@DadSecurity creep responsible for DDoS… and swatting? Mumsnet founder Justine Roberts and another user were both targeted in swatting attacks at the apex of a series of hack attacks that may have led to the compromise of user logins at the high-profile, UK-based parenting site.…
Visit link:
Mumsnet founder ‘swatted by misogynist griefers’
A group callings itself @Dadsecurity claims it was responsible for the cyber and swatting attacks on the Mumsnet site Internet trolls have targeted the founder of the Mumsnet website launching a so-called ‘Swatting attack’, which resulted in armed police being called to her home. Justine Roberts, who set up the hugely influential parenting forum in 2000, claimed the site had to be temporarily shut down last week after a group calling itself @DadSecurity unleashed a cyberattack which overloaded its server. But then in a more sinister twist she said those responsible had made a malicious report to the Metropolitan Police, claiming an armed man had been seen prowling outside her home. As a result she claimed an armed police unit was scrambled to her address in the early hours of August 12. She alleged that the same thing had also happened to another Mumsnet user in which police were told gunshots had been fired at her home. Swatting attacks have become common in the United States, and take their name from the militarised Special Weapons and Tactics (SWAT) units called to deal with armed incidents. The Metropolitan Police said it was unable to provide details of the resources deployed in the incidents, but Ms Roberts, who is married to the Newsnight editor, Ian Katz, said it had left those on the receiving end “shaken up”. The group that claimed responsibility for the cyberattack used the Twitter account @DadSecurity, to brag about its actions, but the user has since been suspended. Describing what happened Ms Roberts wrote on the Mumsnet site: “On the night of Tuesday 11 August, Mumsnet came under attack from what’s known as a denial of service (DDoS) attack. “Our servers were bombarded with requests, which required our Internet service provider to massively increase server capacity to cope. “We were able to restore the site at 10am on Wednesday 12 August. Meanwhile a Twitter account, @DadSecurity, claimed responsibility, saying in various tweets, ‘Now is the start of something wonderful’, ‘RIP Mumsnet’, ‘Nothing will be normal anymore’ and ‘Our DDoS attacks are keeping you offline’.” But she said later that night they appeared to have taken one step further by making a malicious call to the police. She wrote: “An armed response team turned up at my house last week in the middle of the night, after reports of a gunman prowling around.” She explained that another Mumsnet user who challenged @DadSecurity on Twitter was warned to ‘prepare to be swatted by the best’ in a tweet that included a picture of a SWAT team. Ms Roberts wrote: “Police arrived at her house late at night following a report of gunshots. Needless to say, she and her young family were pretty shaken up. “It’s worth saying that we don’t believe these addresses were gained directly from any Mumsnet hack, as we don’t collect addresses. The police are investigating both instances.” Mumsnet is currently reviewing its online security and is asking all users to change their passwords in order to reduce the risk of any other hacks. Mumsnet has come in from criticism in the past from father’s groups, including Fathers4Justice, which claim it has an “anti-male agenda”. In 2012 Fathers4Justice launched a campaign which included a naked protest at companies that advertised with the website. Source: http://www.telegraph.co.uk/news/uknews/crime/11810790/Mumsnet-founder-targeted-in-Swatting-attack.html
Original post:
Mumsnet founder targeted in ‘Swatting attack’
By next spring, researchers are expected to unveil new tools enabling organizations like the Defense Department a rapid response to distributed denial-of-service attacks. The Pentagon has in mind a three-pronged counterattack against a decades-old form of cyber assault that continues to paralyze government and industry networks, despite its low cost of sometimes $10 a hit. Beginning next spring, military-funded researchers are scheduled to produce new tools that would quickly enable organizations to bounce back from so-called distributed denial-of-service attacks. A recovery rate of at most 10 seconds is the goal, according to the Defense Department. Today, attackers have a relatively easy time aiming bogus traffic at computer servers to knock them offline. One reason is that computer systems often are consolidated, making for a wide target area. Another weakness is the predictable behavior of systems that support Web services. And finally, certain types of DDoS attacks that evince little malicious traffic go undetected. Researchers chosen by the Defense Advanced Research Projects Agency will attempt to deny attackers such openings through a three-year program called Extreme DDoS Defense, according to Pentagon officials. The tentative start date is April 1, 2016. The stability of agency operations, banking, online gaming and many other daily activities are at stake here. A DDoS attack against Estonia in 2007 allegedly orchestrated by Russian-backed hackers downed government and industry Internet access nationwide for two weeks. More recently, crooks have begun offering Luddites DDoS-for-hire services at subscription rates of $10-$300 a month, according to journalist Brian Krebs. Lizard Squad, a major provider, allegedly was behind several persistent attacks on online gaming services Xbox and PlayStation. A string of 2011 cyber assaults against Wall Street banks, including Capital One and SunTrust Banks, was attributed to Iranian hackers. Just this month, at the annual Black Hat security conference in Las Vegas, Trend Micro researchers said they observed attackers trying to overpower systems in Washington that monitor the physical security ofgas pumps. Luckily, the devices were fake “honeypot” traps. “Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. In contrast, military communication often demands that disruptions be limited to minutes or less,” DARPA officials said in an Aug. 14 announcement about the new program. The funding level for the project was not disclosed but multiple grants are expected to be awarded. Interested researchers must submit proposals by noon Oct. 13. XD3 will endeavor to thwart DDoS attacks by “dispersing cyber assets” in facilities and on networks, officials said. Currently, the problem is that cloud computing arrangements and other critical infrastructure systems “rely heavily on highly shared, centralized servers and data centers,” they added. The new tools also will try “disguising the characteristics and behaviors of those assets” to complicate the planning of DDoS launches, officials said. The trick with so-called “low-volume” DDoS attacks is they do not look like traffic overloads. The external computer messages seem benign but are actually exhausting a system’s memory or processors. One workaround here might be sharing information among systems that then can “decide collectively whether attacks have occurred, and/or to determine what mitigations might be most effective,” officials said. One group of XD3 researchers will be assigned to inspect the designs for unintended security holes. Anyone wanting to be a reviewer must hold a top-secret clearance, according to the contract rules. “The objective of design reviews is the proactive identification of weaknesses and vulnerabilities that would reduce the effectiveness of DDoS attack detection or mitigation,” officials said. The idea also is to “apprise performers of potential DDoS attack methods or features that they might not have considered.” Source: http://www.defenseone.com/ideas/2015/08/pentagon-wants-wage-war-denial-service-cyber-attacks/119196/
Read More:
The Pentagon Wants To Wage War on DDoS Cyber Attacks
A million low end, pirate boxes still spewing malware relic. Three Dutch researchers have crunched data gleaned from efforts to battle the Conficker bot and declared anti-botnet initiatives all but useless for clean up efforts.…
More here:
Anti-botnet initiatives USELESS in sea of patch-hating pirates
The technology is vulnerable to exploit in launching a breed of DDoS attack which reflects and amplifies traffic. A flaw in BitTorrent clients can be exploited to allow single attackers to harness extra juice in launching DDoS attacks on a vast scale. At the USENIX conference in Washington, D.C., researchers from City University London unveiled ways that BitTorrent-based programs including uTorrent, Mainline and Vuze are vulnerable to distributed reflective denial-of-service (DRDoS) attacks. Specifically, cyberattackers can exploit protocols used by BitTorrent — a popular way of sharing large files online through peer-to-peer networking — to reflect and amplify traffic from other users in the system. In a paper dubbed “P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks,” the research team says the protocol family used by BitTorrent — Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE))and BitTorrent Sync (BTSync) — are all vulnerable to exploit. During testing, over 2.1 million IP addresses were crawled and 10,000 BitTorrent handshakes were analyzed within a P2P lab test environment. The City University London researchers were able to assault a third-party target through traffic amplified up to a factor of 50 times, and in case of BTSync, up 120 times the size of the original request. This means that a lone attacker could exploit the system to conduct attacks on websites and companies far more debilitating than their actual computational power. City University London DRDoS cyberattacks hook in slave machines to participate in distributed denial of service (DDoS) attacks without user consent or knowledge. Traffic requests sent from victim systems are redirected which sends additional traffic to the target. In turn, this can result in websites and online services unable to cope with a flood of requests, denying access to legitimate users and taking sites offline until the flow of traffic dissipates — all caused with fewer slave machines and without the cost of hiring out a botnet. The BitTorrent protocols do not include processes to prevent IP address spoofing, which means an attacker can use peer-discovery methods including trackers, DHT or Peer Exchange (PEX) to collect millions of possible amplifiers for their DRDoS attacks. The researchers said: “An attacker which initiates a DRDoS does not send the traffic directly to the victim; instead he/she sends it to amplifiers which reflect the traffic to the victim. The attacker does this by exploiting network protocols which are vulnerable to IP spoofing. A DRDoS attack results in a distributed attack which can be initiated by one or multiple attacker nodes.” In addition, “the most popular BitTorrent clients are the most vulnerable ones,” according to the team. In March, code repository GitHub suffered a debilitating DDoS attack, the largest in the website’s history which lasted for days. Believed to originate from China, the DDoS attack involved a wide combination of attack vectors, sophisticated techniques and the use of unsuspecting victim PCs to flood GitHub with traffic in order to push GitHub to remove content from anti-censorship organization Greatfire.org and publication the New York Times. Source: http://www.zdnet.com/article/bittorrent-exploits-allow-lone-attackers-to-launch-large-ddos-attacks/
Follow this link:
BitTorrent exploits allow lone hackers to launch large DDoS attacks
It started with a five minute long DDoS attack which established that the cybercriminals meant business and could cause impact, this small sample attack stopped all business for five minutes. They then sent an email demanding payment of the ransom in bitcoins within 48 hours, otherwise a second and far more damaging DDoS attack would ensue and the ransom amount would be raised. This type of attack: ‘DDoS Extortion’ has become increasingly popular during the past year and the official guidance to companies who find themselves in a DDoS Extortion situation, as recently reiterated by the FBI, is: Do Not Pay the ransom but rather focus efforts at strengthening DDoS mitigation. The ‘target’ in this case was a leading ecommerce corporation and downtime was not an option both in terms of possible transaction loss and equally importantly reputational damage. The company had already invested in multi-layered DDoS mitigation strategy. The five-minute outage caused by the extortionists had senior IT management under pressure and they knew that serious financial loss as well as impact to their reputation was possible. “DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’” DDoS Testing Testing DDoS mitigation systems is done by generating traffic which simulates real DDoS attacks in a completely monitored and controlled manner. Control is key because DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’ but is rather a chain of devices that need to be configured much like an orchestra in order to work in complete harmony. Testing this way allows a company to verify that each element of their DDoS mitigation systems is working as expected and that together they are configured for optimal protection. DDoS testing typically impacts the tested environment and therefore is conducted during maintenance windows to ensure minimal disruption to ongoing operations. This means the company’s key team members are usually all on site and because maintenance windows usually last 3-5 hours – time is of the essence. For this reason effective DDoS testing allows for: i. Quickly switching from one type of test to another once you have evaluated how the environment responds to a test (there are numerous types of tests ranging from Layer 3, Layer 4 to Layer7), and ii. Ramping up test bandwidth to simulate a realistic load level We received a call on Saturday afternoon describing the ransom scenario and possibilities of a large attack and our SOC team was at the customer’s premises the following morning. “It’s all about knowing which attacks to simulate and getting as many of them done, in as little time as possible. You know that clock is ticking..” Our ‘Emergency BaseLine DDoS Testing’ as we have come to call it, is comprised of the following three stages: 1. Reconnaissance – Working with the company to understand as much as possible about relevant subnets and foot-printing the environment with port scanning and DNS enumeration. 2. Testing – Simulating a variety of tests to identify points of failure 3. Troubleshooting & Hardening – Resolving immediate critical issues and troubleshooting the necessary network points to have a DDoS mitigation defense ready for the threatened attack. Source: http://blog.mazebolt.com/?p=590
Read this article:
DDoS Extortion – Biting the DDoS Bullet
Malformed .MOV files can murder your movies Two Borg assimilators have discovered five denial of service vulnerabilities in Apple’s QuickTime.…
Read More:
Use QuickTime … and become part of the collective
El Reg and NewsThump also briefly vanished into the abyss Large chunks of the intertubes, including popular programmers’ hangout Stack Overflow, were blanked from view earlier this afternoon after a hiccup at cloud hosting and DDoS mitigation outfit Cloudflare.…
View post:
Cloudflare hiccup nudges Stack Overflow and others offline
Corbyn camp urges us to ‘get registering’ – we couldn’t agree more, Jeremy The intermineable registration process for voters for the new Labour Party leader’s election did not terminate this noon, as was planned, due to the party website dropping offline, following an effective, if accidental, DDoS attack from a flood of well-meaning visits generated by eager, if incredibly tardy, new supporters. The party website now informs visitors that “this morning we understand that some people have had problems trying to join or register as a supporter of the Labour Party. We are extending the deadline to join or register and be able to vote in the Leadership elections until 3pm.” If you are experiencing problems with the website, you can also register as a supporter with a £3 text. Text SUPPORT to 78555 and wait for a further text tomorrow on how to complete registration. According to the Guardian – which is live-Tweeting the event, now for another three hours – the party’s fear of entryists has resulted in “at least three of the camps” getting “in touch with each other to discuss their concerns about the running of the contest”. No accounts connected to Corbyn’s opponents have tweeted about the extension. Source: http://www.theregister.co.uk/2015/08/12/labour_party_wesbite_ddosd_by_mob_wanting_to_vote_for_new_leader/
Continue reading here:
Labour Party website DDoS’d by ruly democratic mob
Hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4 million people, according to sources with knowledge of the incident. The retailer revealed at the weekend that its security had been breached in a “sophisticated” attack. It is now thought that criminals used a cyber attack technique known as Distributed Denial of Service (DDoS) as a cover to help them infiltrate the retailer’s systems and perpetrate one of Britain’s biggest ever data thefts. To mount a DDoS attack, a global network of hijacked computers, known as a botnet, is used to bombard the target computers with traffic, overloading them and potentially forcing them offline. The ensuing technical problems can serve as a distraction for security staff, allowing hackers to exploit software vulnerabilities or stolen administrator credentials to break into systems and extract data undetected. A source with knowledge of the attack on Carphone said its online retail systems had come under bombardment before the major data theft was noticed on Wednesday last week. The millions affected are customers of OneStopPhoneShop.com , e2save.com and Mobiles.co.uk , as well as Carphone and its own mobile operator, iD Mobile. The systems broken into also held data for Talk Mobile and TalkTalk Mobile, the retailer said. Victims were advised to ask their bank to be on the lookout for suspicious activity, although on Monday there were no verified reports of fraud using the stolen data, sources said. Hackers who steal personal data often sell it in bulk on digital black markets to other criminals who seek to use it to commit fraud. According to internet security experts, criminals are increasingly using DDoS attacks to disguise their intrusions. In the most famous case, in 2011, Sony’s PlayStation Network, an online gaming service, was shut down for weeks after the personal and financial details of 77 million customers were stolen. The chief of the PlayStation division told the US Congress that a simultaneous bombardment of traffic against the network “may have made it more difficult to detect this intrusion quickly”. Subsequent examples of DDoS smokescreens include a 2012 attack on a bank during which card date was stolen and $9m drained from accounts via cash machines around the world. A warning that online bombardment can be a “diversionary tactic” for fraudsters is now part of official cyber security advice to US banks. Carphone Warehouse, which is contacting customers affected and co-operating with police and the Information Commissioner’s Office, declined to comment. Source: http://www.telegraph.co.uk/finance/newsbysector/epic/cpw/11794521/Carphone-Warehouse-hackers-used-traffic-bombardment-smokescreen.html
See the original post:
Carphone Warehouse hackers used DDoS attack as smokescreen