DDoS Attack Specialist Archive

Using Service Providers to Manage DDoS Threats

As you’ve no doubt seen in recent years, hactivists (hackers who attack for a cause) such as Anonymous and LulzSec are becoming increasingly bold in their attacks on corporate ­America. Using the Internet as a venue, they are levying attacks using hundreds or thousands of zombie computers to overwhelm victims’ bandwidth and servers. These distributed denial-of-service (DDoS) attacks can last for minutes or days, while leaving your employees and ­customers without access to online resources.

Many options are available for protecting against, and mitigating the effects of, a DDoS attack. However, with the increasing use of third-party service providers, your organization must consider whether and how these providers can fit into a comprehensive and strategic DDoS protection plan. The good news is that these providers likely have far more resources and know-how than your own organization when it comes to fighting against DDoS attacks. The trick will be to proactively engage with providers to ensure that the full force of these ­resources will be effectively leveraged for your own organization’s needs.

In this report, we examine how you can combine your protections with those of third-party service providers to protect against and/or withstand DDoS attacks. One of the most ­important takeaways is that you must prepare in advance. You cannot wait until after the DDoS hits to implement these technologies or coordinate protection with your service providers.

Source and to download this report: http://reports.informationweek.com/abstract/21/8817/security/strategy-using-service-providers-to-manage-ddos-threats.html

NEW DELHI: A day after messing with servers maintained by Reliance Communications, Anonymous, an international hacker collective, defaced two websites belonging to BJP on Sunday. Through its Twitter account (@opindia_back) it announced thatwww.mumbaibjp.org and www.bjpmp.org.in were hacked by the group. After the hacking, the group posted a message to web users, asking them to organize protests against “web censorship” in India on June 9.

While the message was displayed on the homepage of www.mumbaibjp.org, on www.bjpmp.org.in it was inserted as a page at bjpmp.org.in/ads/anon.html. On Mumbai BJP website the message was accompanied by a catchy tune embedded through a YouTube link.

“Today they took away your right to use a few websites… day after tomorrow they will take away your freedom of speech and no one will be there to speak for you. Speak Now or Never,” the message read. The hackers said that people should print out or buy Guy Fawkes Masks and wear them while protesting against web censorship in Bangalore, Mangalore, Kochi, Chennai, Vizag, Delhi, Mumbai and Hyderabad on June 9.

TOI reached out to Anonymous though Twitter, asking why it defaced BJP websites. “”Just needed a website to display our message,” said the person managing @opindia_back.

The Ion, who is likely a part of Anonymous and who uses @ProHaxor alias on Twitter, added, “BJP are the opposition they should have stopped this or should have organised a protest they did not do any.”

Incidentally, CERT-IN, the nodal agency in India for monitoring security and hacking incidents within the country’s cyberspace, said in a report on Sunday that hackers are targeting Indian websites. “It is observed that some hacker groups are launching Distributed Denial of Service (DDoS) attacks on websites of government and private organizations in India,” the report said and asked network administrators to keep vigil.

Anonymous started attacking websites belonging to government agencies and companies like Reliance Communications last week after internet service providers blocked several websites in the country on the basis of an order by Madras high court. Anonymous says the blocking of websites is illegal and suppression of freedom of speech. On Friday it held a virtual ‘press conference’ and released a list of websites that were allegedly blocked on the internet service provided by Reliance Communications even though there was no legal requirement for the ISP to do so. The hackers said they stole the list from Reliance’ servers. At the same ‘press briefing’ the group called on Indian people to organize protests against web censorship on June 9.

In the last few months, Anonymous has organized or played a dominant role in real world protests against what it perceives censorship and abuse of power. The most popular of these protests has been Occupy Wall Street in the US. Though there were a number of groups and individuals involved in these protests Anonymous had played a key role in spreading the word.

Source: http://timesofindia.indiatimes.com/tech/news/internet/Anonymous-hacks-BJP-websites-wants-people-to-protest-against-web-censorship/articleshow/13576173.cms

André Stewart, president international at Corero Network Security, argues that the Serious Organised Crime Agency should have taken a recent DDoS attack more seriously…

The response by the Serious Organised Crime Agency (SOCA) to the distributed denial of service (DDoS) attack directed at its public website is somewhat disappointing for the nation’s leading anti-crime organisation. The agency’s statement that it does not consider investing in DDoS defence protection “a good use of taxpayers’ money” fails to take into account potentially serious security consequences. Further, it sends the wrong message to cyber criminals at a time when businesses and organisations in the United Kingdom and around the world operate under continuous threat of attack.

The attack against the SOCA website used a network-layer DDoS attack which is a very publicly visible form of cyber crime. The attackers’ intent is to slow or bring down a website for the entire world to see. The victim organisation has to own up to what has happened and, in the case of government entities, explain why it will not or cannot respond effectively.

However, hacktivist groups and criminals frequently use DDoS attacks as a smokescreen to hide more surreptitious intrusions aimed at stealing data. For example, the theft of 77 million customer records from the Sony PlayStation Network was preceded by a severe DDoS attack. In discussing its 2012 Data Breach Investigations Report, Verizon’s Bryan Sartin said that diversionary DDoS attacks are common practice to mask data theft, including many of the breaches by hacktivists which totalled some 100 million stolen records.

This raises the question about SOCA’s approach to securing its networks and the protection of critical information from more sinister, stealth cyber attacks. Criminals want to create diversions and remain unnoticed while they infiltrate deeper into a network and steal data. Most data breaches go undetected for weeks, months, even years in some cases. Can we be confident, based on SOCA’s response to its public website being hit for the second time in less than a year, that it is addressing more critical security risks? The response to the latest incident could undermine confidence in the quality of the agency’s security program. How deep does its estimable high regard for taxpayer money go?

Just last June, the LulzSec group claimed credit for taking SOCA offline with a DDoS attack. One has to wonder if SOCA is truly dismissive of these attacks or simply has been slow to address the issue. Whilst the agency is dismissive of the latest DDoS attack its inability to protect itself nearly a year after the first public attack plants a seed of doubt about the calibre of its security program.

Perhaps most concerning is that SOCA is conceding the initiative to criminals who are attacking the agency directly. Would the police stand by, for example, while some hooligan scrawled graffiti on a local station with the explanation that they had more important things on which to spend time and money? Would the public tolerate that response?

Whilst putting its foot down on spending public funds is commendable, failing to respond to a direct criminal attack on law enforcement’s public face seems an odd place for SOCA to draw a line in the sand.

Source: http://www.publicservice.co.uk/feature_story.asp?id=19768

By: Jeremy Nicholls

The internet is an ideal destination for like-minded people to come together.

This is as true for people who are reaching out to friends, colleagues and strangers to raise money for charity as it is for groups of individuals who plan to use cyber attacks to make political or ideological statements.

It is the latter group, ‘hacktivists’ as they have come to be called, who are having a profound impact on today’s security threat landscape.

Research from Arbor Networks’ annual Worldwide Infrastructure Security Report (a survey of the internet operational security community published in February) supports this. Ideologically motivated hacktivism and vandalism were cited by a staggering 66 per cent of respondents as a motivating factor behind distributed denial-of-service (DDoS) attacks on their businesses.

One of these attacks last month targeted the BBC – the attack took down email and other internet-based services and the BBC suspected the attack was launched by Iran’s cyber army in a bid to disrupt BBC Persian TV. Then there was the takedown of the Home Office website with the promise of a series of weekly attacks against the Government.

But it’s not just high-profile, politically connected organisations at risk. Any enterprise operating online, which applies to just about any type and size of business operating in the UK, can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune.

An influx of new attack tools entering the market are readily available and fast to download. This video demonstrates how many tools are available today to anyone with a grievance and an internet connection; furthermore, the underground economy for botnets is booming.

Botnets ‘for hire’ are popular – unskilled attackers are able to hire botnet services for bargain-basement prices. Just as an enterprise can subscribe to a technology provider or a cloud-based DDoS mitigation service, hacktivists can subscribe to a DDoS service to launch attacks.

While hacktivism has gained tremendous press attention recently, there is evidence of DDoS attacks being used for competitive gain. For example, the Russian security service FSB arrested the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. He was charged with a DDoS attack on rival Assist that paralysed the ticket-selling system on the Aeroflot website.

This all has overwhelming implications for the threat landscape, risk profile, network architecture and security deployments for all service providers and enterprises.

With the democratisation of DDoS has come a change in the attacks themselves. The methods hackers use to carry out DDoS attacks have evolved from the traditional high-bandwidth/volumetric attacks to stealth-like application-layer attacks and state attacks on firewalls and IPS, with a combination of any or all three being used in some cases.

Multi-vector attacks are becoming more common. A high-profile attack on Sony in 2011 had the company blinded of security breaches that compromised user accounts on the PlayStation Network, Qriocity and Sony Online Entertainment, because it was distracted by DDoS attacks.

Whether used for the sole purpose of shutting down a network or as a means of distraction to obtain sensitive data, DDoS attacks continue to become more complex and sophisticated. While some DDoS attacks have reached levels of 100Gbps, low-bandwidth, application-layer attacks have become more prominent as attackers exploit the difficulties in detecting these ‘low-and-slow’ attacks before they impact services.

Of the respondents surveyed in Arbor’s report, 40 per cent reported an inline firewall and/or IPS failure due to a DDoS attack, and 43 per cent reported a load-balancer failure.

While these products have a place and are an important part of an organisation’s overall IT security portfolio, they are not designed to protect availability. To ensure the best possible protection, organisations should adopt a multi-layered approach – combining a purpose-built, on-premise device with an in-cloud service.

DDoS mitigation is not a short-term fix. At Arbor Networks, we believe that this is something that should sit within a company’s overall risk-planning considerations. Just as physical security can be impacted by fire or extreme weather, digital security includes evaluating threats to availability, namely DDoS attacks.

It is becoming increasingly important to develop a plan to identify and stop them before they impact services, just as you would with natural disasters such as earthquakes or floods.

It is time for companies to start considering DDoS in their business-continuity planning. If they don’t, and they are targeted, the resulting chaos and lack of tools extends the outage and increases the costs both from an immediate financial perspective, and in terms of longer-term brand damage.

 

Source: http://www.scmagazineuk.com/the-changing-face-and-growing-threat-of-ddos/article/241020/

By David Meyer , 9 May, 2012 09:11

Hackers associated with Anonymous forced Virgin Media’s website offline for at least an hour on Tuesday, but the file-sharing service whose blockage sparked the protest has condemned the attack.

In an operation dubbed OpTPB, Anonymous hackers apparently subjected Virgin’s site to a distributed denial-of-service (DDoS) attack that began at 5pm. Twitter messages referring to OpTPB suggested that it was a response to Virgin Media’s blocking of The Pirate Bay (TPB), which began last week after a court ordered it.

Although Virgin admitted to an hour-long downtime, the site was still not working at the time of writing, around 16 hours after the attack began.

“DDoS and blocks are both forms of censorship,” The Pirate Bay told followers on its Facebook page, referring to “some random Anonymous groups [having] run a DDoS campaign against Virgin Media and some other sites”.

“We’d like to be clear about our view on this: We do NOT encourage these actions,” TPB said. “We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us. So don’t fight them using their ugly methods.”

The file-sharing service went on to suggest that those wanting to help it could set up a tracker, join or start a local Pirate Party, write to their political representatives or develop a new P2P protocol.

According to the BBC, Virgin said in a statement that it has to comply with court orders, but believes that “tackling the issue of copyright infringement needs compelling legal alternatives, giving consumers access to great content at the right price, to help change consumer behaviour”.

“Copyright defenders, including the British recorded music industry body BPI, have argued that illegal copies of films, books and music made available on file-sharing sites destroy creative industry jobs and discourage investment in new talent,” the ISP added.

The court order followed a ruling in February which established that TPB was infringing on copyright by providing a service that people use to unlawfully share copyrighted material.

TPB was not itself represented at the hearing that led to that ruling, but the judge, Mr Justice Arnold, argued that there was little point in trying to get the site’s proprietors into court when even the authorities in Sweden, TPB’s home country, had failed to do so.

Virgin Media was the first ISP to carry out the block ordered last week, but others covered by the same court order include Sky, Everything Everywhere, TalkTalk and O2. BT is not yet subject to the order as it has requested more time to assess the implications.

Source: http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/pirate-bay-condemns-virgin-media-hack-10026118/