Anonymous blocked public access to, hacked and defaced various websites in protest against the rising censorship of the Internet. This is a legitimate political cause. However, a movement cannot be judged purely by the legitimacy of its goals, and it is important to consider the legitimacy of the means used to achieve these goals. Anonymous used distributed denial of service ( DDoS ) attacks to submerge, albeit temporarily, many websites. The DDoS attack bombards the target website with more user requests than it can bear, until it becomes unavailable to all others. Many compare this to picketing, and use the term “virtual sit-in” for it. The DDoS attack does not breach a website’s security, and is therefore not hacking (more correctly called “cracking”). In contrast, defacement of websites, deletion of data or leaking restricted data, entails hacking, which involves breaching a website’s security and is more analogous to breaking and entering physical premises. Anonymous has done this too in India—defacing some websites and leaking confidential data from others. There are a few crucial differences between picketing as civil disobedience, and the DDoS attack. One is that picketing requires many people to come together and sit in protest. One or two peace protesters cannot successfully block a road. Although there was a time when DDoS attacks also required a large number of people to bombard the target, they can now be achieved by one person with the technological skills to “fire” a large number of computers at the target website.Therefore, a DDoS attack no longer implies that a sizeable section of the public cares enough to be part of a virtual sit-in. The second difference between DDoS attacks and civil disobedience lies in the “hacktivists” unwillingness to be accountable. Martin Luther King and Gandhi made it clear that civil disobedience includes accepting the penalty for breaking the law. Faceless untraceable hackers are far removed from this ethic. While it is true that they risk harsh reprisal if identified, the legitimacy and heroic aura of civil disobedience comes from the willingness to risk that reprisal. It may therefore be difficult to argue that even the DDoS attacks by Anonymous qualify as civil disobedience, which arguably is the most legitimate of the spectrum of options available to a political dissident. If political activists use varied and escalating tactics in the physical world, “hacktivists” use strategies ranging from DDoS to more intrusive defacement, disabling and leaking of data to draw attention to political causes. The legitimacy of these methods—the proportionality and justification of harm caused—can only be determined with reference to particular contexts. One has to evaluate the threat necessitating activism, innocent casualties of the activists’ actions and whether less harmful strategies have already been explored. This is difficult. For instance, the indirect repercussions of a DDoS attack or leaking data may not be apparent at first glance. Anonymous tried setting boundaries to avoid harming innocent citizens during Operation India. It declared that infrastructure websites such as the railway booking portal were not to be attacked, and it prevented disclosure of sensitive financial information when a cinema tickets database was hacked. These precautions, though laudable, are however not quite enough. The influential members of Anonymous cannot successfully identify every action that may cause public harm. For instance, when Anonymous attacked the Supreme Court of India and the Reserve Bank of India websites, it seemed ignorant of the potential impact on litigants and the economy. When it leaked confidential police records, it seemed unaware of the significant hazards of leaking people’s names, addresses and other private data. The precautions taken by Anonymous may vanish next time, since the loosely knit, ever-changing nature of Anonymous community means that power and influence can shift; splinter groups with fewer scruples can emerge. Anonymous cannot achieve the control and accountability possible in a more tangible organized group. This collective operates under disturbingly low levels of transparency and accountability, greatly exacerbated by its ability to veil itself in the shadows of the Internet. New recruits are sometimes endangered by misleading information about the legality and consequences of joining in DDoS attacks. Guerilla warfare is often used without properly exploring more peaceable means, thanks to the power and revenge mob-ethic by which Anonymous is driven. The use of technological arsenal to launch cyber-attacks ignores the likelihood of escalation— “hacktivists” tend to forget that technology is a neutral tool that governments can also use. The government may counter-attack, using its considerable resources to acquire the necessary technological capacity. Citizens may end up being the casualties of the exchange. Phase one of Operation India was riddled with moral ambiguity. If OpIndia participants wish to show the world that they are more than bored nerds playing at a social movement like it is a video game, with all the accompanying air-punching, adrenaline boosting, self-aggrandising thrills, they will ensure that phase two’s constructive and legitimate Right to Information campaign is a roaring success. For instant DDoS services against your e-commerce website click here . Source: http://www.livemint.com/2012/08/19212459/The-perils-of-8216hactivism.html

View post:
India hit with Distributed Denial of Service ‘DDoS’ attack from Anonymous

Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility

The website of the Kremlin-funded news network Russia Today has been hit with a denial-of-service attack that some have linked with the station’s support for Wikileaks founder Julian Assange, and others with the impending Pussy Riot verdict. The English-language Russia Today (RT) tweeted on Friday morning that its hosting provider had confirmed RT.com was “under DDoS attack”. An anti-Wikileaks group subsequently claimed responsibility, but there is as yet no proof of this connection. It is notable that Friday is the day when a Russian court will decide the fate of three members of the punk protest band Pussy Riot, which has been very critical of Vladimir Putin. RT’s tweet came through at 8:12am. Around 20 minutes later, Antileaks tweeted that it was responsible for the DDoS, and attached a hashtag supporting Pussy Riot. The Wikileaks account then went on to condemn the attack, suggesting that it was connected with RT’s support of Assange, rather than the punk band. Assange, who faces extradition from the UK to Sweden to face questioning over sexual assault allegations, had a chat show on RT, with one of his guests having been Ecuadorian president Rafael Correa. Correa granted Assange diplomatic asylum on Thursday. However, that move has so far had a limited effect, since the UK does not recognise that type of asylum and Assange cannot get safe passage to an airport. RT is a strong supporter of Assange, but it is also a supporter of the Russian leader. Many free-speech advocates are incensed at the likelihood of the Pussy Riot members facing jail time for playing an anti-Putin song in a church. Summary: The Kremlin-funded channel, which featured Julian Assange as a talk-show host, says it has come under denial-of-service attack. Antileaks says it’s responsible, but the timing could more to do with the Pussy Riot verdict than Wikileaks. For fast DDoS protection against your e-commerce website click here . Source: http://www.zdnet.com/russia-today-hit-by-ddos-as-anti-wikileaks-group-claims-responsibility-7000002794/

Excerpt from:
Russia Today hit by Distributed Denial of Service ‘DDoS’ attack as anti-Wikileaks group claims responsibility