Tag Archives: ddos news

Finnish Defense Ministry Hit by DDoS Cyberattack

Finland’s Ministry of Defence (MoD) is reviewing its IT security infrastructure in the wake of a distributed denial of service (DDoS) attack on its main website. The attack was launched hours before Finnish President Sauli Niinistö met with Russian President Vladimir Putin in Moscow on March 22 to discuss regional security issues and the implementation of deeper cooperation on border defense. Initial investigations by the National Cyber Defense Center (NCDC) are examining the possibility that the cyberattack may have been launched from Russia to coincide with high-level, inter-government talks. Similar DDoS attacks launched against public and private organizations in Sweden in March had traced the servers to Russia. Niinistö met with US President Barack Obama in Washington on April 1. The meeting took place during the international Nuclear Security Summit hosted by the US president. Finland’s MoD confirmed that the sustained DDoS attack, which lasted more than three hours, was the second such cyberattack against its online IT infrastructure in 2016. The MoD responded by diverting traffic from its main site defmin.fi to a temporary site. The previous DDoS attack took place Feb. 27 and lasted nearly five hours. Other key government department websites, including finance, social affairs and health, agriculture and forestry, and the Council of State office, were targeted in simultaneous attacks. The timing of the latest DDoS attack is significant, coming as Finnish and US governments finalize plans connected to joint military exercises in Finland. Source: http://www.defensenews.com/story/defense/international/2016/04/04/finnish-defense-ministry-hit-ddos-cyberattack/82608438/

See original article:
Finnish Defense Ministry Hit by DDoS Cyberattack

Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues

Coinkite, the popular wallet and hardware payment network service provider, has announced it is closing down its web wallet to focus on other projects after legal issues and DDoS attacks have impeded the use of the wallet. Hardware products focus After a noticeable lack in posting on their blog after incredibly frequent posting over the last three years, Coinkite CT r: 24 has announced it is shutting down its web wallet service. Users of the service need not worry about the hardware aspect of Coinkite, as that will remain unaffected, and the team in fact hopes to expand it. “We are winding down the web wallet part of Coinkite so that our team can focus on a number of new products that are more decentralized and embodied as hardware products. We’re still big Bitcoin fans, supporters and Hodlrs, and although Coinkite has been great adventure in the SaaS business, we want to spend more time where our heart is, hardware products, software-”not-as-a-service”, and other exciting new possibilities.” Under DDoS since the first month Coinkite cited the legal issues associated with being a centralized Bitcoin CT r: 8 service, and hence the financial strain brought about by lawyers, and non-stop DDoS-ing since launch for the closing down of the service. “Being a centralized bitcoin service does attract attention from state actors and other well funded pains in the butt, and as a matter of fact, we’ve been under DDoS since the first month we launched—over three years–yay. Plus we have put real fiat dollars into our lawyers’ pockets, to defend our customers from their own governments. This is not what we love to do, which is coding and delivering awesome services.” Programmers-turned-businessmen an issue Part of the issue in the cryptocurrency industry is that many of those who are choosing to create businesses in this newly-fledged sector, are fundamentally programmers, and as such are ill-equipped to deal with the likes of lawyers and regulators. The simple solution to this problem is greater co-operation between the financial industry and the cryptocurrency industry. The financial sector has been around for far, far longer than the cryptocurrency industry. It has the infrastructure, processes, and people already in place to deal with a lot of the issues facing these programmers-turned-businessmen, and if more startups are to succeed, they are going to need to implement them. Source: http://cointelegraph.com/news/coinkite-is-closing-down-its-web-wallet-citing-legal-and-ddos-issues

See the article here:
Coinkite Is Closing Down Its Web Wallet Citing Legal and DDoS Issues

The Anonymous ‘war’ on Donald Trump is a complete disaster

The “total war” that Anonymous declared earlier this month against Donald Trump has quickly devolved into a civil war among hackers fighting within the group and pro-Trump supporters who are trolling them within their chat rooms. In early March, hackers affiliated with Anonymous tried to reboot their Operation Trump campaign by calling for everyone to take down Trump’s websites in a coordinated effort on April 1. Almost immediately, the initiative was criticized by people within Anonymous as irresponsible and “cringeworthy,” but a dedicated group apparently moved on with the plan. It’s April 1: Many of the GOP frontrunner’s sites are still standing, there are now two competing OpTrump chat rooms with totally different missions, and one of them has been flooded with pro-Trump supporters and others leaving trolling comments like “Hitler did nothing wrong.” In short: The so-called war seems to be a complete disaster. ‘A mess is happening’ It’s unclear when the split between Anonymous factions occurred, but it seems to have happened sometime after a hacker named Beemsee, who has been leading the original OpTrump effort, released a new statement claiming that attacking Trump’s websites was all a ruse for publicity around April Fools’ Day. “There is no DDoS,” Beemsee and two other hackers wrote, using the acronym for a distributed denial-of-service attack, a tactic used to overload a website. “It’s only purpose was to gain attention, which this Operation needs. … the point of this Operation is not to attack Donald Trump. Instead, it is going to try to give citizens some insight.” Beemsee and their cohorts say in their statement that people should try and capture “the darker nature of Trump’s supporters” and post it on social media sites with hashtags like #OpTrump and #Trump2016. But a hacker called AnonymousLoyalist disagreed. In a competing statement, the hacker wrote that they moved to a “far more organized channel, which has already seen unsurprisingly large amounts of success.” That channel is #OpTrump2016, but it was unclear exactly what that success boiled down to. When Tech Insider viewed the #OpTrump2016 chat room on Friday, it was an unorganized mess. Most Anonymous chat rooms are moderated in some way, and people usually get kicked out for spamming or posting nonsense. But it appeared to be flooded with trolls intent on calling them children, “social justice warriors,” and, more often than not, homophobic slurs. “A mess is happening,” wrote one user in #OpTrump, expressing a shared frustration among others in Beemsee’s chat room. The ‘war’ goes on It was clear on Friday that at least some of Trump’s websites were indeed under cyberattack. The website CitizensForTrump.com is currently unreachable, and the site for Trump’s hotels brought up an error for a few seconds before pulling up a cached version powered by CloudFlare, a service that protects from attacks like this. Anonymous may be able to bring down some of Trump’s unprotected websites, but it will almost certainly come back online after a few hours or days. And many of his other sites are probably not at risk at all, since Tech Insider previously spoke with CloudFlare CEO Matthew Prince, and he wasn’t particularly worried. “DDoS attacks are not particularly sophisticated cyber attacks,” Prince said. “They are sort of the functional equivalent of a caveman with a club.” A representative for Trump did not immediately respond to a request for comment from Tech Insider, but spokeswoman Hope Hicks previously told Tech Insider: “The government and law-enforcement authorities are seeking the arrest of the people responsible for attempting to illegally hack Mr. Trump’s accounts and telephone information.” Depending on who you believe in Anonymous, the plan is a coordinated DDoS attack or a social-media shaming campaign against Trump’s supporters. But Beemsee left open the possibility of something else, perhaps an actual way to take over one of their targeted websites — which the hacker collective has been scanning for vulnerabilities since the beginning. “This is NOT the last time you hear of this operation,” Beemsee wrote. “We will be watching, and will act when the time is right.” Source: http://www.businessinsider.com/anonymous-war-donald-trump-fail-2016-4

Excerpt from:
The Anonymous ‘war’ on Donald Trump is a complete disaster

Bitcoin Startup Quits Operation Due to Never-Ending DDoS Attacks

Bitcoin’s Secure Wallet Service Coinkite Inc. Closing Down due to never-ending DDoS Attacks and Governmental Nagging Bitcoin exchanges around the world face cyber attacks every now and then, some owners give up while some fight back . In the case of Bitcoin startup Coinkite Inc., it is now officially announced that its secure wallet service, which started in 2012, will be closed within the next 30 days. It has also been made clear that customers must withdraw funds from their wallets by the end of this period. If any of the users fail to do so then their Bitcoin will be automatically credited to them. Prior to closing down all of the services, its TOR accessibility and application program interface of Coinkite will be closed for 14 days while their annual pre-paid plans’ prorated balances will continue to be refunded. The startup was under DDoS attacks for last three years The company now aims to focus upon hardware-oriented products such as the upcoming physical Bitcoin project Opendime. It will be a full-fledged standalone Bitcoin terminal or hardware wallet that will be equipped with a printer as well as QR scanner. Moreover, the company will be focusing upon hardware products for security optimization and authentication, all-purpose standalone Bitcoin solutions and services for hosting Bitcoin hot wallets. Since its inception, Coinkite was marketed as the most convenient and secure way to accept and exchange Bitcoin, the digital currency. The company claimed that it provided users the world’s “most advanced web wallet system.” It was considered a system that empowered customers and merchants to “BUY, SELL, ACCEPT and STORE Bitcoins and other cryptocurrencies, in both the online and physical worlds.” Why is Coinkite Closing the Secure Wallet Service NOW? The decision apparently is the outcome of the constant harassment that the online Bitcoin wallet service has been dealing with. In a blog post , it was revealed by the company that they had been receiving Distributed Denial of Service or DDoS attacks constantly over the past three years. They also have become tired of the attempts by governmental agencies for interrupting into their clients’ privacy. The CEO of the company Rodolfo Novak told CoinDesk that they wanted to shift their focus from software to hardware because their meager resources were being drained further by the “bullshit” that they have been experiencing. “We want to write software, not deal with lawyers and DDoSing…One of the main issues with SaaS is all the free users and need support and we want to provide good support. All these things have costs,” clarified Novak. Source: https://www.hackread.com/bitcoin-exchange-ddos-attacks/

View article:
Bitcoin Startup Quits Operation Due to Never-Ending DDoS Attacks

DNS root server attack was not aimed at root servers – infosec bods

Target appears to have been two Chinese domain names The internet’s root servers were not the target of a distributed denial-of-service (DDoS) attack in December which for a short time took out four of the 13 pillars of the global network.…

More here:
DNS root server attack was not aimed at root servers – infosec bods

University of Georgia hit by DDoS Attack

The University of Georgia was the victim of a cyberattack Sunday night which blocked all Internet access for everyone on campus using the school’s network. The DDoS — distributed denial of service — attack came from outside UGA’s network, and began about 6:10 p.m., according to an email sent Monday by Timothy Chester, UGA’s vice president for information technology. A DDoS attack floods a target’s computer network with traffic, leaving the victim’s use of its websites and computer systems unavailable. During the incident, the university’s entire 20 gigabytes per second of Internet capacity was saturated with outside network traffic, which blocked access campus users. UGA purchases its Internet connectivity through a nonprofit consortium, called Southern Crossroads, which is operated by Georgia Tech. School officials worked with Southern Crossroads to isolate the attack and began blocking it about 10 p.m., Chester’s message said. The attack ended shortly after that. As of Monday morning, officials had found no evidence that systems or data maintained by UGA had been compromised. Colleges and universities have increasingly been the target of these types of cyberattacks. Last year, Rutgers University students requested tuition refunds after the school experienced its fifth DDoS attack in a year. Arizona State University was also hit by a DDoS attack in April, blocking access to its Internet network a week before final exams. Some campuses are not currently equipped to identify DDoS attacks, and may not have a method for effectively mitigating them, industry experts say. “I personally regret that many of you experienced a disruption as you were preparing homework, getting ready for class or doing other University work and I offer my apologies,” Chester said to the campus community in the message. UGA plans to review the incident with federal, state and local law enforcement, and work with the University System of Georgia on reducing the risks of these types of attacks in the future. Source: http://www.ajc.com/news/news/local-education/university-of-georgia-hit-by-cyberattack/nqtN9/

Read the original post:
University of Georgia hit by DDoS Attack

D.O.J. Charges Iran-Sponsored Hackers with Dozens of DDoS Attacks on Major Financial Institutions

No less than 46 U.S. financial institutions, as well as a dam in New York, were allegedly targeted. On Thursday morning, the Department of Justice unsealed an indictment against seven Iranian citizens allegedly funded by the Islamic Revolutionary Guard Corps, accusing them of launching a coordinated cyber-attack against a minimum of 46 American financial institutions, as well as a major New York dam. In a press conference with some of American law enforcement’s heaviest hitters, including F.B.I. director James Comey and U.S. district attorney Preet Bharara , Attorney General Loretta Lynch announced that members of two Iran-based computer companies, ITSecTeam and the Mersad Company, had launched coordinated distributed denial of service (DDoS) attacks against the Web sites of dozens of financial institutions, including the New York Stock Exchange, Bank of America, Capital One, ING, and AT&T, disabling them and preventing their customers from accessing their accounts. In addition, one of the alleged hackers, Hamid Firoozi , was said to have illegally accessed a computer in charge of the Bowman Dam in Rye, New York, giving him the ability to remotely control its operations and potentially cause “a threat to public health or safety.” According to the Department of Justice, the two groups received funding from the Islamic Revolutionary Guard, the elite government militia tasked with defending Islamic law in Iran. Lynch said in a statement that the attacks not only cost these companies “tens of millions of dollars” to restore their Web sites, but highlighted how foreign cyber-attacks have become a major threat to U.S. national security. “In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” she said in the prepared statement. According to the indictment, the DDoS attacks took place over 176 days between 2011 and 2013. The attacks on U.S. targets took place after Iran’s nuclear capabilities were sabotaged by the Stuxnet virus, believed to have been a joint effort between the U.S. and Israeli governments, in mid-2010. The indictment also comes after a series of high-profile cyber-attacks on the United States government. In 2014 alone, the government experienced more than 61,000 attacks on their computer systems, affecting several administrative agencies such as the State Department, the Energy Department, and the White House. Last year, the Office of Personnel Management (O.P.M.) was the target of the largest attack to date, in which Chinese hackers stole sensitive personal information from 21.5 million past and present government employees. During the press conference Thursday morning, Comey said that the indictment was meant to show the world that the U.S. government was ready to respond to foreign-based cyber-attacks, no matter where they came from or the scale of the attack. “By calling out the individuals and nations who use cyber-attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” he said. Source: http://www.vanityfair.com/news/2016/03/doj-iran-hacker-indictment

See more here:
D.O.J. Charges Iran-Sponsored Hackers with Dozens of DDoS Attacks on Major Financial Institutions

DDoS Attacks Cripple Swedish News Sites Amid Russia Tension

A number of Swedish government websites and major media outlets were knocked offline for hours over the weekend, police say. No one has taken responsibility for the cyberattacks, which silenced at least seven of Sweden’s most prominent news organizations for hours amid growing tension with Russia. A flood of web traffic Saturday night either crippled or totally shut down the news sites Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad for roughly three hours. Police launched an investigation Sunday, Agence France-Presse reported, with investigators telling many of the same sites the traffic appears to have originated in Russia. Cyberattackers, ranging from Anonymous to state hacking groups, often use distributed denial of service, or DDoS, attacks to direct a wave of falsified web traffic at a single or small number of sites, overwhelming them with traffic for hours or days. This attack was “extremely dangerous and serious,” Jeannette Gustafsdotter, the head of the Swedish Media Publishers’ Association, told the news agency TT, as quoted by the Local.se. “To threaten access to news coverage is a threat to democracy.” The onslaught came after an anonymous Twitter account, using the handle @_notJ, warned of imminent attacks against sites that posted “propaganda.” Aftonbladet, one of the sites mentioned in the tweets, has published a number of stories on the Russian plane crash that killed 62 people and other topics that don’t portray Russia in a positive light. This is what happends when you spread false propaganda. Aftonbladet.se #offline@Aftonbladet — J (@_notJ) March 19, 2016 The following days attacks against the Swedish goverment and media spreading false propaganda will be targetted. — J (@_notJ) March 19, 2016 The attacks also came after a Swedish government report cited Russian “extreme movements, information operations and misinformation campaigns” aimed at Swedish lawmakers and the public as Sweden’s most formidable intelligence threat. The Swedish government asked Russian Embassy staff to leave Sweden in 2015, though the report noted that suspected spies were still working as diplomats, airline employees and business executives. Source: http://m.ibtimes.com/ddos-attacks-cripple-swedish-news-sites-amid-russia-tension-2340079

Original post:
DDoS Attacks Cripple Swedish News Sites Amid Russia Tension

Swedish newspaper websites shut down in DDoS attack

The online editions of Sweden’s main newspapers were knocked out for several hours by unidentified hackers at the weekend, police said Sunday as they launched an investigation. The attack was “extremely dangerous and serious,” the head of the Swedish Media Publishers’ Association, Jeanette Gustafsdotter, told Swedish news agency TT. “To threaten access to news coverage is a threat to democracy,” she said. No one has claimed responsibility for the attacks, which either partially or totally shut down the sites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad on Saturday evening from about 8:00 pm (1900 GMT) until about 11:00 pm (2200 GMT). Several experts quoted in the media suggested the sites were subjected to distributed denial-of-services (DDoS) attacks, in which hackers hijack multiple computers to send a flood of data to the target, crippling its computer system. Police said in a statement they had launched an investigation, and Swedish intelligence was also being kept abreast of developments. An anonymous threat was issued on a Twitter account shortly before the attack. The account was attributed to J@_notJ. “The following days attacks against the Swedish government and media spreading false propaganda will be targeted,” the first tweet read. An hour later, a second tweet read: “This is what happens when you spread false propaganda. Aftonbladet.se #offline”. Source: https://www.enca.com/technology/swedish-newspaper-websites-shut-down-hacker-attack

More:
Swedish newspaper websites shut down in DDoS attack

Malware Botnet Can Be Abused to Launch DDoS Attacks

DDoS attacks can have an amplification factor of 26.5 An independent security researcher that goes by the name of MalwareTech has discovered a way in which he could abuse the ZeroAccess malware’s botnet to launch reflection DDoS attacks with an above-average amplification factor. ZeroAccess is a trojan that infects Windows computers and then starts communication with a C&C (command and control), which in turn tells the trojan to download various types of other, more dangerous malware, usually clickfraud bots or Bitcoin mining software, operating hidden from the user’s view. The ZeroAccess botnet appeared in 2011, and because of an effective rootkit component and P2P-like structure, it even managed to survive a takedown attempt orchestrated by Microsoft in December 2013. ZeroAccess botnet used for amplifying DDoS attacks MalwareTech discovered that ZeroAccess allowed its bots to relay messages from one to another, some acting like smaller servers (supernodes) while the rest were just end-points (workers). To relay orders from the C&C server to supernodes and workers, ZeroAccess used simple UDP packets. Because of its complex mesh structure, when a UDP packet arrived at a supernode, the bot would add more information to the packet, containing various details about the network’s structure. The supernode would add 408 bytes on top of the original 16, for a total of 242 bytes. Since UDP packets can have their destination address spoofed, an attacker that managed to map ZeroAccess’ bot network would be able to send UDP packets to its bots, some of which would then amplify the traffic by 26.5, sending it back to the spoofed destination (the victim’s IP). This scenario is your typical reflection DDoS attack , carrying a 26.5 amplification factor, which is more than double the typical 2-10 amplification factor seen in other types of reflection DDoS attacks. DDoS attacks worked even if bots were behind NATs Theoretically, this wouldn’t have been a problem, since most bots infect users that are sitting behind NATs (Network Address Translation), software programs that translate public IPs to private IP addresses, in order to maximize IPv4 address space usage. That meant that a vast majority of the ZeroAccess botnet wouldn’t have been accessible to a person carrying DDoS attacks via this technique. Unfortunately, MalwareTech found a way around this issue as well, allowing him to involve ZeroAccess supernode bots into DDoS attacks even if sitting behind a router. All of this is only theoretical since the researcher did not want to commit a crime just to test out his theory. Source: http://news.softpedia.com/news/malware-botnet-can-be-abused-to-launch-ddos-attacks-501869.shtml

See the original post:
Malware Botnet Can Be Abused to Launch DDoS Attacks