DDoS Attack Specialist Archive

We live in a world where foreign governments are routinely accused of cyber meddling to subvert democratic elections. Is anyone surprised that an authoritarian government is blamed for a massive DDoS attack that shut down Telegram – a key social media channel used to organize dissent and protest?

What is perhaps surprising in this case, is that the social media channel was Telegram, famous for being the most secure messaging app. Telegram’s security is based on encryption, distributed servers, and an optional message self-destruction feature. So, the content of your messages on Telegram should be pretty safe.

BUT if the service is unavailable, all that security is useless. That’s the sinister beauty of DDoS – Distributed Denial of Service. When a DDoS attack floods your network, overwhelming your infrastructure – with up to Terabits per Second of garbage data – it doesn’t matter how secure your service is.  Nobody can access it.

DDoS isn’t only about denial of service. Sometimes it’s used as an enabler for other cybercrimes. While services (including aspects of network security) are down, other malicious software may be infiltrated into your network devices resulting in massive data breaches, ransomware, theft of IP and more.

DDoS Attacks: Bad and Getting Worse

DDoS is here and it’s not going away! It seems that every month we hear about a new, record-breaking DDoS attack—and it’s not surprising that many types of DDoS attacks are referred to as floods—there is even one called a Tsunami—because their impact is overwhelming. They marshal a bot army of infected network devices to inundate and flood network resources, including elements such as firewalls that are intended to ensure network security.

How will 5G affect DDoS attacks?

5G holds a lot of promise for improved communications but may well worsen the DDoS nightmare. 5G’s anticipated exponential spread of high-speed bandwidth and connected IoT means that in addition to widespread motivation, easily available attack tools, and proliferating IoT attack sources, dramatically bigger attacks will be possible because the “5G highway” will have many more lanes to enable vastly higher rates of traffic—both good and bad. In the words of Brijesh Datta, the CSIO of Reliance Jio, “5G’s bandwidth will easily flood servers…with 5G, every individual would have a 1 Gbps worth of bandwidth, thereby attacks would become more drastic.”

What should service providers do to secure their network against DDoS attacks? 

In a whitepaper focused on service providers, but equally applicable to enterprises, Frost and Sullivan stress the following points:

  1. “…service providers may be better served by high-performance DDoS mitigation appliances with sufficient scalability to eliminate attacks, inline and in real time
  2. “An inline solution that provides DPI-based policy control capabilities ensures that firewalls and other security infrastructure are protected and functional at all times.”

Source: https://securityboulevard.com/2019/06/telegram-hit-by-powerful-ddos-attack-blames-china/

Telegram founder Pavel Durov has suggested that the Chinese government may have been behind a recent DDoS attack on the encrypted messaging service. Writing on Twitter, the founder called it a “state actor-sized DDoS” which came mainly from IP addresses located in China. Durov noted that the attack coincided with the ongoing protests in Hong Kong, where people are using encrypted messaging apps like Telegram to avoid detection while coordinating their protests.

The attack raises questions about whether the Chinese government is attempting to disrupt the encrypted messaging service and limit its effectiveness as an organizing tool for the hundreds of thousands of demonstrators taking part in the protests. Bloomberg reports that encrypted messaging apps like Telegram and FireChat are currently trending in Apple’s Hong Kong App Store, as demonstrators attempt to conceal their identities from Hong Kong’s Beijing-backed government.

Screen Shot 2019-06-13 at 16.32.38

As well as using encrypted messaging apps, Bloomberg notes that protesters in Hong Kong are also covering their faces to avoid facial recognition systems. They’re also avoiding the use of public transit cards that can link location to identities.

Telegram’s Twitter account said that the service had been hit with “gadzillions of garbage requests,” mostly from IP addresses originating in China, as part of the DDoS attack which had stopped the service from being able to process legitimate requests from users. It said that these garbage requests tend to be generated by botnets, networks of computers infected with malware. “This case was not an exception,” Durov tweeted without elaborating.

A distributed denial of service attack may sound like hacker talk, but there’s a simple explanation behind it. Secure messaging app Telegram said it had to endure one Wednesday, and it gave an explanation that almost anyone could understand.

Telegram tweeted Wednesday morning that it was dealing with a DDoS attack. The app was down for many users across the globe, according to DownDetector. The downtime period was just a little over an hour, and while it was going on, Telegram explained how a DDoS attack works.

Screen Shot 2019-06-12 at 11.42.41

“Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper,” Telegram tweeted. “The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.”

The tweets then went on to describe how hackers accomplish a DDoS attack.

“To generate these garbage requests, bad guys use ‘botnets’ made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa,” the company said in another tweet.

Before giving the all-clear that the attack was over, Telegram tweeted that users’ data was safe.

“There’s a bright side: All of these lemmings are there just to overload the servers with extra work – they can’t take away your Big Mac and Coke,” the company tweeted.

Telegram has its share of run-ins with service denials, but they usually come from countries that want to shut the service down. Russia, Iran and Indonesia blocked the secure messaging app in recent years as governments in those countries argued that the service was used for anti-government protests and terrorism.

Telegram didn’t immediately respond to a request for comment.

Source: https://www.cnet.com/news/telegrams-description-of-ddos-attack-is-the-best/

One of the perpetrators of the 2015 TalkTalk cyber hack has been sentenced to four years in prison for his role in the attack.

 22-year-old Daniel Kelley, from Llanelli, South Wales, who also suffers from Asperger’s syndrome, originally pleaded guilty to 11 hacking-related offences in 2016.

Judge Mark Dennis sentenced him at the Old Bailey to four years’ detention in a young offenders institution. Judge Dennis said Kelley hacked computers “for his own personal gratification”, regardless of the damage caused. Kelley went on to blackmail company bosses, revealing a “cruel and calculating side to his character”, he said.

TalkTalk experienced three significant cyber attacks in 2015, resulting in a leak of the details of over 150,000 customers. The company hired the cyber arm of defence contractor BAE Systems to investigate the breach.

Kelley’s hacking offences also involved half a dozen other organisations, including a Welsh further education college, Coleg Sir Gar, where he was a student.

His actions caused “stress and anxiety” to his victims, as well as harm to their businesses, with the total cost to TalkTalk from multiple hackers estimated at £77m.

Between September 2013 and November 2015, Kelley engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies. Despite attempts at anonymity, his crimes were revealed in his online activities.

In September 2012, he boasted on Skype that he was “involved with black hat activities and I can ddos (Distributed Denial of Service)” in reference to malicious hacking. Commenting on what he was doing, he wrote on an online forum: “Oh God, this is so illegal.”

The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of “spite or revenge”. The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh Government Public Sector network, which includes schools, councils, hospitals and emergency services.

After he was arrested and bailed, Kelley continued his cyber-crime spree for a more “mercenary purpose”. Prosecutor Peter Ratliff said Kelley had been “utterly ruthless” as he threatened to ruin companies by releasing personal and credit card details of clients.

He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.

However, he only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for coins worth over £115,000.

Source: https://eandt.theiet.org/content/articles/2019/06/talktalk-hacker-sentenced-to-four-years/

Global communication service providers (CSPs), who are expected to provide customers with continuous, uninterrupted service, are struggling to deal with an increasing number of distributed denial of service (DDoS) attacks.

DDoS attacks involve flooding a network with more traffic than it can handle, which makes the network inaccessible to legitimate users.

According to A10 Networks’ The State of DDoS Attacks against Communication Service Providers report, which quizzed 325 IT and security professionals working for internet service providers, 85% of CSPs believe that there will be an increase or no reduction in the amount of DDoS attacks launched against them in the near future.

Despite the threat increasing, just 39% were confident that their organisation could detect a DDoS attack. Fewer respondents, 34%, were confident that their organisation could prevent an attack.

Respondents said that a lack of actionable intelligence was the top barrier to preventing DDoS attacks. Insufficient talent and expertise, and inadequate technologies were also viewed as significant barriers.

Stopping the botnet

Preventing attacks can be costly for businesses, according to cybersecurity expert Jake Moore, security specialist at ESET, but regulating the internet of things (IoT) space could help to prevent a large number of DDoS attacks before they are launched.

“DDoS attacks have always featured in cyber-attacks and there’s usually not much companies can do to protect their websites other than to attempt to divert as much traffic as possible, but this can be costly,” Moore explained. “The real solution lies in the early production of the internet of things and smart devices, where they are continually created with simple or no security at all.”

According to GlobalData’s recent smart home report, spending on internet-connected smart home devices climbed to $23bn in 2018. The market is expected to grow to $25bn by 2025 as consumers continue to automate their homes using smart speakers, thermostats, lighting and security products.

However, various studies have highlighted how easy it is to hack many of these devices.

This is being exploited by cybercriminals to build botnets, a number of compromised internet-connected devices that are used to carry out automated cybercriminal activities such as DDoS attacks or spam delivery.

The Mirai botnet discovered in 2016, for example, had amassed 380,000 devices by scanning the internet for IoT devices and testing commonly-used default username and password combinations to break into a device.

“Once such devices are taken over by a threat actor, they are simply diverted on mass to targeted sites to crash them,” Moore explained.

Source: https://www.verdict.co.uk/iot-regulation-ddos-attack-prevention/