DDoS Archive

The cyber wars are heating up, with the popular Russian government funded RT News becoming the latest victim to fall foul of a massive distributed denial of service (DDoS) attack that knocked the site out of action for around three hours earlier today.

RT News, whose pro-Russian government stance has seen them publish a number of stories in support of WikiLeaks founder Julian Assange, first revealed that its server was experiencing technical difficulties on Facebook, shortly before tweeting that its hosting provider had confirmed that a DDoS attack was the reason for the outage.

‘Antileaks’, the group that had earlier claimed responsibility for a similar attack on WikiLeaks, later claimed responsibility for taking down RT, although as of yet there is no proof that this group is behind the attacks. What is notable is that the attack came just hours before a guilty verdict was delivered against members of the punk band Pussy Riot, who have been highly critical of Russian leader Vladimir Putin.

Antileaks tweeted that it was responsible for the DDoS attack just 20 minutes after RT had confirmed it, attaching a hastag in support of the Pussy Riot members. Shortly afterwards, WikiLeaks weighed into the war of words on Twitter, condemning the attack and suggesting that it was due to RT’s support of Assange rather than anything to do with the punk band. RT had previously hosted Assange’s personal chat show, in which one of his guests was none other than Ecudador’s President Rafael Correa.

RT hasn’t said anything about how they managed to overcome the attack, simply posting on Facebook that their English-language site was “back online after DDoS attack but we’re still experiencing some tech difficulties.”

For fast DDoS protection against your website click here.

Source: http://siliconangle.com/blog/2012/08/17/rt-news-hit-by-ddos-attack-taken-offline-for-three-hours-this-morning/

 

A distributed denial-of-service attack aimed at AT&T’s DNS (Domain Name System) servers has disrupted data traffic for some of the company’s customers.

The multi-hour attack began Wednesday morning West Coast time and at the time of this writing, eight hours later, does not appear to have been mitigated.

“Due to a distributed denial of service attack attempting to flood our Domain Name System servers in two locations, some AT&T business customers are experiencing intermittent disruptions in service,” an AT&T spokesman told IDG News Service by email. “Restoration efforts are underway and we apologize for any inconvenience to our customers.”

The attack appears to have affected enterprise customers using AT&T’s managed services DNS product.

“Our highest level of technical support personnel have been engaged and are working to mitigate the issue,” AT&T said in a message on a service status page.

But it added there is “no estimated time” for restoring the service.

DNS is responsible for converting human-friendly domain names into the numeric IP (Internet protocol) addresses that computers use to route data. When it fails, computers are unable to route data to its intended destination, even though the destination server remains online and accessible.

A distributed denial-of-service (DDoS) attack attempts to flood a server or system with so many packets of data that it becomes difficult or impossible to reach for legitimate traffic. It doesn’t necessarily stop the server from working, but the overload of data results in the system being all but unusable.

Service is returned to normal when the attack stops or when engineers find a way to absorb or deflect the nuisance traffic.

“We got our first report of problems at 6:31 a.m. Pacific time,” said Daniel Blackmon, director of software development, at Worldwide Environmental Products. The company tests vehicle emissions and has remote units deployed that report back to central servers.

“The problems mean none of the equipment we have in the field can contact our servers, and there is a limit to the amount of information they can hold offline.”

For fast DDoS protection for your e-commerce website click here.

Source: http://www.pcworld.com/businesscenter/article/260940/atandt_hit_by_ddos_attack_suffers_dns_outage.html

CHENNAI: Hacktivist group Anonymous brought down Congress party’s website on Tuesday in what it claimed to be a fight against corruption. For the first time, it rallied its followers on social networking site Twitter and asked them to participate in distributed denial of service (DDoS) attacks that rendered the homepage of All India Congress Committee website (www.aicc.org.in) unavailable for most part of Tuesday.

The group’s tweets from the twitter handle @opindia_revenge led to another page which highlighted that the target of OpRiseIndia was corrupt corporations, political parties and media. “To help us simply click on the button ‘Go to Attack Page’ (everything is set for you), and click ‘Start Attack’,” it said. The site had a disclaimer that informed people that taking part in a DDoS attack is illegal and another link provided steps to protect oneself from detection and avoid revealing the location.

“We are fighting against corruption which goes across political parties,” said a member of the group in an internet relay chat. The Congress is their first target as it is in power now, the member said. The India-arm of Anonymous has done a series of virtual sit-ins or DDoS attacks on websites of Reliance Communications, Mahanagar Telephone Nigam Limited, Internet Service Providers Association of India and All-India Trinamool Congress as part of its protest against internet censorship.

The latest attack, members said, was an effort to create awareness about corruption among people. “We have seen many scams which have come out in the open, but nobody knows what is really happening. Public is kept at dark. We don’t know which political parties are behind it,” said another member.

As for asking people to participate in the attacks, a member said the group was looking to create awareness about corruption on the internet. “We have enough people to attack these sites. We are tweeting to build more awareness,” said a member.

The group said its operation has nothing to do with Anna Hazare’s movement or any other organisation that is fighting against corruption. “This is a separate movement from Anonymous,” said a member, adding that they are not against any political party. “All political parties indulging in corruption will be our targets,” said a member.

When contacted, Vishvjit Singh, chairman of AICC’s computer department, said: “Attacks can keep coming in, hopefully we’ll be able to handle them.”

For fast DDoS protection against your website click here.

Source: http://articles.timesofindia.indiatimes.com/2012-08-01/chennai/32980448_1_political-parties-corruption-hacktivist-group-anonymous

 

Security firm Radware claims to have spotted evidence online that suggests hactivist group Anonymous is gearing up to target denial-of-service attacks on the websites of British companies BT and GlaxoSmithKline during the Olympics, and maybe do much more.

The Radware Emergency Response Team has identified postings on Pastebin that suggest that Anonymous intends to attack London-based global network-services provider BT and pharmaceuticals and healthcare provider company GlaxoSmithKline (GSK). Both companies happen to have roles to play associated with the London-based Olympics — GSK is providing drug-testing and associated medical input, while BT is supporting numerous Olympics-related projects. Radware says its evidence is information posted by someone claiming to be tied to the shadowy group Anonymous.

Anonymous uses a few tools to attack its targets, and one of them is the High Orbit Ion Cannon (HOIC), a weapon that’s been out for about six months, says Carl Herberger, vice president of security solutions at Radware. He says there’s now attack information contained in what’s called a “HOIC booster” posted online and advertised as coming from Anonymous to attack both BT and GSK. He acknowledges, though, this “could be anybody.”

The HOIC tool provides you with the ability to use scripted code, Herberger says, noting it allows for opening up many connections from a single machine, and hence represents a more powerful attack tool from the older, known “Low Orbit Ion Cannon” attack tools, which couldn’t do this. The HOIC booster information that’s posted essentially represents something along the lines of “ordnance” that can be loaded into the HOIC to hit a target.

While the Pastebin information related to HOIC may in the end may be of no consequence, Herberger says there were a series of attacks on sites in India in the past in which this type of information was posted in advance, and the attacks did occur. Radware is putting out this information in what it regards as an advanced warning to help companies prepare.

For fast DDoS protection click here.

Source: http://www.networkworld.com/news/2012/073012-anonymous-bt-gsk-261281.html

Next week is Black Hat — perhaps the world’s most significant and influential annual hacking conference. It’s an event that draws in the best and brightest (and sometimes, the borderline legal) hackers from around the world to show off the latest threats to our phones, laptops, PCs, Macs, tablets — and literally anything else with a digital heartbeat.

While it may not be as well-known as other ‘geek’ cons like CES or Comic-Con, what happens at Black Hat will eventually impact every consumer, business executive and government official in the U.S. In the last few years, the potential risks from hackers have reached epic proportions — from doomsday ‘worms’ that can physically destruct nuclear plants to ‘botnets’ that enslave millions of home PCs each year, leading to millions of dollars in credit card theft and other financial identity crimes.

Back in 1997, when Black Hat was founded, the average person could be excused for not paying attention to what was happening in the hacker underground. But today, when all of us depend on the Internet and technology devices to bank, buy, work and live, and the groups attacking us have evolved dramatically (Russian cyber crime gangs, Anonymous and other hacktivists, Chinese government sponsored hackers, etc.), there is simply no excuse to remain uninformed.

It’s time for everyone to learn about hacking threats.

But one of the first hurdles most people face is the language. What’s ‘smishing?’ or ‘0-days?’ or ‘clickjacking?’

The first step is to learn how to speak hacker — then the concepts really aren’t that hard to understand, and it’s possible to keep up with the latest threats and protect yourself.

Here is a simple hacker-decoder:

Virus, Worm, Trojan, Malware — What’s the Difference?

When news reports come out about a new computer threat, they often call it a ‘virus.’ But much of the time, that isn’t correct. In fact, most of the computer infections we see today aren’t viruses at all — viruses are somewhat ‘old school’ in the hacking world. It’s important to understand that there are several different types of infections that can target you — knowing the difference between them can better help you to stay safe.

A ‘virus’ is the oldest type of computer infection. It is a malicious computer program that is often hidden inside a seemingly legitimate email attachment. The good thing about a virus is that it can’t work unless the victim interacts with the file it’s in — either by clicking or downloading it. Once inside a computer, it will try to reproduce itself and infect other parts of the computer or network.

A ‘worm’ is different than a virus: it doesn’t require user interaction, so even if you don’t click on an infected file, the worm can still infect your computer. Worms are designed to spread, and spread fast — once they’re in, they typically try to install a ‘backdoor’ in the computer or cause it to shut down.

A ‘Trojan’ is another infection that was named after the Trojan horse in the Odyssey. It looks like something you want, but conceals an attack. Trojans are often hidden in file attachments, like Word docs, Excel, PDF, even a computer game. Once a computer is infected, a Trojan gives the hacker remote access to your computer — this lets him spy on your online activities, capture email and account passwords.

And ‘malware’ refers to it all — viruses, worms, Trojans, and other nasty things like adware, spyware and rootkits. So if you want to use a general term for a computer infection, malware is technically correct instead of virus.

Types of Hackers

There are three types of hackers: the ‘white hat,’ ‘black hat,’ and ‘gray hat.’

The white hat is the good guy — he or she is a professional in the security field who hacks products, services and companies, with their permission, in order to figure out how to better protect them. White hats are also called ‘ethical hackers,’ ‘penetration testers’ or ‘offensive security’ professionals. A black hat is someone who breaks into a computer network with malicious intent. A gray hat is one who bounces between good and evil in his or her hacking prowess — think of him as Luke from Star Wars: he wants to be with the force, but Darth Vader keeps calling him to the dark side.

Common Attacks

So how do hackers get all this bad stuff onto our computers? Here are the most common types of attacks they use to infect us with viruses, worms, Trojans and other malware:

Phishing

Ever get a fake email claiming to be from a bank or a Nigerian prince? This is phishing. It’s a fake email that often appears to be from a legitimate source, like the IRS, a bank, a former employer, friend, etc. The goal of the email is to get you to click or download something that will infect your computer; or trick you into giving up information, like your Social Security Number. When a phishing email appears to come from a real email (like IRS.gov, or the actual email of an old friend), that’s called ‘spoofing.’ Phishing isn’t only done via email — today, it’s also sent via text message (‘smishing’) and social networks like Facebook. Most of the time, phishers send out these fake emails to hundreds or thousands of people, and they’re easy to spot — but sometimes, they go after one person in particular and use personal information gathered from Facebook or other social networks to make it seem like they know you. This is called ‘spear-phishing.’

Social Engineering

This is the old-fashioned con game. It refers to a criminal who’s able to trick or persuade a person to do something they shouldn’t — like give a network password to a person claiming to be from the IT department; or granting a person supposedly from ‘Microsoft’s security team’ permission to remote access a computer they claim is infected. Social engineering is often done in a phone call, but it can also be done in person, via email or social networks.

Internet-based Attacks

Most people tend to think that they won’t get infected unless they open a virus-laden attachment in an email. But the truth is, you can get infected just by going on Facebook or visiting the New York Times website. Hackers today can target people directly through the Internet browser (Internet Explorer, Firefox, Chrome, Safari), even if the browser is fully patched and up to date. How does it work? Hackers write special programs which they insert into websites — it could be a sketchy website, legitimate website, social network site, blog, forum, comment feed, etc. On some of these sites, the website itself is infected — think of a blog or questionable website, such as pornography. Once you visit the website, it hits you with a ‘cross-site scripting’ (or XSS) attack which will then try to steal any cookies or passwords saved in your browser. This allows the hacker to gain access to your accounts. Another attack that is similar to XSS is ‘clickjacking.’ The difference, however, is that the website itself isn’t infected — instead the hack attack is hidden inside something such as a ‘Like’ button in a Facebook message chain or the play button on a movie. When the user clicks on that button, she is ‘clickjacked,’ because the hidden program is what is actually activated. Another trick hackers use is the ‘drive-by download.’ These are most common with pop-up ads, anti-virus warnings or even an email. The computer is infected when you click to cancel the pop-up or click ‘accept’ or ‘deny’ on the anti-virus ads. With emails, a drive-by download can happen just by viewing the message. Sometimes legitimate-looking ads on legitimate websites can launch a drive-by attack. When this happens, it’s called ‘malvertising.’

Wi-Fi Attack

In the majority of cases, when you log on to a public Wi-Fi hotspot — at Starbucks, the airport, hotel or even a municipal hotspot — your computer is at risk of a ‘man-in-the-middle’ attack (or ‘MITM’). This is an attack in which the hacker sits between you and the Internet, essentially. Because the network is open to anyone, he can use special tools to find other people who are using the same network — and then intercept their computer’s signal. This allows him to see everything you do, in real time. He can steal passwords and even force your computer to go to a bad site without your knowledge.

Real-Life Zombies

Everyone should know what a ‘botnet’ is, because there’s a one in four chance your home PC is already part of one. A botnet is a collection of ‘zombie computers’ — these are computers that have been infected with worms or Trojans and allow a hacker to remotely control them. They’re called zombies because they’re now a slave to this hacker. When a hacker controls a lot of zombies, i.e., a botnet, he can then sell them to other cyber criminals who want to steal personal identities, or he can rent them out to hackers who want to attack another computer network — like Anonymous’ attacks on the CIA, Visa and others. When hackers use botnets to shutdown another computer, it’s called a ‘denial-of-service’ (DoS) or ‘distributed-denial-of-service’ (DDoS) attack. A DoS or DDoS basically involves using all of these computers — typically in the thousands — to flood another computer with so many data requests that the computer network crashes. The FBI is now targeting botnets and will shut them down — which can disable your Internet access if it’s part of one.

For protection against DDoS click here.

Hacker Tools

Hackers favor a few different types of computer tools in order to launch their attacks. It’s helpful to know what they are:

‘Zero-day,’ or ‘0-day’

This is a flaw in a software program or an actual device that doesn’t yet have a fix. In many cases, the company (like Microsoft, Apple, Firefox, etc.) doesn’t even know the flaw exists. Events like Black Hat are a great way to make companies aware that they have flaws. For consumers, there’s nothing you can to avoid a 0-day attack — except to not use the product, pray, or both.

‘Crimeware’

Hacking is a multi-billion dollar industry these days, and it’s grown so sophisticated that skilled hackers will actually sell hacking programs to other criminals. This is called crimeware — any type of malicious program that is sold on the black market. A good example is phishing email — those fake IRS emails that look like they really came from the IRS? Yep, that’s crimeware.

‘Carding’

Hackers also go to special underground forums known as ‘carding’ sites to swap, sell and buy other people’s credit card information. Most of these credit cards were previously stolen through Trojans and keyloggers.

TOR

This is a popular program that lets you become anonymous on the Web. Ever see a crime movie where the FBI can’t trace the call? TOR is like that for the Web — it hides your IP address (think of this as a computer’s phone number) so no one can tell who is visiting a certain website or launching an attack. It’s like calling from someone else’s phone, a hundred times over.

‘Sniffer’

A tool hackers use to ‘sniff’ or intercept Internet or Web traffic, for instance, on a public Wi-Fi hotspot. One of the most notorious ‘sniffers’ is Firesheep.

‘Fuzzer’

‘Fuzzing’ is a tactic hackers use to figure out where a Web application is vulnerable. The fuzzer will bombard the computer program with bizarre or random computer requests that will eventually cause the program or computer to make a mistake or crash — and that tips off the hacker as to where it is weak.

Hacker Insults

It also helps to know some of the derogatory terms that are often used online.

‘Noob,’ or ‘n00b’

A newbie, someone who’s an amateur or uninformed. If you’re reading this article, you’re a n00b.

‘Script Kiddie’

If you’re a ‘script kiddie,’ you’re a poser, essentially. A script kiddie is someone who isn’t very skilled at hacking, but thinks they are – or tries to pretend they are. It’s a step above a n00b.

‘Owned,’ ‘Pwned’

Getting owned or ‘pwned’ (pronounced: pOWNed) basically means getting hacked. It can also refer to having your computer ‘backdoored’ by a Trojan or worm, or simply losing an argument in an online forum.

‘Doxed’

You definitely don’t want to get ‘doxed.’ This is what hacktivist groups like Anonymous made famous in 2010, 2011. Doxing is when you gather sensitive, personally revealing information about someone — it could be there true identity, where they live, family, personal emails, etc. What can follow doxing is a ‘dump.’ That’s when all that sensitive or embarrassing information is posted online, such as Pastebin.com.

Computer technology and hacking isn’t as complicated as many think. By understanding the basics, you can learn how to protect yourself online.

Source: http://www.huffingtonpost.com/michael-gregg/how-to-speak-hacker_b_1690465.html