New Jersey-based virtual private server provider Linode can't seem to catch a break. After being repeatedly hit with DDoS attacks from December 24 to early January, the company announced on Tuesday th…
Continue Reading:
Linode forces password reset for all users due to suspected breach
Bitcoin exchange BTCC Technology Ltd. had an interesting time over the new year when it was targeted by a Bitcoin-for-DDoS (Distributed Denial of Service) attack, but in a great story we don’t see often enough, the company held steady and won, complete with a hilarious ending. The company first came under DDoS attack on December 31 when they received an email from an unknown source demanding they pay 1 Bitcoin ($430) in ransom or the attacks would escalate. Having ignored the demand, on New Years Day BTCC was targeted with a 10 Gbps DDoS attack, the strength of which was not expected by the company’s DDoS mitigation service. According to a post on Reddit, the DDoS protection provider said something along the lines of “This thing is huge! You guys aren’t paying us enough for this!” so BTCC paid them more, and the site stayed up. Naturally, as these things go, the second attack was followed by a new ransom demand by the hacker, who was now asking for a payment of 10 Bitcoin ($4300) to prevent a further attack. Instead of paying, BTCC just battened down the hatches waiting for the next attack. Another, more intense DDoS attack of several hours then followed, causing BTCC’s servers to experience some performance issues, including a partial loss of functionality. BTCC still refused to pay the ransom and instead upgraded their servers to cope even better with the increasing attacks. Another ransom email demand was received, with demand for payment of 30 Bitcoins ($12924) with the hacker adding ““We will keep these attacks up until you pay!…. You had better pay up before you go bankrupt! Mwa ha ha!” BTCC once again ignored the demand, and the attacks recommenced, complete with more demands for Bitcoin. At this point BTCC had ramped up their mitigation efforts so much that no matter how much traffic the hacker sent it didn’t affect their service at all, to the point that the company stopped noticing many of the attacks as they usually failed to disrupt their networks for more than a few minutes after the upgrades they rolled out. Winning Around this point, despite his or hers best efforts and multiple demands, the hacker gave up trying to take the site down, but not before sending one last, hilarious plea to BTCC. “Hey, guys, look, I’m really a nice person. I don’t want to put you all out of business. What do you say we just make it 0.5 BTC and call it even?” This email was, like those before it, ignored by BTCC, which resulted in one final email from the now disgruntled, losing hacker: “Do you even speak English?” and that was that. Although DDoS attacks are serious business and not every company has the capacity to put into place defensive measures, sometimes a story just makes you want to smile. BTCC 1 vs hacker 0. Source: http://siliconangle.com/blog/2016/01/06/great-story-bitcoin-exchange-btcc-stands-firm-against-ddos-ransom-hacker-and-wins/
Link:
Bitcoin exchange BTCC stands firm against DDoS ransom hacker and wins
A group of computer criminals used two separate distributed denial-of-service (DDoS) attacks to bring down all of the BBC’s websites and Donald Trump’s main campaign site over this past holiday weekend. The story begins on New Year’s Eve, when all BBC sites, including its iPlayer service, went dark for three hours. At the time, the UK-based news organization reported that the outage was the result of a “technical issue”. It later stated that a group calling themselves the “New World Hackers” had claimed credit for launching a DDoS attack against the broadcaster, as a “test of its capabilities” Since then, one of the group’s members who identified himself as “Ownz” took the opportunity to send a screenshot to ZDNet of the web interface that was used to attack the BBC. If the screenshot is legitimate, the group allegedly employed their own tool called BangStresser to launch an attack of up to 602 Gbps – a volume of traffic that well-surpasses the largest attack on record at 334 Gbps, as documented by Arbor Networks in the middle of year. Not untypically, BangStresser is itself protected from DDoS attacks by CloudFlare – one of the popular DDoS mitigation services often deployed by websites keen to protect themselves from attackers. The attack apparently made use of two Amazon Web Services servers, but managed to skirt around the company’s automated misuse detection systems as Ownz explained in an interview with ZDNet : “We have our ways of bypassing Amazon. The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it.” No other information has yet been provided about the attack. But whatever else transpired, the group was sufficiently pleased that they decided to use BangStresser to launch a DDoS against Donald Trump’s official campaign website, donaldjtrump.com, just a few days later. According to Softpedia , Trump’s website went down immediately on Saturday, January 2 and remained dark for several hours until DDoS mitigation solutions were put in place. The attacks, however, remained ongoing throughout the day against mail.trump.com domain, the Trump Organization’s Webmail service. Trump’s camp has yet to officially address the incident. A statement posted on Saturday by Trump’s campaign advisers (and redistributed via HackRead ) attributed the downage to “an unusually high volume of traffic” only. On Monday, Real Forums sat down with members of the group to inquire about their New Year’s exploits. Here’s what they had to say: “Our reasons behind the BBC attack was just a test of our capabilities. Although, the Trump site was the target. He can be very racist. We didn’t mean to cause as much damage as we did to BBC, but for Trump, Yes.” The group goes on to state that it plans to launch additional DDoS attacks against Trump and other large organizations like the BBC . The group also specifically mentions ISIS and the Ku Klux Klan as future targets. We’re not a week into 2016, and we’ve already witnessed DDoS attacks that have succeeded in taking down the websites of major news organizations and U.S. political candidates. It just goes to show that while malware is on the rise, DDoS attacks are not going anywhere in the New Year. As we all get back to work, we should therefore take the time to make sure our enterprises have the necessary DDoS mitigation technologies in place. Source: https://www.grahamcluley.com/2016/01/ddos-gang-takes-bbc-websites-donald-trumps-campaign-site-holiday-weekend/
Continue reading here:
DDoS gang takes down BBC websites, Donald Trump’s campaign site over holiday weekend
Hackers against the Islamic State or ISIS have claimed that the BBC website downtime during New Year’s Eve was their DDoS attack, but with no bad intentions. BBC websites were down for several hours during the evening before January 1, 2016. A company source inside BBC admitted that there was a distributed denial of service attack that took the websites down. Now, anti-ISIS hacker group named as New World Hacking is claiming that they were the reason why the BBC websites were unavailable for a quite long duration. However, they did not hack the website to cripple its capability to disseminate news and such. New World Hacking said that they were just testing their capabilities on BBC’s servers. They did not intend to take the site down for hours. “Let me get you proof of our records really quick, our motive was simply because we can. It was almost exactly a 600 GBps attack. We used two nodes to attack with and a few extra dedicated servers. It was only a test, we didn’t exactly plan to take it down for multiple hours. Our servers are quite strong,” the group told Rory Cellan-Jones from BBC via Twitter. DDoS Attacks In A Nutshell For the uninitiated, a DDoS attacks does not really involve a direct “hack” or penetration of a database, but it could be used as a cover. What happened was that the BBC websites experienced a massive flow of web traffic that came from the hacker group. The websites were not able to keep up with the continued barrage of web traffic, resulting it into shutting down. There are different types of DDoS attacks that can be carried out. Some of the attacks directly flood the websites with more traffic than it can handle. Some send only fragments of data packets, which usually leads to the server piecing it back together instead of catering to their legit site visitors. In order to conduct a successful DDoS attack, hackers usually use a wide network of computers known as botnets. These botnets may consist of their own computers or compromised ones across the globe using their own malware. Attack Only A Test, Not Malicious New World Hacking said that they are based in the United States and that they are determined to take down any ISIS affiliated sites and online accounts. Anonymous has previously declared a cyber-war against ISIS as they continuously help in taking down online propaganda and recruitment sites. BBC’s press office refused to comment on the hacker group’s claim. They also did not confirm nor deny if the DDoS attack was the cause of the website’s temporary downtime. “We realise sometimes what we do is not always the right choice, but without cyber hackers… who is there to fight off online terrorists? The reason we really targeted [the] BBC is because we wanted to see our actual server power,” the group told BBC. One person named Ownz from the hacker group said that they were only a team of 12 people. Eight of them were male and four of them were female. Ownz claims that New World Hacking was formed in 2012. Hacker groups are not new, but only a handful of them have actual good intentions. With ISIS trying to recruit followers and jihadists online, these hackers have stepped up to try and stop them from doing so. Some Internet users are cheering them on, while some have questioned their methods and capabilities. At the core, all the soldier deployed across the globe are considered heroes and not the hackers. New World Hacking Campaigns New World Hacking claims that they have already done their part in making the world a better and safer place. They took part in the #OpParis effort in order to help determine the identities of IS affiliated accounts after the terrible Paris attack tragedy in November 2015. Ownz also said that they took part in a campaign against the Ku Klux Klan. Ownz said that they are using a hacking tool named Bangstresser. They claim that they have already used the tool against several IS websites. Bangstresser was said to be developed by another U.S.-based hacker activist. New World Hacking tried out the tool against the BBC websites along with several of their personal computer servers and possibly botnets. Ownz told the BBC that they are planning to attack a new list of ISIS targets online. It is unclear which sites they are referring to, but they were not disclosed in order to help protect the integrity and effectiveness of their campaign. BBC Websites And Services Downtime BBC websites started to be down at around 7 PM on Thursday. Instead of the website interface, they were greeted with an error. In addition to the websites, their iPlayer Radio app and iPlayer catch-up service were also down. The iPlayer app was recently launched for the Apple TV App Store in December 2015. Twitter (NASDAQ: TWTR) users replied to the BBC Press Office’s announcement that they were aware of the “technical issue.” Some have said suggested that they should try turning their servers off and on again. Some have also taken the news in a lighter tone, saying that the HR department should be blamed for insisting the unused leaves be used before 2015 ended. Others took the chance to mock BBC, saying that they shouldn’t rush because they know BBC is telling the truth when they are silent. Other users have also asked if it was DDoS attack, but no replies were given by BBC. Some users have also reported that the BBC Bitesize and BBC Food recipes were down as well. BBC websites started to be back online at around 10:30 PM. However, some of the websites took longer than usual to load. All of the services and websites functioned normally several hours more after. New World Hacking did not say why they chose the BBC services and websites as a test target for their attacks. However, one possible reason is to demonstrate the scale and power of their attacks by attacking one of the most known broadcasting corporations in the world. Source: http://www.biztekmojo.com/001843/bbc-websites-services-taken-down-anti-isis-hacking-group-testing-their-capabilities
Continue Reading:
BBC Websites, DDoS attack By Anti ISIS Hacking Group For Testing Their Capabilities
Christmas is usually a very busy time for Valve because of the major sales that the company has a habit of running on the Steam digital distribution system, and this year the company had to deal with a set of problems linked to the service and with the way the user base perceived them as an attack that had the potential to affect their personal data. In a new official site article, the studio delivers more information about what happened on December 25, saying that between 11:50 and 13:20 Pacific Standard Time store page requests for around 34,000 users, containing personal information, were seen by others. Valve admits, “The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.” The company also delivers an apology to all those affected by the Christmas problem . Despite the fact that some sensitive information was shared with others, the company makes it clear that users have to take no further action because the Steam system does not allow for it. This means that even if there are plans to work with a third-party company and contact those affected once they have been identified, no action on their part is required to make sure that the accounts are safe. Valve also explains that the problem was created because of a DDoS attack that combined with increased Winter Sale traffic to affect the caching of pages and forced the company to take down the store and deal with the problem. The company makes it clear that such attacks have not managed to break its security and are routinely dealt with. Steam continues to dominate PC digital distribution Valve needs to maintain its services as secure as possible to keep it in the lead on the PC and to continue offering players a wide variety of video games and some spectacular price cuts on special occasions. The Winter Sale is running at the moment, with more than 10,000 video games offered at reduced prices each day and a set of special trading cards that gamers can earn and use to tweak their profile. In late 2015 Valve also introduced the Steam machines, created in collaboration with a wide variety of partners, and the special controller, which offers plenty of new options for PC gamers who want to stay away from their monitors or share a couch with friends. In 2016, the company is planning to also enter the virtual reality space with Vive, which is created in partnership with HTC and does not yet have an official launch date or an attached price. The device was expected to arrive before the end of 2015, but Valve decided to delay it because of a major tech-related breakthrough that’s supposed to improve the user experience once the headset is commercially available. Source: http://news.softpedia.com/news/valve-reveals-details-about-christmas-issues-personal-info-was-shown-ddos-attack-involved-498289.shtml
More:
Valve Reveals Details About Christmas Issues, Personal Info Was Shown, DDoS Attack Involved
The BBC’s website and iPlayer service went down on Thursday morning following a cyber attack causing widespread panic on social media A BBC Technology journalist later posted an article on their website saying a “large web attack” had “knocked” their websites offline. Sources within the BBC said the sites were down “thanks to what is knows as a ‘distributed denial of service’ attack”. A National Crime Agency spokesperson said: “DDOS is a blunt form of attack which takes volume and not skill. It’s a very basic attack tool. One analogy is too many people trying to get through a revolving door at the same time so that the door gets stuck.” Social media reaction to the trouble was swift. Many urged the BBC to get the site back up quickly and lamented how long it was taking to fix the technical trouble. Among the Twitter users to pass comment was Stephen Fry. Professor Tim Watson, Director of Cyber Security at the University of Warwick, said: “The BBC site will expect lots of traffic and they are a high profile target so you would expect them to have all kind of protection against a DDos attack. “They will be used to having lots of visitors but usually people visit the site at different times and are not repeatedly asking for lots of information. “The way a DDos attack works is by having control of thousands or millions of computers on a ‘botnet’ – so as people get their computers compromised by visiting websites or clicking on malicious links in emails, they can be remotely controlled and then coordinated to all visit a website at the same time. “So you can have millions of computers all making repeated visits to the same page over and over again and that is how you flood a website to the point where legitimate users can’t get access.” Professor Watson said there are a number of ways big corporations can protect against these kind of attacks but they are expensive. One way of protecting a site is to have something called “fat pipes” – very large data cables capable of dealing with incredibly high amounts of traffic – combined with really fast computers which can filter out anything like DDos traffic and re-route legitimate traffic back to the main website. But Professor Watson asked: “Is it a good used of licence payers’ money to have fatter pipes just on the off chance that one day someone might want to take down the BBC website with a DDos attack?” Cyver security expert Professor Alan Woodward, from the University of Surrey, said an attack like this needs a “degree of coordination”. He said: “I would have thought this could have been so-called hacktivists. The bbc has a large and sophisticated structure themselves and I know they have systems in place to mitigate it so it might have been slightly more than the usual DDoS attack. I cant see why a cyber criminal would do this, they do this for money, the only people who do this to make a point are hacktivists. “You have these groups who are doing this to make a point. Nation states often have the capability to do it. The motives tend to be where you have some group like these active hacker squad, phantom squad and lizard squad who do it.” An official BBC spokesperson said the corporation “are not discussing the causes” of the shutdown “or going into any further detail”. The BBC’s main website is the 89th biggest in the world, according to web analytics firm Alexa, and is the seventh-ranked site in the UK. Twitter goes into meltdown As BBC technicians frantically attempted to work out how to get their website back up and running, Twitter users had a lot of fun as #BBCDown began trending. The corporation apologised for the inconvenience on a number of Twitter feeds, blaming the website and its iPlayer services going down for over an hour on a “technical issue”. It later emerged the corporation had suffered a DDoS – a distributed denial of service – attack. Source: http://www.telegraph.co.uk/news/bbc/12075679/BBC-website-crashes-and-Twitter-goes-into-meltdown.html
Excerpt from:
BBC reports on BBC tweet about BBC websites DDoS
Cloud hosting company Linode has suffered a series of service interruptions due to distributed denial-of-service (DDoS) attacks launched against its infrastructure over the past few days. The campaign started on December 26 when the company reported that DDoS attacks had disrupted the Linode Manager and its website. On the same day, the attackers also targeted Linode’s DNS infrastructure, and the company’s data centers in Dallas, Atlanta, London and Newark. It took roughly 2-3 hours for Linode’s systems and network engineering teams and the company’s upstream providers to mitigate the attacks. On December 27, DDoS attacks were reported at the data centers in Atlanta, Newark, and London. Linode’s service status page shows that it took the company nearly four hours to mitigate the attack against the London datacenter, while network connectivity was restored in one hour, respectively two hours, in Atlanta and Newark. The attacks against various components of Linode’s infrastructure continued on Monday and Tuesday. In the early hours of Wednesday, shortly after announcing that a DDoS attack affecting Linode’s website had been mitigated, the company reported seeing continued attacks disrupting access to its web services. The latest update indicates that the Dallas data center was again targeted recently, causing packet loss. Kaspersky Lab reported in November that in the third quarter of 2015, Linux-based botnets accounted for nearly half of the total number of DDoS attacks. The most notable was the XOR botnet, which malicious actors leveraged to launch attacks that peaked at more than 150 Gbps. A Kaspersky report released in December showed that almost half of the organizations hit by DDoS attacks actually claimed to know the identity of the attackers. The study is based on information from more than 5,500 companies across 26 countries. Source: http://www.securityweek.com/linode-hit-ddos-attacks
Visit site:
Linode Hit by DDoS Attacks
Three cyber-security firms could not handle the attack Rutgers University’s IT department has managed to restore all services after a large-scale DDoS attack kept some of its systems down for four days between December 24 and December 28. This is not the first time Rutgers University has been hit with a DDoS attack, having already reported on a similar incident back at the end of September . Earlier this year, at the end of March and start of May, university staff also suffered four similar attacks, with the longest one lasting for five full days. Sixth time this year, nobody has claimed responsibility yet The first five attacks were claimed by a hacker that went by the name of Exfocus, who admitted in an interview that he was hired via an underground forum to carry out the DDoS bombardment, and later paid in Bitcoin. Unlike in the case of the first five attacks, Exfocus has not come forward to claim responsibility. The Rutgers IT staff said the attack targeted the sakai.rutgers.edu URL, the University’s Sakai portal. Sakai is an open source, self-hosted Java-based course learning environment used primarily by academic institutions. The DDoS attack did not affect student activities since students are away for Christmas break, which started on December 24 and will end on January 5. A $3 million investment in IT security systems did not help at all Last August, Rutgers management spent $3 million / €2.67 million on security measures to bolster their online platform. According to NJ.com, the University hired three cyber-security firms. The unplanned investment was motivated by the March and May attacks. Despite this, the University’s DDoS mitigation provider has failed to live up to its job, both in September and in this most recent four-day-long attack. In his interview, Exfocus said that he controlled a botnet of 85,000 machines, and was able to launch DDoS attacks of around 25 Gbps, which is considered to be of a medium scale. The proper law enforcement agencies have been notified of the attack. Softpedia has reached out to Exfocus on Twitter. We’ll update the article if we uncover any new information. Source: http://news.softpedia.com/news/rutgers-university-suffers-sixth-ddos-attack-this-year-498229.shtml
See more here:
Rutgers University Suffers Sixth DDoS Attack This Year
We’ve already seen a big increase in DDoS attacks in the past year and according to the latest predictions these are set to continue and become more sinister in nature as we move into 2016. Security specialist Corero foresees a rise in ‘Dark DDoS’ attacks used as various smokescreens to distract victims while other attacks infiltrate corporate networks to steal sensitive data. Dave Larson, COO at Corero Network Security, says, “The highly sophisticated, adaptive and powerful Dark DDoS attack will grow exponentially next year as criminals build on their previous successes of using DDoS attacks as a distraction technique. The Carphone Warehouse attack in August was interesting because it was one of the first publicly reported cases of Dark DDoS in the public domain. This is a new frontier for DDoS attacks and a growing threat for any Internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information”. It also predicts a rise in DDoS-as-a-service cyber crime business models, where it’s possible to pay to have victims hit for as little as $6.00 per month. This means less sophisticated cyber crime actors can readily become DDoS adversaries. During October 2015, 10 percent of Corero’s customer base was faced with extortion attempts, which threatened to take down or to continue an attack on their websites unless a ransom demand was paid. If the volume of DDoS attacks continues to grow at the current rate of 32 percent per quarter, according to Corero’s latest Trends and Analysis Report, the volume of Bitcoin ransom demands could triple to 30 percent by the same time next year. Corero also anticipates 2016 will see ISPs come under pressure to provide DDoS mitigation services to their customers. In a survey conducted this autumn, Corero revealed that three quarters of enterprise customers would like their ISP to provide additional security services to eliminate DDoS traffic from entering their networks. “The current status quo allows malicious traffic carrying DDoS threats to flow freely over most provider networks,” says Larson. “As a result, most customers end up paying their provider for bandwidth that delivers potentially dangerous Internet content. But the technology exists for ISPs to turn this problem into a business opportunity. By providing DDoS mitigation tools as a service, deployed at the Internet edge, they can defeat this problem before it enters their customers’ networks”. Source: http://betanews.com/2015/12/28/2016-will-see-the-rise-of-ddos-as-a-service/
Read more here:
2016 will see the rise of DDoS-as-a-service
Today, we share a blog post from Looking Glass’ Director of Product Management, Patrick Lynch, as he discusses distributed denial of service (DDoS) attacks on DNS root servers. On Nov 30 and again on Dec. 1, massive DDoS attacks against several Internet based DNS root servers with volumes of over 1 million queries per second threatened the global Internet. There is speculation that the attack was initiated by ISIS (here). Not only is this a risk to the Internet as a whole, but also impacts the Internet Service Providers (ISPs) that are the unfortunate middle link in the attack and whom the majority of Internet access depends on. Although the target was the DNS root servers, the intermediate ISPs probably were more severely impacted by the sudden spike in the traffic load due to the relationship between DNS authoritative and recursive servers. Verisign provided additional information showing why the source IPs were spoofed, and the root servers’ users group also published some information. Arstechnica also has a description of the event. There are a number of actions that are available to an ISP that mitigate both the attacks on the DNS root servers, and on the ISP itself: Ingress filtering by source IP address – Routers can enforce BCP38 that only allows traffic to originate with source IP addresses that are valid for that ISP. This will also prevent source and destination addresses from being the same. If Ingress filtering is not practical, then having a DNS firewall will provide similar capabilities to ingress filtering as well as additional capabilities such as: Only allow queries from allowed IP ranges Rate limit queries by source IP or destination IP to prevent volumetric attacks Rules that prevent DNS responses (as opposed to queries) going to the root servers When an upstream DNS server is busy (as in a DDOS attack), automatically generate a server unavailable error and do not add to the DDOS attack Securing DNS is challenging given the nature of the protocol and the fact that the DNS ports must be left open to ensure continuous delivery of DNS services to Internet attached devices. Source: https://lgscout.com/massive-ddos-attacks-of-over-1-million-queries-per-second-threaten-root-servers-that-support-the-global-internet/