DDoS Defense Archive

Pavel Vrublevsky, the co-founder and owner of ChronoPay, one of Russia’s largest e-payment providers, was found guilty of masterminding a DDoS attack on Aeroflot’s website in 2010, RAPSI reports from the courtroom on Wednesday.

Vrublevsky, Maxim Permyakov and Igor and Dmitry Artimovich were charged with organizing a DDoS attack on Aeroflot’s website, which is run by the Assist processing company. Aeroflot’s online ticket sales system was down for several days.

The investigators believe that Vrublevsky tried to terminate a service contract to sell e-tickets between Aeroflot and Assist in July 2010, thus eliminating a rival firm.

According to the Prosecutor General’s Office, Vrublevsky instructed Permyakov, the Chief Security Expert at ChronoPay, to hire the Artimovich brothers to hack into Aeroflot’s website. The brothers, who used a network of virus-infected computers, were paid over $20,000.

They attacked the website from July 15 to 24, blocking the e-ticket payment system.

The firms incurred substantial financial losses. Assist lost 15 million rubles ($488,090) and Aeroflot lost more than 146 million rubles ($4.75 million).

Acting upon an appeal filed by the defense lawyers earlier, the court dropped the charges under Article 273 of the Criminal Code, which stipulates a punishment for creating a harmful program, due to the expiration of the statute of limitations.

The case is being heard under Article 272 on illegal access to computer information protected by law, which resulted in its destruction, blocking, modification or copying.
Aeroflot is a member of the SkyTeam global alliance and is based at the Sheremetyevo Airport in Moscow. In 2011, Aeroflot transported over 14 million passengers. The Federal Agency for State Property Management is Aeroflot’s main shareholder with a 51.17% stake. Around 15% of the airline is held by companies belonging to businessman Alexander Lebedev.

Source: http://www.rapsinews.com/judicial_news/20130731/268388485.html

Distributed denial of service attacks are one of the biggest threats to the internet, with one recent report indicating that there are more than 7000 attacks every day – a figure considered by many experts to be conservative.

One of the primary functions of DDoS is to extort the victim. In her paper on DDoS, Molly Sauter draws a distinction between hacktivist DDoS (for civil disobedience) and criminal DDoS (for financial gain). Now Corero Network Security is warning of growth in the latter, and predicting an increase in DDoS aimed at online gaming and particularly gambling sites over a summer of sport.

The standard methodology, Corero’s CEO Ashley Stephenson told Infosecurity, is to preface the threat with some minor incursion on the network. Then follows the warning message: check your logs; we did that – and unless you pay us a very large amount of money we’ll bring your network down.

The threat is real and the consequences severe. In reality, most large companies refuse to pay, said Stephenson. Slush funds are increasingly difficult to maintain and disguise, not least in the UK following the Bribery Act. Any payment would usually need to be paid via some third-party ‘services’ company; and the criminals would want payment in something like bitcoins or Paypal (and one of the largest clearing houses for illegal money, Liberty Reserve, was shut down by the FBI in May.) A secret payment is not easy to organize.

But refusing to pay has its own problems: the fulfillment of the threat. “These attacks go beyond simple annoyance,” said Stephenson, “with an average cost of over £150,000 per DDoS attack.” The evolution of ‘reflection’ attacks, where an attacker can increase the attack bandwidth eightfold by using open resolvers, means that small groups can now deliver major DDoS attacks – up to and beyond 100 Gbps.

The result is a growing, but hidden, crime. Neither side likes to talk publicly. “More often than not these blackmail threats go unreported,” said Stephenson. “We tend to hear about them,” he added, “when a threat is received and a decision taken to ignore it.” Companies then turn to specialist DDoS mitigators such as Corero to ensure their defenses.

The alternative, paying up, is no solution. “Some companies opt to pay the ransom rather than go public with the attack in the hope that this will satisfy the hackers, though this is rarely the case and may lead to the site continually being targeted.” It’s a difficult decision for a company that entirely relies on its uptime for its business. Prevention, through DDoS preparation, is far better than cure – and is the only real solution to a summer of hidden DDoS crime.

Source: http://www.infosecurity-magazine.com/view/33208/extortion-the-hidden-crime-fueled-by-ddos/

June 19th, 2013

When distributed denial-of-service (DDoS) attacks first started appearing in the late 1990s, the response from businesses was broadly similar to that of most new cyber threats: A shrug of the shoulders and an ‘it won’t happen to me’ attitude.

Then, as they became more prevalent, companies began to take notice. Yet until relatively recently, products that could successfully defend against a DDoS attack weren’t available to many businesses. Businesses that did get hit had no option but to grin and bear it.

Vendors now offer a wide range of mitigation solutions that offer protection to companies that find themselves under siege. While their effectiveness can’t be guaranteed, it allows firms to be proactive and put together defence strategies, instead of simply waiting to be targeted.

The frequency of DDoS attacks is growing at a frightening rate, with one report claiming a 200 per cent annual increase.

A week rarely goes by without the media running a story about a high-profile victim of a successful DDoS attack. With our always-online culture coupled with businesses migrating more of their services onto the internet, the threat has become more acute.

This increase in attacks and greater public awareness has moved DDoS onto all businesses’ risk dashboards – from start-ups to multi-national corporations, but simply putting mitigation measures in place and hoping for the best isn’t enough.

It’s been suggested that defending against a DDoS attack can cost as much as £2.5 million. Although this may be an overestimation, businesses do need to be certain that their mitigation investment will pay dividends.

In other areas of cyber security, the cost effectiveness of this type of investment can be assessed. For instance, a penetration test can measure how effective a network’s defences are and pinpoint vulnerabilities. But with a DDoS attack, how do you know that your investment is worthwhile, until it’s too late?

There’s also practical preparation to think about too. Do IT employees and service providers know what a DDoS attack will look like? Do they know the signs to look out for, and do they know their role during an attack scenario?

In the workplace, we all know what to do if there was ever a fire because of fire drills; we run over the steps we¹d need to take so that, should the real thing happen, we are prepared.

That is exactly the mind-set that businesses should have when it comes to DDoS attacks, and why we’ve created a DDoS fire drill service. Building on our DDoS assured simulation service – which emulates a real attack through our own botnet in a secure, controlled manner – we can test businesses with a controlled, low level DDoS attack and allow them to test their response processes.

While we control the attack, companies can examine staff and supplier reaction and ensure realistic procedures are in place to manage not only the attack itself, but also discourse with the supply chain without having to wait until a real attack occurs.

For instance, working out whose responsibility it is to phone the necessary third parties might seem like an inconsequential issue, but if employees don’t know their roles or have never had a chance to practice then it shouldn’t be assumed.

What about the mitigation solutions that aren’t fully automated? Whose role is it to man them, and do they know how? With the DDoS fire drill, everyone can learn exactly what part they’re expected to play. When the fire alarm goes off, employees know exactly where to go -­ it should be the same once the tell-tale DDoS signs appear.

Being prepared and ready is paramount when it comes to any emergency, and cyber security is no different. Too many businesses are like rabbits in the headlights once a DDoS attack starts. But prepare and practice accordingly and it is possible to minimise the damage.

For protection against your eCommerce site click here.

Source: http://www.scmagazineuk.com/ddos-evolution-and-the-importance-of-preparation/article/299171/

Anonymous, the international collective of hackers and activists, has continued its online cyberattack on Turkey’s Internet infrastructure that began over the weekend. In response to a violent police crackdown of protesters and censoring communications, Anonymous launched #OpTurkey and have now hacked over 100 Turkish websites, including several belonging to the Turkish government.

“We will attack every Internet and communications asset of the Turkish government,” Anonymous threatened in a YouTube video posted Sunday. “You have censored social media and other communications of your people in order to suppress the knowledge of your crimes against them. Now Anonymous will shut you down, and your own people will remove you from power.”

Anonymous used distributed denial of service, or DDoS, hacks to overload servers and knock target websites offline. In addition to websites belonging to the Turkish government, political parties and police department, Anonymous hacked websites belonging to media outlets that support Prime Minister Tayyip Erdogan. One example was the private news broadcaster NTV, which was criticized for not reporting on the police brutality.


Other Turkish websites were hacked and defaced to include images supporting the protesters in Turkey. Several Tunisian hackers got involved with #OpTurkey and claim to have hacked more than 145 Turkish websites.

The Turkey protests began as a peaceful demonstration against plans to build over Gezi Park in Taksim Square. The protest changed to a call for Erdogan to resign and police responded with tear gas and pepper spray. Several international human rights groups have condemned the police action in Turkey as excessive use of force.

Turkish protesters have said that the government has shut down Internet connections and censored social media websites in an attempt to hide the police brutality. While these reports haven’t been confirmed, Erdogan has expressed distaste for social media, calling it “menace.” To combat, Anonymous has shared how to use encryption software to evade government censors and have tweeted passwords to free virtual private networks.

Earlier this year, Anonymous launched cyberattacks against North Korea and Israel and hacked several government websites. Last week, Anonymous joined a protest in solidarity with the hunger strike in Guantanamo Bay, effectively making the protest the No. 1 topic on Twitter.

Source: http://www.ibtimes.com/opturkey-anonymous-hacks-145-turkish-websites-shares-free-internet-access-protestors-turkey-1290799

The New York Times Company was a victim of online attacks earlier this week that slowed down The New York Times Web site and limited access to articles and other types of content.

According to Danielle Rhoades Ha, a company spokeswoman, the Web site became unavailable to “a small number of users” after a denial-of-service attack, a tactic used by hackers to slow or halt Web traffic by bombarding a host site with requests for information. She added that the company did not “have confirmation on who is responsible for the most recent attacks on nytimes.com.”

The announcement follows attacks that were made on The Times’s site late last year. In January, the newspaper announced that its computer systems had been infiltrated by Chinese hackers who found passwords for reporters and other employees. The attacks took place as The Times investigated the relatives of Wen Jiabao, China’s prime minister, and how they had built up a multibillion-dollar fortune during his political tenure. David Barboza, the author of the article, won a Pulitzer Prize.

Attacks on media organizations are not unique to The Times. Shortly after the January announcement by The Times, officials at The Wall Street Journal and The Washington Post also reported that their Web sites had been attacked by Chinese hackers. On Friday, the Syrian Electronic Army said it had hacked the Web site and several Twitter accounts that belonged to The Financial Times. In the past, it has attacked other media companies, including The Associated Press and The Onion.

Source: http://www.nytimes.com/2013/05/18/business/media/times-site-is-attacked-by-hackers.html?_r=0