Tag Archives: ddos

Dutch government says DDoS attack took down websites for hours

Cyber attackers crippled the Dutch government’s main websites for most of Tuesday and back-up plans proved ineffective, exposing the vulnerability of critical infrastructure at a time of heightened concern about online security. The outage at 0900 GMT (0400 ET) lasted more than seven hours and on Wednesday the government confirmed it was a cyber attack. The United States has beefed up cybersecurity laws and created an intelligence-gathering unit to coordinate analysis of cyber threats after attacks against Sony Pictures and Home Depot. The outage affected most of the central government’s major websites, which provide information to the public and the media, but phones and emergency communication channels remained online. Other websites, including GeenStijl.nl, a popular portal which mocks politicians and religions, were also hit by the “distributed denial of service” (DDoS) attack, said Rimbert Kloosterman, an official at Government Information Service, which runs the websites. “Our people are investigating the attack together with the people from the National Centre for Cyber Security,” he said. The complexity and size of the government’s many websites had rendered the back-up useless, he said. Prolocation, the website host, said the attack had been a “complex” problem and that its phone lines had also gone down. “The initial symptoms pointed first to a technical problem, but it then emerged we were facing an attack from the outside,” the company said in a statement. But one computer security expert doubted that a DDoS attack, in which systems are overloaded with a flood of requests from hijacked computers, could have been hard to identify. “If you face a DDoS, you know it,” Delft Technical University cyber security specialist, Christian Doerr, said. Such attacks were hard to guard against and the software for such an attack could be bought illegally for as little as $25. “Even a 16-year-old with some pocket money can attack a website,” he said. Source: http://www.reuters.com/article/2015/02/11/us-netherlands-government-websites-idUSKBN0LF0N320150211

See original article:
Dutch government says DDoS attack took down websites for hours

How The Great Firewall Of China Caused A DDoS Attack In France

Many people outside China know about the country’s Great Firewall, but probably assume it will have little, if any, impact on their own online activities. However, a fascinating post on Benjamin Sonntag’s blog explains how one of the servers of La Quadrature du Net, the Paris-based digital freedom association he co-founded, and for which his company provides free hosting, was hit by distributed denial of service attacks (DDOS) caused directly by the Great Firewall’s policies. His blog post provides all the technical details: it turned out that the vast majority of the attacks were coming from Chinese IP addresses. Here’s what seems to have happened: China is censoring its Internet, that’s well known to do this, this country censors (among others) DNS [Domain Name System] queries in its network (and also censoring as a side effect, the rare Japanese, Korean or Taiwanese queries going through China) when it answers a DNS query to a censored website, it answers with “any incorrect IP address” instead. That is, instead of letting Chinese Net users access “forbidden” content, the Great Firewall generally re-directs them to some random, presumably harmless, site. But that wasn’t happening here: we see spikes of requests to websites censored in China coming to IP addresses such as those of La Quadrature du Net. Other people had this same issue : http://furbo.org/2015/01/22/fear-china/ So, the end story is that we just saw censored websites requests coming to La Quadrature du Net’s IP address from China, due to how the Chinese Internet censorship is working! Rather than pushing limited traffic to lots of sites, the Great Firewall was sending lots of traffic to just a few. Among the possible explanations for this new behavior, Sonntag offers two that are equally worrying: Maybe one of the system administrator of the great firewall of China is gaining some small and quick money selling DDOS, selling Internet attacks to the highest bidder (in bitcoin? ) and using that censorship system as a weapon Maybe China chose a precise list of targets to send censored traffic to, adding to this technical “useful” process (the censorship) a “nice” one (putting down foreign opponents’ websites)… La Quadrature du Net, as a digital freedom association, seems to be too nice a target (among others of course). Neither is good news for sites in the West. Whatever the real reason for this DDOS attack on La Quadrature, it certainly shows that the operation of the Great Firewall of China can have very direct effects outside that country. Another reason, perhaps, for those in the West to pay closer attention to China’s increasingly harsh approach to online censorship. Source: https://www.techdirt.com/articles/20150204/09454829910/how-great-firewall-china-caused-ddos-attack-france.shtml

More:
How The Great Firewall Of China Caused A DDoS Attack In France

Anonymous-linked hacker admits to DDoS of public services

Merseyside resident disrupted more than 300 sites with bogus traffic. A hacker with links to Anonymous has admitted conducting distributed-denial-of-service (DDoS) attacks against social services, crime prevention bodies and businesses. Ian Sullivan, a 51-year-old from Bootle in Merseyside, flooded more than 300 websites with bogus traffic in 2013, rendering them unusable for legitimate visitors, though the police said no data was stolen. Steven Pye, senior operations manager at the National Crime Agency’s (NCA) cybercrime unit, said: “Many DDoS attacks are little more than a temporary inconvenience, but in this case Sullivan’s actions are likely to have deprived vulnerable people of access to important information, ranging from where to get support on family breakup, to reporting crime anonymously.” “This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.” Sullivan was arrested on July 29, 2013 by the Police Central e-Crime Unit after the DDoS attacks were referenced by a Twitter account. Investigators found software on his computer capable of taking websites offline, as well as documents linking him to other campaigns run by hacking collective Anonymous. He will be sentenced at Liverpool Crown Court on May 1. Source: http://www.cbronline.com/news/security/anonymous-linked-hacker-admits-to-ddos-of-public-services-4507312

View article:
Anonymous-linked hacker admits to DDoS of public services

Home Routers and IoT Devices Set to Drive DNS DDoS Attacks

The volume of DNS-based DDoS attacks will see another sharp rise this year as increasing numbers of home routers and IoT devices are compromised, according to Nominum. The network infrastructure and security firm claimed there was a 100-fold rise in such attacks during 2014 with a major spike in December thanks to malware in home gateways. The trend is likely to continue in 2015, with the volume of exploitable home and IoT devices set to soar. According to Nominum, just 100 compromised devices managed to take down one million subscriber networks last year. In such DDoS campaigns, the attackers send specially crafted queries to ISP DNS resolvers and authoritative DNS servers, making the websites reliant upon them unreachable. Nominum claims that many DDoS prevention services are unable to counter these attacks as they’re either deployed in the wrong part of the network or lack accuracy. The firm added that last year, 24 million home routers with open DNS proxies were compromised and used to launch DDoS attacks. The volume of vulnerable devices has decreased since then, but with more than 100 million routers shipped every year and IoT devices set to reach tens of billions over the coming years, there’ll be plenty of opportunity for attackers to strike, it claimed. “The recent shift to bot-based DNS DDoS dramatically changes the threat landscape and these attacks will likely grow worse as the number of connected devices increases,” said Craig Sprosts, vice president product management at Nominum, in a statement. “These attacks are continuously changing and increasingly targeting legitimate domains, requiring rapid response and making simple domain or IP-based blocking approaches too risky to deploy in service provider networks.” However, David Stubley, CEO of security consultancy 7 Elements, argued that firms shouldn’t focus all their defensive efforts on DNS-related DDoS. “We have been dealing with bots and DDoS for the last 15 years and have seen a number of new techniques, such as BitTorrent as a delivery method for DDoS attacks,” he told Infosecurity . “While DNS amplification attacks will make DDoS attacks larger, this is just one of a number of approaches used and doesn’t dramatically change the threat landscape. Organizations need to assess the overall impact on their business that a DDoS attack could have and take appropriate measures to ensure that they can meet their business objectives.” Source: http://www.infosecurity-magazine.com/news/home-routers-iot-devices-drive-dns/

Read the original post:
Home Routers and IoT Devices Set to Drive DNS DDoS Attacks

Hackers ransoming encryption keys from website owners

Hackers are finding even more ways to harm website owners, in a new report from security firm High-Tech Bridge hackers are switching encryption keys and then ransoming website owners for money. The attack—known as “RansomWeb”—manages to take the current encryption keys and swap them with non-working numbers. In order for the website owner to regain control, they are forced to pay the hackers. Encryption is the basis of modern internet security, but with this new hack it locks the website owner out and gives no way to get back in, without having even more security latched on top. Even if the website owner sends payment over, there is no guarantee they will get the website back, or any guarantee that the attacker will not launch the same attack later. “We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks.” Ilia Kolochenko, chief executive of High-Tech Bridge said. “RansomWeb attacks may cause unrepairable damage, they are very easy to cause and pretty difficult to prevent.” These hackers wait for months until new patches of encryption keys are added, before locking out the website owner. This gives them full control over the website and allows them to implement old keys that are invalid. Kolochenko claims this is a change in hacker identity, moving from chaos to financial motives. He believes the next slew of hackers will always look for ransoms and lock owners out, instead of simply defacing a website. This was first seen on the Sony Pictures hack, when the apparent hackers sent ransom messages to Sony executives three days before taking the entire system offline. The ever changing world of encryption makes it hard for security firms to properly defend customers, especially with this new RansomWeb attack. It may lead to firms like Google and Facebook offering security help for smaller sites, offering new encryption and security tools. Source: http://www.itproportal.com/2015/02/03/hackers-ransoming-encryption-keys-website-owners/

Read More:
Hackers ransoming encryption keys from website owners

Tidal waves of spoofed traffic: DDoS attacks

While massive retail breaches dominated headlines in 2014, with hacks involving state-sponsored threats coming in a strong second, distributed denial-of-service (DDoS) attacks continued to increase, both in the volume of malicious traffic generated and the size of the organizations falling victim. Recently, both the Sony PlayStation and Xbox Live gaming networks were taken down by Lizard Squad, a hacking group which is adding to the threat landscape by offering for sale a DDoS tool to launch attacks. The Sony and Xbox takedowns proved that no matter how large the entity and network, they can be knocked offline. Even organizations with the proper resources in place to combat these attacks can fall victim. But looking ahead, how large could these attacks become? According to the “Verisign Distributed Denial of Service Trends Report,” covering the third quarter of 2014, the media and entertainment industries were the most targeted during the quarter, and the average attack size was 40 percent larger than those in Q2. A majority of these insidious attacks target the application layer, something the industry should be prepared to see more of in 2015, says Matthew Prince, CEO of CloudFlare, a website performance firm that battled a massive DDoS attack on Spamhaus early last year. Of all the types of DDoS attacks, there’s only one Price describes as the “nastiest.” And, according to the “DNS Security Survey,” commissioned by security firm Cloudmark, more than 75 percent of companies in the U.S. and U.K. experienced at least one DNS attack. Which specific attack leads that category? You guessed it. “What is by far the most evil of the attacks we’ve seen…[are] the rise of massive-scale DNS reflection attacks,” Prince said. By using a DNS infrastructure to attack someone else, these cyber assaults put pressure on DNS resolver networks, which many websites depend on when it comes to their upstream internet service providers (ISP). Believing these attacks are assaults on their own network, many ISPs block sites in order to protect themselves, thus achieving the attacker’s goal, Prince said. By doing so “we effectively balkanize the internet.” As a result, more and more of the resolvers themselves will be provided by large organizations, like Google, OpenDNS or others, says Prince. Source: http://www.scmagazine.com/tidal-waves-of-spoofed-traffic-ddos-attacks/article/393059/

Originally posted here:
Tidal waves of spoofed traffic: DDoS attacks

BitTorrent’s Project Maelstrom will host websites in torrents

When you enter a URL and hit enter, your computer reaches out to a server someplace in the world to access a website. Sometimes a site is stored on a few servers for redundancy or load balancing, but the model is functionally the same. BitTorrent, the company behind the popular file sharing protocol, is looking to change the way websites are hosted by keeping the data not on a centralized server, but on the home computers of users. These sites would be split up into pieces just like a file shared via a torrent. BitTorrent calls this system Project Maelstrom, and it’s getting very close to reality. Project Maelstrom is built on a modified version of Chromium, the open source project that backs Google’s Chrome browser. If we extend the file sharing analogy to Project Maelstrom, the modified browser is basically your torrent client. You enter a web address, and the browser connects to a “swarm” of users already accessing the site who have pieces of it ready to send over. These bits are assembled into the final product and displayed normally. If it works as intended, you won’t notice a difference in the functionality of these sites. The torrent browser is going to be able to access regular web pages via the internet, but it’s mainly for these so-called torrent web pages. One of the main advantages here will be scalability that surpasses anything we have today on traditional server infrastructure. When a site gets hit by a lot of traffic, a server has to devote more and more bandwidth to serving content, which can easily saturate the pipes. In the case of a distributed denial of service attack (DDoS), a website can be knocked offline for hours or days. A torrent web page should actually become more reliable as it is accessed more. More seeds means more speed and accessibility.   One notable drawback to Project Maelstrom would be the relative difficulty in keeping very new or unpopular sites online. When a new torrent web page is created, there is only one source for the data, probably with nowhere near the power of a dedicated web server. So the creator is the first seed, the next person to visit is the second seed, but the third person then has two sources to download from, then becoming the third seed. It’s just like a torrent — it can get stupid-fast when there are enough seeds. The decentralized nature of Project Maelstrom would also make it nearly impossible to take down a website as long as users kept seeding it. Seems like a perfect match for The Pirate Bay, right? This platform would present ethical issues, of course. What if a legitimately terrible or illegal site were hosted in Maelstrom? There might not be any way to take it down. This is something law enforcement already deals with on Tor, but Project Maelstrom has the potential to be much faster and easier to use. Still, BitTorrent thinks content providers will get on board with Maelstrom as a way to reduce costs. For example, if Netflix can detect when a user is connecting through a Maelstrom-enabled browser, it could save money by serving video content through a swarm of multiple users, rather than pushing separate streams out to everyone individually. It would be like a content delivery network on steroids. BitTorrent is going to find out if Maelstrom will be used for good or evil soon. A consumer version is expected this year.   Source: http://www.extremetech.com/internet/198578-bittorrents-project-maelstrom-will-host-websites-in-torrents

View article:
BitTorrent’s Project Maelstrom will host websites in torrents

Latest Lizard Squad hack shows increasing strength of DDoS attacks

Bill Barry, executive vice president, Nexusguard, has prepared a comment in light of the recent Lizard Squad hack on Taylor Swift’s Twitter account: “The hack on Taylor Swift proves that the Lizard Squad has another string to its bow, having previously used DDoS attacks to bring down the Sony Playstation, Microsoft Xbox and Malaysian Airlines systems rather than infiltrating them. “It’s time for businesses and brands to realise the multi-faceted security threats presented by sophisticated cyber criminals. “The DDoS for hire space has become so lucrative that these mayhem-for-sport acts of hacking  a celebrity Twitter account is a way to build brand recognition and raise awareness that anyone, anywhere could be the victim of cyber attacks. “This heightened market awareness becomes a dangerous marketing engine to allow anyone with a slight motive to launch their own attacks at intended targets. “Using this tactic has meant that in a short time over 14,000 customers have signed up to use the Lizardstresser DDoS tool. “The Lizard Squad has proved, if nothing else, that DDoS attacks are becoming more effective. The methods used by DDoS networks to locate vulnerabilities within security systems are more sophisticated and automated. “Leveraging zero-day and zero-plus vulnerabilities in unprotected networks means that they are able to recruit and add infected computers to their attack army at an ever-alarming rate. “This increased rate of botnet recruitment not only gives the attacker a flexible arsenal of attacks for causing mayhem, but increases the overall effectiveness and success rate of each attack. “Imagine the leverage a group such as The Lizard Squad could gain by bringing down a betting website on Grand National Day, for example. “The best way to guard against zero-plus attacks to is to always be vigilant and proactively try to identify vulnerabilities and weaknesses in your system before the attackers do. For an enterprise,  this may mean compiling rules and guidelines on which online applications are approved for use, and implementing proactive monitoring at an application level to detect abnormalities as early as possible. “However, this is just the first layer of total protection – an effective defence requires in-depth, tailored implementation, not a one-size-fits-all mitigation solution. “With multi-vector attacks, all avenues of attack must be detected and mitigated. For example, sophisticated attackers like the Lizard Squad may be using a mixture of DDoS and hacking – no off-the-shelf product is likely to deal with such an approach effectively. “Best practice is to seek the guidance of a security specialist that can design and customise a solution specific to your business.” Source: http://www.itproportal.com/2015/01/30/latest-lizard-squad-hack-shows-increasing-strength-ddos-attacks/

View original post here:
Latest Lizard Squad hack shows increasing strength of DDoS attacks