Category - DDoS Attack Specialist

Distributed Denial of Service ‘DDoS’ attack target Maldivian websites
NBC, Google preparing for hackers for Olympic games 2012 in London
2 UK LulzSec hackers plead guilty in London court for launching DDoS attacks
Legalize Distributed Denial of Service ‘DDoS’, says Dutch opposition party
Twitter Down: Blames Bug for Double Outage, Denies DoS Attack
Qu?bec government sites hit with Distributed denial of service ‘DDoS’ Attack
Alleged Lulzsec member, Ryan Cleary, indicted in U.S.
More Sophisticated DDoS Attack a New Threat to Apache Servers
London Internet Exchange hit by suspected DDoS attack
WHMCS under renewed DDoS blitz after patching systems

Distributed Denial of Service ‘DDoS’ attack target Maldivian websites

Service interruptions to some Maldivian websites have been observed throughout last week has continued.

Site managers of Haveeru Online and Sun Online report that increasing number of inaccessibility complaints have been received by the two most prominent news websites in the Maldives. Some people complain of inaccessibility to other websites as well.

Dhiraagu informed that the problems are caused only to Haveeru Online website and that the cause of it is due to DDoS attacks aimed at the website. DDoS attacks increase the traffic intentionally paralyzing a targeted computer network by flooding it with data sent simultaneously from many individual computers.

Dhiraagu Manager Marketing, Communications and Public Relations Mohamed Mirshan said that Dhiraagu does have precautionary measures in place and that ?Haveeru and Dhiraagu are both victims? and that such problems are being solved as soon as the attacks hit.

?These attacks are targeted at Haveeru. These are not aimed at the Dhiraagu infrastructure. DDoS is very common all around the world. We have taken the same measures taken internationally. DDoS cannot be controlled by anyone other than its originators. The only thing we can do is, mitigate the attacks. Dhiraagu has also taken all necessary measures taken against it worldwide,? Mirshan said.

Even though Dhiraagu said that the attacks were only being targeted against Haveeru, Sun Online also informs that issue of inaccessibility has been noticed. Haveeru and Sun online stressed that the issue was observed even this morning.

Both online websites said that numerous complaints have been received regarding inaccessibility to the websites from abroad, due to these DDoS attacks.

Dhiraagu stated that DDoS attacks are cybercrimes and that the perpetrators need to be found and brought to justice.

NBC, Google preparing for hackers for Olympic games 2012 in London

NBC and Google are conducting ?war games? in at least three countries, to prepare for the possibility of hacker attacks or hardware malfunction disrupting the online streaming of the? Summer Olympics Games in London, which start this month.

For the past nine months the network?s online team, together with Google, which is managing the streaming of the games, have simulated hundreds of disruptive scenarios, some lasting eight hours. They have simulated a range of problems from broken broadcast encoders to traffic overloads and hacker assaults on the systems, NBC staff told CIO Journal.

?We have it very well-scripted, so we know that when a problem occurs who is on point and what steps we need to take,? said Eric Black, vice president of technology for NBC Sports and Olympics. ?At some point during the games there?s likely to be an outage, but the goal is for us to be on top of that and have no end-user impact.?

The roll-out, if successful, will represent the largest-ever online offering of a sporting event. NBC called the Beijing Olympics, which offered 2,200 hours of streaming events, a ?billion dollar lab,? which helped the company to innovate its sports coverage.

For example, some feared that an online broadcast would cannibalize TV viewership, said Rick Cordella, senior vice president for digital media at NBC Sports and Olympics. But NBC found that streaming online content actually created ?pre-air buzz? and encouraged more people to watch a taped broadcast on television. The improvements made in the Beijing Olympics allowed NBC to stream a Super Bowl for the first time last February, reaching 2.1 million viewers.

The simulations aim to head-off disruptions as NBC, partnering with Google?s YouTube, plans to offer live, online coverage of 3,500 hours of events scheduled for the end of the month, with the goal of making the summer games the most watched online event in history. ?If there is a camera on it we?ll stream it,? Cordella said.

NBC is hoping to beat its online viewership for the Beijing Olympics, which drew around 52 million unique visitors to its site. Those viewers watched 75.5 million video streams.

NBC staff declined to talk about specific security preparations, but NBC spokesman Chris McCloskey confirmed that the war games did include preparing for the possibility of hacker attacks.

The 17-day games will be captured in London and then sent to NBC?s New York and Stamford, Conn., offices, where advertising will be inserted. The footage will then go to Google?s offices in San Bruno, Calif., where it will be prepped for online and streamed across the search giant?s networks to several NBC sites. Cable or satellite subscribers will be able to go online to watch the entirety of the games live or in replay.

But streaming so much content?more than any other sporting event in history?presents complex risks during the high-profile games. NBC will be monitoring for unexpected traffic spikes or hardware failure. And even if a local disruption occurs as the result of an event unrelated to NBC or Google, the network knows it could still be blamed.

?One of the inherent things with streaming is there are things outside of our control,? said Cordella. ?Journalists and writers and guys that tweet will blame NBC but it?s hard to diagnose for sure where the issue is coming from.?

Analysts say it?s likely that hackers will attempt to disrupt the video streams, and NBC and Google are taking steps to harden their defenses, according to the network. The U.S. Department of Homeland Security released a bulletin in May warning companies that hackers, motivated by ?ideological or financial objectives,? may attempt to disrupt coverage of the games.

Companies and individuals in China were subjected to 12 million hacker attacks a day during the 2008 Olympics, the report said.

As Black spoke to CIO Journal, last week, he said NBC, Google and other teams were conducting a ?war game? that spanned Zurich, Switzerland; Turin, Italy; Stamford, Conn., and San Bruno, Calif. The simulation was designed to help the teams adapt if a broadcast encoder, the hardware that transfers video into a digital format for on-air broadcast, went down.

In that war game, NBC?s New York office took the lead in re-routing the television feed through a back-up encoder.

Google teams in San Bruno and Zurich and NBC teams in Stamford monitored the feeds to make sure that as the encoder was changed in the midst of the war game, the hardware swap did not disrupt footage elsewhere as the video moved through the system, according to NBC. A Google spokesman declined to comment.

NBC?s teams are also preparing for the remote possibility that a systems failure or bandwidth overload will overwhelm Google?s ability to deliver content. NBC has contracted with other vendors to serve as alternates in that unlikely event, Black said. He declined to name those back-up vendors.

NBC and Google are also likely preparing to defend themselves against distributed denial of service attacks, in which hackers attempt to overload sites with high volumes of traffic, said John Kindervag, a security analyst with Forrester. DHS, in last month?s report, singled out this method as a potential disruptor of this year?s games.

The simulations would allow NBC and Google staff to see the effects such an attack would have on the network, and to calculate how quickly they could rebound, Kindervag said.

?The tests show you weak points you didn?t anticipated,? Kindervag said. ?You make the assumption there is going to be a failure and you learn how to react.?


2 UK LulzSec hackers plead guilty in London court for launching DDoS attacks

LONDON ? Two British hackers linked to the notorious Lulz Security group pleaded guilty to a slew of computer crimes Monday, the latest blow against online miscreants whose exploits have grabbed headlines and embarrassed governments around the world.

Ryan Cleary, 20, and Jake Davis, 19, pleaded guilty to conspiring with other members of LulzSec to attack government, media, and law enforcement websites last year, according to Gryff Waldron, an official at London?s Southwark Crown Court.

LulzSec ? an offshoot of the loose-knit movement known as Anonymous ? has claimed responsibility for assaults on sites run by the Central Intelligence Agency, the U.S. Public Broadcasting Service, and media mogul Rupert Murdoch?s News International. Other targets included media and gaming giants Nintendo Co. and Sony Inc., security company HBGary Inc., Britain?s National Health Service, and Arizona State Police.

Waldron said two other defendants ? 25-year-old Ryan Ackroyd and an unnamed 17-year-old ? have pleaded not guilty to the same charges and will face trial in April of next year.

All four defendants have denied two counts of encouraging or assisting others to commit computer offenses and fraud. Waldron said prosecutors were still weighing whether to take Cleary and Davis to court on the remaining charges.

LulzSec, whose name draws on Internet-speak for ?laugh out loud,? shot to prominence in mid-2011 with an eye-catching attack on PBS, whose website it defaced with a bogus story claiming that the late rapper Tupac Shakur had been discovered alive in New Zealand.

It was an opening shot in what became a months-long campaign of data theft, online vandalism and denial-of-service attacks, which work by jamming target websites with bogus traffic.

The hackers repeatedly humbled law enforcement ? stealing data from FBI partner organization InfraGard, briefly jamming the website of Britain?s Serious and Organized Crime Agency, and publishing a large cache of emails from the Arizona Department of Public Safety.

The cybercrime spree focused attention on Anonymous, a loose-knit collection of Web-savvy activists and Internet pranksters ? many of whom have turned their online guns on governments, officials or corporations over a variety of political grievances.

LulzSec and its reputed leader, known as Sabu, had some of the highest profiles in the movement. But in March U.S. officials unmasked Sabu as FBI informant Hector Xavier Monsegur and officials on both sides of the Atlantic swooped in on his alleged collaborators, making roughly half a dozen arrests.

Cleary, who had been nabbed in an earlier raid, also pleaded guilty to providing the hackers with illegally hijacked computer networks for use in denial-of-service attacks and breaching the Pentagon?s cyberdefenses by installing or altering files on U.S. Air Force Agency computers.

Cleary faces a U.S. federal indictment in relation to his cyberattacks, but his attorney says her client is autistic and that she would ?fiercely contest? any move to extradite him to America.

Source: washingtonpost

Legalize Distributed Denial of Service ‘DDoS’, says Dutch opposition party

Dutch opposition party D66 has called for the legalization of DDoS in its new election manifesto.

Distributed denial of service (DDoS) attacks should be viewed as online public demonstrations, and as such should be regulated in the same basic manner as street demonstrations, says D66 campaign manager Kees Verhoeven.

Democrats 66 (a party formed by young intellectuals in 1966) currently has ten seats in the Dutch House of Representatives, five in the Senate and three in the European Parliament. It is in opposition to the Rutte-Verhagen coalition in The Netherlands. It describes itself, somewhat reluctantly, as “a progressive liberal party.”

D66 believes that online hacktivism is similar to on-street demonstrations and should be controlled in a similar manner: regulated, not banned. Under the proposals, hacktivists would need to give prior warning of their action to allow companies to take whatever defensive measures they choose. At the moment this often happens in general if not in detail: hacktivists will often pre-announce their targets if not necessarily the precise time of the attack.

The move would make a formal distinction between disrupting the online service of a company, and breaking into the servers of that company ? a distinction that is not generally held in most jurisdictions.

D66 is also calling for greater privacy and consumer protection online. The collection and re-use of personal data by websites should be strictly on an informed opt-in basis, while the privacy of emails should be guaranteed. Website blocking should be allowed solely via a court order, and then only for serious offenses such as terrorism or inciting violence. The recent blocking of The Pirate Bay (TBP) website by both the Dutch and UK courts would thus not have happened.

Source: InfoSecurity

Twitter Down: Blames Bug for Double Outage, Denies DoS Attack

Normal service was restored for most users after several hours of confusion but some unfortunate people continued to face problems well past 4 pm EST on Thursday, as the company acknowledged the issue was still ongoing. “It did not say how many users were affected by the outage, or how long it lasted,” The Times of India reported.

The official blame was placed on a “cascading bug” that disrupted the system; the first message reporting the outage was posted, to the company blog, precisely at 9:35am PDT (4:35pm GMT). The message said engineers were investigating the issue. The next update, an hour later, suggested the issue was resolved. However, it was soon re-written to inform users resolution of the problem was “ongoing”.

Incidentally, the company line aside, a hacker claiming membership with the UGNazi hacker group claimed responsibility. There is no confirmation the cited Denial-of-Service (DoS) attack was theirs. According to Total Telecom, a Twitter spokesman later denied the claim, reiterating the “outage was due to a cascaded bug in one of our infrastructure components.”

Following the second service outage, Twitter reportedly began a full recovery procedure around 11am PDT (6pm GMT).

“We are currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future,” the company said.

According to a performance report from Apica, a technology performance testing firm, Twitter’s service was first disrupted at 8:03am PDT (3:03am GMT). The service was later restored around 10:08am PDT (5:08am GMT) but went down again for roughly twenty minutes starting at 10:48am PDT (5:48am GMT).

A service called “Down Right Now”? monitored the outage in real time to indicate when the temporary glitch would be resolved.

The outage comes after Twitter Inc. chief executive Dick Costolo proposed plans of expanding service for ad product across 50 countries this year, Bloomberg reported. The company is predicting $1bn in advertising revenue by 2014.


Qu?bec government sites hit with Distributed denial of service ‘DDoS’ Attack

Six alleged hacktivists have been arrested in Canada following a series of attacks on Quebec government websites.

Neither the identity of the suspect nor information on the site they targeted or why have been released by tight-lipped Canadian authorities.

Five police forces – including the Royal Canadian Mounted Police, the S?ret? du Qu?bec, and three municipal forces – carried out a series of raids that led to the arrests. Three of those arrested were minors. Police declined to say whether the suspects were part of Anonymous, citing the need to preserve the integrity of an ongoing investigation, Canadian Press news agency reports.

The Qu?bec government has earned the ire of Anonymous over recently enacted anti-protest laws. The province’s education and Montreal police department websites were hacked in a series of attacks last month. The website of the provincial Liberal party also became a target in the same set of denial of service assaults.

Hacktivists also managed to get their hands on the personal details of spectators attending the Formula One car-race in Montreal before sending somewhat threateningly worded emails warning motor racing fans of possible trouble.

“If you intend to use a car, know that your road may be barricaded,” the ‘Notice to Grand Prix Visitors’ emailed by Anonymous warned.

“If you want to stay in a hotel, know that we may enter it. If you seek to withdraw money from a bank, know that the shattering glass may sting. If you plan on watching a race, know that your view may be obscured, not by exhaust fumes but by the smoke of the fires we set. Know that the evacuation order may not come fast enough.”

Police created barriers blocking access to certain public places or detained people suspected of planning to disrupt the 10 June Grand Prix, allowing the event to proceed normality while sparking some criticism from civil liberties activists over an allegedly heavy-handed approach towards dealing with dissent.


Alleged Lulzsec member, Ryan Cleary, indicted in U.S.

A U.S. federal grand jury has indicted Ryan Cleary, a British citizen, accusing him of orchestrating a hacking rampage last year that victimized Sony Pictures Entertainment, Fox Entertainment Group and others.

The indictment, filed on Tuesday in Los Angeles district court, alleges Cleary ran a powerful botnet used to execute distributed denial-of-service (DDOS) attacks, vandalize websites and steal sensitive data as part of the hacking group Lulz Security, or LulzSec.

LulzSec, an offshoot of Anonymous, fell under heavy scrutiny from law enforcement worldwide for its successful attacks and relentless bravado, often publicized through its Twitter account.

Cleary, 20, was arrested in June 2011 at his home in Wickford, England, for allegedly taking part in the DDOS attacks against Britain’s Serious Organised Crime Agency. He is charged in the U.K. with five computer-related offenses and is accused of distributing botnet programs to attack SOCA as well as websites of the International Federation of the Phonographic Industry and the British Phonographic Industry.

An FBI spokeswoman said the U.S. will evaluate after Cleary’s legal proceedings have finished in the U.K. whether to request his extradition.

Cleary, who has been diagnosed with a type of high-functioning autism called Aspergers Syndrome, is in jail awaiting trial. He was arrested again in March for breaching his bail conditions by using the Internet and contacting former LulzSec leader Hector Xavier Monsegur, The Guardian reported.

Monsegur, who was known as “Sabu,” was arrested in secret by the FBI and provided information that led to another spate of LulzSec arrests, including of one American man and four in the U.K. in March. Monsegur pleaded guilty in August 2011 to various hacking charges, including attacks against HBGary Federal, the Public Broadcasting System, Sony Pictures and Fox.

Cleary is also accused of either attacking or stealing data from Fox, PBS, Sony, Riot Games and SOCA. He is charged with one count of conspiracy and two counts of unauthorized impairment of a protected computer. If convicted, he could face a maximum of 25 years in prison.

Cleary, already charged in the U.K., is accused of attacking Sony Pictures and Fox Entertainment

The indictment alleges Cleary controlled a botnet that may have been composed of hundreds of thousands of computers. Botnets are networked of hacked computers that can be remotely controlled.

He is also accused of identifying security vulnerabilities on computer networks, obtaining sensitive information and coordinating the publishing of the information taken from LulzSec’s victims. Prosecutors allege in one instance Cleary stole the personal data of people registered to receive information on auditions for Fox’s “The X-Factor” talent show.


More Sophisticated DDoS Attack a New Threat to Apache Servers

A once flawed DDoS attack targeting the world’s most widely used Web servers has improved its cryptography and attack capabilities to become a more serious threat.

MP-DDoser, also known as “IP-Killer,” uses a relatively new low-bandwidth, “asymmetrical” HTTP attack to inflict a denial-of-service attack against Apache Web servers by sending a very long HTTP header. This forces the web servers to do a great deal of server-side work for a relatively small request. Additionally, the malware now incorporates multiple layers of encryption.

Such sophistication is a far cry from the first version that appeared as a proof-of-concept Perl script in August 2011 and again months later in the Armageddon DDoS bot, according to a new report by Arbor Networks.

“These early versions had a number of serious flaws, such as a completely broken Slowloris attack implementation, and really awful crypto key management,” writes Arbor Networks research analyst Jeff Edwards. “But the latest samples (now up to ‘Version 1.6’) are much improved; the key management is quite good, and the buggy DDoS attacks are not only fixed, but now include at least one technique (‘Apache Killer’) that may be considered reasonably cutting edge.”

Using data collected anonymously from more than 200 service providers participating in Arbor’s ATLAS sensor network, Edwards was able to analyze the newest iteration of the DDoS bot and offer instructions for decrypting its transmissions.

“The malware actually uses a pretty straightforward algorithm for encrypting and decrypting the transmissions sent between bot and C&C server. It modulates the plaintext message with a key string using the XOR operator, but it applies this XOR operation only to the least significant four bits of each message byte,” he said in the report.

The key string in earlier versions was simply hard-coded into the bot executable in plain text. It’s since improved to now be encrypted and stored in an RCDATA resource named MP, along with some other sensitive information such as the hostname and port of the C&C and the botnet ID.

“To decrypt the MP resource string, the bot uses a lookup table (‘LUT’) that maps ASCII characters to integers for the initial phase of the decryption loop. But even this lookup table is itself encrypted! Fortunately, it is encrypted using the same algorithm used for crypting the network comms, and thus the decrypt_mpddos_comms() Python function will handle it,” according to the report. “And mercifully, the key string needed to decrypt the LUT happens to be stored in plain text in the bot executable. In all the samples that we?ve encountered to date, that key string is: 00FF00FF00FF, but that could easily change in the future.”

The 50-page report goes into detail on how to break MP-DDoS’s multi-layered encryption and thwart transmissions. In general, Edwards recommends:

Decrypting the LUT using decrypt_mpddos_comms()
Then using the LUT to decrypt the MP resource via decrypt_mpddos_rsrc()
And then pulling the comms key from the plain text resource and providing it to decrypt_mpddos_comms() to decrypt the actual network traffic

“All in all, MP-DDoser uses some of the better key management we have seen,” Edwards wrote in a blog post on his research.

“But of course, at the end of the day, every bot has to contain — or be able to generate ?- its own key string in order to communicate with its C&C, so no matter how many layers of encryption our adversary piles on, they can always be peeled off one by one.”


London Internet Exchange hit by suspected DDoS attack

The London Internet Exchange (LINX) has been hit by a large scale outage that many observers are blaming on a possible distributed denial of service (DDoS) attack.

The non-profit exchange provides the majority of UK ISPs with a peering platform for their connections and the outage hit both the companies and their customers all in one go.

The LINX Network Community confirmed the outage on Twitter, despite the organisation?s press office being unable to provide Computer Weekly with a statement.

The tweet said LINX was ?aware of issues on its network? and had ?engineers currently working to rectify this,? but fell short of giving an explanation for the problem.

However, customers operating over LINX also took to the social network to explain their own experiences, with a number suggesting a DDoS attack was responsible.

Worthers Creative Media Solutions released a statement to its customers saying: ?We are told [the outage] was due to a 200GB denial of service attack but are unsure of exact details at this point. The result of this was that 60% of traffic for about 40 minutes got lost to some of our servers and therefore may have affected some people accessing sites.

?Just to clarify, this wasn’t an issue with the servers themselves or the datacentre but was more widespread and outside of our control.?

Voice over IP provider Orbtalk, internet telephony firm Voxhub, and telecoms company VoiceHost also reported being taken down by the outage.

Others are also citing Juniper Networks? PTX packet switches, which the LINX network is based on, which only went live earlier today. However, with no formal statement from the organisation, the exact cause remains open to speculation.

At the time of publishing this article, the network community said the LINX local area network was now stable, but the huge number of services hit will take time to resume after the failure.


WHMCS under renewed DDoS blitz after patching systems

WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.

The security patch was applied on Tuesday following reports by KrebsOnSecurity that a hacker was auctioning rights to abuse the vulnerability through an underground hacking forum. The then zero-day blind SQL injection supposedly created a mechanism for miscreants to break into web hosting firms that rely on WHMCS’s technology. The exploit was on offer at $6,000 for sale to a maximum of three buyers.

In a notice accompanying the patch release, WHMCS stated that it was notified about the problem with its systems by an “ethical programmer”.

Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.

The potential of this is lessened if you have followed the further security steps, but not entirely avoided.

And so we are releasing an immediate patch before the details become widely known.

Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.

The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them – as we hope our past history demonstrates.

The advisory references an incident last week when hackers tricked WHMCS’s own hosting firm into handing over admin credentials to its servers. The crew that pulled off the hack, UGNazi, subsequently extracted the billing company’s database before deleting files, essentially trashing its server and leaving services unavailable for several hours. The compromised server hosted WHCMS’s main website and supported customers’ installations of the technology.

UGNazi also seized access to WHMCS’s Twitter profile, which it used to publicise locations from which the compromised customer records might be downloaded. A total of 500,000 records, including customer credit card details were exposed as a result of the breach. Hacktivists justified the attack via unsubstantiated accusations that WHMCS offered services to internet scammers.

Last week’s breach involved social engineering trickery and wouldn’t appear to be related to the SQL Injection vulnerability patched by WHMCS on Tuesday. Since applying the patch WHMCS has come under attack from a fresh run of denial of service assaults, confirmed via the latest available update to WHMCS’s Twitter feed on Tuesday afternoon.

We’re currently experiencing another heavy DDOS attack – seems somebody doesn’t like us protecting our users with a patch … Back online asap

WHMCS’s website remains difficult to reach, at least from Spain, but its official blog, can be found here.

The firm was unreachable for comment at the time of publication.


Copyright © 2013. Created by Meks. Powered by WordPress.