Tag Archives: ddos

13 Anonymous hackers plead guilty to PayPal DDoS attack

Thirteen defendants pleaded guilty in federal court in San Jose on Friday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group Anonymous. One of the def…

See more here:
13 Anonymous hackers plead guilty to PayPal DDoS attack

Week in review: Air gap-hopping malware, first PoS botnet, and the new issue of (IN)SECURE Magazine

Here's an overview of some of last week's most interesting news and articles: (IN)SECURE Magazine issue 40 released (IN)SECURE Magazine is a free digital security publication discussing some of …

Read the original post:
Week in review: Air gap-hopping malware, first PoS botnet, and the new issue of (IN)SECURE Magazine

Image o-PAYPAL-14-HACKERS-facebook.jpg

PayPal 14 plea deal a win for DDoS as civil disobedience

Eleven of the fourteen defendants in the PayPal 14 case have reached a plea deal with federal prosecutors. Under the agreement, the defendants will plead guilty to felonies and misdemeanors under the Computer Fraud and Abuse Act (CFAA). If they observe good behavior, federal prosecutors will ask that the felonies be dropped. This comes as good news to those who advance the notion that DDoS (Distributed Denial of Service) attacks are acts of civil disobedience. Two other defendants will serve 90 days in prison after pleading guilty to a misdemeanor charge pled guilty to a misdemeanor, while the last of the fourteen defendants was not eligible for a plea deal in the case. The PayPal 14 are only a small fraction of the over 1,000 participants identified in a DDoS attack aimed at PayPal, which Anonymous hit as part of “Operation Payback” after the company cut service to WikiLeaks’s donations page. Pierre Omidyar, founder of eBay, which is the parent company of PayPal, called for leniency. Ironic given that PayPal provided the Department of Justice with a list of the participants’ IP addresses, which helped the FBI locate the protesters. “I can understand that the protesters were upset by PayPal’s actions and felt that they were simply participating in an online demonstration of their frustration. That is their right, and I support freedom of expression, even when it’s my own company that is the target,” Omidyar wrote two days ago in a Huffington Post op-ed. “The problem in this case however is that the tools being distributed by Anonymous are extremely powerful. They turn over control of a protester’s computer to a central controller which can order it to make many hundreds of web page requests per second to a target website.” DDoS works by connecting thousands of computers together to bombard websites with traffic until it collapses. As Omidyar noted, it multiplies the power of a single protester, which is something that cannot be done in the physical realm without significant grassroots effort. Nevertheless, the plea deal is significant because it sets a legal precedent that DDoS isn’t just some effort to cause significant financial harm. While the plea deal doesn’t define DDoS as digital protest, it might be the first step in acknowledging the attack as something akin to protesters blocking a road or a business. These physical protests are typically prosecuted as misdemeanors, not felonies that can bring hefty prison terms, high restitution costs, and a lifetime designation as a felon. The PayPal 14 plea deal might also help begin the very necessary process of amending the CFAA, which allows stiff penalties for these non-violent crimes in the first place. Shortly before the news was announced, activist lawyer Stanley Cohen tweeted: “Stay tuned for details. Pay Pal 14 will be resolved today, big win for civil disobedience. Up the Rebels.” And a good win for the internet, which is coming of age as the supreme venue for protest against political and financial power. Source: http://www.deathandtaxesmag.com/210854/paypal-14-plea-deal-a-win-for-ddos-as-civil-disobedience/

Read More:
PayPal 14 plea deal a win for DDoS as civil disobedience

Bitcoin Password Grab Disguised As DDoS Attack

Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack. Aficionados of the cryptographic currency known as Bitcoin might have gotten more than they bargained for recently, after a distributed denial-of-service (DDoS) attack appeared to be used as a smokescreen for launching a password-stealing attack against users of Bitcointalk.org. Michael Marquardt (a.k.a. “Theymos”), one of the administrators of the popular bitcoin discussion forum, Sunday warned its 176,584 members of the attack. He said the attack had been traced to a flaw in the systems of domain registration firm AnonymousSpeech, which specializes in anonymous email, as well as running hosting servers outside the United States and the European Union. Attackers hacked AnonymousSpeech to change the bitcoin discussion forum’s DNS settings to an attacker-controlled server. According to Marquardt, the DNS redirection attack was spotted Sunday by forum manager Malmi Martti (a.k.a. Sirius), who immediately moved the domain to a different registrar. “However, such changes take about 24 hours to propagate,” he warned, meaning that users remained at risk unless they logged on to the forum using its IP address, rather than trusting domain name servers to resolve to the non-malicious site. What was the risk to forum users? “Because the HTTPS protocol is pretty terrible, this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, [personal messages], etc.,” Marquardt said. “Your password only could have been intercepted if you actually entered it while the forum was affected. I invalidated all security codes, so you’re not at risk of having your account stolen if you logged in using the ‘remember me’ feature without actually entering your password.” In other words, anyone who logged into the forum between Sunday and Monday, and who entered a password, should assume that it was compromised by attackers. What were the bitcoin forum attackers gunning for? The most likely explanation would be participants’ usernames and passwords, which — if reused on other sites — might have allowed attackers to drain people’s online bitcoin wallets. Likewise, attackers might have been interested in gathering email addresses of people who are interested in bitcoins to target them — via phishing attacks — with malware designed to find and steal bitcoins from their PCs. The DNS hack and DDoS attack against Bitcointalk are just the latest exploits in a long string of attacks targeting bitcoin e-wallet services and payment systems. Last month, Denmark-based bitcoin payment processor Bitcoin Internet Payment System suffered a DDoS attack that allowed the attackers to hide their real target: online wallets storing 1,295 bitcoins, which they successfully stole. At the time, their haul was valued at nearly $1 million. As that haul suggests, the rise in bitcoin-related attacks can be attributed to the bitcoin bubble, which has seen the value of the cryptographic currency rise from a low of $1 per bitcoin in 2011, to $1,200 per bitcoin as of Wednesday. The rise in bitcoin’s value has lead to a number of malicious attacks, as well as a rise in efforts of a different nature. Last week, for example, Malwarebytes researcher Adam Kujawa warned in a blog post that a number of free toolbars and search agents have begun including bitcoin-mining software, which can consume massive amounts of system resources, slowing PCs to a crawl. Bitcoin mining isn’t inherently suspect. In fact, it’s crucial to the success of bitcoins, because it’s what records the chain of bitcoin transactions. Furthermore, the bitcoin system is set up to reward — with bitcoins — anyone who successfully solves related cryptographic puzzles that help maintain the public bitcoin ledger known as the “block chain.” But some people have begun turning PCs into nodes in their personal bitcoin-mining empire, such as online gaming company E-Sports, which was recently hit with a related $325,000 fine by the New Jersey state attorney general’s office. In the case of toolbars and search agents with built-in mining software, however, users who agree to the accompanying end-user license agreement (EULA) might be authorizing a third party to turn their PC into a bitcoin-mining platform. “So take note if your system is running especially slow or if a process is taking up massive amounts of your processing power; it might be malware or even a [potentially unwanted program] running a miner on your system,” said Kujawa at Malwarebytes. “Looks like the bad guys are adapting all of their various technical attacks and business models to the bitcoin world,” CounterHack co-founder and SANS Institute hacking instructor Ed Skoudis said in a recent SANS email newsletter, responding to the Malwarebytes report. “Given the stakes for rapid money-making here, we’ll surely see even more creative bitcoin-related attacks in the near future.” Source: http://www.informationweek.com/security/attacks-and-breaches/bitcoin-password-grab-disguised-as-ddos-attack—-/d/d-id/1112919

Continue Reading:
Bitcoin Password Grab Disguised As DDoS Attack

5 DDoS defence strategies every company should know

If there is any one fact that remains consistent when it comes to distributed denial of service (DDoS) attacks, it is this: whatever mitigation solution your security engineers implement today, hackers will find a way to defeat it within the next two years. The pain of re-engineering a security program every 24 months is dwarfed by the potential pain of DDoS-provoked outages. In 2011, these attacks cost businesses more than a billion dollars, according to the Yankee Group. So how can companies defend themselves against attacks that are growing larger in scale, more complex in nature and more damaging to corporate reputations? Start with these five strategies: 1. Get educated, and be prepared Attackers are highly educated and highly motivated. Whether they shut sites down for financial gain or idealistic causes, the hackers who may target you today will do so with complex attacks at the application layer, Layer 7, where they can deplete your server resources by imitating legitimate users. They are likely to attack websites that rely on SSL by exploiting a Web server’s limited ability to handle large amounts of HTTPS sessions. These are not the straightforward DNS reflection attacks or TCP SYN floods of yesterday 2. Learn which attacks can be defeated with which solutions In order to combat increasingly sophisticated DDoS attacks, your company needs to learn what methods attackers are embracing today and continually research the most effective tools and services for addressing them. For example, you can defeat the OSI model, and Layer 3 and 4 attacks at the network and service layers with access control lists (ACLs), policies and commercially available DDoS mitigation solutions. On the other hand, you’ll need inspection by proxy to identify and fight Layer 7 attacks. 3. Ignore attacker inquiries It’s not unusual for a hacker to contact a company as he is assaulting its websites. You might receive demands if the motive behind the attack is pure financial extortion. If the attacker views himself as more of an activist, he might contact you simply to taunt the company during the outage. The best reaction to these communications is no reaction. Ignore them. Doing so generally lowers the probability that the attack will occur, if it hasn’t already, or that it will continue, if it’s already in progress. 4. Build secure networks Let start with the basics: avoid firewalls. This old security standby maintains the connection state which can be quickly filled by an attacker, rending the system useless and making it easier to take the server offline. This makes even the largest firewalls vulnerable to even the smallest attacks. Look for a hosting provider that can manage and secure your servers or build proxies using load balancers. Load balancers such as nginx or haproxy enable your host to dampen the effect of low-and-slow Layer 7 attacks, which is particularly critical if you are on a Windows Server. Finally, it’s worth it to upgrade your networks to modern equipment. Make sure your service contracts are up to date and purchase products that have a reputation for withstanding prolonged attacks. 5. Have a contingency plan Because hackers are constantly learning and DDoS attacks are constantly changing, you could make all the right decisions and still find your company under fire. That’s why a holistic approach is important. Your business should have secure network and system architecture, onsite packet filters, additional mitigation capacity with a third-party service, and skilled security staff. If you don’t have an in-house security expert, it is all the more essential that you have a DDoS mitigation service on call. Such a partner should be available on short notice and dedicated to helping you during a worst-case-scenario attack. Effective DDoS mitigation doesn’t come down to one solution, one partner or one vendor. Defending your company against attacks requires that you stay educated, stay prepared and stay vigilant. A hosting service with the right DDoS partner can be a valuable asset in your company’s business continuity plan (BCP). Whether you decide to manage your security on-site or outsource it, make sure that you build a DDoS mitigation strategy that accounts for your company’s specific needs, as well as the ever-evolving nature of attack scenarios. Source: http://www.itproportal.com/2013/12/03/5-ddos-defence-strategies-every-company-should-know/

Read More:
5 DDoS defence strategies every company should know

Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

The website Ukraine’s Interior Ministry is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers, local media said Sunday. Ukraine’s IT specialists claimed that they were behind the outage, which came after police violently dispersed a pro-EU rally in downtown Kiev Saturday, and promised to take down other Ukrainian government websites, pravda.com.ua reported. “Unfortunately, not each Ukrainian can come to Mykhailivska Square in Kiev or other local squares… That’s why I suggest an efficient way that everyone can show their protest in the Internet… I mean DDoS attack on the sites of our enemies in the government,” IT specialists said in a statement. The report said the Ukrainian government portal, www.kmu.gov.ua, also went out of service Sunday after suspected hacking. Some 35 people were injured after riot police cracked down on protesters camping out in the Independence Square in the capital Kiev Saturday, doctors said. Seven people still remain in hospital. A total of 35 people were briefly detained by police. Protesters regrouped Saturday near a monastery at Mykhailivska Square in downtown Kiev, which became the new place for continuing pro-EU rallies. Activists spent a night there and said they would form a national resistance task force to prepare a nationwide strike. Source: http://en.ria.ru/world/20131201/185186195/Ukrainian-Interior-Ministry-Website-Reportedly-Hit-By-Hackers.html

See the original post:
Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

$1M lost in attack against Bitcoin Internet Payment Services

Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their c…

See the article here:
$1M lost in attack against Bitcoin Internet Payment Services