Most Updated News on How to Protect Against DoS Attacks!

NBC, Google preparing for hackers for Olympic games 2012 in London
TechWeekEurope investigates the Distributed Denial of Service ‘DDoS’ market
2 UK LulzSec hackers plead guilty in London court for launching DDoS attacks
Legalize Distributed Denial of Service ‘DDoS’, says Dutch opposition party
Twitter Down: Blames Bug for Double Outage, Denies DoS Attack
Qu?bec government sites hit with Distributed denial of service ‘DDoS’ Attack
Alleged Lulzsec member, Ryan Cleary, indicted in U.S.
More Sophisticated DDoS Attack a New Threat to Apache Servers
London Internet Exchange hit by suspected DDoS attack
WHMCS under renewed DDoS blitz after patching systems

NBC, Google preparing for hackers for Olympic games 2012 in London

NBC and Google are conducting ?war games? in at least three countries, to prepare for the possibility of hacker attacks or hardware malfunction disrupting the online streaming of the? Summer Olympics Games in London, which start this month.

For the past nine months the network?s online team, together with Google, which is managing the streaming of the games, have simulated hundreds of disruptive scenarios, some lasting eight hours. They have simulated a range of problems from broken broadcast encoders to traffic overloads and hacker assaults on the systems, NBC staff told CIO Journal.

?We have it very well-scripted, so we know that when a problem occurs who is on point and what steps we need to take,? said Eric Black, vice president of technology for NBC Sports and Olympics. ?At some point during the games there?s likely to be an outage, but the goal is for us to be on top of that and have no end-user impact.?

The roll-out, if successful, will represent the largest-ever online offering of a sporting event. NBC called the Beijing Olympics, which offered 2,200 hours of streaming events, a ?billion dollar lab,? which helped the company to innovate its sports coverage.

For example, some feared that an online broadcast would cannibalize TV viewership, said Rick Cordella, senior vice president for digital media at NBC Sports and Olympics. But NBC found that streaming online content actually created ?pre-air buzz? and encouraged more people to watch a taped broadcast on television. The improvements made in the Beijing Olympics allowed NBC to stream a Super Bowl for the first time last February, reaching 2.1 million viewers.

The simulations aim to head-off disruptions as NBC, partnering with Google?s YouTube, plans to offer live, online coverage of 3,500 hours of events scheduled for the end of the month, with the goal of making the summer games the most watched online event in history. ?If there is a camera on it we?ll stream it,? Cordella said.

NBC is hoping to beat its online viewership for the Beijing Olympics, which drew around 52 million unique visitors to its site. Those viewers watched 75.5 million video streams.

NBC staff declined to talk about specific security preparations, but NBC spokesman Chris McCloskey confirmed that the war games did include preparing for the possibility of hacker attacks.

The 17-day games will be captured in London and then sent to NBC?s New York and Stamford, Conn., offices, where advertising will be inserted. The footage will then go to Google?s offices in San Bruno, Calif., where it will be prepped for online and streamed across the search giant?s networks to several NBC sites. Cable or satellite subscribers will be able to go online to watch the entirety of the games live or in replay.

But streaming so much content?more than any other sporting event in history?presents complex risks during the high-profile games. NBC will be monitoring for unexpected traffic spikes or hardware failure. And even if a local disruption occurs as the result of an event unrelated to NBC or Google, the network knows it could still be blamed.

?One of the inherent things with streaming is there are things outside of our control,? said Cordella. ?Journalists and writers and guys that tweet will blame NBC but it?s hard to diagnose for sure where the issue is coming from.?

Analysts say it?s likely that hackers will attempt to disrupt the video streams, and NBC and Google are taking steps to harden their defenses, according to the network. The U.S. Department of Homeland Security released a bulletin in May warning companies that hackers, motivated by ?ideological or financial objectives,? may attempt to disrupt coverage of the games.

Companies and individuals in China were subjected to 12 million hacker attacks a day during the 2008 Olympics, the report said.

As Black spoke to CIO Journal, last week, he said NBC, Google and other teams were conducting a ?war game? that spanned Zurich, Switzerland; Turin, Italy; Stamford, Conn., and San Bruno, Calif. The simulation was designed to help the teams adapt if a broadcast encoder, the hardware that transfers video into a digital format for on-air broadcast, went down.

In that war game, NBC?s New York office took the lead in re-routing the television feed through a back-up encoder.

Google teams in San Bruno and Zurich and NBC teams in Stamford monitored the feeds to make sure that as the encoder was changed in the midst of the war game, the hardware swap did not disrupt footage elsewhere as the video moved through the system, according to NBC. A Google spokesman declined to comment.

NBC?s teams are also preparing for the remote possibility that a systems failure or bandwidth overload will overwhelm Google?s ability to deliver content. NBC has contracted with other vendors to serve as alternates in that unlikely event, Black said. He declined to name those back-up vendors.

NBC and Google are also likely preparing to defend themselves against distributed denial of service attacks, in which hackers attempt to overload sites with high volumes of traffic, said John Kindervag, a security analyst with Forrester. DHS, in last month?s report, singled out this method as a potential disruptor of this year?s games.

The simulations would allow NBC and Google staff to see the effects such an attack would have on the network, and to calculate how quickly they could rebound, Kindervag said.

?The tests show you weak points you didn?t anticipated,? Kindervag said. ?You make the assumption there is going to be a failure and you learn how to react.?


TechWeekEurope investigates the Distributed Denial of Service ‘DDoS’ market

?I?ve put lots of sites offline,? the dealer says. ?Shops, schools and another site, but I can?t tell you about that one here.?

Those pushing services on the Internet?s black market are unsurprisingly secretive about their targets when talking directly. Even with Skype?s encryption and peer-to-peer protections, this Distributed Denial of Service (DDoS) dealer wouldn?t reveal too much, for fear of being ensnared by law enforcement.

Sites across the web are being smashed offline by such DDoS dealers every day. Criminal organisations, disgruntled individuals, governments and private organisations pay them to knock enemies offline. And they know they can earn a lot by doing a little.

It isn?t difficult to find them either. Just head onto one of the many hacker forums and you?ll come across shiny DDoS advertisements, with tawdry, 90s-era banners displaying prices and contact details.

On the darker parts of the web, things are a little less glamorous, but the menus are largely the same.

More aggressive marketing

One seller going by the name of Gwapo is particularly open about the business he/she is running. Gwapo has a website called DDoS Service, which is remarkably simple, containing just two landing pages. But it also features a video advertisement of a young American man talking about what Gwapo can do.

The man claims Gwapo has four years of DDoS experience, in both attack and defence. It is a remarkably brazen piece of marketing. Perhaps even more remarkable is the fact that YouTube allows such videos to be published. Since being thrown on the site in mid-June, it has already acquired over 32,000 views. This is not the first promo vid Gwapo has put out either. The one below takes a more salacious tack.

DDoSers are unafraid of outlandish promotion. They know there is money to be earned here, and they know there is plenty of competition.
Dealing with the dealers

Whilst finding them is simple, getting dealers to open up is trickier. Gwapo was particularly reticent when speaking over Skype. But Tor Chat provided enough peace of mind for dealers to reveal more about themselves to TechWeekEurope, which has been contacting those pushing their wares on the DDoS market over the last month. To be clear, we did not ask the sellers to take down websites. DDoS is against the law and TechWeekEurope does not support it in any way.

Ned ? not his real name ? told us he was a 17-year-old computer science student. He claims friends introduced him to the illicit cyber services game. ?Now I got some Russian friends,? he quips. His biggest ever hit lasted for two days, for which he was paid just over $250. In that case, he was asked to kill the attack early. The buyer got tetchy about how successful the hit was.

To carry out that brutal hit, Ned relied on a botnet of around 2000 bots, he says. Without prompting, Ned initiates a demo. His target? One of the most popular hacking forums on the Web. We go to the site as soon as he says it is down. He knocks it offline for around 30 seconds before killing the DDoS. Any site is fair game, it seems.

As for pricing, he was offering a small site without protection at just $4 an hour. For a larger website, the cost can be as much as $100 an hour. Initially, Ned comes across as ambivalent to the dangers of selling DDoS services. Is he not worried about getting chucked out of school and thrown in jail? ?Nah,? he coolly responds. But when we push him, asking if he would be happy to take down a major banking site, Ned backs down. ?I don?t want to get in trouble,? he says.

Another dealer, who claims to focus his botnet?s energy specifically on sites using Cisco, Juniper and Cloudflare gear to mitigate attacks, says he has done single deals for over a $1000. Like Ned, he says some buyers will pay as much as $100 for each hour a big-league website is downed.

Yet, as with many other dealers, BProof said he will happily accept between $5 and $10 to take easy targets offline for an hour. The bots he was herding could apparently do plenty of damage with just a little effort. ?I can take down CloudFlare lines with 30 bots, that?s nothing for me,? was one claim (CloudFlare is a content delivery network). He offers us a 10 minute test. We decline. It was already clear how easy it was for these denizens of the dark web to kill websites.

It?s also clear that acquiring services can be very cheap indeed. Even the most impecunious of businesses could knock a competitor down. For many companies, having a website taken offline for a while causes nothing more than a little embarrassment. But for others, it can cause substantial financial damage.
Who?s buying?

All kinds of organisations are getting pummelled by DDoS attacks in today?s world. And all kinds of organisations are paying for them too.

Some even get creative with their DDoS strikes. Andr? Stewart, president international at Corero Network Security, said he knew of a telecoms company that saw its services downed by a competitor after launching a free VoIP service. The envious rival set up an online game, which, when played, sent very small UDP [User Datagram Protocol] packets to attack the site from which free VoIP was being offered. It was a rare case of malicious gamification.

?That was almost undetected. We looked at it very carefully and analysed the packets and saw what was going on,? Stewart said. ?There are cases of companies attacking other companies. That exists ? for competitive advantage or to deny something that has been competitive.?

DDoS is a well-known as a protester?s weapon too. Hacktivists like Anonymous and LulzSec have proven that, with successful strikes on big-name sites, from Theresa May to the CIA. But Stewart believes everyday people are now buying DDoS services too, simply to vent their discontent at whatever organisation they?re frustrated at.

?Low-cost airlines get attacked, for instance, and government entities that manage speeding fines,? he said. ?It has almost become the new way of customer dissatisfaction.?

This year has also seen a new target: non-profit groups. Avaaz, which campaigns against what it believes are immoral measures of nation state regimes, including the US and China, one can guess who would be keen to knock down their site. Removing Avaaz?s website also removes its donation page ? i.e. its main source of funding.

The Pirate Bay has obvious enemies too ? copyright holders. ?I do think the music industry, the film industry, where there is a serious amount of money leaking, they would like to see it close down,? Stewart added. ?They [music and film industry organisations] can operate in ways that are completely anonymous. If they want they can attack those types of sites [like The Pirate Bay].?

DDoS services are in high demand and for myriad reasons. Big corporations, small businesses, governments and irascible individuals all take an interest in them.
Going solo

But DDoS dealers don?t just rely on money from clients. They can go direct and extort those businesses whose very survival relies on an Internet presence. This can provide them with much more income than working the black market.

For those who go after online gambling businesses, the financial rewards can be huge, according to Stewart. ?Somebody will send a note to the betting guys, saying ?we will stop the service just before the game for an hour or two hours?. They will be able to calculate very easily how much it means to them and their business stopping for that amount of time,? he explains. ?If the person is only asking for $50,000 they will pay for it. If they feel their security is not up to scratch.?

Such businesses are easy targets. Corero works with a number of gambling firms and claims to have difficulties in upgrading their kit to mitigate against DDoS strikes. ?We?re not able to do any upgrades to their network or any changes until a major competition is off. And then there is always another one that starts,? Stewart adds.

Geopolitical issues also affect gambling firms? level of security against DDoS, he says. ?Because a lot of these betting companies are based in tax havens, there aren?t many authorities that are ready to say ?we will protect you? because they?re already seen as dodging taxes ? a lot of taxes they should be paying onshore. So they?re relatively unprotected.

?They will know how protected they are. If something new comes out and they?re not up to scratch, then they will not talk about it, but they will make the payment.?

Stewart knows of businesses who have paid ??100,000 here and ?100,000 there? just to pay off those threatening to kill their sites. ?That?s not uncommon.? If they didn?t pay, the losses would be much greater. ?Companies have been known to go down for 6 hours, and the losses are in the millions.?

Symantec recently spotted a crimeware bot known as ?Zemra? being used in DDoS attacks against specific machines for extortion. It featured a command-and-control panel hosted on a remote server, as well as a tonne of functionality, including 256-bit DES encryption/decryption for communication between server and client, and propagation through USB.

Zemra comes at a cost though. It first appeared on underground forums in May 2012 at ?100. Even those dealing to the DDoS dealers can make a killing.
Infiltrating the markets

What is clear from TechWeekEurope?s trips to the underground markets is that botnets are at the core of the problem. No doubt many are using tools to carry out application-level DDoS attacks, such as Slowloris and Hulk, but botnets appeared to be the weapon of choice on the market.

If such markets are to be countered in the coming years, killing off botnets would be a fine place to start. Many efforts to slay these nasty networks have seen operations sinkholed, where bots are directed to servers belonging to the good guys, rather than the bad guys? command and control centres.

Others, like the dismantling of DNSChanger, look to completely take apart the physical hardware. This can lead to issues, however. Many fear the hundreds of thousands still connected to the infrastructure of DNSChanger will lose internet connectivity when the FBI pulls the plug on 9 July.

But prophylactic measures are not good enough. Just taking servers offline or sinkholing operations only suspends malicious activity.To kill a botnet, arrests need to be made. ?If you?re going to tackle it long-term, it really is going to involve apprehending the people who are behind it,? says David Emm, senior regional researcher at Kaspersky Lab.

Taking down more botnets will require greater cooperation between private and public bodies, and across borders too, Emm believes. Whilst there have been notable successes in the past year, there remain problems. Overcoming global demarcation of cyber policing is one of the biggest. Emm says most activity continues to happen at a ?more informal level?. If major players such as the US and EU nations could organise more formal frameworks, this would speed up the intelligence sharing operation, he claims.

?One of the difficulties comes with speed of response. Although there is quite a lot of activity where law enforcement agencies in different parts of the world can cooperate, unless there is a supranational agreement that they can combine activities under, it is difficult with the informal stuff to be as quick as say the spammers or DDoSers can be,? Emm adds. ?There are always going to be limits given you?ve got different zones of legislation where the cyber criminals don?t.?

Behind all this additional cooperation, ?just good old-fashioned policing? is needed, says Ross Anderson, professor of security engineering at the University of Cambridge?s Computer Laboratory. ?Even the UK police have had occasional successes. It?s just a matter of trying. Even crooks in Russia can be arrested if the Foreign Office starts to care about it,? he adds.

One recent case proved how more surreptitious means can help bring down cyber crime operations too. When the FBI announced the arrest of 24 people in June, it hinted at a maturation of cybercrime efforts. The cops set up their own market, where unwitting crooks went to sell and buy credit card details. IPs were collected and activity tracked across other nasty websites. Then the suspects were apprehended, not just in the US, but across the globe, with six taken into custody in the UK. It was one of the most impressive cyber operations in recent times.

Infiltrating the DDoS markets, or setting up honey traps as the FBI did, looks like the most efficient way to bring them down. In turn, botnets will become inactive and other cyber crimes mitigated too. The tools are there, police just have to be given the opportunity to start using them more.

Source: techweekeurope

2 UK LulzSec hackers plead guilty in London court for launching DDoS attacks

LONDON ? Two British hackers linked to the notorious Lulz Security group pleaded guilty to a slew of computer crimes Monday, the latest blow against online miscreants whose exploits have grabbed headlines and embarrassed governments around the world.

Ryan Cleary, 20, and Jake Davis, 19, pleaded guilty to conspiring with other members of LulzSec to attack government, media, and law enforcement websites last year, according to Gryff Waldron, an official at London?s Southwark Crown Court.

LulzSec ? an offshoot of the loose-knit movement known as Anonymous ? has claimed responsibility for assaults on sites run by the Central Intelligence Agency, the U.S. Public Broadcasting Service, and media mogul Rupert Murdoch?s News International. Other targets included media and gaming giants Nintendo Co. and Sony Inc., security company HBGary Inc., Britain?s National Health Service, and Arizona State Police.

Waldron said two other defendants ? 25-year-old Ryan Ackroyd and an unnamed 17-year-old ? have pleaded not guilty to the same charges and will face trial in April of next year.

All four defendants have denied two counts of encouraging or assisting others to commit computer offenses and fraud. Waldron said prosecutors were still weighing whether to take Cleary and Davis to court on the remaining charges.

LulzSec, whose name draws on Internet-speak for ?laugh out loud,? shot to prominence in mid-2011 with an eye-catching attack on PBS, whose website it defaced with a bogus story claiming that the late rapper Tupac Shakur had been discovered alive in New Zealand.

It was an opening shot in what became a months-long campaign of data theft, online vandalism and denial-of-service attacks, which work by jamming target websites with bogus traffic.

The hackers repeatedly humbled law enforcement ? stealing data from FBI partner organization InfraGard, briefly jamming the website of Britain?s Serious and Organized Crime Agency, and publishing a large cache of emails from the Arizona Department of Public Safety.

The cybercrime spree focused attention on Anonymous, a loose-knit collection of Web-savvy activists and Internet pranksters ? many of whom have turned their online guns on governments, officials or corporations over a variety of political grievances.

LulzSec and its reputed leader, known as Sabu, had some of the highest profiles in the movement. But in March U.S. officials unmasked Sabu as FBI informant Hector Xavier Monsegur and officials on both sides of the Atlantic swooped in on his alleged collaborators, making roughly half a dozen arrests.

Cleary, who had been nabbed in an earlier raid, also pleaded guilty to providing the hackers with illegally hijacked computer networks for use in denial-of-service attacks and breaching the Pentagon?s cyberdefenses by installing or altering files on U.S. Air Force Agency computers.

Cleary faces a U.S. federal indictment in relation to his cyberattacks, but his attorney says her client is autistic and that she would ?fiercely contest? any move to extradite him to America.

Source: washingtonpost

Legalize Distributed Denial of Service ‘DDoS’, says Dutch opposition party

Dutch opposition party D66 has called for the legalization of DDoS in its new election manifesto.

Distributed denial of service (DDoS) attacks should be viewed as online public demonstrations, and as such should be regulated in the same basic manner as street demonstrations, says D66 campaign manager Kees Verhoeven.

Democrats 66 (a party formed by young intellectuals in 1966) currently has ten seats in the Dutch House of Representatives, five in the Senate and three in the European Parliament. It is in opposition to the Rutte-Verhagen coalition in The Netherlands. It describes itself, somewhat reluctantly, as “a progressive liberal party.”

D66 believes that online hacktivism is similar to on-street demonstrations and should be controlled in a similar manner: regulated, not banned. Under the proposals, hacktivists would need to give prior warning of their action to allow companies to take whatever defensive measures they choose. At the moment this often happens in general if not in detail: hacktivists will often pre-announce their targets if not necessarily the precise time of the attack.

The move would make a formal distinction between disrupting the online service of a company, and breaking into the servers of that company ? a distinction that is not generally held in most jurisdictions.

D66 is also calling for greater privacy and consumer protection online. The collection and re-use of personal data by websites should be strictly on an informed opt-in basis, while the privacy of emails should be guaranteed. Website blocking should be allowed solely via a court order, and then only for serious offenses such as terrorism or inciting violence. The recent blocking of The Pirate Bay (TBP) website by both the Dutch and UK courts would thus not have happened.

Source: InfoSecurity

Twitter Down: Blames Bug for Double Outage, Denies DoS Attack

Normal service was restored for most users after several hours of confusion but some unfortunate people continued to face problems well past 4 pm EST on Thursday, as the company acknowledged the issue was still ongoing. “It did not say how many users were affected by the outage, or how long it lasted,” The Times of India reported.

The official blame was placed on a “cascading bug” that disrupted the system; the first message reporting the outage was posted, to the company blog, precisely at 9:35am PDT (4:35pm GMT). The message said engineers were investigating the issue. The next update, an hour later, suggested the issue was resolved. However, it was soon re-written to inform users resolution of the problem was “ongoing”.

Incidentally, the company line aside, a hacker claiming membership with the UGNazi hacker group claimed responsibility. There is no confirmation the cited Denial-of-Service (DoS) attack was theirs. According to Total Telecom, a Twitter spokesman later denied the claim, reiterating the “outage was due to a cascaded bug in one of our infrastructure components.”

Following the second service outage, Twitter reportedly began a full recovery procedure around 11am PDT (6pm GMT).

“We are currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future,” the company said.

According to a performance report from Apica, a technology performance testing firm, Twitter’s service was first disrupted at 8:03am PDT (3:03am GMT). The service was later restored around 10:08am PDT (5:08am GMT) but went down again for roughly twenty minutes starting at 10:48am PDT (5:48am GMT).

A service called “Down Right Now”? monitored the outage in real time to indicate when the temporary glitch would be resolved.

The outage comes after Twitter Inc. chief executive Dick Costolo proposed plans of expanding service for ad product across 50 countries this year, Bloomberg reported. The company is predicting $1bn in advertising revenue by 2014.


Qu?bec government sites hit with Distributed denial of service ‘DDoS’ Attack

Six alleged hacktivists have been arrested in Canada following a series of attacks on Quebec government websites.

Neither the identity of the suspect nor information on the site they targeted or why have been released by tight-lipped Canadian authorities.

Five police forces – including the Royal Canadian Mounted Police, the S?ret? du Qu?bec, and three municipal forces – carried out a series of raids that led to the arrests. Three of those arrested were minors. Police declined to say whether the suspects were part of Anonymous, citing the need to preserve the integrity of an ongoing investigation, Canadian Press news agency reports.

The Qu?bec government has earned the ire of Anonymous over recently enacted anti-protest laws. The province’s education and Montreal police department websites were hacked in a series of attacks last month. The website of the provincial Liberal party also became a target in the same set of denial of service assaults.

Hacktivists also managed to get their hands on the personal details of spectators attending the Formula One car-race in Montreal before sending somewhat threateningly worded emails warning motor racing fans of possible trouble.

“If you intend to use a car, know that your road may be barricaded,” the ‘Notice to Grand Prix Visitors’ emailed by Anonymous warned.

“If you want to stay in a hotel, know that we may enter it. If you seek to withdraw money from a bank, know that the shattering glass may sting. If you plan on watching a race, know that your view may be obscured, not by exhaust fumes but by the smoke of the fires we set. Know that the evacuation order may not come fast enough.”

Police created barriers blocking access to certain public places or detained people suspected of planning to disrupt the 10 June Grand Prix, allowing the event to proceed normality while sparking some criticism from civil liberties activists over an allegedly heavy-handed approach towards dealing with dissent.


Alleged Lulzsec member, Ryan Cleary, indicted in U.S.

A U.S. federal grand jury has indicted Ryan Cleary, a British citizen, accusing him of orchestrating a hacking rampage last year that victimized Sony Pictures Entertainment, Fox Entertainment Group and others.

The indictment, filed on Tuesday in Los Angeles district court, alleges Cleary ran a powerful botnet used to execute distributed denial-of-service (DDOS) attacks, vandalize websites and steal sensitive data as part of the hacking group Lulz Security, or LulzSec.

LulzSec, an offshoot of Anonymous, fell under heavy scrutiny from law enforcement worldwide for its successful attacks and relentless bravado, often publicized through its Twitter account.

Cleary, 20, was arrested in June 2011 at his home in Wickford, England, for allegedly taking part in the DDOS attacks against Britain’s Serious Organised Crime Agency. He is charged in the U.K. with five computer-related offenses and is accused of distributing botnet programs to attack SOCA as well as websites of the International Federation of the Phonographic Industry and the British Phonographic Industry.

An FBI spokeswoman said the U.S. will evaluate after Cleary’s legal proceedings have finished in the U.K. whether to request his extradition.

Cleary, who has been diagnosed with a type of high-functioning autism called Aspergers Syndrome, is in jail awaiting trial. He was arrested again in March for breaching his bail conditions by using the Internet and contacting former LulzSec leader Hector Xavier Monsegur, The Guardian reported.

Monsegur, who was known as “Sabu,” was arrested in secret by the FBI and provided information that led to another spate of LulzSec arrests, including of one American man and four in the U.K. in March. Monsegur pleaded guilty in August 2011 to various hacking charges, including attacks against HBGary Federal, the Public Broadcasting System, Sony Pictures and Fox.

Cleary is also accused of either attacking or stealing data from Fox, PBS, Sony, Riot Games and SOCA. He is charged with one count of conspiracy and two counts of unauthorized impairment of a protected computer. If convicted, he could face a maximum of 25 years in prison.

Cleary, already charged in the U.K., is accused of attacking Sony Pictures and Fox Entertainment

The indictment alleges Cleary controlled a botnet that may have been composed of hundreds of thousands of computers. Botnets are networked of hacked computers that can be remotely controlled.

He is also accused of identifying security vulnerabilities on computer networks, obtaining sensitive information and coordinating the publishing of the information taken from LulzSec’s victims. Prosecutors allege in one instance Cleary stole the personal data of people registered to receive information on auditions for Fox’s “The X-Factor” talent show.


More Sophisticated DDoS Attack a New Threat to Apache Servers

A once flawed DDoS attack targeting the world’s most widely used Web servers has improved its cryptography and attack capabilities to become a more serious threat.

MP-DDoser, also known as “IP-Killer,” uses a relatively new low-bandwidth, “asymmetrical” HTTP attack to inflict a denial-of-service attack against Apache Web servers by sending a very long HTTP header. This forces the web servers to do a great deal of server-side work for a relatively small request. Additionally, the malware now incorporates multiple layers of encryption.

Such sophistication is a far cry from the first version that appeared as a proof-of-concept Perl script in August 2011 and again months later in the Armageddon DDoS bot, according to a new report by Arbor Networks.

“These early versions had a number of serious flaws, such as a completely broken Slowloris attack implementation, and really awful crypto key management,” writes Arbor Networks research analyst Jeff Edwards. “But the latest samples (now up to ‘Version 1.6’) are much improved; the key management is quite good, and the buggy DDoS attacks are not only fixed, but now include at least one technique (‘Apache Killer’) that may be considered reasonably cutting edge.”

Using data collected anonymously from more than 200 service providers participating in Arbor’s ATLAS sensor network, Edwards was able to analyze the newest iteration of the DDoS bot and offer instructions for decrypting its transmissions.

“The malware actually uses a pretty straightforward algorithm for encrypting and decrypting the transmissions sent between bot and C&C server. It modulates the plaintext message with a key string using the XOR operator, but it applies this XOR operation only to the least significant four bits of each message byte,” he said in the report.

The key string in earlier versions was simply hard-coded into the bot executable in plain text. It’s since improved to now be encrypted and stored in an RCDATA resource named MP, along with some other sensitive information such as the hostname and port of the C&C and the botnet ID.

“To decrypt the MP resource string, the bot uses a lookup table (‘LUT’) that maps ASCII characters to integers for the initial phase of the decryption loop. But even this lookup table is itself encrypted! Fortunately, it is encrypted using the same algorithm used for crypting the network comms, and thus the decrypt_mpddos_comms() Python function will handle it,” according to the report. “And mercifully, the key string needed to decrypt the LUT happens to be stored in plain text in the bot executable. In all the samples that we?ve encountered to date, that key string is: 00FF00FF00FF, but that could easily change in the future.”

The 50-page report goes into detail on how to break MP-DDoS’s multi-layered encryption and thwart transmissions. In general, Edwards recommends:

Decrypting the LUT using decrypt_mpddos_comms()
Then using the LUT to decrypt the MP resource via decrypt_mpddos_rsrc()
And then pulling the comms key from the plain text resource and providing it to decrypt_mpddos_comms() to decrypt the actual network traffic

“All in all, MP-DDoser uses some of the better key management we have seen,” Edwards wrote in a blog post on his research.

“But of course, at the end of the day, every bot has to contain — or be able to generate ?- its own key string in order to communicate with its C&C, so no matter how many layers of encryption our adversary piles on, they can always be peeled off one by one.”


London Internet Exchange hit by suspected DDoS attack

The London Internet Exchange (LINX) has been hit by a large scale outage that many observers are blaming on a possible distributed denial of service (DDoS) attack.

The non-profit exchange provides the majority of UK ISPs with a peering platform for their connections and the outage hit both the companies and their customers all in one go.

The LINX Network Community confirmed the outage on Twitter, despite the organisation?s press office being unable to provide Computer Weekly with a statement.

The tweet said LINX was ?aware of issues on its network? and had ?engineers currently working to rectify this,? but fell short of giving an explanation for the problem.

However, customers operating over LINX also took to the social network to explain their own experiences, with a number suggesting a DDoS attack was responsible.

Worthers Creative Media Solutions released a statement to its customers saying: ?We are told [the outage] was due to a 200GB denial of service attack but are unsure of exact details at this point. The result of this was that 60% of traffic for about 40 minutes got lost to some of our servers and therefore may have affected some people accessing sites.

?Just to clarify, this wasn’t an issue with the servers themselves or the datacentre but was more widespread and outside of our control.?

Voice over IP provider Orbtalk, internet telephony firm Voxhub, and telecoms company VoiceHost also reported being taken down by the outage.

Others are also citing Juniper Networks? PTX packet switches, which the LINX network is based on, which only went live earlier today. However, with no formal statement from the organisation, the exact cause remains open to speculation.

At the time of publishing this article, the network community said the LINX local area network was now stable, but the huge number of services hit will take time to resume after the failure.


WHMCS under renewed DDoS blitz after patching systems

WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.

The security patch was applied on Tuesday following reports by KrebsOnSecurity that a hacker was auctioning rights to abuse the vulnerability through an underground hacking forum. The then zero-day blind SQL injection supposedly created a mechanism for miscreants to break into web hosting firms that rely on WHMCS’s technology. The exploit was on offer at $6,000 for sale to a maximum of three buyers.

In a notice accompanying the patch release, WHMCS stated that it was notified about the problem with its systems by an “ethical programmer”.

Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.

The potential of this is lessened if you have followed the further security steps, but not entirely avoided.

And so we are releasing an immediate patch before the details become widely known.

Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.

The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them – as we hope our past history demonstrates.

The advisory references an incident last week when hackers tricked WHMCS’s own hosting firm into handing over admin credentials to its servers. The crew that pulled off the hack, UGNazi, subsequently extracted the billing company’s database before deleting files, essentially trashing its server and leaving services unavailable for several hours. The compromised server hosted WHCMS’s main website and supported customers’ installations of the technology.

UGNazi also seized access to WHMCS’s Twitter profile, which it used to publicise locations from which the compromised customer records might be downloaded. A total of 500,000 records, including customer credit card details were exposed as a result of the breach. Hacktivists justified the attack via unsubstantiated accusations that WHMCS offered services to internet scammers.

Last week’s breach involved social engineering trickery and wouldn’t appear to be related to the SQL Injection vulnerability patched by WHMCS on Tuesday. Since applying the patch WHMCS has come under attack from a fresh run of denial of service assaults, confirmed via the latest available update to WHMCS’s Twitter feed on Tuesday afternoon.

We’re currently experiencing another heavy DDOS attack – seems somebody doesn’t like us protecting our users with a patch … Back online asap

WHMCS’s website remains difficult to reach, at least from Spain, but its official blog, can be found here.

The firm was unreachable for comment at the time of publication.


Copyright © 2013. Created by Meks. Powered by WordPress.