Tag Archives: denial of service attack

The Anonymous ‘war’ on Donald Trump is a complete disaster

The “total war” that Anonymous declared earlier this month against Donald Trump has quickly devolved into a civil war among hackers fighting within the group and pro-Trump supporters who are trolling them within their chat rooms. In early March, hackers affiliated with Anonymous tried to reboot their Operation Trump campaign by calling for everyone to take down Trump’s websites in a coordinated effort on April 1. Almost immediately, the initiative was criticized by people within Anonymous as irresponsible and “cringeworthy,” but a dedicated group apparently moved on with the plan. It’s April 1: Many of the GOP frontrunner’s sites are still standing, there are now two competing OpTrump chat rooms with totally different missions, and one of them has been flooded with pro-Trump supporters and others leaving trolling comments like “Hitler did nothing wrong.” In short: The so-called war seems to be a complete disaster. ‘A mess is happening’ It’s unclear when the split between Anonymous factions occurred, but it seems to have happened sometime after a hacker named Beemsee, who has been leading the original OpTrump effort, released a new statement claiming that attacking Trump’s websites was all a ruse for publicity around April Fools’ Day. “There is no DDoS,” Beemsee and two other hackers wrote, using the acronym for a distributed denial-of-service attack, a tactic used to overload a website. “It’s only purpose was to gain attention, which this Operation needs. … the point of this Operation is not to attack Donald Trump. Instead, it is going to try to give citizens some insight.” Beemsee and their cohorts say in their statement that people should try and capture “the darker nature of Trump’s supporters” and post it on social media sites with hashtags like #OpTrump and #Trump2016. But a hacker called AnonymousLoyalist disagreed. In a competing statement, the hacker wrote that they moved to a “far more organized channel, which has already seen unsurprisingly large amounts of success.” That channel is #OpTrump2016, but it was unclear exactly what that success boiled down to. When Tech Insider viewed the #OpTrump2016 chat room on Friday, it was an unorganized mess. Most Anonymous chat rooms are moderated in some way, and people usually get kicked out for spamming or posting nonsense. But it appeared to be flooded with trolls intent on calling them children, “social justice warriors,” and, more often than not, homophobic slurs. “A mess is happening,” wrote one user in #OpTrump, expressing a shared frustration among others in Beemsee’s chat room. The ‘war’ goes on It was clear on Friday that at least some of Trump’s websites were indeed under cyberattack. The website CitizensForTrump.com is currently unreachable, and the site for Trump’s hotels brought up an error for a few seconds before pulling up a cached version powered by CloudFlare, a service that protects from attacks like this. Anonymous may be able to bring down some of Trump’s unprotected websites, but it will almost certainly come back online after a few hours or days. And many of his other sites are probably not at risk at all, since Tech Insider previously spoke with CloudFlare CEO Matthew Prince, and he wasn’t particularly worried. “DDoS attacks are not particularly sophisticated cyber attacks,” Prince said. “They are sort of the functional equivalent of a caveman with a club.” A representative for Trump did not immediately respond to a request for comment from Tech Insider, but spokeswoman Hope Hicks previously told Tech Insider: “The government and law-enforcement authorities are seeking the arrest of the people responsible for attempting to illegally hack Mr. Trump’s accounts and telephone information.” Depending on who you believe in Anonymous, the plan is a coordinated DDoS attack or a social-media shaming campaign against Trump’s supporters. But Beemsee left open the possibility of something else, perhaps an actual way to take over one of their targeted websites — which the hacker collective has been scanning for vulnerabilities since the beginning. “This is NOT the last time you hear of this operation,” Beemsee wrote. “We will be watching, and will act when the time is right.” Source: http://www.businessinsider.com/anonymous-war-donald-trump-fail-2016-4

Excerpt from:
The Anonymous ‘war’ on Donald Trump is a complete disaster

D.O.J. Charges Iran-Sponsored Hackers with Dozens of DDoS Attacks on Major Financial Institutions

No less than 46 U.S. financial institutions, as well as a dam in New York, were allegedly targeted. On Thursday morning, the Department of Justice unsealed an indictment against seven Iranian citizens allegedly funded by the Islamic Revolutionary Guard Corps, accusing them of launching a coordinated cyber-attack against a minimum of 46 American financial institutions, as well as a major New York dam. In a press conference with some of American law enforcement’s heaviest hitters, including F.B.I. director James Comey and U.S. district attorney Preet Bharara , Attorney General Loretta Lynch announced that members of two Iran-based computer companies, ITSecTeam and the Mersad Company, had launched coordinated distributed denial of service (DDoS) attacks against the Web sites of dozens of financial institutions, including the New York Stock Exchange, Bank of America, Capital One, ING, and AT&T, disabling them and preventing their customers from accessing their accounts. In addition, one of the alleged hackers, Hamid Firoozi , was said to have illegally accessed a computer in charge of the Bowman Dam in Rye, New York, giving him the ability to remotely control its operations and potentially cause “a threat to public health or safety.” According to the Department of Justice, the two groups received funding from the Islamic Revolutionary Guard, the elite government militia tasked with defending Islamic law in Iran. Lynch said in a statement that the attacks not only cost these companies “tens of millions of dollars” to restore their Web sites, but highlighted how foreign cyber-attacks have become a major threat to U.S. national security. “In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” she said in the prepared statement. According to the indictment, the DDoS attacks took place over 176 days between 2011 and 2013. The attacks on U.S. targets took place after Iran’s nuclear capabilities were sabotaged by the Stuxnet virus, believed to have been a joint effort between the U.S. and Israeli governments, in mid-2010. The indictment also comes after a series of high-profile cyber-attacks on the United States government. In 2014 alone, the government experienced more than 61,000 attacks on their computer systems, affecting several administrative agencies such as the State Department, the Energy Department, and the White House. Last year, the Office of Personnel Management (O.P.M.) was the target of the largest attack to date, in which Chinese hackers stole sensitive personal information from 21.5 million past and present government employees. During the press conference Thursday morning, Comey said that the indictment was meant to show the world that the U.S. government was ready to respond to foreign-based cyber-attacks, no matter where they came from or the scale of the attack. “By calling out the individuals and nations who use cyber-attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” he said. Source: http://www.vanityfair.com/news/2016/03/doj-iran-hacker-indictment

See more here:
D.O.J. Charges Iran-Sponsored Hackers with Dozens of DDoS Attacks on Major Financial Institutions

Change.org Victim of DDoS Attack From China

Change.org, an online petitioning platform, has appear beneath an advancing broadcast abnegation of account (DDoS) advance basic from China afterwards the website hosted a alarm advancement Chinese authorities to absolution artisan Ai Weiwei from custody. The attacks, which started backward Sunday, accept about brought down the site, according to Change.org architect Ben Rattray. DDoS attacks plan by application hundreds or bags of afraid computers to forward cartage to a website, cutting it with abstracts so it becomes aloof to accustomed users. Change.org said the accepted advance originates from an accretion accumulation of computers primarily based in China, and has yet to stop. This is the aboriginal time the website has been hit with a DDoS attack. Change.org has been hosting a online address calling for the absolution of Chinese artisan Ai Weiwei, who is currently beneath arrest. The address has admiring about 100,000 humans from 175 countries, authoritative it one of Change.org’s a lot of acknowledged all-embracing campaigns, Rattray said. “It’s appealing bright the advance is in acknowledgment to the campaign,” he added. “It’s amazing that somebody in China with a high-level of abstruse composure can appulse the adeptness for humans about the apple to organize.” The online alarm coincided with demonstrations beyond the apple this accomplished Sunday, which aswell alleged for the artist’s release. Ai, who is aswell accepted for his activism, has been bedfast as allotment of a Chinese government crackdown on political dissidents in the country. Authorities in the country accept arrested added animal rights activists and clamped down on the advice flow, afterward antecedent online postings that began in February calling for a “Jasmine revolution” adjoin the Chinese government. Change.org is currently blocked in China. Internet censors in the country consistently block sites that are accounted to politically sensitive. Despite the block, the computers complex in the DDoS advance are managing to acquisition a way about the country’s civic Internet firewall, said Rattray. In the past, added sites accept been the victims of cyber attacks advancing from China. This March, blog publishing belvedere WordPress.com aswell reported getting hit with a DDoS attack basic from China. Chinese hackers accept aswell allegedly launched cyber attacks to steal abstracts from adopted activity accompanies, according to aegis bell-ringer McAfee. In 2009, Google was aswell the victim of an advance basic from China that was aimed at accessing the Gmail accounts of animal rights activists The Chinese government has ahead responded to these letters by abstinent it is complex in any cyberattacks, abacus that China has aswell been a victim of hacking attempts. The accurate antecedent of DDoS attacks is generally unclear. Although Change.org has traced the accepted advance to servers in China, it is aswell accessible the computers are beneath the ascendancy of hackers based in addition country. Change.org letters that both the FBI and U.S. State Department are searching into the DDoS attack. “We will not stop or yield down annihilation because of this DDoS attack,” Rattray said. “We accept in the axiological appropriate of the humans to adapt about issues they affliction about it.” Source: http://webtechreview.com/change-org-victim-of-ddos-attack-from-china/

Continue reading here:
Change.org Victim of DDoS Attack From China

Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers

Anonymous-linked Hackers Attack NASA’s System for Allegedly Keeping a Huge Secret Anonymous is a loosely connected group of hacktivists that doesn’t appreciate governments keeping secrets or conducting operations that somehow violate user privacy. So, to register their resentment what they do is attack the agency’s systems and hack critically important data. The same modus operandi was employed by an Anonymous-linked team of hackers called New World Hacking and AnonCorruption when they learned that NASA was “holding back information on many things, not just one.” NASA’s computer systems, allegedly, were attacked by New World Hacking team’s hacktivists and their supporters on Sunday night as part of a bigger campaign against government cover-ups called Operation Censorship or #OPCensorship. The hackers claimed that they have managed to shut down the space agency’s primary website and email servers. The attack was materialized through the most commonly used weapon called DDoS attack . However, NASA’s website was still found to be operational instead of being down as per the claims from the hacker group. But, the New World Hacking team provided proof, which suggested that some of the space agency’s systems were suffering from the aftershocks of what is termed as a digital blitzkrieg. Remember, the NWH is the same group who claimed responsibility for shutting down Xbox online service , BBC news servers , HSBC UK’s online banking, the official website for Donald Trump’s election campaign, Salt Lake city Police and airport websites . “NWH hackers vow to target Trump in their next cyber attack” While talking to HackRead, the group stated that NASA was attacked because they were convinced that the agency has important information about the extremist organization ISIS but it is withholding the information. The group also refused to reveal the secret information about ISIS. The attack hasn’t been confirmed or denied by NASA and we cannot possibly verify if the hacktivists’ claims are true or not since the site is working. Hackers also shared an inside screenshot and claimed that they could access the NASA’s Internet email server: Hackers claim they were able to get into the NASA server, however, the security implemented on the server didn’t let them go any further “We believe NASA is holding back information on many things, not just one. The main thing we suspect they are holding back some more information on ISIS that the public needs to know.We won’t tell the public what we think they are hiding – we will let NASA explain.” They also added that this attack is more like a practice run for the most important campaign against Donald Trump, which they plan to execute on April Fool’s day. “We want Trump to know that he is next,” the hackers added. Source: https://www.hackread.com/hackers-ddos-shutdown-nasa-website-email-server/

View article:
Hackers Target NASA with DDoS Attack, Claim to Shutdown Email Servers

Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm

Staminus, a California-based internet hosting provider that specializes in helping sites stay online when distributed denial of service (DDoS) attackers try to elbow them off, was itself the target of a cyber broadside last week. At any rate, it started last week, with reports of the company’s site being down as of Thursday. But as of Monday, it was again, or maybe still, sucking wind. Staminus on Friday put out a statement confirming that its network security had been popped and invaded, systems had been “temporarily” taken offline, and customer data had been published online. The company posted a series of updates on Twitter and Facebook while its website was down, explaining that this was a “rare event.” But even while Staminus techs were scrambling to drag the company’s site back online, whoever mugged it was dumping its private data online in what security journalist Brian Krebs called a “classic ‘hacker e-zine’ format” called “F**k ’em all.” Krebs reports that the page included links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The huge data dump included customer names and email addresses, database table structures, routing tables, support tickets, credit card numbers (according to Krebs, at any rate; Ars Technica’s Sean Gallagher didn’t see any when he viewed the dump), and other sensitive data. A Staminus customer who requested anonymity confirmed to Ars that his data was part of the dump. Those behind the dump claimed to have gained control of Staminus’s routers and to have reset them to factory settings. The hacker “e-zine” that contained all the sensitive data began with a note from the attacker titled “TIPS WHEN RUNNING A SECURITY COMPANY.” Then, it went on to list tips for what were supposedly the security holes found during the breach: Use one root password for all the boxes Expose PDU’s [power distribution units in server racks] to WAN with telnet auth Never patch, upgrade or audit the stack Disregard PDO [PHP Data Objects] as inconvenient Hedge entire business on security theatre Store full credit card info in plaintext Write all code with wreckless [sic] abandon On Thursday, Staminus reported that some services were back online or in the process of being brought back and that “We expect full service restoration soon.” Then, another message posted on Friday pointed to the statement from the company’s CEO. That was the last message. What followed was radio silence, unbroken as of Monday evening. Krebs pointed out that the attack isn’t surprising: anti-DDoS providers are a common target for attackers. Source: https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/

Original post:
Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm

Hackers Target Anti-DDoS Firm Staminus

Staminus Communications Inc ., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data. Newport Beach, Calif.-based Staminus first acknowledged an issue on its social media pages because the company’s Web site was unavailable much of Thursday. “Around 5am PST today, a rare event cascaded across multiple routers in a system wide event, making our backbone unavailable,” Staminus wrote to its customers. “Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for full recovery.” Staminus now says its global services are back online, and that ancillary services are being brought back online. However, the company’s Web site still displays a black page with a short message directing customers to Staminus’s social media pages. Meanwhile, a huge trove of data appeared online Thursday, in a classic “hacker e-zine” format entitled, “Fuck ’em all.” The page includes links to download databases reportedly stolen from Staminus and from Intreppid, another Staminus project that targets customers looking for protection against large DDoS attacks. The authors of this particular e-zine indicated that they seized control over most or all of Staminus’s Internet routers and reset the devices to their factory settings. They also accuse Staminus of “using one root password for all the boxes,” and of storing customer credit card data in plain text, which is violation of payment card industry standards. Staminus so far has not offered any additional details about what may have caused the outage, nor has it acknowledged any kind of intrusion. Several Twitter accounts associated with people who claim to be Staminus customers frustrated by the outage say they have confirmed seeing their own account credentials in the trove of data dumped online. I’ve sent multiple requests for comment to Staminus, which is no doubt busy with more pressing matters at the moment. I’ll update this post in the event I hear back from them. It is not unusual for attackers to target Anti-DDoS providers. After all, they typically host many customers whose content or message might be offensive — even hateful — speech to many. For example, among the company’s many other clients is kkk-dot-com, the official home page of the Ku Klux Klan (KKK) white supremacist group. In addition, Staminus appears to be hosting a large number of internet relay chat (IRC) networks, text-based communities that are often the staging grounds for large-scale DDoS attack services. Source: https://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/

More:
Hackers Target Anti-DDoS Firm Staminus

Health orgs hit with cyberattacks every month

Healthcare organizations “are in the crosshairs” of cyber attackers, suffering one hack per month over the last year, with about half experiencing an incident involving the loss or exposure of patient information and another third unsure whether or not data was exposed, according to a new report. Conducted by the Ponemon Institute for security software company ESET, the report questioned 535 IT security practitioners from a variety of healthcare organizations, including private and public providers as well as government agencies, and found an industry beset by security breaches of all kinds. “With cyber attacks against healthcare organizations growing increasingly frequent and complex, there is more pressure to refine cybersecurity strategies,” the report’s authors wrote. “The State of Cybersecurity in Healthcare Organizations” also found that organizations struggle to deal with a variety of threats, including system failures (79 percent), unsecure medical devices (77 percent), cyberattackers (77 percent), employee-owned mobile devices or BYOD (76 percent), identity thieves (73 percent) and unsecure mobile devices (72 percent). Despite citing unsecure medical devices as a top security threat, only 27 percent of respondents said their organization has guidelines for medical devices as part of its cybersecurity strategy. The most common security incident sited was the exploitation of existing software vulnerabilities greater than three months old, according to 78 percent of respondents. Web-borne malware attacks were named by 75 percent of respondents. Following next were exploits of existing software vulnerability less than three months old (70 percent), spear phishing (69 percent) and lost or stolen devices (61 percent), according to the study. What’s more, participating organizations were only partly effective at preventing attacks. Almost half (49 percent) said their organizations experienced situations when cyberattacks have evaded their intrusion prevention systems (IPS), but many respondents (27 percent) were unsure. Another 37 percent said their organizations have experienced cyber attacks that evaded their anti-virus (AV) solutions or traditional security controls but 25 percent were unsure. On average, organizations have an APT incident every three months. Only 26 percent of respondents say their organizations have systems and controls in place to detect and stop advanced persistent threats (APTs) and 21 percent are unsure. On average, over a 12-month period, organizations had an APT attack about every 3 months (3.46 APT-related incidents in one year), the survey said. As for the consequences of theses breaches, 63 percent of respondents said the primary consequences of APTs and zero day attacks were IT downtime, followed by the inability to provide services (46 percent), while 44 percent said these incidents resulted in the theft of personal information. In addition, DDoS attacks have cost organizations on average $1.32 million in the past 12 months, the survey said. Healthcare organizations in the report spend an average of $23 million on IT and approximately 12 percent is allocated to information security. “Since an average of $1.3 million is spent annually just to deal with DDoS attacks, the business case can be made to increase technology investments to reduce the frequency of successful attacks,” the report said. Source: http://www.govhealthit.com/news/ponemon-health-orgs-hit-cyberattacks-every-month

More:
Health orgs hit with cyberattacks every month

You don’t need a website to get hit by DDoS

Just because your business doesn’t have a website, that doesn’t mean it can’t be a victim of a DDoS (distributed denial of service) attack. This sentence might not make much sense at this point, but keep reading. Security firm Kaspersky Lab and researchers B2B International looked at what cyber-crooks go for when attacking businesses and enterprises, and here’s what they came up with: Last year, 16 per cent of companies (globally), were victims of a DDoS attack. Among enterprises, the percentage jumps up to 24. For most, external activities, such as websites, were targeted. Among half, websites had been hit, logins and portals were attacked in 38 per cent of cases, while communications services were attacked 37 per cent of times. Transactional systems had been affected in 25 per cent of cases. But also, in 25 per cent of cases, file servers had been hit, and 15 per cent said their operational systems were targeted. Another 15 per cent said a DDoS attack hit their ISP network connectivity. “It’s important to take a DDoS attack seriously. It’s a relatively easy crime to perpetrate, but the effect on business continuity can be far-reaching. Our study found that alongside the well-publicised impact of an attack, such as website downtime, reputational damage and unhappy customers, DDoS hits can reach deep into a company’s internal systems. It doesn’t matter how small the company is, or whether or not it has a website; if you’re online, you’re a potential target. Unprotected operational systems are just as vulnerable to a DDoS attack as the external website, and any disruption can stop a business in its tracks,” said Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab. Source: http://www.itproportal.com/2016/02/29/you-dont-need-a-website-to-get-hit-by-ddos/

See the original article here:
You don’t need a website to get hit by DDoS

Serbian President’s website comes under DDoS attack

The Serbian president’s website faced a large-scale “hacking” attack on Monday, which brought it down for several hours, his press office said. A statement carried by Tanjug explained that the distributed denial-of-service attack (SYN flood) targeted www.predsednik.rs, and that the president’s website is “subject to daily hacking attacks.” In a SYN flood attack, the server is overwhelmed by a large number of legitimate and false connections requests which consume its resources and render it unresponsive or difficult to access. “The hosting and security of the president’s website falls within the competence of the Defense Ministry. In cooperation with Telekom Srbija, the ministry blocked and prevented further attacks and possible damage to the computer equipment and services,” the statement said. Source:http://www.b92.net/eng/news/crimes.php?yyyy=2016&mm=02&dd=23&nav_id=97147

Read this article:
Serbian President’s website comes under DDoS attack

FBI arrests Massachusetts man for Anonymous 2014 cyberattack on Boston Children’s Hospital

The hacktivist group launched multiple distributed denial-of-service attacks against the hospital’s servers in protest of the controversial custody case of Justina Pelletier. The FBI has arrested a hacker suspected of participating in Anonymous’ 2014 DDoS attack against Boston Children’s Hospital, The Boston Globe has reported. He was taken into custody after being rescued from a small boat off the coast of Cuba by a Disney cruise ship. Martin Gottesfeld, 31, of Somerville, Massachusetts, was arrested on Feb. 17 in Miami. He’s due to appear in U.S. District Court in Boston, where he’ll be charged with of conspiring to damage the computers at Boston Children’s and another facility in Framingham, Massachusetts, according to the Globe. He faces up to five years in prison and a $250,000 fine. In April 2014 – in protest of the controversial custody case of Justina Pelletier, who was being kept a patient at Boston Children’s as a ward of the state against the wishes of her parents – hacktivist group Anonymous launched multiple distributed denial-of-service attacks that targeted the hospital’s servers and hamstrung its operations for a week. According to the Globe, the FBI had previously questioned Gottesfeld in 2014. He admitted then that he had posted a YouTube clip calling for attacks on Boston Children’s, but denied participating in them. It’s unclear why he wasn’t charged at that time. But a tip this week about his rescue at sea led agents to Florida to take him into custody. He had three laptops with him, according to an FBI affidavit. In a statement, Boston Children’s thanked federal officials for “apprehending the hacker who led the attack and holding him accountable” – also thanking its own employees, “who assisted the FBI throughout its investigation and who helped build the comprehensive systems and procedures that were able to thwart the attack and protect confidential information.” Source: http://www.healthcareitnews.com/news/fbi-arrests-massachusetts-man-anonymous-2014-cyberattack-boston-childrens-hospital

Link:
FBI arrests Massachusetts man for Anonymous 2014 cyberattack on Boston Children’s Hospital