Tag Archives: denial of service

Image armada-collective-scam-email-640x748.png

Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Continue Reading:
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone

KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Anonymous Ghost Squad’s DDoS Attack Closes Down KKK Website The Anonymous vs. Ku Klux Klan (KKK) cyber war is well known to all of us. In continuation of that war, Anonymous affiliate Ghost Squad brought down one of major website belonging to the KKK members. In a series of powerful distributed denial-of-service (DDoS) attacks just a few hours ago, Anonymous has shut down the official website of Loyal White Knights of the Ku Klux Klan (KKK). Ghost Squad, the group said to be behind this attack works with the online hacktivist Anonymous. The reason for attacking the KKK is the “blunt racism” in the name of free speech. In an exclusive conversation with one of the attackers, HackRead was told that: “We targeted the KKK due to our hackers being up in their face, we believe in free speech but their form of beliefs is monolithic and evil. We stand for constitutional rights but they want anyone who is not Caucasian removed from earth so we targeted the KKK official website to show love for our boots on the ground and to send a message that all forms of corruption will be fought. We are not fascist but we certainly do not agree with the KKK movement. They are the Fascists and they are the Racists.” An error message “The kkkknights.com page isn’t working” is displayed for those visiting the website. KKK has not for the first time come under attacks by Anonymous. Earlier, the hacktivists disclosed personal information of KKK members. In October 2015, the group also carried out DDoS attacks on KKK’s website, as one of the Klan members apparently harassed a woman on Twitter. This is not it. In 2014, the official website of a Mississippi-based white supremacist organization “The Nationalist Movement” (nationalist.org) was also spoiled with messages like “Good night white pride.” The KKK Knights website is still offline across the world as shown in the screenshot below: Source: http://www.techworm.net/2016/04/kkk-website-shut-anonymous-ghost-squads-ddos-attack.html

Originally posted here:
KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack

Blizzard’s Battle.net Hit With Major DDoS Attack

When the waters finally calmed, Blizzard took to Twitter with the following message. That’s because some nefarious individuals launched a DDOS attack on the service. In fact, all of Blizzard’s U.S. servers were down for an extended period last night. Sony and Microsoft undergo similar attacks on a regular basis and are especially prone to such attacks during the holidays. GAMING SERVICES were hit with a distributed denial-of-service (DDoS) attack that forced users to eat Cheetos while not screaming at total strangers. This isn’t the first time the group has attacked a gaming company. Blizzard has suffered an attack on its servers that halted access to many of its games. By about 11:45 p.m., Blizzard sent out the above tweet giving gamers the all clear to jump back online. Given some of the realm stability issues caused by the service interruptions, there may be some log loss when loot is dropped or crafting occurs. A DDoS attack targeting game developer Blizzard’s servers has disrupted gamers from logging into popular games such as Diablo 3 and World of Warcraft. From the looks of it, a Blizzard employee’s Outlook account was hacked which lead to personal information and contact lists with information about other Blizzard employees being found. Maybe the hacking group felt their fellow gamers were being wronged (they weren’t) and this was their grand form of retaliation. They have teased that they have “more to come” without explaining what they plan to do next. Source: http://sacredheartspectrum.com/2016/04/blizzards-battle-net-hit-with-major-ddos-attack/

Originally posted here:
Blizzard’s Battle.net Hit With Major DDoS Attack

BadLock Opens Door for Samba-based MiTM, DDoS Attacks

Details of a new, high-impact vulnerability known as BadLock have been revealed, affecting Samba, the standard Windows interoperability suite of programs for Linux and Unix. As the researchers who discovered it noted, “we are pretty sure that there will be exploits soon after we publish all relevant information.” Fortunately, patches have been released today, and admins would behoove themselves to update their systems immediately. The vulnerability was discovered by Stefan Metzmacher, a member of the international Samba Core Team, working at SerNet on Samba. He reported the bug to Microsoft and has been working closely with the computing giant to fix the problem. The research team said that the security vulnerabilities can be mostly categorized as man-in-the-middle or denial of service attacks. The several MITM attacks that the flaw enables would permit execution of arbitrary Samba network calls using the context of the intercepted user. So for instance, by intercepting administrator network traffic for the Samba AD server, attackers could view or modify secrets within an AD database, including user password hashes, or shutdown critical services. On a standard Samba server, attackers could modify user permissions on files or directories. As far as DDoS, Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service. While there are several proof of concept (PoC) exploits that researchers have developed, they’re not releasing them to the public, nor are they going into detail on what the vulnerability entails or arises from. Red Hat researchers offered a bit more on the flaw: It is “a protocol flaw in the DCE/RPC-based SAMR and LSA protocols used in the Microsoft Windows Active Directory infrastructure. DCE/RPC is the specification for a remote-procedure call mechanism that defines both APIs and an over-the-network protocol. The Security Account Manager (SAM) Remote Protocol (Client-to-Server) provides management functionality for an account store or directory containing users and groups. The protocol exposes the “account database” for both local and remote Microsoft Active Directory domains. The Local Security Authority (Domain Policy) Remote Protocol is used to manage various machine and domain security policies. This protocol, with minor exceptions, enables remote policy-management scenarios. Both SAMR and LSA protocols are based on the DCE 1.1 RPC protocol.” These protocols are typically available to all Windows installations, as well as every Samba server. They are used to maintain the Security Account Manager database, which applies to all roles (for example, standalone, domain controller or domain member). The flaw thus gives attackers a way to insert themselves into that communications chain, and go on to execute a MiTM or DDoS attack. The BadLock researchers announced weeks ago that they would be making this announcement and releasing patches, drawing not a little derision for hyping the situation—especially since they went so far as to develop a logo. But the researchers said that they were simply making use of the hash-taggable name to get people interested, talking about it and ready to patch. “Like Heartbleed, what branded bugs are able to achieve is best said with one word: Awareness,” the researchers noted. “It is a thin line between drawing attention to a severe vulnerability that should be taken seriously and overhyping it. This process didn’t start with the branding—it started a while ago with everyone working on fixes. The main goal of this announcement was to give a heads up. Vendors and distributors of Samba are being informed before a security fix is released in any case. This is part of any Samba security release process.” Source: http://www.infosecurity-magazine.com/news/badlock-opens-door-for-sambabased/

Read the original:
BadLock Opens Door for Samba-based MiTM, DDoS Attacks

Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael

“Anonymous” vows to carry on its annual assaults on Israeli infrastructure linked to its #OpIsrael campaign on April 7, 2015 — However, it seems more hype than harm The first attacks in connection with #OpIsrael occurred in 2013, wherein some divisions of the Anonymous hackers mutually launched multiple organized cyber-attacks against Israeli websites on the eve of the Holocaust Remembrance Day, on April 8. From 2013 onwards, the group carried out such attacks consistently same date every year, and in a recent video statement, it has pledged to continue these attacks in 2016. However, this year, Holocaust Remembrance Day is on May 4, but the attacks will still occur on April 7. Israel has planned a hackathon on ironically the same day: In recent years, these cyber attacks contained DDoS attacks, database leaks, website defacements, and social media account hijacking but aAfter the recent spasms against Ukraine’s electrical power grid, this year, the Israeli government has also arranged a hackathon with over 400 participants who will take on against the potential cyber-attack on the country’s power grid, transportation system, and government IT networks. This potential threat based hackathon is also scheduled for today. History of some high-profile cyber attacks against Israel: 1. In 2013, Israel’s major traffic tunnel was hit by a cyber-attack, causing huge financial damages. 2. In 2014, Izz al-Din al-Qassam Brigade of Hamas successfully hacked the ongoing transmission of famous Israeli Channel 10 and replaced it with images of wounded Palestinian families. 3. In April 2015, several computer networks belonging to the Israeli military were penetrated by Arabic-speaking hackers under a four-month spying campaign by using provocative images of IDF’s women soldiers. 4. In January 2016, Israeli power authority network was hit by a sophisticated ransomware. 5. In February 2016, pro-Hezbollah hackers took over country’s security camera systems. Data leak and DDoS attacks conducted by Anonymous and pro-Palestinian hackers: The hacktivists are already targeting Israeli government and civilian websites. In the latest attacks, hundreds of government-owned websites have been under DDoS attacks forcing them to stay offline. There are several tweets containing Pastebin links in which attackers are claiming to dump credit card data of several Israeli citizens. One hacktivist group going with the handle of RedCult has leaked a list of about 1000 alleged Facebook users from Israel containing emails and their clear-text passwords. The websites that have been taken offline include Israel Defense Forces, Israeli ministry of justice, Israeli Immigration, Israel Police Department, Israel Airport Authority, Israeli ministry of justice, rights and services for Holocaust survivors and other top government websites. Source: https://www.hackread.com/anonymous-cyber-attack-on-israel/  

See original article:
Anonymous Conducts Usual DDoS Attacks on Israel for #OpIsrael

Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown

A nonymous’s repeated attacks on Donald Trump since December of 2015 have made hacker harassment a part of everyday conversation. Today, the United States Department of Justice handed down a sentence to a member of the Electronik Tribulation Army (ETA) that shows just how severe the punishment for those types of hacks can be. Benjamin Earnest Nichols, a 37-year-old ETA member from Oklahoma City, pled guilty to intentionally causing damage with a distributed denial of service (DDoS) attack on mcgrewsecurity.com in 2010. Nichols hasn’t been sentenced yet, but faces a maximum of 10 years in federal prison and a $250,000 fine. It’s the DDoS attack that put Nichols in court, but the list of other things he admits to doing range from costly to downright dirty: causing $6,500 in losses to McGrew Security because of a downed website, making disparaging remarks and insulting McGrew (owner of the attacked website and security service), photoshopping images of McGrew, and sending sex toys to McGrew’s home. The exact type of sex toys were not mentioned in the U.S. Attorney’s Office press release. Regardless, it’s the type of behavior hacking groups have made a name doing. It’s also behavior that the U.S. DOJ plans on stopping. McGrew became a target of the ETA because of his role in the arrest of Jesse McGraw, the leader of the hacker group, back in 2009. McGraw was arrested after he installed malware and a remote-access program on dozens of computers at the North Central Medical Plaza in Dallas. He planned to use the medical computers for a DDoS attack on a rival hacker group, but was stopped before anything came of his tampering. He was sentenced to nine years in federal prison in 2011. It was one of the first major cybercrime sentences given, and the hacking community still mentions the decision’s importance. After McGraw’s arrest, Nichols and two other ETA members turned their eyes on McGrew. “They set up a website in my name to pose as me, and put up embarrassing content or things they though would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images,” McGrew told Wired in 2010. “They harvest email addresses from the university I work at and emailed it out to those.” McGrew was a key witness against McGraw, so the FBI got involved. They raided Nichols’ home because his actions were “affecting a potential witness in an official proceeding,” the search warrant affidavit read. The search warrant lists Nichols as going by the names “thefixer25,” ”fixer,” “fix,” ”c0aX,” and “ballsdeep.” Witness intimidation is a federal crime. The ETA responded by posting the following on its website: “On the 23rd of June 2010 the Federal Bureau of Investigation issued search warrants on ETA members. All their computers and electronic devices have been taken for forensic investigation…. We are not terrorists, we are freedom fighters and cyber protesting is not illegal.” Back in 2009, when McGraw was arrested, ETA members were hyper aware of how they could be next. When Nichols was asked if he was still in the ETA in an email from another member, he responded: “Right now admissal (sic) of any kind like that is certainly what some douchebag prosecutor would like. I cannot give you that answer when you ask me outright, however.” Nichols also said that he wiped his computers. Turns out he didn’t wipe them well enough, and can look forward to big time for his hacking crimes. It’s a message from the DOJ to the hacking community that it surely won’t ignore. Source: https://www.inverse.com/article/13891-hacker-faces-10-years-for-ddos-attacks-and-sex-toy-pranks-in-doj-crack

Read the article:
Hacker Faces 10 Years for DDoS Attacks and Sex Toy Pranks in DOJ Crackdown

Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks

The websites of Novosti-Armenia (newsarmenia.am) and ARKA (arka.am) news agencies came Tuesday under heavy DDoS-attacks, hampering access to these resources for half an hour. An inquiry found that the attacks were carried out from Russian IP addresses, but this does not mean that the order came from that country. The administrations of both websites have managed to eliminate the problem. DDoS attack is short for Distributed Denial of Service Attack. DDoS is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. The most serious attacks are distributed   and in   many or most cases involve forging of IP sender addresses so that  the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. Source: http://arka.am/en/news/technology/novosti_armenia_and_arka_news_agencies_come_tuesday_under_heavy_dddos_attacks/

Link:
Novosti-Armenia and ARKA news agencies come Tuesday under heavy DDoS-attacks

Hacker Redirects DDoS Attack to Israeli Intelligence Site

A hacker using the handle “The Jester” allegedly rerouted distributed denial-of-service (DDoS) attacks to hit the Israeli intelligence agency Mossad. The Jester became a high-profile hacker in 2010 when he claimed to have attacked the Wikileaks website. He also is known to attack websites affiliated with ISIS, Hamas, Anonymous and the Occupy movement. In a 2010 article, the New York Times claimed the Jester is a former military contractor who was involved with US special forces operations. The Jester’s website reportedly came under attack with DDoS attacks, which the hacker claims to have redirected against the Israeli intelligence service. He claims to have altered the IP address that his website was registered on to the Mossad address. “To the s***loads attacking my blog, I’ve pointed my domain to 147.237.0.71. Ur now hitting Israeli Intelligence Service (Mossad). Good luck,” the Jester, or th3j35t3r, wrote in an online post. The hacker said he redirected the traffic to Mossad’s IP address because “they can look after themselves perfectly well,” according to reports. Israel’s Information and Communications Technology Authority reportedly issued a statement that Mossad’s website did not encounter irregularities or down time. The Israeli intelligence service’s website remains online and functional, while the Jester’s site is offline at the time of this post. Source: http://www.batblue.com/hacker-redirects-ddos-attack-to-israeli-intelligence-site/

Read More:
Hacker Redirects DDoS Attack to Israeli Intelligence Site

Finnish Defense Ministry Hit by DDoS Cyberattack

Finland’s Ministry of Defence (MoD) is reviewing its IT security infrastructure in the wake of a distributed denial of service (DDoS) attack on its main website. The attack was launched hours before Finnish President Sauli Niinistö met with Russian President Vladimir Putin in Moscow on March 22 to discuss regional security issues and the implementation of deeper cooperation on border defense. Initial investigations by the National Cyber Defense Center (NCDC) are examining the possibility that the cyberattack may have been launched from Russia to coincide with high-level, inter-government talks. Similar DDoS attacks launched against public and private organizations in Sweden in March had traced the servers to Russia. Niinistö met with US President Barack Obama in Washington on April 1. The meeting took place during the international Nuclear Security Summit hosted by the US president. Finland’s MoD confirmed that the sustained DDoS attack, which lasted more than three hours, was the second such cyberattack against its online IT infrastructure in 2016. The MoD responded by diverting traffic from its main site defmin.fi to a temporary site. The previous DDoS attack took place Feb. 27 and lasted nearly five hours. Other key government department websites, including finance, social affairs and health, agriculture and forestry, and the Council of State office, were targeted in  simultaneous attacks. The timing of the latest DDoS attack is significant, coming as Finnish and US governments finalize plans connected to joint military exercises in Finland. Source: http://www.defensenews.com/story/defense/international/2016/04/04/finnish-defense-ministry-hit-ddos-cyberattack/82608438/

See original article:
Finnish Defense Ministry Hit by DDoS Cyberattack

Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad

A high-profile US hacker has turned an attack on his website into an assault against the Israeli intelligence service. ‘The Jester’ – or th3j35t3r – claims that he diverted an attempt to overload his website to assault Mossad’s online presence. Haaretz reported that Jester’s website – jesterscourt.cc – was the victim of a denial of service (DoS) attack on the night of 1 April. In a tweet, Jester announced that he had diverted the hacker’s attack by simply changing the IP address his website was registered on. When asked why he picked Mossad by one of his 74,400 Twitter followers, Jester replied “Because they can look after themselves perfectly well.” On his blog, Jester claims to have used this technique before. In a post called Offensive Counter Measures – Be Like Water, Jester details the steps he took to divert another DoS attack, which he alleges was carried out by Anonymous, towards websites linked with the Occupy movement. According to Haaratz, Israel’s Information and Communications Technology Authority said Mossad’s website had not seen any irregularities or disruptions of service. At the time of writing, Mossad’s website was working, but IBTimes UK could not confirm whether it had suffered any downtime. However, The Jester’s website was not working. Anti-ISIS, anti-Anonymous Jester is one of the hacking community’s most high-profile members. What is a DoS attack? During a denial of service (DoS) or a distributed denial of service (DoS) attack, hackers attempt to overload a website’s connections by sending in data requests from multiple sources. Most often hackers use a ‘botnet’ – internet-connected PCs that are compromised by malware – to send in the requests to visit the site, without the users’ knowledge. The huge number of requests, which can reach thousands per second, overload the ability of a website’s server to respond, eventually causing an error message to appear instead of the site’s pages. Making a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web). Jester’s career as a vigilante hacker appears to have started in 2010, when he claimed to have been involved in an attack on the Wikileaks website. That year, the New York Times reported Jester was a a former military contractor who had worked with US special forces. Since then, Jester has developed a reputation as a pro-US hacker vigilante and cybersecurity expert. Through writing his own blog on cybersecurity, he gives talks on the subject through text chat to keep his identity a secret, and is known for attacking websites linked to Hamas and Islamic State (Isis). Jester has also attacked websites used by the Occupy movement and Anonymous – whom he described as “pathetic terrorist sympathizing buttholes”. He claims to have caused more than 180 websites to go offline since 2010. Jester was listed as one of Time magazine’s “most influential people on the internet” in March 2015. Source: http://www.ibtimes.co.uk/notorious-pro-us-hacker-jester-diverts-dos-attack-towards-israeli-spy-service-mossad-1552895

Link:
Notorious pro-US hacker Jester diverts DoS attack towards Israeli spy service Mossad