DDoS Archive

Reddit rival Voat has announced that it is currently being hit by a Distributed Denial of Service (DDoS) attack by unknown hackers.

Switzerland-based Voat posted on Twitter at midnight (GMT) on 13 July that it was being hit by an ongoing “layer 7 DDoS attack”. The website added a bit more detail on its own website:

“In case you were wondering why most third party apps for Voat haven’t been working for the last 8 hours or so – we are under DDoS. Again,” Voat wrote, quoting a CloudFlare support engineer.

“In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimise our source code even further. What doesn’t kill you – makes you stronger, right?”

At the time of publication, the website is now loading, although intermittently, and some users will still receive a message saying: “Voat is currently being kicked by a botnet.”

Voat is a censorship-free alternative to Reddit that uses an almost identical layout to the hugely popular “front page of the internet”.

Voat’s rise has been helped by Reddit problems

On 2 July, it was announced that director of talent Victoria Taylor, one of the few people to have a paid position with Reddit, had been fired. Her departure caused a huge online protest to erupt which saw 300 of Reddit’s most read subreddits being made private for over 24 hours and causing Reddit CEO Ellen Pao to resign.

During this period, Voat reported that it was receiving huge spikes in traffic, likely from Reddit users moving to the Swiss copy, and its servers were struggling to handle the increase in users. The website’s administrators also confirmed that they had been approached by several venture capitalist firmskeen to invest on 3 July.

However, the website has already been on the rise since May – it was initially ranked below 80,000 on Alexa, but within six weeks, it rose to become one of the top 15,000 websites online in the world, and one of the top 2,000 websites in the US.

For comparison, Reddit has 36 million registered users, 169 million monthly unique visitors and 7.55 billion page views per month. It is currently ranked 33 by Alexa globally and 10 in the US.

Voat experienced several DDoS attacks in June, and on 25 June, Voat itself reported that it had received over 700,000 unique visitors in the 30-day period ending on 25 June. “That’s like, crazy and stuff,” Voat’s administrators said on Twitter.

Voat was also briefly taken offline when its web host Hosteurope.de terminated Voat’s contracts and shut down its servers without a warning, because Voat had hosted “politically incorrect” content.

Source: http://www.ibtimes.co.uk/reddit-alternative-voat-knocked-offline-by-ddos-cyberattack-1510581

Messaging app Telegram appeared to have suffered from a two-hour outage today. The service has appeared to have gone down at about 4pm and was partially restored at about 5.30pm. However, some users are still experiencing difficulty accessing the instant messenger. Online service fault detector website downdetector.com received 7 alerts on failed connectivity issues. Based on comments received on the website, most of the service faults were reported in the Asia-Pacific region. “Telegram down. So I guess it’s not as stable as WhatsApp lah aite.” said twitter user @amin_aminullah. Meanwhile, Telegram tweeted that it was faced with a Distributed Denial of Service (DDoS) attack in India and the South-east Asia region. “An ongoing DDoS is causing connection issues for our users in India and South East Asia. We’re hard at work fighting back.” @telegram tweeted. According to Wikipedia, a DDoS attack takes advantage of some property of the operating system or applications on the victim’s system. In turn, it enables an attack to consume resources of the victim, possibly crashing it. A growing number of Malaysians have switched over to Telegram as an alternative to popular messaging services such as WhatsApp and WeChat.

Source: http://www.nst.com.my/node/91658

DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed.

If a large man stopped you on a street corner and told you that if you hand him five dollars, he won’t punch you in the face, what would you do? First you would sarcastically think to yourself welcome to New York, because that’s where this would happen.

Following that, you could say no. You could try to run. You could try to defend yourself. But with a matter of moments to think about it, you’d probably just hand over the five dollars. It doesn’t feel good to give money to an unethical person to stop him from doing a terrible thing to you, but hey, face punch averted.

Three days later, there he is again. Same offer only now its ten dollars. He already knows you don’t want to be punched in the face and he also knows you don’t seem to have any other plan for dealing with his threats. Handing over that first five dollars set you up to keep being victimised.

A DDoS ransom note has a similar strategy behind it. The difference is that you don’t have mere seconds to make your decision. Forewarned is forearmed, so get your shield up.

DDoS attack motivations

A DDoS attack is a distributed denial of service attack, which is an attack that seeks to deny the services of a website, network, server or other internet service to its users by interfering with an internet-connected host. While victims of this kind of attack may throw their hands up in the air and ask why me, it isn’t necessarily a rhetorical question.

Many people assume DDoS attacks stem from business rivalries, or are an attempt to gain a competitive advantage. In some cases this is true, but it’s far from being the only reason for DDoS attacks. DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted.

The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies. Whether it’s a turf war between online groups, websites being randomly targeted for DDoS experiments, a challenge to see what attackers are capable of, or hacktivist groups trying to gain attention (the Lizard Squad, anyone?), a lot of the reasons for DDoS attacks can be summed up to just being a jerk on the internet.

DDoS ransom notes no exception

Speaking of jerks on the internet. For about as long as DDoS attacks have been a thing, so too have DDoS attack extortion attempts. ‘We have a botnet army prepared to take down your site. You have 24 hours to pay us $1000.’ This sort of ransom note is typically followed by a warning shot low-level DDoS attack, just so you know the attackers are capable of what they’re threatening.

A year ago, even a few months ago, these DDoS ransom notes were largely attributed to low-level cyber criminals, or kids trying to make some easy cash. But the recent actions of DD4BC, a high-level hacking group responsible for some high-level extortions on bitcoin companies, have shown us that this isn’t true.

DD4BC have been threatening 400+ Gbps DDoS flood attacks. While their actual attacks have been shown to be much smaller scale application layer DDoS attacks, peaking at about 150 requests per second accompanied by network layer attacks maxing out at 40 Gbps, these attacks would still be enough to take down most small to medium-sized websites.

DD4BC have been attempting to extort bitcoin and gaming companies since November of 2014. Lately they seem to have begun targeting the payment industry as well.

How to respond when you receive a DDoS ransom note

Thank your mom for all that just ignore it advice she gave you growing up, because one of the best responses here is definitely no response. If you pay the ransom, not only are you out that money, but you’ve also identified your website as one that has no professional DDoS protection.

That will put you on the exploitable victim list with a big exclamation mark after your name.

Some companies have decided that they’re not content with merely ignoring the ransom demands. One of DD4BC’s first publicised extortion attempts was against the Bitalo Bitcoin exchange, who not only refused to capitulate, but slapped a big ol’ bounty on DD4BC’s head.

That bounty was added to by another bitcoin company, Bitmain, in March. Another high-profile website, meetup.com, also went public with their fight against a blackmail-related DDoS attack in March 2014.

Ignoring these DDoS ransom notes or actively fighting back against would-be extortionists is unequivocally what your organisation should do in the event that you receive one. However, to do either of these things absolutely requires that you have professional DDoS protection. You don’t poke the bear unless you know it can’t get out of its cage. If that means onboarding protection as soon as you get a note, then so be it.

A better plan is to have professional DDoS mitigation in place before you ever land on the list of some hacking group. Blackmail is just one of many reasons DDoS attacks take place, and DDoS attacks are getting stronger and more devastating all the time.

Source: http://www.information-age.com/technology/security/123459804/ddos-ransom-notes-why-paying-will-get-you-nowhere

Online gaming sites in New Jersey were rocked by a wave of distributed denial of service attacks (DDoS) last week, according to the New Jersey Division of Gaming Enforcement (DGE).

At least four sites were knocked offline for around half an hour by the cyberattacks, David Rebuck, DGE director, said, although he declined to name them.

The disruption was followed by a ransom demand, to be paid in bitcoin, and the threat of further more sustained attacks, he added.

DDoS attacks are used by cyber criminals to flood the bandwidth of an internet site rendering it temporarily nonoperational.

Online gambling has been a target for such criminals since the early days of the industry, although this is the first time that any attacks have been reported against the regulated US markets.

However, last September, when Party / Borgata attempted to stage the most ambitious tournament series the regulated space had seen, the Garden State Super Series, major disruption forced the main event to be cancelled.

“Known Actor” Suspected

It was assumed that the technical difficulties were the result of a relatively new infrastructure bending under the weight of an uncommon influx of players, but it seems possible that there were more sinister forces at work.

Cyber attackers typically strike at times when traffic is highest in order to maximize disruption, and a well-publicized event like the Garden State Super Series would have been an irresistible target. 

Rebuck’s assertion that law enforcement is now hunting a “known actor” in relation to the attacks, a suspect who has “done this before” would appear to confirm, at least, that New Jersey has been subject to a prior attack.

Recent Attacks on Offshore Market

Hackers have certainly disrupted unlicensed US-facing poker sites in recent times. Two months after the Garden Super Series, the Winning Poker Network (WPN) attempted to stage a similarly ambitious online tournament with $1,000,000 guaranteed.

The event had attracted 1,937 players with 45 minutes of late registration still remaining, before it was derailed by a suspected cyberattack.

An on screen-message relayed the news to players as the tournament was abandoned four and a half hours in, following a spate of disruptions. The tournament was canceled and buy-in fees refunded to all participants.

On November 23, the Carbon Poker Online Poker Series was severely interrupted by poor connectivity issues, and the site has experienced intermittent problems several times since, although no official word on the disruptions has been forthcoming from .Carbon Poker.

“It sounds like the regulators and the [gambling] houses anticipated this very type of attack and responded to it in a very appropriate manner,” cybersecurity expert Bill Hughes Jr, told the Press of Atlantic City of the incident last week. “It appears that the system worked here.”
Source: http://www.cardschat.com/news/new-jersey-online-gaming-sites-hit-by-ddos-attacks-13472

500 routers whip up colossal DDOS over ye olde RIP protocol

Attackers are exploiting an ancient networking protocol to enslave small home and office routers in distributed denial of service attacks, Akamai says.

The May attacks, described in a report by the global networking company, exploit routers operating version one of the Routing Information Protocol (RIP) developed in 1988 and superseded by version two in 1996.

Net pests are generating 12.8Gbps DDoS attacks from some 500 enslaved routers, but have the potential to scale upwards if they target more of the 24,212 exposed devices found vulnerable, Akamai’s PLXsert unit says.

“PLXsert has been monitoring an uptick in a form of DDoS reflection previously thought of as mostly abandoned,” the report (PDF) says.

“This attack vector, which involves the use of an outdated routing protocol in RIPv1, began showing up in active campaigns again on May 16th after being dormant for more than a year.

“… there is little reason for RIPv1 to continue as an available resource for DDoS attacks. Most of these sources appear to be from outdated hardware that has been running in home or small-office networks for years.”

Attackers are able to conceal the source identity by spoofing IP addresses in reflection attacks where exposed routers receive requests from one source but direct it at another.

They can also amplify the attacks by causing routers to respond to requests directed at victims with larger payloads of up to 512 bytes for every 24 byte query.

Most of the dust-covered workhorse routers are Netopia 3000 and 2000 models distributed by AT&T.

Akamai recommends system administrators restrict traffic on UDP port 520 and users to upgrade to RIP version two.

The DDoS attacks are more novel than dangerous. Crims have pushed attacks through Network Timing Protocol amplification that, in 2013, slammed Hong Kong with a 400Gbps traffic deluge.

Net pests have however proved they will take whatever they can get and have used video recorders and other low-powered embedded devices for denial of service and bitcoin mining. ®

Source: http://www.theregister.co.uk/2015/07/06/1996_ddos_ripv1_attacks_akamai_report/