DDoS Protection Specialist Archive

By: Jeremy Nicholls

The internet is an ideal destination for like-minded people to come together.

This is as true for people who are reaching out to friends, colleagues and strangers to raise money for charity as it is for groups of individuals who plan to use cyber attacks to make political or ideological statements.

It is the latter group, ‘hacktivists’ as they have come to be called, who are having a profound impact on today’s security threat landscape.

Research from Arbor Networks’ annual Worldwide Infrastructure Security Report (a survey of the internet operational security community published in February) supports this. Ideologically motivated hacktivism and vandalism were cited by a staggering 66 per cent of respondents as a motivating factor behind distributed denial-of-service (DDoS) attacks on their businesses.

One of these attacks last month targeted the BBC – the attack took down email and other internet-based services and the BBC suspected the attack was launched by Iran’s cyber army in a bid to disrupt BBC Persian TV. Then there was the takedown of the Home Office website with the promise of a series of weekly attacks against the Government.

But it’s not just high-profile, politically connected organisations at risk. Any enterprise operating online, which applies to just about any type and size of business operating in the UK, can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune.

An influx of new attack tools entering the market are readily available and fast to download. This video demonstrates how many tools are available today to anyone with a grievance and an internet connection; furthermore, the underground economy for botnets is booming.

Botnets ‘for hire’ are popular – unskilled attackers are able to hire botnet services for bargain-basement prices. Just as an enterprise can subscribe to a technology provider or a cloud-based DDoS mitigation service, hacktivists can subscribe to a DDoS service to launch attacks.

While hacktivism has gained tremendous press attention recently, there is evidence of DDoS attacks being used for competitive gain. For example, the Russian security service FSB arrested the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. He was charged with a DDoS attack on rival Assist that paralysed the ticket-selling system on the Aeroflot website.

This all has overwhelming implications for the threat landscape, risk profile, network architecture and security deployments for all service providers and enterprises.

With the democratisation of DDoS has come a change in the attacks themselves. The methods hackers use to carry out DDoS attacks have evolved from the traditional high-bandwidth/volumetric attacks to stealth-like application-layer attacks and state attacks on firewalls and IPS, with a combination of any or all three being used in some cases.

Multi-vector attacks are becoming more common. A high-profile attack on Sony in 2011 had the company blinded of security breaches that compromised user accounts on the PlayStation Network, Qriocity and Sony Online Entertainment, because it was distracted by DDoS attacks.

Whether used for the sole purpose of shutting down a network or as a means of distraction to obtain sensitive data, DDoS attacks continue to become more complex and sophisticated. While some DDoS attacks have reached levels of 100Gbps, low-bandwidth, application-layer attacks have become more prominent as attackers exploit the difficulties in detecting these ‘low-and-slow’ attacks before they impact services.

Of the respondents surveyed in Arbor’s report, 40 per cent reported an inline firewall and/or IPS failure due to a DDoS attack, and 43 per cent reported a load-balancer failure.

While these products have a place and are an important part of an organisation’s overall IT security portfolio, they are not designed to protect availability. To ensure the best possible protection, organisations should adopt a multi-layered approach – combining a purpose-built, on-premise device with an in-cloud service.

DDoS mitigation is not a short-term fix. At Arbor Networks, we believe that this is something that should sit within a company’s overall risk-planning considerations. Just as physical security can be impacted by fire or extreme weather, digital security includes evaluating threats to availability, namely DDoS attacks.

It is becoming increasingly important to develop a plan to identify and stop them before they impact services, just as you would with natural disasters such as earthquakes or floods.

It is time for companies to start considering DDoS in their business-continuity planning. If they don’t, and they are targeted, the resulting chaos and lack of tools extends the outage and increases the costs both from an immediate financial perspective, and in terms of longer-term brand damage.

 

Source: http://www.scmagazineuk.com/the-changing-face-and-growing-threat-of-ddos/article/241020/

15/05/2012

Information Commissioner’s Office’s website appears to be latest target of hacktivists

Privacy watchdog appears to be under Distributed Denial of Service attack

Update: The ICO has just released this statement about the DDOS attack it is suffering.

ICO spokesperson said:”Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack.

“The website itself has not been damaged, but people have been unable to access it. We provide a public facing website which contains no sensitive information.

“We regret this disruption to our service and we are working to try to bring the website back online as soon as possible.

“As mentioned it seems to be intermittently available at the moment and our web team our working to resolve the problem.”

Hackers appear to have launched a Distributed Denial of Service (DDOS) attack against the website of the Information Commissioner’s Office.

The site is currently offline and when we called to verify if this was the case, a representative for the ICO told us at 9.55am that it was going into a meeting to discuss the situation. The privacy watchdog said it would release an update when it had some news.

However we were told that it was hoped that the site would be back online soon.

If it is indeed a DDOS attack, it is not known who may behind it or why. But the last week has seen a spate of these attacks including those against internet service providers’ (ISPs) sites, including Virgin Media and Talk Talk, which have been targeted recently by strands of the Anonymous group.

They were protesting against the ISPs blocking customer access to file-sharing site The Pirate Bay.

André Stewart, President International at Corero Network Security said: “The takedown of the Information Commissioner’s Office website by an apparent Distributed Denial of Service attack is, once again, evidence that Government organisations need to be better prepared for the growing threat from cybercrime carried out by politically or ideologically motivated hacktivists.”

Source: http://www.computeractive.co.uk/ca/news/2174709/information-commissioners-office-website-goes-offline-suspected-ddos-attack

TechWeekEurope learns an Anonymous splinter group took down Theresa May’s website, whilst targeting the ICO and the Supreme Court

On May 14, 2012 by Tom Brewster

Home secretary Theresa May saw her website taken down last night, in what TechWeekEurope understands was part of a widespread distributed denial of service (DDoS) campaign carried out by an Anonymous splinter group this weekend.

May’s website (tmay.co.uk) was down from around 9pm last night until approximately 10am this morning, it is believed.

Websites of the Supreme Court and the Information Commissioner’s Office (ICO) were down for large chunks of Sunday afternoon and evening too, although neither would confirm whether their sites were out of action due to a DDoS.

“We believe the website was targeted with a distributed denial of service. Mrs May treats threats of disruption to her website very seriously,” a spokesman for Theresa May said.

“Access to the ICO website was not possible yesterday afternoon,” an ICO spokesperson said. “We provide a public facing website which contains no sensitive information.”
Agent Smith talks…

The “voice” of a UK-based Anonymous group calling itself the ATeam told TechWeekEurope it had targeted and successfully taken down all three sites as part of the  campaign against the UK’s attitude to extradition.

Talking over Skype, the spokesperson, going by the name of Winston Smith, said the attack on the Theresa May website was part of OpTrialAtHome, which is protesting against the UK’s extradition treaty with the US. In particular, Smith pointed to the case of Gary Mckinnon, who remains in limbo over whether he will be extradited to the US on hacking charges.

The government has come under fire for leniency to the US. The debate over the extradition treaty was given a fresh lease of life in March, when the home secretary approved the extradition of British student Richard O’Dwyer, who is facing charges of conspiracy to commit copyright infringement and criminal infringement of copyright for his role in the TV Shack website.

“The Computer Misuse Act should be applied at the location of the crime, not at the alleged source,” he said. “The US-UK judiciary change source and location application of the law when it suits them. That was one aspect of the protest”

As for the ICO, the ATeam claimed it hit the data protection regulator because of a “failure to protect privacy.” “The ICO are not equiped, nor have the motivation to ensure that we are protected,” Smith said.

The hacktivist collective is also protesting the Leveson Inquiry, which it believes has not worked effectively in punishing the media for hacking offences. Smith said Leveson was a “complete failure”.

Smith, who claimed to be a former investment banker, said the ATeam, also known as the Anonymous Team, consisted of 10 people who were “the best in the world.” The group does not directly work with other Anonymous cells.

He said the average age of the group was around 40, making it different from the other Anonymous groups, which consist largely of “children” who “cause more harm than good” and have “no understanding of what they are doing”.

“There are many  anons who are actual extremists hiding behind the mask,” Smith added. “We believe the mask has to come off.”

Smith said another key protest will focus on the draft Communications Data Bill, which was announced in the Queen’s Speech last week. Via a source within government, TechWeekEurope exclusively revealed the Coalition was already believed to be backing away from one of the key aspects of the bill – the black boxes in which citizens’ comms data would be stored within ISPs.

In the coming weeks, the ATeam hopes to take down more websites, including those of the Leveson Inquiry, the Home Office and the Supreme Court.

Smith and Anonymous have been linked with previous hits on the Home Office websites, as well as attempts on GCHQ.

Anonymous has had another busy year. Earlier this month, the group took responsibility for hits on ISPs TalkTalk and Virgin in protest at the Pirate Bay ban they were forced to impose. However, the Pirate Bay posted a public notice denouncing the use of DDoS as a protest tool.

UPDATE: This afternoon, the ICO website has been experiencing further problems, with its website inaccessible at the time of publication. The same Anonymous team told TechWeekEurope it had hit the watchdog’s site, whilst the ICO said it was looking into the matter.

“We are reviewing the underlying causes for the website being down with the providers of our web hosting,” an ICO spokesperson said.

Smith said the group had targeted the ICO as part of a protest against the Leveson Inquiry. “The information commissioner has failed to address the multiple data protection breaches of citizens by the media,” he added.

 

Source: http://www.techweekeurope.co.uk/news/anonymous-strikes-down-theresa-may-website-in-extradition-protest-77894

NEWS

The Serious Organised Crime Agency has taken its website offline due to a distributed denial-of-service attack.

By Tom Espiner, ZDNet UK, 3 May, 2012 15:02

The UK law enforcement agency asked its hosting provider to take the site down at approximately 22.00 on Wednesday, and the site was taken offline at around 22.30, a SOCA spokesman told ZDNet UK on Thursday. The site remained offline at the time of writing.

“The site was taken offline last night to limit the impact of a distributed denial-of-service attack (DDoS) against other clients hosted by our service provider,” the SOCA spokesman said. “The website only contains publically available information.”

The spokesman declined to say who the agency thought was behind the attack, but said it did not pose a security risk.

While website attacks are “inconvenient to visitors”, SOCA does not consider maintaining the necessary bandwidth to deal with DDoS a good use of taxpayers’ money, the SOCA spokesman said.

A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim responsibility.

“TANGO DOWN: DDoS attack takes down site of UK Serious Organised Crime Agency (SOCA),” said the @YourAnonNews feed.

The SOCA website was taken offline in June 2011, in an action that was claimed by LulzSec, a hacking group affiliated to Anonymous.

“What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on SOCA in June 2011,” said Ovum analyst Andrew Kellett. “Hacktivist attacks targeting particular operations have been known to be both persistent and long-standing, requiring extensive DDoS defences.”

SOCA announced last week that it worked with the FBI to take down 36 websites used to sell stolen bank card data.

On Thursday Cabinet Office minister Francis Maude said that SOCA had “recovered nearly two million items of stolen payment card details since April 2011 worth approximately £300m to criminals” in a speech made in Estonia.

 

Source: http://www.zdnet.co.uk/news/security-threats/2012/05/03/soca-website-taken-down-in-ddos-attack-40155157/

There has already been much fallout from the recent massive release of information by the WikiLeaks organisation–including attacks on WikiLeaks itself by those angered by its actions that aimed to disrupt and discredit the organisation. This saw WikiLeaks targeted by a variety of sustained distributed denial of service (DDoS) attacks that aim to make its web presence inaccessible.

Although these attacks were seen to be relatively modest in size and not very sophisticated, the publicity that they received has served to raise awareness of the dangers of such attacks, which can be costly and time-consuming to defend against. DDoS attacks occur when a hacker uses large-scale computing resources, often using botnets, to bombard an organisation’s network with requests for information that overwhelm it and cause servers to crash. Many such attacks are launched against websites, causing them to be unavailable, which can lead to lost business and other costs of mitigating the attacks and restoring service.
DDoS attacks are actually extremely widespread. A recent survey commissioned by VeriSign found that 75% of respondents had experienced one or more attacks in the past 12 months. This is echoed in recent research published by Arbor Networks of 111 IP network operators worldwide, which showed that 69% of respondents had experienced at least one DDoS attack in the past year, and 25% had been hit by ten such attacks per month. According to Adversor, which offers services to protect against DDoS attacks, DDoS attacks now account for 4% of total internet traffic. Another provider of such services, Prolexic Technologies, estimates that there are 50,000 distinct DDoS attacks every week.

The research from Arbor Networks also shows that DDoS attacks are increasing in size, making them harder to defend against. It found that there has been a 102% increase in attack size over the past year, with attacks breaking the 100Gbps barrier for the first time. More attacks are also being seen against the application layer, which target the database server and cripple or corrupt the applications and underlying data needed to effectively run a business, according to Arbor’s chief scientist, Craig Labovitz. Among respondents to its survey, Arbor states that 77% detected application layer attacks in 2010, leading to increased operational expenditures, customer churn and revenue loss owing to the outages that ensue.

Measures that are commonly taken to defend against DDoS attacks include the use of on-premise intrusion detection and prevention systems by organisations, or the overprovisioning of bandwidth to prevent the attack taking down the network. Others use service providers, such as their internet service provider (ISP) or third-party anti-DDoS specialists, which tend to be carrier-agnostic, so not limited to the services offered by a particular ISP. The first two options are time-consuming and costly to manage by organisations and they need the capacity to deal with the massive-scale, stealthy application-layer attacks that are being seen.
With attacks increasing in size and stealthier application-layer attacks becoming more common, some attacks are now so big that they really need to be mitigated in the cloud before the exploit can reach an organisation’s network. ISPs and specialist third-party DDoS defence specialists monitor inbound traffic and when a potential DDoS attack is detected, the traffic is redirected to a scrubbing platform, based in the cloud. Here, the attack can be mitigated thus providing a clean pipe service–the service provider takes the bad traffic, cleans it and routes it back to the network in a manner that is transparent to the organisation.

Guarding against DDoS attacks is essential for many organisations and vital especially for those organisations with a large web presence, where an outage could cost them dearly in terms of lost business. DDoS attacks are becoming increasingly targeted and are no longer just affecting larger organisations. Rather, recent stories in the press have shown that organisations of all sizes are being attacked, ranging from small manufacturers of industry food processing equipment and machinery through to large gambling websites.
By subscribing to cloud-based DDoS mitigation services, organisations will benefit from a service that not only provides better protection against DDoS attacks than they could achieve by themselves, but can actually reduce the cost of doing so as the cost of hardware and maintenance for equipment required is spread across all subscribers to the service and organisations don’t need to over-provision bandwidth as the traffic is directed away from their networks. For protecting vital websites, subscribing to such a service is akin to taking out insurance for ensuring that website assets are protected, and the organisation can protect itself from the cost and reputational damage that can follow from a successful DDoS attack that renders services unavailable.

Source: http://www.computerweekly.com/blogs/Bloor-on-IT-security/2011/02/ddod-attacks-coming-to-a-network-near-you.html