DDoS Protection Specialist Archive

Myanmar websites and Bangladesh websites have been attacked by two groups of heckers from Bangladesh and some heckers from Myanmar.

Two groups of heckers of Bangladesh are Bangladesh Cyber Army and Bangladesn Black HAT Hackers. They both are DDos( Distributed Denial of Service)and other security-illed or weak websites. Bangladesh Cyber Army attacked Myanmar website, www.myanmar.gov.mm and websites of Myanmar Tourism.

Facebook pages of Bangladesh Cyber Army has told as Myanmar heckers attacked theirs and so they have to attack back.

June 18, 6PM,MST they attacked websites of Myanmar Teleport and Communication, www.mpt.net.mm.

Blink Hecker Group who attacked Bangladesh’s sites has told as they attacked only Rohinjar’s sites.Then continued to attacked bangladesh goverbment’s sites for they attacked.

In this cyber war, some of Bangladesh people helped.

Source: groundreport

Two service outages within the course of several hours rocked microblogging platform Twitter on Thursday, as users worldwide reported significant down-time and slow service across both Twitter’s website and mobile applications.

Amid speculation that Twitter had been crippled by a hacker attack, the San Francisco-based company blamed the outage – one of its most severe episodes in recent months – on a “cascading bug” in one of its infrastructure components.

“One of the characteristics of such a bug is that it can have a significant impact on all users, worldwide, which was the case today,” Mazen Rawashdeh, a Twitter vice president of engineering, wrote in a blog post on Thursday afternoon, after normal service resumed.

“We are currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future,” he added.

Twitter’s statements came after UgNazi – an emerging hacker outfit that recently gained publicity for breaking into Cloudflare chief executive Matthew Prince’s personal Google email account – claimed credit for the service disruption in an email to Reuters, saying it launched a distributed denial-of-service (DDoS) attack against Twitter because of the company’s support for the Cyber Intelligence Sharing and Protection Act.

One security professional said the group probably used a DDoS-for-hire site to launch an attack against Twitter on Thursday, but downplayed the likelihood the group was solely responsible for bringing down the social media network.

“It was mere coincidence,” the security professional said. “The backend of Twitter is having issues, which is unrelated to the very small attack.”

North American traffic levels for Twitter.com sharply plummeted on two occasions between 8:30 a.m. PDT (1530 GMT) and 11:00 a.m. PDT (1800 GMT), according to data provided by network analytics company Sandvine.

The first outage lasted between 8:30 a.m. (1530 GMT) and 10:00 a.m. (1700 GMT), data showed.

Twitter acknowledged the disruption in a mid-morning blog post that was continually revised as the service resumed, only to fail for a second time before 11:00 a.m.

Thursday’s sustained outage leaves a fresh bruise on a service that had supposedly shed its unreliable reputation long ago.

As the service resumed on Thursday, its most dedicated users quickly hopped back on to crack jokes, express relief and complain about the interruption – and, indeed, the fact that during the outage they had nowhere to complain about the interruption.

Founded in 2006, Twitter was plagued in its early days by frequent outages as its servers struggled to handle the ever-rising volume of tweets generated worldwide, leaving frustrated users with its famous “fail whale” error screen.

In recent years, Twitter, which has been under great pressure to demonstrate financial viability, has also devoted considerable resources toward improving its reliability, in an attempt to project itself as a mature, polished brand.

CEO Dick Costolo said this month that Twitter now has 140 million active monthly users who send 400 million tweets daily.

The company sounded an apologetic note on Thursday, as it conceded it had failed users who rely on the platform to connect with “heroes, causes, political movements.”

“It’s imperative that we remain available around the world,” said Rawashdeh, “and today we stumbled.”

Source: http://news.terra.com/twitter-suffers-sustained-outage-amid-hacker-attack,15a1a3f0e2218310VgnVCM3000009acceb0aRCRD.html

News of the recent LinkedIn security breach that compromised 6.4 million user accounts must have sent shivers down the spines of users who heavily make use of the website. While LinkedIn has since reset its systems, it could take days to complete investigations into how security was breached on the site that helps matchmake potential employers with employees.

According to a Reuters report, at least two security experts who examined the files, believed to contain the stolen LinkedIn passwords, said the company had failed to use best practices for protecting the data.

They claimed that LinkedIn used a basic method for encrypting passwords, which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted.

However, Mark Smith, managing director, Asia, Savvis, asserts that no system is completely foolproof. “Security breaches can happen and no system is 100 per cent secure,” he says. Savvis is a company that helps build cloud infrastructure and host IT solutions for enterprises. Mr Smith believes that effective communication to customers after a security breach still remains a challenge.

He points out that putting together a formal communication process can reduce fear among the public and increase their confidence in the company and he applauded LinkedIn’s swift action in providing members with an update that answered some frequently asked questions and letting them know what they could do to protect their information.

Turning to the industry, Mr Smith observes that there is a constant and growing threat of viruses, worms, spyware, and denial-of-service attacks that can corrupt, steal, or even destroy critical corporate information. These attacks have become widespread and complex and many businesses find it challenging to prevent zero-day attacks.

Network security comes down to the tiers of security that are applied to the business. “Service providers should layer security services to protect against breaches. This means they can expand security coverage accordingly, as businesses grow,” he explains.

One of the fastest growing threats today is a Distributed Denial-of-Service (DDoS) attack. In many cases, a DDoS attack could be caused by hundreds, or thousands, of compromised computers controlled by a single perpetrator.

During an attack, the perpetrator instructs these infected computers to “flood” a business site with requests, rendering it incapable of functioning properly. This ultimately brings the site down and causes financial losses, for instance, in the case of bank websites.

A common security breach usually occurs from within the organisation, sometimes due to human error, or to malicious employees. Mr Smith notes that a wrong configuration of applications is another cause of security breaches.

Employees handling company security may be trained in general security, but are not specialised in specific aspects of security, leading to human error.

“Many companies whose core business is not deploying security end up deploying security and this increases the probability of a potential security breach,” he explains.

Malicious damage could also result in security breaches. Many companies find it difficult to control internal access.

Mr Smith says: “We regularly see news articles about service failures and anonymous taking down of websites like government services and some of the biggest brands in the world. DDoS mitigation, layering security levels, and outsourcing infrastructure to experts can help provide against such incidents.”

Source: http://business.asiaone.com/Business/SME%2BCentral/Tete-A-Tech/Story/A1Story20120618-353593.html

If modern technology is a universal language, today our world is getting schooled in innovation. Mobile devices have become an integral part of our lives. We game on them, surf on them, bank on them, and now there is the growing opportunity to buy things on them. The new era of mobile payments will likely mean that your phone never leaves your hand. Point of Sale (POS systems) set up with Near Field Communications (NFC) or the ability for a cashier to scan your phone with a QR card reader. This means that you should never hand your device over to anybody. Yet, research says that people have security fears, and these concerns are valid.

When we talk about mobile payments we usually get the same reaction from people: excitement and anxiety. We as human beings love convenience and gadgets that make everyday life easier. That said, we’re risk averse when it comes to our money.

With more sensitive data being held on smartphones, new security threats have emerged. Mobile users list remote access by hackers, interception of calls or data, device theft, or loss and the installation of malware and viruses, among their greatest concerns. Many of the threats that originated online are also moving to the mobile environment, including Distributed Denial of Service (DDoS) attacks, crimeware botnets, and “hactivist” groups such as Anonymous.

To reduce these inherent risks, organizations must look to adopt a mobility security strategy that addresses the mobile threat landscape.

Given the fact that in the near future mobile payments will enjoy rapid uptake, mobile network operators and financial institutions are challenged to provide a service that transmits payments quickly and reliably. Merchants are also looking to adopt mobile payments on a larger scale. While doing so, they are looking for industry expertise and guidance.

The PCI Security Standards Council issued a new document this month that explains its views on mobile payment security, and provides guidelines for how merchants can securely accept payments using mobile devices such as smartphones or tablets. Mobile payment security isn’t a one-size-fits-all challenge, however it is important to craft the mobility security strategy while delving deep into the world of mobile payments.

I was reading Abhi’s post on foiling the modern day Bonnie and Clyde and as he points out, the threats aren’t limited to computers. Our always-on mobile devices are ripening into a juicy opportunity for cybercriminals as we perform more transactions on the go.

Information security is not a “check the box” compliance exercise. No single solution can inoculate a network from attack, and protecting information is not solely IT’s responsibility. Instead, the new integrated security approach is predictive and organization-wide. It proactively protects while anticipating the worst. It embraces rather than bans. It focuses on trust, not paranoia.

By rethinking your information security strategy and using an integrated security approach, your organization can manage the right risks and drive value in the era of mobility.

Source: http://networkingexchangeblog.att.com/enterprise-business/mobile-payments-bring-new-opportunities-and-new-threats/

South Korean police arrested a man from Seoul last week, on suspicion of working with North Korea to develop games infected with spyware.

According to a news report in the Korea JoongAng Daily, the 39-year-old game distributor was arrested on June 3 and charged with violating the National Security Law.

The law is North Korea-specific. Passed as the National Security Act in 1948, it outlawed:

recognition of North Korea as a political entity;
organizations advocating the overthrow of the government;
the printing, distributing, and ownership of “anti-government” material;
and any failure to report such violations by others.

The man was identified only by his family name, which news outlets render as either Cho or Jo.

Police claim that Cho met with North Korean spies who had set up a hacking base disguised as a trading firm in the Northeastern Chinese city of Shenyang.

The North Korean spies were allegedly associated with the country’s Reconnaissance General Bureau.

According to the Federation of American Scientists, this department ferrets out strategic, operational, and tactical intelligence for the Ministry of the People’s Armed Forces and plants spies in South Korea, either via boat or though tunnels under the demilitarized zone.

The Seoul Metropolitan Police said that Cho paid the spies tens of millions of won to develop the illegal game software.

Ten million won is equal to US $8520 or £5514.

The police allege that Cho turned to the reconnaissance unit to develop the games at this cheap price and knew they were infected.

According to Geek.com, the cost of the infected games was about one-third of a typical price.

Cho is also accused of setting up a server in South Korea that the North Koreans used in attempts to launch DDoS attacks at South Korean networks.

According to Geek.com, one such recent DDoS attack was launched against South Korea’s Incheon International Airport. Airport departures were disrupted multiple times in the spring of 2011 as a result.

The attack used a botnet of zombified computers that had been infected after their owners downloaded the Trojans by playing the poisoned games.

Beyond turning players’ computers into zombies, authorities also believe that Cho may have passed along personal information about more than 100,000 registered users to the North Koreans.

The police said Cho retained the personal information of hundreds of thousands of South Koreans, having collected the data from major portals.

This isn’t the first time North Korea has been implicated in cyberwarfare against South Korea.

There have long been claims that North Korea is operating a cyberwarfare unit (presumably being countered by the one alleged to exist in South Korea), and in 2008 it was reported that South Korea’s military command and control centre were the target of a spyware attack from North Korea’s electronic warfare division.

The sexy female seductress at the centre of that case, who was accused of seducing army officers in exchange for military secrets, was subsequently jailed for five years.

In 2009, a massive DDoS attack crippled 26 South Korean and foreign governmental websites, including military sites.

This spring, between April 28 and May 13, North Korea’s Reconnaissance General Bureau also managed to devastate GPS signals throughout the Korean peninsula.

The Reconnaissance General Bureau’s cultivation of cyber warriors is now at such an advanced state, in fact, that a South Korean expert recently claimed that North Korea’s abilities to wage a devastating cyber war are behind only those of the US and Russia.

Source: http://nakedsecurity.sophos.com/2012/06/11/north-korea-uses-infected-games-to-ddos-south-korea/