Tag Archives: hackers

Mirai copycats fired the IoT-cannon at game hosts, researchers find

After first wave attacks ended, thing-herders took aim at PlayStation, XBOX and Valve The Mirai botnet that took down large chunks of the Internet in 2016 was notable for hosing targets like Krebs on Security and domain host Dyn, but research presented at a security conference last week suggests a bunch of high-profile game networks were also targeted.…

Read More:
Mirai copycats fired the IoT-cannon at game hosts, researchers find

The DDoS vigilantes trying to silence Black Lives Matter

The Web lets anyone be a publisher—or a vigilante “Through our e-mails and our social media accounts we get death threats all the time,” said Janisha Gabriel. “For anyone who’s involved in this type of work, you know that you take certain risks.” These aren’t the words of a politician or a prison guard but of a Web designer. Gabriel owns Haki Creatives , a design firm that specializes in building websites for social activist groups like Black Lives Matter (BLM)—and for that work strangers want to kill her. When these people aren’t hurling threats at the site’s designer, they’re hurling attacks at the BLM site itself—on 117 separate occasions in the past six months, to be precise. They’re renting servers and wielding botnets, putting attack calls out on social media, and trialling different attack methods to see what sticks. In fact, it’s not even clear whether ‘they’ are the people publicly claiming to perform the attacks. I wanted to know just what it takes to keep a website like BlackLivesMatter.com online and how its opponents try to take it down. What I found was a story that involves Twitter campaigns, YouTube exposés, Anonymous-affiliated hacker groups, and a range of offensive and defensive software. And it’s a story taking place in the background whenever you type in the URL of a controversial site. BlackLivesMatter.com Although the Black Lives Matter movement has been active since 2013, the group’s official website was set up in late 2014 after the shooting of Michael Brown in Ferguson, Missouri. Until that point, online activity had coalesced around the #BlackLivesMatter hashtag, but when the mass mobilizations in Ferguson took the movement into the public eye, a central site was created to share information and help members connect with one another. Since its creation, pushback against BLM has been strong in both the physical and digital world. The BLM website was taken down a number of times by DDoS attacks, which its original hosting provider struggled to deal with. Searching for a provider that could handle a high-risk client, BLM site admins discovered MayFirst , a radical tech collective that specializes in supporting social justice causes such as the pro-Palestinian BDS movement, which has similarly been a target for cyberattacks . MayFirst refers many high-profile clients to eQualit.ie , a Canadian not-for-profit organization that gives digital support to civil society and human rights groups; the group’s Deflect service currently provides distributed denial of service (DDoS) protection to the Black Lives Matter site. In a report published today , eQualit.ie has analyzed six months’ worth of attempted attacks on BLM, including a complete timeline, attack vectors, and their effectiveness, providing a glimpse behind the curtain at what it takes to keep such a site running. The first real attack came only days after BLM signed up with Deflect. The attacker used Slowloris , a clever but dated piece of software that can, in theory, allow a single machine to take down a Web server with a stealthy but insistent attack. Billed as “the low bandwidth yet greedy and poisonous http client,” Slowloris stages a “slow” denial of service attack. Instead of aggressively flooding the network, the program makes a steadily increasing number of HTTP requests but never completes them. Instead, it sends occasional HTTP headers to keep the connections open until the server has used up its resource pool and cannot accept new requests from other legitimate sources. Elegant as Slowloris was when written in 2009, many servers now implement rules to address such attacks. In this case, the attack on BLM was quickly detected and blocked. But the range of attack attempts was about to get much wider. Anonymous “exposes racism” On May 2, 2016, YouTube channel @anonymous_exposes_racism uploaded a video called “ Anonymous exposes anti-white racism . ” The channel, active from eight months before this date, had previously featured short news clips and archival footage captioned with inflammatory statements (“Louis Farrakhan said WHITE PEOPLE DESERVE TO DIE”). But this new video was original material, produced with the familiar Anonymous aesthetic—dramatic opening music, a masked man glitching across the screen, and a computerized voice speaking in a strange cadence: “We have taken down a couple of your websites and will continue to take down, deface, and harvest your databases until your leaders step up and discourage racist and hateful behavior. Very simply, we expect nothing less than a statement from your leadership that all hate is wrong… If this does not happen we will consider you another hate group and you can expect our attention.” The “we” in question was presumably a splinter cell of Anonymous known as the Ghost Squad Hackers. Three days previously, in a series of tweets on April 29, Ghost Sqaud’s self-styled admin “@_s1ege” claimed to have taken the BLM site offline. Ghost Squad had a history of similar claims; shortly before this, it had launched an attack against a Ku Klux Klan website , taking it offline for a period of days. Dr. Gabriella Coleman is an anthropologist and the author of Hacker, Hoaxer, Whistleblower, Spy — considered the foremost piece of scholarship on Anonymous. (She also serves as a board member of eQualit.ie.) She said that Ghost Squad is currently one of the most prolific defacement and DDoS groups operating under the banner of Anonymous, but she also noted that only a few members have ever spoken publicly. “Unless you’re in conversation with members of a group, it’s hard to know what their culture is,” said Coleman. “I could imagine hypothetically that a lot of people who use the Ghost Squad mantle might not be for [attacking Black Lives Matter] but also might not be against it enough to speak out. You don’t know whether they all actively support it or just tolerate it.” Just as with Anonymous as a whole, this uncertainty is compounded by doubts about the identity of those claiming to be Ghost Squad at any given time—a fact borne out by the sometimes chaotic attack patterns shown in the traffic analytics. The April 29 attack announced by S1ege was accompanied by a screenshot showing a Kali Linux desktop running a piece of software called Black Horizon. As eQualit.ie’s report notes, BlackHorizon is essentially a re-branded clone of GoldenEye , itself based on HULK , which was written as proof-of-concept code in 2012 by security researcher Barry Shteiman. All of these attack scripts share a method known as randomized no-cache flood, the concept of which is to have one user submit a high number of requests made to look like they are each unique. This is achieved by choosing a random user agent from a list, forging a fake referrer, and generating custom URL parameter names for each site request. This tricks the server into thinking it must return a new page each time instead of serving up a cached copy, maximizing server load with minimum effort from the attacker. But once details of the Ghost Squad attack were published on HackRead , a flurry of other attacks materialized, many using far less effective methods. (At its most basic, one attack could be written in just three lines of Python code.) Coleman told me that this pattern is typical. “DDoS operations can attract a lot of people just to show up,” she said. “There’ll always be a percentage of people who are motivated by political beliefs, but others are just messing around and trying out whatever firepower they have.” One group had first called for the attack, but a digital mob soon took over. Complex threats Civil society organizations face cyberattacks more often than most of us realize. It’s a problem that these attacks exist in the first place, of course, but it’s also a problem that both successful and failed attempts so often happen in silence. In an article on state-sponsored hacking of human rights organizations, Eva Galperin and Morgan Marquis-Boire write that this silence only helps the attackers . Without publicly available information about the nature of the threat, vulnerable users lack the information needed to take appropriate steps to protect themselves, and conversations around effective defensive procedures remain siloed. When I spoke to Galperin, who works as a global policy analyst at the Electronic Frontier Foundation, she said that she hears of a civil society group being attacked “once every few days,” though some groups draw more fire and from a greater range of adversaries. “[BLM’s] concerns are actually rather complicated, because their potential attackers are not necessarily state actors,” said Galperin. “In some ways, an attacker that is not a nation state—and that has a grudge—is much more dangerous. You will have a much harder time predicting what they are going to do, and they are likely to be very persistent. And that makes them harder to protect against.” By way of illustration, Galperin points to an incident in June 2016 when prominent BLM activist Deray Mckesson’s Twitter account was compromised despite being protected by two-factor authentication. The hackers used social engineering techniques to trick Mckesson’s phone provider into rerouting his text messages to a different SIM card , an attack that required a careful study of the target to execute. Besides their unpredictability, persistence was also a defining feature of the BLM attacks. From April to October of this year, eQualit.ie observed more than 100 separate incidents, most of which used freely available tools that have documentation and even tutorials online. With such a diversity of threats, could it ever be possible to know who was really behind them? Chasing botherders One morning soon after I had started researching this story, a message popped up in my inbox: “Hello how are you? How would you like to prove I am me?” I had put the word out among contacts in the hacking scene that I was trying to get a line on S1ege, and someone had reached out in response. Of course, asking a hacker to prove his or her identity doesn’t get you a signed passport photo; but whoever contacted me then sent a message from the @GhostSquadHack Twitter account, used to announce most of the team’s exploits, a proof that seemed good enough to take provisionally. According to S1ege, nearly all of the attacks against BLM were carried out by Ghost Squad Hackers on the grounds that Black Lives Matter are “fighting racism with racism” and “going about things in the wrong way.” Our conversation was peppered with standard-issue Anon claims: the real struggle was between rich and poor with the media used as a tool to sow division and, therefore, the real problem wasn’t racism but who funded the media. Was this all true? It’s hard to know. S1ege’s claim that Ghost Squad was responsible for most of the attacks on BLM appears to be new; besides the tweets on April 29, none of the other attacks on BLM have been claimed by Ghost Squad or anyone else. To add more confusion, April 29 was also the date that S1ege’s Twitter account was created, and the claim to be staging Op AllLivesMatter wasn’t repeated by the main Ghost Squad account until other media began reporting it, at which point the account simply shared posts already attributing it to them. Despite being pressed, S1ege would not be drawn on any of the technical details which would have proved inside knowledge of the larger attacks. Our conversation stalled. The last message before silence simply read: “The operation is dormant until we see something racist from their movement again.” Behind the mask As eQualit.ie makes clear, the most powerful attacks leveraged against the BLM website were not part of the wave announced back in April by Ghost Squad. In May, July, September, and October, a “sophisticated actor” used a method known as WordPress pingback reflection to launch several powerful attacks on the site, the largest of which made upwards of 34 million connections. The attack exploits an innocuous feature of WordPress sites, their ability to send a notification to another site that has been linked to, informing it of the link. The problem is that, by default, all WordPress sites can be sent a request by a third party, which causes them to give a pingback notification to any URL specified in the request. Thus, a malicious attacker can direct hundreds of thousands of legitimate sites to make requests to the same server, causing it to crash. Since this attack became commonplace, the latest version of WordPress includes the IP address requesting the pingback in the request itself. Here’s an example: WordPress/4.6; http://victim.site.com; verifying pingback from 8.8.4.4 Sometimes these IP addresses are spoofed—for illustration purposes, the above example (8.8.4.4) corresponds to Google’s public DNS server—but when they do correspond to an address in the global IP space, they can provide useful clues about the attacker. Such addresses often resolve to “botherder” machines, command and control servers used to direct such mass attacks through compromised computers (the “botnet”) around the globe. In this case, the attack did come with clues: five IP addresses accounted for the majority of all botherder servers seen in the logs. All five were traceable back to DMZHOST , an “offshore” hosting provider claiming to operate from a “secured Netherland datacenter privacy bunker.” The same IP addresses have been linked by other organizations to separate botnet attacks targeting other groups. Beyond this the owner is, for now, unknown. (The host’s privacy policy simply reads: “DMZHOST does not store any information / log about user activity.”) The eQualit.ie report mentions these details in a section titled “Maskirovka,” the Russian word for military deception, because hacking groups like Ghost Squad (and Anonymous as a whole) can also provide an ideal screen for other actors, including nation-states. Like terrorism or guerrilla combat, DDoS attacks and other online harassment fit into a classic paradigm of asymmetrical warfare, where the resources needed to mount an attack are far less than those needed to defend against it. Botnets can be rented on-demand for around $60 per day on the black market, but the price of being flooded by one can run into the hundreds of thousands of dollars. (Commercial DDoS protection can itself cost hundreds of dollars per month. eQualit.ie provides its service to clients for free, but this is only possible by covering the operating costs with grant funding.) The Internet had long been lauded as a democratizing force where anyone can become a publisher. But today, the cost of free speech can be directly tied to the cost of fighting off the attacks that would silence it. Source: http://arstechnica.com/security/2016/12/hack_attacks_on_black_lives_matter/

Read the article:
The DDoS vigilantes trying to silence Black Lives Matter

Historic DDoS attack likely waged by ‘non-state actor’: Intel director

The nation’s top intelligence official on Tuesday said state-sponsored hackers likely weren’t behind the distributed denial-of-service (DDoS) attacks that disrupted internet access across the United States last week. Weighing in on the outages during an event at the Council on Foreign Relations in Washington, D.C., National Intelligence Director James Clapper said investigators believe a “non-state actor” was likely responsible for the DDoS attacks that made it difficult to access some of the world’s most popular websites Friday. “That appears to be preliminarily the case,” Mr. Clapper said, The Hill reported. “But I wouldn’t want to be conclusively definitive about that, specifically whether a nation state may have been behind that or not.”  “The investigation’s still going on,” he added. “There’s a lot of data going on here.” Beyond the Beltway, private sector security researchers like those employed by Flashpoint, a business risk intelligence firm that’s analyzed the attacks, hold a similar opinion. “Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors,” its researchers wrote Tuesday. In fact, Flashpoint said its investigation revealed that the same infrastructure used to disrupt access to websites like Twitter and Netflix was also used to attack a well-known video game company — an indication that the culprits of the crippling DDoS weren’t necessarily waging assault on behalf of a foreign power. “While there does not appear to have been any disruption of service, the targeting of a video game company is less indicative of hacktivists, state-actors or social justice communities, and aligns more with the hackers that frequent online hacking forums,” Flashpoint’s researchers wrote. “These hackers exist in their own tier, sometimes called ‘script kiddies,’ and are separate and distinct from hacktivists, organized crime, state-actors, and terrorist groups. They can be motivated by financial gain, but just as often will execute attacks such as these to show off, or to cause disruption and chaos for sport.” “I think they are right,” agreed Mikko Hypponen, chief research officer for security firm F-Secure. “I don’t believe the Friday attackers were financially or politically motivated. It was such an untargeted attack, it’s hard to find a good motive for it. So: kids,” he told TechCrunch. As authorities attempt to identify the culprits responsible for waging last week’s DDoS attacks, investigators have at least found out how the hackers were able to disrupt internet access North America and Europe. Researchers say the outage occurred after hackers compromised millions of internet-connected household devices like video recorders and digital cameras, then used those products to overload a widely used Domain Name System (DNS) — an online directory that enables web users to navigate from site to site. The director of the Department of Homeland Security said Monday that DHS has “been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.” Source: http://www.washingtontimes.com/news/2016/oct/26/historic-ddos-attack-likely-waged-by-non-state-act/

See more here:
Historic DDoS attack likely waged by ‘non-state actor’: Intel director

How Hackers Make Money from DDoS Attacks

Attacks like Friday’s are often financially motivated. Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.” So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or petty trolling, there’s frequently money involved. For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailed blackmail messages and managed to pocket tens of thousands of dollars before they were exposed. In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too. There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes. Researchers found last year that three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.) But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations. Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRs pummeling their system, attackers can grab passwords, credit card numbers, or identity information. In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per second thrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around a thousand times as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems. That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations. Source: http://fortune.com/2016/10/22/ddos-attack-hacker-profit/

See the original post:
How Hackers Make Money from DDoS Attacks

Hackers threaten First Securities with DDoS attacks

TAIPEI, Taiwan — First Securities (?????) was blackmailed on Thursday by hackers who threatened to completely disable its trading system with DDoS (distributed denial-of-service) attacks. The hackers asked the brokerage firm to pay 50 bitcoins (approximately NT$940,000), in an email that they sent to First Securities at around 10 a.m. on Thursday. Local newspaper Apple Daily cited an unnamed source as saying that a DDoS attack came at around 11 a.m., stopping all electronic trades. First Securities President Yeh Kuang-chang (???) confirmed that they received the blackmail email but stressed that the firm’s trading system was only slowed down but not disabled by the attacks as reported. The firm has activated a reserve system and, while a small number of investors were affected by the attacks, the system was not paralyzed, Yeh said. He said he believed the situation would be resolved by Friday. Yeh said the firm had reported the incident, which he said had caused no losses to the firm, to the authorities or to the investigation bureau. Yeh also stressed that while the firm had yet to ascertain the origin of the hackers, he had preliminary ruled out the possibility that Thursday’s DDoS attacks were related to the ATM heist aimed at its sister institution — First Commercial Bank — in July. ATMs at 41 First Bank branches were hacked in the incident, with over NT$80 million believed to have been stolen. Seventeen suspects from six countries have been identified in the heist, which involved an international crime ring. The Taiwan Stock Exchange (TWSE) issued a statement at 6 p.m. saying that First Securities suffered from an unknown online attack beginning at 10:50 a.m. and was not able to immediately recover its electronic trading system. The TWSE advised investors to use other forms of trading. TWSE Vice President Chien Lih-chung (???) said the TWSE had informed other securities firms and that no other firms had reported similar blackmail or system problems. Source: http://www.chinapost.com.tw/taiwan/national/national-news/2016/09/23/479195/Hackers-threaten.htm

Read More:
Hackers threaten First Securities with DDoS attacks

Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Blizzard was hit with a DDoS attack that made its servers inaccessible, disrupting gameplay for Battle.net users on Aug. 2. Someone from Blizzard’s customer support team posted on the Battle.net forums to acknowledge the attack, saying network engineers are on the case, working to address the issue. The problem has since been resolved, but according to a tweet from Blizzard’s North American customer support team, reports of World Server Down in  World of Warcraft  are being investigated. In a tweet, hacker group PoodleCorp claimed responsibility for the DDoS attack. It’s not clear who is PoodleCorp exactly, but some Battle.net users have surmised that some of the hacking group’s members could be players who were recently banned from  Overwatch , and thus now out for revenge. Whoever they are, PoodleCorp appears to be a busy group. A day before the DDoS attack on Blizzard, the hackers apparently took on  Pokémon GO , marking their second takedown of the mobile game after first attacking it on July 16. Pokémon GO  servers were also down for several hours on July 17, but OurMine, another hacking group, took the credit for that attack. In an interview via Twitter DM, PoodleCorp’s leader, @xotehpoodle, told Mic that they targeted  Pokémon GO  because it’s popular right now. Also, they’re doing what they’re doing because nobody can stop them. “We do it because we can, nobody can stop us and we just like to cause chaos,” said the hacking group’s head, who added that their botnet is worth more than Niantic. Over the summer, PoodleCorp also claimed responsibility for hacking  League of Legends  and popular YouTubers. Earlier in June, Blizzard also experienced a major outage as another DDoS attack took out its servers. Twitter user AppleJ4ck, said to be tied to hacking group Lizard Squad, claimed responsibility for the attack and mocked Blizzard, saying the attack was part of some “preparations.” As PoodleCorp has claimed responsibility for the most recent outage, does that mean that there’s more to come given what AppleJ4ck’s been preparing for has not come to fruition? In the past, Lizard Squad had been connected to disruptions on Microsoft’s Xbox Live and Sony’s PlayStation Network. When angry gamers swarmed the hackers’ Twitter accounts, PoodleCorp and AppleJ4ck replied with similar messages, saying anyone who gets upset over a game should get a life and that they’re doing everyone a favor by knocking them offline. Source: http://www.techtimes.com/articles/172361/20160803/overwatch-warcraft-servers-sidelined-by-ddos-attack-from-hacking-group-poodlecorp.htm

Follow this link:
Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

HSBC Website Suffers DDoS Attack

OurMine Hacking group conducted a massive DDoS attack on HSBC websites forcing the sites to go offline in UK and the USA! The official domain of HSBC (Hongkong and Shanghai Banking Corporation) came under massive distributed denial-of-service (DDoS) attack on 12July affecting domain in UK and the USA. The DDoS attack was conducted by OurMine hacking group which previously made headlines for hacking social media accounts of high-profile tech celebrities including Facebook’s Mark Zuckerberg and Google’s Sundar Pichai but this is the second DDoS attack  after WikiLeaks last week. Currently, the reason for targeting HSBC bank is unknown though according to SoftPedia the cyber attack was stopped within few hours after one of HSBC’s staffs contacted the attackers. “Hello, We stopped the attack of HSBC Bank! a staff of HSBC Talked with us,” stated the hackers on their official blog. Screenshot shared by attackers shows HSBC’s UK and US domains are down! It is unclear if the bank was targeted for ransom or just for fun, however, this is not the first time when HSBC faced such attacks. In January 2016 hacktivists from New World Hacktivists (NWH) claimed responsibility for a DDoS attack on HSBC’s mobile servers on payday. As far as OurMine is concerned, it is the same group who hacked  Google’s CEO Sundar Pichai Quora account which was also linked to his Twitter account, the group also hacked Facebook’s CEO Mark Zuckerberg Twitter and Pinterest accounts and last but not the least the official Twitter account of Twitter’s CEO Jack Dorsey was also taken over by the same group. DDoS attacks have been increasing with every passing day . In the past, DDoS attacks were conducted just for fun or to shut down servers but now hackers attack sites for ransom and keep them down until a ransom is paid. The ProtonMail DDoS attack is a fine example of how these attacks are becoming another online mafia to steal money. At the time of publishing this article, both targeted sites were reachable. Source: https://www.hackread.com/hsbc-website-suffers-ddos-attack/  

Read the original post:
HSBC Website Suffers DDoS Attack

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future. Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use. OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek. Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit. In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment. The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous. “If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.” After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.” The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said. One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.” Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

Read More:
WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists

The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. The central banks of Indonesia and South Korea are reportedly bulking up security on their public-facing websites after being hit with cyberattacks and distributed-denial-of-service (DDoS) disturbances linked to notorious hacking collective Anonymous. In response to the attempted cyberattacks, Ronald Waas, deputy governor of Bank Indonesia (BI), told Reuters his institution was forced to block 149 regions that don’t usually access its website, including “several small African countries”. As previously reported, a video statement posted to YouTube on 4 May by the group said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.” Later, the central bank of Greece admitted its website was taken offline for a short period of time. This was followed by other banks in countries including France, England, Scotland and Sweden. In June, the hackers announced that ‘phase three’ of the operation has started – dubbed Project Mayhem – and that the focus of the campaign would change to include major stock exchanges. In any case, the global banking system has been left shaken by a number of successful hacks, breaches and cyber-heists throughout 2016. In one attack, the Bangladesh central bank was targeted by a highly coordinated team of hackers that were able to steal a massive £81m via fraudulent money transfers. Source: http://www.ibtimes.co.uk/central-banks-south-korea-indonesia-bulk-security-following-ddos-attacks-by-hacktivists-1566836

Continue reading here:
Central banks of South Korea and Indonesia bulk up security following DDoS attacks by hacktivists