DDoS Protection Specialist Archive

Capital One confirms that its website had been hit by another distributed denial of service attack. This Oct. 16 incident was the second attack allegedly waged this month by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters against the $296.7 billion bank.

“Capital One is experiencing intermittent access to some online systems due to a denial of service attack,” bank spokeswoman Tatiana Stead said. “There was minimal impact to the majority of our customers.”

Also on Oct. 16, a post claiming to be from the Izz ad-Din al-Qassam Cyber Fighters appeared on the open Internet forum site Pastebin claiming new attacks against U.S. banks would be waged between Oct. 16 and Oct. 18. The group notes that this new wave of DDoS attacks is being initiated without advance warning. In earlier Pastebin posts, the group named the eight banks it eventually attacked.

The first attack against CapOne came Oct. 9, one day before the targeted attack against SunTrust Banks and two days before the attack against Regions Financial Corp..

Jason Malo, a financial fraud and security consultant with CEB TowerGroup, says the Oct. 9 attack against CapOne, appeared to be one of the most damaging. “With CapOne, they seemed to take a bigger hit than the others,” he says. “Other banks seemed to handle the attacks better.”

The first institution to take a DDoS hit was Bank of America on Sept. 18, followed by JPMorgan Chase on Sept. 19 (see High Risk: What Alert Means to Banks). Attacks against Wells Fargo, U.S. Bank and PNC hit the following week (see More U.S. Banks Report Online Woes).

Izz ad-din Al Qassam says it will continue to target U.S. institutions until a YouTube movie trailer believed by the group to be anti-Islam is removed from the Internet. Experts, however, question whether that outrage is just a front for some more nefarious motive.

Source: http://www.bankinfosecurity.com/capone-takes-second-ddos-hit-a-5203

Over the past two weeks, the websites of multiple financial institutions–including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo–have been targeted by attackers, leading to their websites being disrupted. Furthermore, some banks appear to still be suffering related outages.

That’s led more than 1,000 customers of those institutions to file related complaints with Site Down, a website that tracks outages. Customers have reported being unable to their access checking, savings, and mortgage accounts, as well as bill-paying and other services, via the affected banks’ websites and mobile applications.

Many of the banks’ customers have also criticized their financial institutions for not clearly detailing what was happening, or what the banks were doing about it. “It was probably the least impressive corporate presentation of bad news I’ve ever seen,” Paul Downs, a small-business owner in Bridgeport, Pa., told The New York Times, where he’s also a small-business blogger.

A hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam has taken credit for the attacks, which it’s dubbed Operation Ababil, meaning “swarm” in Arabic. It said the attacks are meant to disrupt U.S. banking operations in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam.

Some of the attacked banks’ websites still appear to be experiencing outages, but Dan Holden, director of security for the Arbor Security Engineering and Response Team, said he’s seen no signs that any active attacks are currently underway. “Obviously, we’re only one day into the week, but we didn’t see anything yesterday, and while [the Cyber fighters of Izz ad-din Al qassam] said in the previous post that they’d be working over the weekend, there haven’t been any new posts stating that they’d be doing new attacks,” he said.

Tuesday, however, multiple Wells Fargo customers were still reporting that they were having trouble accessing the bank’s website, or getting it to respond after they’d logged in. “Day 8, still can’t get in with Safari or Firefox … getting old. I have a business to run here,” said an anonymous poster to Site Down. “This is getting old,” said another.

Asked to comment on reports that the bank’s website was continuing to experience outages, a spokeswoman for Wells Fargo repeated a statement released last week, saying via email that “customers can access their accounts through the online and mobile channels.”

Multiple Bank of America customers Tuesday also reported problems with the bank’s website, with some people saying they’d been experiencing disruptions for 10 days or more. “I agree … with all the other comments about this problem of being unable to go on line. What in the world is going on–get it fixed!” said an anonymous user Sunday on the Site Down website. But Bank of America spokesman Mark T. Pipitone said via email that the bank’s website has been working normally since last Tuesday, and suggested that the scale of any reported website problems was within normal parameters. “We service 30 million online banking customers,” he said. “Our online banking services have been, and continue to be, fully functional.”

Given attackers’ advance warning that they planned to take down the banking websites–which suggested that they’d launch distributed denial-of-service (DDoS) attacks, why didn’t banks simply block the attacks? As one PNC customer said in an online forum, “Come on PNC! Never heard of content delivery networks to make these attacks more difficult?? … Please invest in a more capable network security team and take care of your customers!”

But Arbor’s Holden, speaking by phone, said that the attackers had used multiple DDoS tools and attack types–including TCP/IP flood, UDP flood, as well as HTTP and HTTPS application attacks–together with servers sporting “massive bandwidth capacity.” So while the attacks weren’t sophisticated, they succeeded by blending variety and scale.

Given the massive bandwidth used in the attacks, were they really launched by hacktivists, which is what the attackers have claimed they are? Former U.S. government officials, speaking anonymously to various media outlets, have instead directly accused Iran of launching the attacks. Regardless of whether Iran is involved, Holden said that the bank attacks don’t resemble previously seen hacktivist attacks, which typically involved botnets of endpoint-infected PCs, or people who opted in to the attack, for example by using the Low Orbit Ion Canon JavaScript DDoS tool from Anonymous.

“With Anonymous … you’d see those people coming together and launching an attack with a given tool,” Holden said. “With this, yes, you’re seeing multiple types of attacks, multiple tools, and while blended attacks are common, they’re not so common with classic hacktivism, or hacktivism that we’ve witnessed in the past.”

In other words, “we don’t know whether it’s hacktivism or whether it’s not,” said Holden. “There’s nothing really backing up the advertisement that this was a bunch of angry people. If it is, it’s people who have gone out with a particular skill set, or hired someone with a particular skill set, to launch these particular attacks.” But whoever’s involved in these attacks has quite a lot of knowledge related to the art of launching effective DDoS website takedowns, and has access to high-bandwidth servers, which they’ve either compromised, rented, or been granted access to.

Interestingly, the attackers do appear to have taken a page from the Anonymous attack playbook. “We don’t have all the information about which specific techniques have been used against the U.S. banks so far, but the ‘Izz ad-Din al-Qassam Cyber Fighters’ scripts are based on the JS LOIC scripts used by Anonymous as well,” said Jaime Blasco, AlienVault’s lab manager, via email.

But like Holden, Blasco said that the bank website attackers had used much more than just JavaScript. “The number of queries/traffic you need to generate to affect the infrastructure of those targets is very high,” he said. “To affect those targets, you need thousands of machines generating traffic, and … other types of DDoS.”

Source: http://www.informationweek.com/security/attacks/bank-site-attacks-trigger-ongoing-outage/240008314

Chinese hackers have taken up cyber arms and followed up widespread anti-Japan protests in the People’s Republic over a set of disputed islands by attacking at least 19 Japanese government and other web sites.

Japan’s National Police Agency (NPA) revealed that 11 of the 19 sites, including those of the Defence Ministry and Internal Affairs and Communications Ministry, appeared to have been hit by Distributed Denial of Service attacks, Kyodo reported.

The remainder, including those of the Supreme Court and the Tokyo Institute of Technology, were defaced with pictures of the Chinese flag.

The web sites of banking, utilities and other private companies were also hit, although most now appear to be back up and running as normal.

Things got even worse for the the Tokyo Institute of Technology, whose site was defaced endured an attack that saw names and telephone numbers of over 1,000 members of staff leaked.

The NPA confirmed to AFP that 300 Japanese web sites were short-listed for attack on a message board of Chinese hacktivist group Honker Union, while around 4,000 individuals had posted messages about planned attacks on Chinese chat site YY Chat.

The dispute over the Diaoyu islands, or Senkaku as they’re known in Japan, intensified last week when the Tokyo decided to buy them from the Japanese family who had owned them for the past 100+ years. The uninhabited islands have only been actively claimed by China and Taiwan until the late 1960s when it was discovered they may house oil deposits.

The protests took a turn for the ugly earlier this week given 18 September marks the day of the Mukden, or Manchurian, Incident of 1931, which led to the Japanese invasion of China.

Source: http://www.theregister.co.uk/2012/09/21/japan_china_attack_sites_senkaku/

Hacker group Anonymous targeted United Kingdom government websites today in a show of solidarity with Wikileaks founder Julian Assange, who is holed up at the Ecuardorian embassy in London, hoping to flee the U.K. for fear of being extradited to Sweden and then the United States.

The hacker collective, famous for using distributed denial of service attacks to make a political point, allegedly attacked the U.K. Justice Department website, along with the British Prime Minister’s website “Number 10.” Other reports indicate the group has also attacked the Department of Work and Pensions. Anonymous used the hash tag “#OpFreeAssange,” referencing the founder of Wikileaks who is supposed to be under house arrest in the U.K. for sex-crime allegations in Sweden.

Earlier today, one Anonymous bullhorn on Twitter, @AnonIRC said, “The website of the UK Ministry of Justice is down: http://www.justice.gov.uk/  #OpFreeAssange”

Another, @YourAnonNews, tweeted, “The second victim seems to be offline –> http://www.dwp.gov.uk/  #OpFreeAssange #Anonymous. Gov. of UK Expect Us!”

After being arrested and let out on bail, Assange escaped to the Ecuadorian embassy before authorities could extradite him to Sweden. The Latin American country granted Assange political asylum last week, saying his human rights were in danger. Officials in Ecuador spoke with Sweden but were not able to get assurances that Assange would not be extradited from there to the United States, where he faces bigger charges for the leak of many U.S. diplomatic cables in 2010.

As of now, the U.K. Justice department website is still down, though Number 10 and the Department of Work and Pensions websites are up.

This morning Assange gave a speech from a balcony at the Ecuadorian embassy. He urged the U.S. to end its “witch hunt” against Wikileaks. He said that the U.S. is at a juncture: “Will it return to and reaffirm the revolutionary values it was founded on or will it lurch off the precipice, dragging us all into a dangerous and oppressive world in which journalists fall silent under the fear of prosecution and citizens must whisper in the dark?”

Source: http://venturebeat.com/2012/08/20/anonymous-julian-assange/

Security firm Radware claims to have spotted evidence online that suggests hactivist group Anonymous is gearing up to target denial-of-service attacks on the websites of British companies BT and GlaxoSmithKline during the Olympics, and maybe do much more.

The Radware Emergency Response Team has identified postings on Pastebin that suggest that Anonymous intends to attack London-based global network-services provider BT and pharmaceuticals and healthcare provider company GlaxoSmithKline (GSK). Both companies happen to have roles to play associated with the London-based Olympics — GSK is providing drug-testing and associated medical input, while BT is supporting numerous Olympics-related projects. Radware says its evidence is information posted by someone claiming to be tied to the shadowy group Anonymous.

Anonymous uses a few tools to attack its targets, and one of them is the High Orbit Ion Cannon (HOIC), a weapon that’s been out for about six months, says Carl Herberger, vice president of security solutions at Radware. He says there’s now attack information contained in what’s called a “HOIC booster” posted online and advertised as coming from Anonymous to attack both BT and GSK. He acknowledges, though, this “could be anybody.”

The HOIC tool provides you with the ability to use scripted code, Herberger says, noting it allows for opening up many connections from a single machine, and hence represents a more powerful attack tool from the older, known “Low Orbit Ion Cannon” attack tools, which couldn’t do this. The HOIC booster information that’s posted essentially represents something along the lines of “ordnance” that can be loaded into the HOIC to hit a target.

While the Pastebin information related to HOIC may in the end may be of no consequence, Herberger says there were a series of attacks on sites in India in the past in which this type of information was posted in advance, and the attacks did occur. Radware is putting out this information in what it regards as an advanced warning to help companies prepare.

For fast DDoS protection click here.

Source: http://www.networkworld.com/news/2012/073012-anonymous-bt-gsk-261281.html