Tag Archives: ddos

Change.org Victim of DDoS Attack From China

Change.org, an online petitioning platform, has appear beneath an advancing broadcast abnegation of account (DDoS) advance basic from China afterwards the website hosted a alarm advancement Chinese authorities to absolution artisan Ai Weiwei from custody. The attacks, which started backward Sunday, accept about brought down the site, according to Change.org architect Ben Rattray. DDoS attacks plan by application hundreds or bags of afraid computers to forward cartage to a website, cutting it with abstracts so it becomes aloof to accustomed users. Change.org said the accepted advance originates from an accretion accumulation of computers primarily based in China, and has yet to stop. This is the aboriginal time the website has been hit with a DDoS attack. Change.org has been hosting a online address calling for the absolution of Chinese artisan Ai Weiwei, who is currently beneath arrest. The address has admiring about 100,000 humans from 175 countries, authoritative it one of Change.org’s a lot of acknowledged all-embracing campaigns, Rattray said. “It’s appealing bright the advance is in acknowledgment to the campaign,” he added. “It’s amazing that somebody in China with a high-level of abstruse composure can appulse the adeptness for humans about the apple to organize.” The online alarm coincided with demonstrations beyond the apple this accomplished Sunday, which aswell alleged for the artist’s release. Ai, who is aswell accepted for his activism, has been bedfast as allotment of a Chinese government crackdown on political dissidents in the country. Authorities in the country accept arrested added animal rights activists and clamped down on the advice flow, afterward antecedent online postings that began in February calling for a “Jasmine revolution” adjoin the Chinese government. Change.org is currently blocked in China. Internet censors in the country consistently block sites that are accounted to politically sensitive. Despite the block, the computers complex in the DDoS advance are managing to acquisition a way about the country’s civic Internet firewall, said Rattray. In the past, added sites accept been the victims of cyber attacks advancing from China. This March, blog publishing belvedere WordPress.com aswell reported getting hit with a DDoS attack basic from China. Chinese hackers accept aswell allegedly launched cyber attacks to steal abstracts from adopted activity accompanies, according to aegis bell-ringer McAfee. In 2009, Google was aswell the victim of an advance basic from China that was aimed at accessing the Gmail accounts of animal rights activists The Chinese government has ahead responded to these letters by abstinent it is complex in any cyberattacks, abacus that China has aswell been a victim of hacking attempts. The accurate antecedent of DDoS attacks is generally unclear. Although Change.org has traced the accepted advance to servers in China, it is aswell accessible the computers are beneath the ascendancy of hackers based in addition country. Change.org letters that both the FBI and U.S. State Department are searching into the DDoS attack. “We will not stop or yield down annihilation because of this DDoS attack,” Rattray said. “We accept in the axiological appropriate of the humans to adapt about issues they affliction about it.” Source: http://webtechreview.com/change-org-victim-of-ddos-attack-from-china/

Continue reading here:
Change.org Victim of DDoS Attack From China

Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers

Anonymous-linked Hackers Attack NASA’s System for Allegedly Keeping a Huge Secret Anonymous is a loosely connected group of hacktivists that doesn’t appreciate governments keeping secrets or conducting operations that somehow violate user privacy. So, to register their resentment what they do is attack the agency’s systems and hack critically important data. The same modus operandi was employed by an Anonymous-linked team of hackers called New World Hacking and AnonCorruption when they learned that NASA was “holding back information on many things, not just one.” NASA’s computer systems, allegedly, were attacked by New World Hacking team’s hacktivists and their supporters on Sunday night as part of a bigger campaign against government cover-ups called Operation Censorship or #OPCensorship. The hackers claimed that they have managed to shut down the space agency’s primary website and email servers. The attack was materialized through the most commonly used weapon called DDoS attack . However, NASA’s website was still found to be operational instead of being down as per the claims from the hacker group. But, the New World Hacking team provided proof, which suggested that some of the space agency’s systems were suffering from the aftershocks of what is termed as a digital blitzkrieg. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . “NWH hackers vow to target Trump in their next cyber attack” While talking to HackRead, the group stated that NASA was attacked because they were convinced that the agency has important information about the extremist organization ISIS but it is withholding the information. The group also refused to reveal the secret information about ISIS. The attack hasn’t been confirmed or denied by NASA and we cannot possibly verify if the hacktivists’ claims are true or not since the site is working. Hackers also shared an inside screenshot and claimed that they could access the NASA’s Internet email server: Hackers claim they were able to get into the NASA server, however, the security implemented on the server didn’t let them go any further “We believe NASA is holding back information on many things, not just one. The main thing we suspect they are holding back some more information on ISIS that the public needs to know.We won’t tell the public what we think they are hiding – we will let NASA explain.” They also added that this attack is more like a practice run for the most important campaign against Donald Trump, which they plan to execute on April Fool’s day. “We want Trump to know that he is next,” the hackers added. Source: https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

View article:
Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers

DDoS Attacks Cripple Swedish News Sites Amid Russia Tension

A number of Swedish government websites and major media outlets were knocked offline for hours over the weekend, police say. No one has taken responsibility for the cyberattacks, which silenced at least seven of Sweden’s most prominent news organizations for hours amid growing tension with Russia. A flood of web traffic Saturday night either crippled or totally shut down the news sites Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad for roughly three hours. Police launched an investigation Sunday, Agence France-Presse reported, with investigators telling many of the same sites the traffic appears to have originated in Russia. Cyberattackers, ranging from Anonymous to state hacking groups, often use distributed denial of service, or DDoS, attacks to direct a wave of falsified web traffic at a single or small number of sites, overwhelming them with traffic for hours or days. This attack was “extremely dangerous and serious,” Jeannette Gustafsdotter, the head of the Swedish Media Publishers’ Association, told the news agency TT, as quoted by the Local.se. “To threaten access to news coverage is a threat to democracy.” The onslaught came after an anonymous Twitter account, using the handle @_notJ, warned of imminent attacks against sites that posted “propaganda.” Aftonbladet, one of the sites mentioned in the tweets, has published a number of stories on the Russian plane crash that killed 62 people and other topics that don’t portray Russia in a positive light. This is what happends when you spread false propaganda. Aftonbladet.se #offline@Aftonbladet — J (@_notJ) March 19, 2016 The following days attacks against the Swedish goverment and media spreading false propaganda will be targetted. — J (@_notJ) March 19, 2016 The attacks also came after a Swedish government report cited Russian “extreme movements, information operations and misinformation campaigns” aimed at Swedish lawmakers and the public as Sweden’s most formidable intelligence threat. The Swedish government asked Russian Embassy staff to leave Sweden in 2015, though the report noted that suspected spies were still working as diplomats, airline employees and business executives. Source: http://m.ibtimes.com/ddos-attacks-cripple-swedish-news-sites-amid-russia-tension-2340079

Original post:
DDoS Attacks Cripple Swedish News Sites Amid Russia Tension

Demand for advanced DDoS mitigation on the rise

The increasing popularity of DDoS attacks as a tool to disrupt, harass, terrorize and sabotage online businesses is boosting demand for mitigation solutions. In the face of universal vulnerability to attacks, end users are looking for cost-effective solutions that can defend against the most sophisticated and large scale attacks. DDoS mitigation market New analysis from Frost & Sullivan finds that the DDoS mitigation market earned revenues of $449.5 million in 2014 and estimates this to … More ?

Original post:
Demand for advanced DDoS mitigation on the rise

Swedish newspaper websites shut down in DDoS attack

The online editions of Sweden’s main newspapers were knocked out for several hours by unidentified hackers at the weekend, police said Sunday as they launched an investigation. The attack was “extremely dangerous and serious,” the head of the Swedish Media Publishers’ Association, Jeanette Gustafsdotter, told Swedish news agency TT. “To threaten access to news coverage is a threat to democracy,” she said. No one has claimed responsibility for the attacks, which either partially or totally shut down the sites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad on Saturday evening from about 8:00 pm (1900 GMT) until about 11:00 pm (2200 GMT). Several experts quoted in the media suggested the sites were subjected to distributed denial-of-services (DDoS) attacks, in which hackers hijack multiple computers to send a flood of data to the target, crippling its computer system. Police said in a statement they had launched an investigation, and Swedish intelligence was also being kept abreast of developments. An anonymous threat was issued on a Twitter account shortly before the attack. The account was attributed to J@_notJ. “The following days attacks against the Swedish government and media spreading false propaganda will be targeted,” the first tweet read. An hour later, a second tweet read: “This is what happens when you spread false propaganda. Aftonbladet.se #offline”. Source: https://www.enca.com/technology/swedish-newspaper-websites-shut-down-hacker-attack

More:
Swedish newspaper websites shut down in DDoS attack

Malware Botnet Can Be Abused to Launch DDoS Attacks

DDoS attacks can have an amplification factor of 26.5 An independent security researcher that goes by the name of MalwareTech has discovered a way in which he could abuse the ZeroAccess malware’s botnet to launch reflection DDoS attacks with an above-average amplification factor. ZeroAccess is a trojan that infects Windows computers and then starts communication with a C&C (command and control), which in turn tells the trojan to download various types of other, more dangerous malware, usually clickfraud bots or Bitcoin mining software, operating hidden from the user’s view. The ZeroAccess botnet appeared in 2011, and because of an effective rootkit component and P2P-like structure, it even managed to survive a takedown attempt orchestrated by Microsoft in December 2013. ZeroAccess botnet used for amplifying DDoS attacks MalwareTech discovered that ZeroAccess allowed its bots to relay messages from one to another, some acting like smaller servers (supernodes) while the rest were just end-points (workers). To relay orders from the C&C server to supernodes and workers, ZeroAccess used simple UDP packets. Because of its complex mesh structure, when a UDP packet arrived at a supernode, the bot would add more information to the packet, containing various details about the network’s structure. The supernode would add 408 bytes on top of the original 16, for a total of 242 bytes. Since UDP packets can have their destination address spoofed, an attacker that managed to map ZeroAccess’ bot network would be able to send UDP packets to its bots, some of which would then amplify the traffic by 26.5, sending it back to the spoofed destination (the victim’s IP). This scenario is your typical reflection DDoS attack , carrying a 26.5 amplification factor, which is more than double the typical 2-10 amplification factor seen in other types of reflection DDoS attacks. DDoS attacks worked even if bots were behind NATs Theoretically, this wouldn’t have been a problem, since most bots infect users that are sitting behind NATs (Network Address Translation), software programs that translate public IPs to private IP addresses, in order to maximize IPv4 address space usage. That meant that a vast majority of the ZeroAccess botnet wouldn’t have been accessible to a person carrying DDoS attacks via this technique. Unfortunately, MalwareTech found a way around this issue as well, allowing him to involve ZeroAccess supernode bots into DDoS attacks even if sitting behind a router. All of this is only theoretical since the researcher did not want to commit a crime just to test out his theory. Source: http://news.softpedia.com/news/malware-botnet-can-be-abused-to-launch-ddos-attacks-501869.shtml

See the original post:
Malware Botnet Can Be Abused to Launch DDoS Attacks

DDoS attacks aimed at Salt Lake City websites in apparent protest of officer-involved shooting

A group known as New World Hackers says it targeted the websites of Salt Lake City police, Salt Lake International Airport, the Downtown Alliance and First Utah Bank in response to the Feb. 27 officer-involved shooting of teenager Abdullahi Omar Mohamed. The distributed denial of service attacks, first reported Monday by HackRead, appear to have had little impact on the sites’ function. Nick Como, communication and marketing director for the Downtown Alliance, said he heard about the attacks but that the nonprofit’s website analytics were normal. City deputy director of communications Holly Mullen said an attack on the SLCPD site was “unsuccessful.” Airport public relations director Nancy Volmer was unaware of any problems. First Utah Bank CIO Amy Foulks said the bank shut down its website for a few hours Sunday morning after it received an alert, which “allowed ourselves some time to implement a tool that would thwart the denial of service package.” Bank president Brad Baldwin emphasized that the DDoS attacks were not a “hack.” The group did not gain access to the bank’s system or any customer information, he said. A Twitter account associated with the group, @NewWorldHacking, told The Tribune the attacks were in response to the shooting of Mohamed, 17, who was shot and wounded near 250 S. Rio Grande Street after police say he was one of two people attacking a male victim with metal objects. “We want justice for that poor kid who got shot 3 times in the chest for no accurate reason,” it said in a direct message. That the group would target a bank with no apparent role in Mohamed’s shooting is “a mystery to us,” Baldwin said. First Utah reported the attack to authorities, he said. The FBI did not immediately return a request for comment Tuesday. Source: http://www.sltrib.com/news/3665236-155/ddos-attacks-aimed-at-salt-lake

Taken from:
DDoS attacks aimed at Salt Lake City websites in apparent protest of officer-involved shooting

Ticketmaster turns to the cloud to handle ‘DDoS-level’ traffic during big event launches

Event ticket seller Ticketmaster experiences the traffic equivalent of a huge DDoS attack every time a major gig or show goes on sale, necessitating a steady migration to the cloud. That’s according to Simon Tarry, director of engineering strategy at the firm, speaking to V3 ahead of the V3 Cloud and Infrastructure Live event on 20 and 21 April 2015. “Ticketmaster’s been handling web traffic for almost two decades now, so we’ve built up our own infrastructure, and part of the problem with that, as a US company, is we’ve grown through acquisition and bought up a lot of ticketing businesses round the world – as well as all the infrastructure that comes with it,” Tarry explained. With ticketing platforms scaling, and a growing audience increasingly consisting not just of fans “but automated bots as well”, Tarry said Ticketmaster’s existing infrastructure was reaching critical mass. Ticketmaster currently handles around 1,300 users per second at peak times. “We basically suffer huge DDoS attacks from a large on-sale, so we try to separate our human traffic from bot traffic,” Tarry told V3 . Having already been using a private cloud for the past three years, Ticketmaster is now going through a “strategic push” to AWS. “We’re assessing at the moment that kind of journey – how to move what we have into an AWS architecture. So a lot of planning and training is going on right now,” Tarry said. The initial migration to private cloud was an e-commerce stack for a one-off event. “We tried that first, as a short project, as it was limited in scope to a certain degree,” said Tarry. “But we made a lot of assumptions about the infrastructure that weren’t true,” he added. “So we had to challenge a lot of our thinking about the infrastructure and how it would perform. The key criteria for us is to handle a very large on-sale on any platform.” Keeping the lights on and maintaining the ability to cope with a punishing level of traffic was achieved by “strong tooling”, said Tarry, including load testing products from SOASTA. Mechanisms to interrogate the traffic in order to block out traffic Ticketmaster doesn’t want also help in this. “Part of our DevOps culture is a kind of ‘swat team’ of guys who play ‘hunt the bottleneck’, spending time diagnosing, testing, and finding the next problem,” Tarry said. “Ultimately, when we’re cloud based we want that capacity on-tap – it’s not something you can just do,” he said. “You need to configure your systems to use that capability.” Source: http://www.v3.co.uk/v3-uk/news/2451092/ticketmaster-turns-to-the-cloud-to-handle-ddos-level-traffic-during-big-event-launches

More here:
Ticketmaster turns to the cloud to handle ‘DDoS-level’ traffic during big event launches

Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm

Staminus, a California-based internet hosting provider that specializes in helping sites stay online when distributed denial of service (DDoS) attackers try to elbow them off, was itself the target of a cyber broadside last week. At any rate, it started last week, with reports of the company’s site being down as of Thursday. But as of Monday, it was again, or maybe still, sucking wind. Staminus on Friday put out a statement confirming that its network security had been popped and invaded, systems had been “temporarily” taken offline, and customer data had been published online. The company posted a series of updates on Twitter and Facebook while its website was down, explaining that this was a “rare event.” But even while Staminus techs were scrambling to drag the company’s site back online, whoever mugged it was dumping its private data online in what security journalist Brian Krebs called a “classic ‘hacker e-zine’ format” called “F**k ’em all.” Krebs reports that the page included links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The huge data dump included customer names and email addresses, database table structures, routing tables, support tickets, credit card numbers (according to Krebs, at any rate; Ars Technica’s Sean Gallagher didn’t see any when he viewed the dump), and other sensitive data. A Staminus customer who requested anonymity confirmed to Ars that his data was part of the dump. Those behind the dump claimed to have gained control of Staminus’s routers and to have reset them to factory settings. The hacker “e-zine” that contained all the sensitive data began with a note from the attacker titled “TIPS WHEN RUNNING A SECURITY COMPANY.” Then, it went on to list tips for what were supposedly the security holes found during the breach: Use one root password for all the boxes Expose PDU’s [power distribution units in server racks] to WAN with telnet auth Never patch, upgrade or audit the stack Disregard PDO [PHP Data Objects] as inconvenient Hedge entire business on security theatre Store full credit card info in plaintext Write all code with wreckless [sic] abandon On Thursday, Staminus reported that some services were back online or in the process of being brought back and that “We expect full service restoration soon.” Then, another message posted on Friday pointed to the statement from the company’s CEO. That was the last message. What followed was radio silence, unbroken as of Monday evening. Krebs pointed out that the attack isn’t surprising: anti-DDoS providers are a common target for attackers. Source: https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/

Original post:
Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm

Anonymous Declares War On Donald Trump

Notorious hacking team set to launch DDoS attacks on Trump websites on April 1 Donald Trump’s seemingly inevitable rise to power in the United States may be about to hit a fairly major obstacle in the form of an Anonymous cyber-attack. The hacking collective, which has been behind a number of major attacks against individuals or companies it considers to have done wrong to the public, has said it is preparing a DDoS attack against Trump’s campaign website. The “declaration of war” was set out in a video posted to YouTube which says that the attacks, dubbed #OpTrump, will take place on April 1, targeting websites including trump.com, donaldjtrump.com andtrumphotelcollection.com. “Hateful campaign” “Dear Donald Trump, we have been watching you for a long time and what we see is deeply disturbing,” the video says. “Your inconsistent and hateful campaign has not only shocked the United States of America [but] you have shocked the entire planet with your appalling actions and ideas. You say what your audience wants to hear but in reality you don’t stand for anything except for your personal greed and power.” “We need you to shut down his websites, to research and expose what he doesn’t want the public to know. We need to dismantle his campaign and sabotage his brand. We are encouraging every able person with a computer to participate in this operation. This is not a warning, this is a declaration of total war. Donald Trump – it is too late to expect us.” In a separate written message posted online to accompany the video, Anonymous also listed what is claims are personal details belonging to Donald Trump, including his social security number, personal phone number and the contact details of his agent and legal representation. The animosity between Anonymous and Trump dates back to December 2015, when the former officially ‘declared war’ on Trump after a radical speech in which he said Muslims should be banned from entering the United States, which saw a number of Trumps’ websites taken offline. Anonymous has not been shy to wage war on opponents in the past, most famously attacking terrorist group Isis last December following the terrorist attacks in Paris that left 130 people dead. Earlier that month, the group also published the details of a thousand alleged KKK sympathisers as part of its #HoodsOff campaign, which it described as “a form of resistance” against racial violence, following earlier major cyberattacks which included posting several messages on the KKK’s official Twitter feed, and taking control of another account affiliated with the Klan. Source: http://www.techweekeurope.co.uk/security/cyberwar/anonymous-declares-war-donald-trump-187898

View original post here:
Anonymous Declares War On Donald Trump