DDoS Protection Specialist Archive

15/05/2012

Information Commissioner’s Office’s website appears to be latest target of hacktivists

Privacy watchdog appears to be under Distributed Denial of Service attack

Update: The ICO has just released this statement about the DDOS attack it is suffering.

ICO spokesperson said:”Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack.

“The website itself has not been damaged, but people have been unable to access it. We provide a public facing website which contains no sensitive information.

“We regret this disruption to our service and we are working to try to bring the website back online as soon as possible.

“As mentioned it seems to be intermittently available at the moment and our web team our working to resolve the problem.”

Hackers appear to have launched a Distributed Denial of Service (DDOS) attack against the website of the Information Commissioner’s Office.

The site is currently offline and when we called to verify if this was the case, a representative for the ICO told us at 9.55am that it was going into a meeting to discuss the situation. The privacy watchdog said it would release an update when it had some news.

However we were told that it was hoped that the site would be back online soon.

If it is indeed a DDOS attack, it is not known who may behind it or why. But the last week has seen a spate of these attacks including those against internet service providers’ (ISPs) sites, including Virgin Media and Talk Talk, which have been targeted recently by strands of the Anonymous group.

They were protesting against the ISPs blocking customer access to file-sharing site The Pirate Bay.

André Stewart, President International at Corero Network Security said: “The takedown of the Information Commissioner’s Office website by an apparent Distributed Denial of Service attack is, once again, evidence that Government organisations need to be better prepared for the growing threat from cybercrime carried out by politically or ideologically motivated hacktivists.”

Source: http://www.computeractive.co.uk/ca/news/2174709/information-commissioners-office-website-goes-offline-suspected-ddos-attack

TechWeekEurope learns an Anonymous splinter group took down Theresa May’s website, whilst targeting the ICO and the Supreme Court

On May 14, 2012 by Tom Brewster

Home secretary Theresa May saw her website taken down last night, in what TechWeekEurope understands was part of a widespread distributed denial of service (DDoS) campaign carried out by an Anonymous splinter group this weekend.

May’s website (tmay.co.uk) was down from around 9pm last night until approximately 10am this morning, it is believed.

Websites of the Supreme Court and the Information Commissioner’s Office (ICO) were down for large chunks of Sunday afternoon and evening too, although neither would confirm whether their sites were out of action due to a DDoS.

“We believe the website was targeted with a distributed denial of service. Mrs May treats threats of disruption to her website very seriously,” a spokesman for Theresa May said.

“Access to the ICO website was not possible yesterday afternoon,” an ICO spokesperson said. “We provide a public facing website which contains no sensitive information.”
Agent Smith talks…

The “voice” of a UK-based Anonymous group calling itself the ATeam told TechWeekEurope it had targeted and successfully taken down all three sites as part of the  campaign against the UK’s attitude to extradition.

Talking over Skype, the spokesperson, going by the name of Winston Smith, said the attack on the Theresa May website was part of OpTrialAtHome, which is protesting against the UK’s extradition treaty with the US. In particular, Smith pointed to the case of Gary Mckinnon, who remains in limbo over whether he will be extradited to the US on hacking charges.

The government has come under fire for leniency to the US. The debate over the extradition treaty was given a fresh lease of life in March, when the home secretary approved the extradition of British student Richard O’Dwyer, who is facing charges of conspiracy to commit copyright infringement and criminal infringement of copyright for his role in the TV Shack website.

“The Computer Misuse Act should be applied at the location of the crime, not at the alleged source,” he said. “The US-UK judiciary change source and location application of the law when it suits them. That was one aspect of the protest”

As for the ICO, the ATeam claimed it hit the data protection regulator because of a “failure to protect privacy.” “The ICO are not equiped, nor have the motivation to ensure that we are protected,” Smith said.

The hacktivist collective is also protesting the Leveson Inquiry, which it believes has not worked effectively in punishing the media for hacking offences. Smith said Leveson was a “complete failure”.

Smith, who claimed to be a former investment banker, said the ATeam, also known as the Anonymous Team, consisted of 10 people who were “the best in the world.” The group does not directly work with other Anonymous cells.

He said the average age of the group was around 40, making it different from the other Anonymous groups, which consist largely of “children” who “cause more harm than good” and have “no understanding of what they are doing”.

“There are many  anons who are actual extremists hiding behind the mask,” Smith added. “We believe the mask has to come off.”

Smith said another key protest will focus on the draft Communications Data Bill, which was announced in the Queen’s Speech last week. Via a source within government, TechWeekEurope exclusively revealed the Coalition was already believed to be backing away from one of the key aspects of the bill – the black boxes in which citizens’ comms data would be stored within ISPs.

In the coming weeks, the ATeam hopes to take down more websites, including those of the Leveson Inquiry, the Home Office and the Supreme Court.

Smith and Anonymous have been linked with previous hits on the Home Office websites, as well as attempts on GCHQ.

Anonymous has had another busy year. Earlier this month, the group took responsibility for hits on ISPs TalkTalk and Virgin in protest at the Pirate Bay ban they were forced to impose. However, the Pirate Bay posted a public notice denouncing the use of DDoS as a protest tool.

UPDATE: This afternoon, the ICO website has been experiencing further problems, with its website inaccessible at the time of publication. The same Anonymous team told TechWeekEurope it had hit the watchdog’s site, whilst the ICO said it was looking into the matter.

“We are reviewing the underlying causes for the website being down with the providers of our web hosting,” an ICO spokesperson said.

Smith said the group had targeted the ICO as part of a protest against the Leveson Inquiry. “The information commissioner has failed to address the multiple data protection breaches of citizens by the media,” he added.

 

Source: http://www.techweekeurope.co.uk/news/anonymous-strikes-down-theresa-may-website-in-extradition-protest-77894

NEWS

The Serious Organised Crime Agency has taken its website offline due to a distributed denial-of-service attack.

By Tom Espiner, ZDNet UK, 3 May, 2012 15:02

The UK law enforcement agency asked its hosting provider to take the site down at approximately 22.00 on Wednesday, and the site was taken offline at around 22.30, a SOCA spokesman told ZDNet UK on Thursday. The site remained offline at the time of writing.

“The site was taken offline last night to limit the impact of a distributed denial-of-service attack (DDoS) against other clients hosted by our service provider,” the SOCA spokesman said. “The website only contains publically available information.”

The spokesman declined to say who the agency thought was behind the attack, but said it did not pose a security risk.

While website attacks are “inconvenient to visitors”, SOCA does not consider maintaining the necessary bandwidth to deal with DDoS a good use of taxpayers’ money, the SOCA spokesman said.

A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim responsibility.

“TANGO DOWN: DDoS attack takes down site of UK Serious Organised Crime Agency (SOCA),” said the @YourAnonNews feed.

The SOCA website was taken offline in June 2011, in an action that was claimed by LulzSec, a hacking group affiliated to Anonymous.

“What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on SOCA in June 2011,” said Ovum analyst Andrew Kellett. “Hacktivist attacks targeting particular operations have been known to be both persistent and long-standing, requiring extensive DDoS defences.”

SOCA announced last week that it worked with the FBI to take down 36 websites used to sell stolen bank card data.

On Thursday Cabinet Office minister Francis Maude said that SOCA had “recovered nearly two million items of stolen payment card details since April 2011 worth approximately £300m to criminals” in a speech made in Estonia.

 

Source: http://www.zdnet.co.uk/news/security-threats/2012/05/03/soca-website-taken-down-in-ddos-attack-40155157/

There has already been much fallout from the recent massive release of information by the WikiLeaks organisation–including attacks on WikiLeaks itself by those angered by its actions that aimed to disrupt and discredit the organisation. This saw WikiLeaks targeted by a variety of sustained distributed denial of service (DDoS) attacks that aim to make its web presence inaccessible.

Although these attacks were seen to be relatively modest in size and not very sophisticated, the publicity that they received has served to raise awareness of the dangers of such attacks, which can be costly and time-consuming to defend against. DDoS attacks occur when a hacker uses large-scale computing resources, often using botnets, to bombard an organisation’s network with requests for information that overwhelm it and cause servers to crash. Many such attacks are launched against websites, causing them to be unavailable, which can lead to lost business and other costs of mitigating the attacks and restoring service.
DDoS attacks are actually extremely widespread. A recent survey commissioned by VeriSign found that 75% of respondents had experienced one or more attacks in the past 12 months. This is echoed in recent research published by Arbor Networks of 111 IP network operators worldwide, which showed that 69% of respondents had experienced at least one DDoS attack in the past year, and 25% had been hit by ten such attacks per month. According to Adversor, which offers services to protect against DDoS attacks, DDoS attacks now account for 4% of total internet traffic. Another provider of such services, Prolexic Technologies, estimates that there are 50,000 distinct DDoS attacks every week.

The research from Arbor Networks also shows that DDoS attacks are increasing in size, making them harder to defend against. It found that there has been a 102% increase in attack size over the past year, with attacks breaking the 100Gbps barrier for the first time. More attacks are also being seen against the application layer, which target the database server and cripple or corrupt the applications and underlying data needed to effectively run a business, according to Arbor’s chief scientist, Craig Labovitz. Among respondents to its survey, Arbor states that 77% detected application layer attacks in 2010, leading to increased operational expenditures, customer churn and revenue loss owing to the outages that ensue.

Measures that are commonly taken to defend against DDoS attacks include the use of on-premise intrusion detection and prevention systems by organisations, or the overprovisioning of bandwidth to prevent the attack taking down the network. Others use service providers, such as their internet service provider (ISP) or third-party anti-DDoS specialists, which tend to be carrier-agnostic, so not limited to the services offered by a particular ISP. The first two options are time-consuming and costly to manage by organisations and they need the capacity to deal with the massive-scale, stealthy application-layer attacks that are being seen.
With attacks increasing in size and stealthier application-layer attacks becoming more common, some attacks are now so big that they really need to be mitigated in the cloud before the exploit can reach an organisation’s network. ISPs and specialist third-party DDoS defence specialists monitor inbound traffic and when a potential DDoS attack is detected, the traffic is redirected to a scrubbing platform, based in the cloud. Here, the attack can be mitigated thus providing a clean pipe service–the service provider takes the bad traffic, cleans it and routes it back to the network in a manner that is transparent to the organisation.

Guarding against DDoS attacks is essential for many organisations and vital especially for those organisations with a large web presence, where an outage could cost them dearly in terms of lost business. DDoS attacks are becoming increasingly targeted and are no longer just affecting larger organisations. Rather, recent stories in the press have shown that organisations of all sizes are being attacked, ranging from small manufacturers of industry food processing equipment and machinery through to large gambling websites.
By subscribing to cloud-based DDoS mitigation services, organisations will benefit from a service that not only provides better protection against DDoS attacks than they could achieve by themselves, but can actually reduce the cost of doing so as the cost of hardware and maintenance for equipment required is spread across all subscribers to the service and organisations don’t need to over-provision bandwidth as the traffic is directed away from their networks. For protecting vital websites, subscribing to such a service is akin to taking out insurance for ensuring that website assets are protected, and the organisation can protect itself from the cost and reputational damage that can follow from a successful DDoS attack that renders services unavailable.

Source: http://www.computerweekly.com/blogs/Bloor-on-IT-security/2011/02/ddod-attacks-coming-to-a-network-near-you.html

User forum Whirlpool was hit by a distributed denial-of-service (DDoS) attack last night, according to the site’s hosting provider BulletProof Networks.

Although BulletProof Networks chief operating officer (COO) Lorenzo Modesto first said that Whirlpool was the only one of its customers to be affected by the attack, he said later that its public and private managed cloud customers were experiencing intermittent degraded network performance also.

“BulletProof customers have been kept in the loop throughout (per our standard procedures),” Modesto said.

Modesto added that BulletProof had discussed the issue with Whirlpool, resulting in the site being offline last night while the provider gathered more information. The site is back online this morning.

“We made the decision to bring Whirlpool back online in the early hours of this morning through one of our international [content distribution network points of presence] that are usually used to deliver local high-speed content to the offshore users of customers like Movember,” Modesto said.

“We’re continuing the forensics just in case they’re needed and are keeping an eye Whirlpool,” he added.

The attack had come from servers in the US and Korea, according to BulletProof.

“We’ve also been able to record server addresses and other relevant details and have escalated the source servers to the relevant providers in Korea and the US,” he said. “If we need to, we’ll pass all details onto the [Australian Federal Police] with whom we’ve built a good relationship, but we’ll see how this pans out for the moment.”.

This has not been the first DDoS attack to hit the popular site. Last June it experienced ten hours of downtime from a DDoS attack.

BulletProof Networks had also collected internet protocol addresses from that attack, but decided not to prosecute as a “sign of good will”, saying that DDoS was recognised more as a protest than a crime.

However, not all DDoS perpetrators have received the same treatment in the past. Recently Steven Slayo, who was part of the anonymous band which launched attacks against government sites last year over the government’s planned mandatory internet service provider level internet filter was taken to court over his actions.

He pleaded guilty, but escaped criminal conviction because the magistrate deemed him an “intelligent and gifted student whose future would be damaged by a criminal record”.

Source: http://www.zdnet.com.au/whirlpool-hit-by-ddos-attack-339308730.htm