Defend Against DDoS Archive

By David Meyer , 9 May, 2012 09:11

Hackers associated with Anonymous forced Virgin Media’s website offline for at least an hour on Tuesday, but the file-sharing service whose blockage sparked the protest has condemned the attack.

In an operation dubbed OpTPB, Anonymous hackers apparently subjected Virgin’s site to a distributed denial-of-service (DDoS) attack that began at 5pm. Twitter messages referring to OpTPB suggested that it was a response to Virgin Media’s blocking of The Pirate Bay (TPB), which began last week after a court ordered it.

Although Virgin admitted to an hour-long downtime, the site was still not working at the time of writing, around 16 hours after the attack began.

“DDoS and blocks are both forms of censorship,” The Pirate Bay told followers on its Facebook page, referring to “some random Anonymous groups [having] run a DDoS campaign against Virgin Media and some other sites”.

“We’d like to be clear about our view on this: We do NOT encourage these actions,” TPB said. “We believe in the open and free internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us. So don’t fight them using their ugly methods.”

The file-sharing service went on to suggest that those wanting to help it could set up a tracker, join or start a local Pirate Party, write to their political representatives or develop a new P2P protocol.

According to the BBC, Virgin said in a statement that it has to comply with court orders, but believes that “tackling the issue of copyright infringement needs compelling legal alternatives, giving consumers access to great content at the right price, to help change consumer behaviour”.

“Copyright defenders, including the British recorded music industry body BPI, have argued that illegal copies of films, books and music made available on file-sharing sites destroy creative industry jobs and discourage investment in new talent,” the ISP added.

The court order followed a ruling in February which established that TPB was infringing on copyright by providing a service that people use to unlawfully share copyrighted material.

TPB was not itself represented at the hearing that led to that ruling, but the judge, Mr Justice Arnold, argued that there was little point in trying to get the site’s proprietors into court when even the authorities in Sweden, TPB’s home country, had failed to do so.

Virgin Media was the first ISP to carry out the block ordered last week, but others covered by the same court order include Sky, Everything Everywhere, TalkTalk and O2. BT is not yet subject to the order as it has requested more time to assess the implications.

Source: http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/pirate-bay-condemns-virgin-media-hack-10026118/

Guest post written by Jonathan Lewis

5/08/2012 @ 10:02PM

As cyber security moves from a purely technical issue to a major business concern, CIOs are faced with the thorny problem of how to best protect their company without over-spending on security.  Security is about protecting confidentiality, integrity and network availability. Thus far, security spending has largely been focused on confidentiality and integrity with relatively little spending on protecting network availability. Research shows that it’s time for this approach to change.

Loss of data center availability due to Distributed Denial of Service (DDoS) attacks has emerged as one of the most prevalent and costly forms of cybercrime. Motivations include extortion, revenge and competitive advantage, as well as a recent explosion of politically motivated attacks, also known as “hacktivism.”

The means to carry out sophisticated and effective attacks are within easy reach of anyone with a PC and an Internet connection. Do-it-yourself DDoS attack tools are readily available and easy to use. Botnets for rent and DDoS attack services are available to anyone with as little as $50 and a grudge. A quick search on YouTube for “DDoS Service” shows how openly these attack services are being sold. As a result, enterprises and service providers are experiencing attacks on their data centers more often and with more severe business consequences than ever before.

The goal of the attacker is to prevent a data center from performing its core function – whether that be transacting e-commerce; delivering e-mail or voice services; providing DNS services; serving up Web content delivery; hosting games; and so on. Because the attacker is trying to create maximum disruption, attacks are most likely to occur at the worst possible time for the victim. For example, online retailers are especially vulnerable during the peak shopping period between Thanksgiving and Christmas and especially on Cyber Monday.

CIOs should take a proactive approach for incorporating the DDoS threat into security and business continuity planning. The steps are straightforward. First, gain an understanding of the cost of service outages. In other words, determine what the hourly cost will be to your business if the data center is down or disabled due to an attack. Second, understand the probability that your business will be attacked and experience service outages. Lastly, take a risk management approach and consider the business impact of extended outages (i.e. 24 hours or more), weighing the expected costs/risks against the cost of investing in DDoS protection to ensure service availability.

The hourly cost of downtime will be unique to your business but generally comprises the following elements:

  • Operations: What is the number of IT personnel that will be tied up addressing the attack and what is the hourly cost of that?
  • Help Desk: If systems are shut down, how many help desk calls will be received and what is the cost per call?
  • Recovery: How much manual work will be required to re-enter transactions?
  • Lost Worker Output: What is the level of employee output lost to downtime and the costs associated with that?
  • Lost Business: How much business will be lost for every hour the network is down?
  • Lost Customers: How many existing customers will defect to the competition? What is the lifetime value of these customers?
  • Penalties: How much will it cost in terms of service level agreement (SLA) credits or other penalties?
  • Lost Future Business: How much will your ability to attract new customers be affected? What is the full value of that lost business?
  • Brand and Reputation Damage: What is the cost to the company in terms of brand value?

Compare your results to industry averages. The Ponemon Institute surveyed 41 business managers from 16 different industry segments on the costs their operations had incurred due to unplanned data center outages. The hourly cost of downtime ranged from $8,500 to $210,000 per 1000 square feet of data center space in operation. Financial services and online commerce showed the highest costs per hour.

Next, consider the risk of attack. If your business has already been a victim of DDoS, the likelihood of subsequent attacks is high – you are already a target. Even if you have not been attacked before there is still substantial risk. Once again, industry averages provide helpful guidance for risk planning. The most recent figures indicate expected annual downtime due to DDoS for an average data center is about 12 hours.

Combining the expected annual downtime with the hourly cost of downtime provides a good guideline as to the annual cost (or “annual loss expectancy”) your business is likely to incur if you do not deploy effective DDoS protection. However, this does not provide the complete picture. There is the question of managing risk. DDoS attacks can bring down or seriously degrade services for days at a time. While the average expected annual outage time is about 12 hours, there is a smaller but real risk of extended downtime from DDoS. Outages of 24 hours and more are not uncommon. Thus DDoS should figure into business continuity planning much in the same way as fire and natural disaster do. In short, while the annual loss expectancy due to DDoS is an important economic consideration, it may be even more important to protect the business from catastrophic loss if it can be done at a cost that is both manageable and predictable.

DDoS attacks are trending upward in frequency, size, duration and effectiveness. The good news is that there are solutions available that can prevent these attacks from bringing down data center services. CIOs who understand the economic value of data center services to their business, and who are aware of costs associated with DDoS threat, are well positioned to make the right business decisions with regard to investments in network availability protection.

 

Source: http://www.forbes.com/sites/ciocentral/2012/05/08/figuring-ddos-attack-risks-into-it-security-budgets/

NEWS

The Serious Organised Crime Agency has taken its website offline due to a distributed denial-of-service attack.

By Tom Espiner, ZDNet UK, 3 May, 2012 15:02

The UK law enforcement agency asked its hosting provider to take the site down at approximately 22.00 on Wednesday, and the site was taken offline at around 22.30, a SOCA spokesman told ZDNet UK on Thursday. The site remained offline at the time of writing.

“The site was taken offline last night to limit the impact of a distributed denial-of-service attack (DDoS) against other clients hosted by our service provider,” the SOCA spokesman said. “The website only contains publically available information.”

The spokesman declined to say who the agency thought was behind the attack, but said it did not pose a security risk.

While website attacks are “inconvenient to visitors”, SOCA does not consider maintaining the necessary bandwidth to deal with DDoS a good use of taxpayers’ money, the SOCA spokesman said.

A Twitter news feed that claims links to the Anonymous hacking collective publicised the DDoS on Thursday, but did not claim responsibility.

“TANGO DOWN: DDoS attack takes down site of UK Serious Organised Crime Agency (SOCA),” said the @YourAnonNews feed.

The SOCA website was taken offline in June 2011, in an action that was claimed by LulzSec, a hacking group affiliated to Anonymous.

“What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on SOCA in June 2011,” said Ovum analyst Andrew Kellett. “Hacktivist attacks targeting particular operations have been known to be both persistent and long-standing, requiring extensive DDoS defences.”

SOCA announced last week that it worked with the FBI to take down 36 websites used to sell stolen bank card data.

On Thursday Cabinet Office minister Francis Maude said that SOCA had “recovered nearly two million items of stolen payment card details since April 2011 worth approximately £300m to criminals” in a speech made in Estonia.

 

Source: http://www.zdnet.co.uk/news/security-threats/2012/05/03/soca-website-taken-down-in-ddos-attack-40155157/

TrustSphere says its TrustVault product helps crucial emails get through–even in the midst of a denial of service attack–by correctly identifying trusted senders.

As annoying as spam is, an overactive spam filter is almost worse when it prevents important messages from getting through.

A company called TrustSphere says the TrustVault product it introduced this week can act as a counterweight to the spam filter, using a type of “social graph” to identify trusted senders and allow their messages to get through–even in the midst of a crisis such as a distributed denial of service attack on an executive’s email account.

“Inside the the organization, we’re effectively mapping who’s speaking to whom and turning that into an enterprise social graph,” Manish Goel, CEO of TrustSphere, said in an interview. “We’re tracking who’s speaking with whom and how often–what’s the cadence of communication.” In that way, TrustVault can identify the trustworthy senders and allow their messages to go through, even if they would otherwise be blocked by a spam filter.

So far, this social graph is based entirely on the exchange of email, although TrustSphere is working on ways of integrating social media and voice over Internet protocol communications for a more complete picture, Goel said. But TrustSphere is applying elements of social networking theory such as Dunbar’s number, anthropologist Robin Dunbar’s concept that humans can only track a limited number of relationships, often theorized as about 150, and rely on “circles of trust” for more extended relationships. In this way, TrustSphere models trustworthy connections at the organizational level, as well as at the individual level. TrustVault is also linked to a related service, TrustCloud, which tracks the reputation of email accounts across the Internet.

TrustSphere doesn’t filter the content of the messages at all, looking only at the pattern of communication and touching only the email header fields, Goel said. The service does detect email authentication methods, such as the use of Sender Policy Framework tagging, but it’s counted as an indicator of trustworthiness rather than a final verdict, he said.

Messages cleared by TrustVault can still go through anti-virus and spyware scans, and even previously trusted senders can be screened out if they start exhibiting suspicious behavior, Goel said. But sometimes letting the right messages through can be as important as keeping the wrong ones out. For example, corporations targeted by activists or hactivists sometimes have the email accounts of top executives rendered useless when they are flooded by messages sent by angry consumers or generated by bots. With TrustVault, the messages from known senders could be delivered to the executive being targeted, while all the rest would be routed for review by an administrative assistant.

One of the company’s oldest customers, the doctors.net.uk social network for physicians in the U.K., has been using a version of the same technology to allow email that uses words like “Viagra” or “penis” to get past spam filters when those words are used in a legitimate medical context, rather than for spam or pornographic promotions, Goel said.

“This also allows you to turn up the threshold on the aggressiveness of your spam filters without missing messages,” Goel said. “I liken this to why cars have brakes–to allow you to go faster. Spam filtering is very much focused on identifying the bad guys. We’re using the good and the bad to improve the overall security infrastructure.”

Founded in Singapore, TrustSphere is just now bringing its product to the U.S. market.

Source: http://www.informationweek.com/thebrainyard/news/email/232901586

London police charged five individuals under the Computer Misuse Act for their role in launching distributed denial-of-service attacks against commercial websites. Authorities believe the suspects are connected to the Anonymous hacking group, a loosely affiliated band of web savvy, politically motivated individuals. The hacktivist gang is being investigated for its role in taking down a number of high-profile websites.

The credentials of 30 million online daters were placed at risk following the exploit of an SQL injection vulnerability on PlentyOfFish.com. Creator of the Canada-based site, Markus Frind, said it was illegally accessed when email addresses, usernames and passwords were downloaded. He blamed the attack on Argentinean security researcher Chris Russo, who Frind claimed was working with Russian partners to extort money. But Russo said he merely learned of the vulnerability while trawling an underground forum, then tested, confirmed and responsibly reported it to Frind. He never extracted any personal data, nor had any “unethical” intentions.
Facebook announced a new security feature designed to deter attackers from snooping on users who browse the social networking site via public wireless networks. Users can now browse Facebook over “HTTPS,” an encrypted protocol that prevents the unauthorized hijacking of private sessions and data. The site was spurred on to add the security feature after a researcher unveiled a Firefox plug-in, known as Firesheep, that permits anyone to scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts. HTTPS will eventually be offered as a default setting to all users.

For a third time, a California lawmaker introduced a bill that would update the state’s data breach notification law, SB-1386, to include additional requirements for organizations that lose sensitive data. The proposal by Sen. Joe Simitian (D-Palo Alto), would require that breach notification letters contain specifics of the incident, including the type of personal information exposed, a description of what happened and advice on steps to take to protect oneself from identity theft. Twice before, the bill has gone to former Gov. Arnold Schwarzenegger’s desk to be signed but was vetoed.

Facebook, MySpace and YouTube are the most commonly blacklisted sites at organizations, according to a report from OpenDNS, a DNS infrastructure and security provider. The yearly report, based on data from some 30 billion daily DNS queries, found that 23 percent of business users block Facebook, 13 percent restrict reaching MySpace, and 12 percent ban access to YouTube. Meanwhile, the OpenDNS-run PhishTank database found that PayPal is the most phished brand, based on verified fraudulent sites.

Google, maker of the Chrome web browser, made a feature available that allows users to opt out of online behavioral advertising tracking cookies. The tool, called “Keep My Opt-Outs,” is available as an extension for download. The announcement comes on the heels of a Federal Trade Commission report urging companies to develop a ‘do not track’ mechanism so consumers can choose whether to allow the collection of data regarding online browsing activities. Browser-makers Mozilla and Microsoft also announced intentions to release similar features for their browsers.

Verizon announced plans to acquire Terremark, a managed IT infrastructure and cloud services provider known for its advanced security offerings, for $1.4 billion. Verizon plans to operate Terremark as a standalone business unit. “Cloud computing continues to fundamentally alter the way enterprises procure, deploy and manage IT resources, and this combination helps create a tipping point for ‘everything-as-a-service,’” said Lowell McAdam, Verizon’s president and chief operating officer.

Source: http://www.scmagazineus.com/news-briefs/article/197112/