Early Sunday morning, part of the Chinese Internet went down in what the government is calling the largest denial-of-service attack it has ever faced. According to the China Internet Network Information Center, the attack began at 2 a.m. Sunday morning and was followed by an even more intense attack at 4 a.m. The attack was aimed at the registry that allows users to access sites with the extension “.cn,”. As originally reported by the Wall Street Journal, the attack is perhaps more an indicator of just how susceptible the global Internet infrastructure is to these types of attacks.

China has one of the most sophisticated filtering systems in the world, period. Furthermore, China’s government is rated by analysts as having one of the highest abilities to carry out cyber attacks. Despite both of these points, China is not capable of defending itself from an attack.

DOS (Denial of Service) or DDoS (Distributed Denial of Service) attacks are the single largest threat to our Internet and the Internet of Things. The more our world becomes connected and dependent on the Internet, the more opportunities there are to thwart everyday lifestyle necessities in our IoT. Here are some of the more recent examples:

Latest DOS attacks around the world

 

  • Anonymous Demands Recognition of DDoS as a Legal Form of Protest

We all know that how annoying DDoS is, and just how inconvenient it becomes to access a much-needed site. While we may curse the people behind DDoS attacks, the renowned hacktivist Anonymous group is looking to get such attacks the status of legal protest.

According to Anonymous, DDoS is done to send a message to the affected party, which is why they’ve petitioned the Obama administration to recognize DDoS as a legal form of protest. In the petition, the Anonymous group also demanded that anyone who has been jailed for participating in a DDoS attack should be immediately released, and anything related to the attack should be wiped from their criminal records.

  • FBI Enlists US Bank’s Help To Head Off Iranian Cyber Attacks

In order to combat a wave of cyberattacks that have rattled the US banking industry since last year, the FBI has given certain banking executives extensive briefings of their classified investigations. The collaboration is part of a new policy being initiated by the FBI to try and foster closer cooperation between authorities and the private sector.

  • Did Hackers Take Down NASDAQ?

News emerged that a significant disruption caused the NASDAQ trading market to shut down for more than three hours starting at 9:20am PST on August 22nd. The problem manifested itself in the quote processing system, prompting the first awareness of the issue.

This seems eerily reminiscent of another NASDAQ incident in May 2013 during which Facebook’s IPO was bungled due to a “software glitch”. That incident prompted a $10 million fine for NASDAQ, but more importantly a rising lack of confidence has emerged in investor sentiment surrounding the technical elements of today’s trading systems. People have questioned whether the structure itself is flawed, and whether there is an overabundance of dependence on technology baked into both trading strategies and automated trading systems.

  • CyberBunker Launches “World’s Largest” DDoS Attack, Slows Down The Entire Internet

A massive cyberattack launched by the Dutch web hosting company CyberBunker has caused global disruption of the web, slowing down internet speeds for millions of users across the world, according to a BBC report. CyberBunker launched an all-out assault, described by the BBC as the world’s biggest ever cyberattack, on the self-appointed spam-fighting company Spamhaus, which maintains a blacklist used by email providers to filter out spam.

  • Bitcoin Under Attack? Dwolla & Mt. Gox Both Hit With DDoS Attacks Overnight

Another day, another DDoS attack. This time round, it’s the turn of alternative online payments provider Dwolla, which saw its website taken offline for a brief period of time. The site has since come back online, but the company said in a statement that the some users may still experience issues as the attack remains ongoing.

Source: http://siliconangle.com/blog/2013/08/26/5-notorious-ddos-attacks-in-2013-big-problem-for-the-internet-of-things/?angle=silicon

A security researcher picks apart the shady world of Booter services that offer distributed denial of service attacks as a service.

A security researcher speaking at the Black Hat conference last week has exposed the malicious underworld of Booter services that offers paying customers distributed denial of service (DDoS) attack capabilities on demand.
Lance James, chief scientist at Vigilant, explained to eWEEK that he got pulled into an investigation into the world of Booter services by his friend, security blogger Brian Krebs. Krebs had been the victim of a Booter service attack and was looking for some answers.
“Basically a Booter is a Web-based service that does DDoS for hire at very low prices and is very hard to take down,” James said. “They are marketed toward script kiddies, and many DDoS attacks that have been in the news have been done via these services.”
James was able to identify the suspected Booter site via Website log files and began to trace the activity of the individual who specifically attacked Krebs. Further investigation revealed that the same individual was also attacking other sites, including whitehouse.gov and the Ars Technica Website.
After James was able to identify the Booter service and directly connect it to the attacks against Krebs, the two were able to help shut down the Booter service itself.
James said the data was handed off to law enforcement, and the specific Booter service that initially attacked Krebs was shut down within a short period of time. The timing challenge in taking down the Booter service has to do with the fact that the Internet service provider (ISP) that the service looks like it is being hosted from is not where the Booter service actually is located.
“There is a service in the middle that protects the Booter sites with turnkey Web security routing,” James explained. “In that case, they operate similar to the legal confines of Facebook and Twitter, and they require subpoenas and warrants to shut it all down.”
How Booter Services Work
The challenge in locating the root source of the Booter service is also to due to the operational complexity of how the Booter works.
Booter services typically have a Web front end, where the end user who wants to target a given site is provided with an interface. James explained that the Web front end is just the control panel, while the underlying back end with the hosts that execute the DDoS attack is located elsewhere.
“So to the underlying ISP that is involved, it doesn’t look like anything that is malicious,” James said. “There is no DDoS traffic coming directly from the ISP.”
The DDoS traffic comes from a separate infrastructure that includes data servers all over the world that the Booter services connect to via proxies.
“So when you actually request a Booter service takedown, it’s very difficult because the ISP on which the site is hosted has plausible deniability,” James said. “They can say, ‘We haven’t seen them do anything illegal from our site,’ so you really need to prove that.”
Follow the Money
One of the ways that James was able to help track down the individual behind the Booter service was via the PayPal email address the person was using to get paid for his services. James’ investigation ended up looking at over 40 Booter services, and all of them used PayPal as their payment mechanism.
“A lot of the times to disrupt something, the economic structure has to be disrupted,” James said. “If you look at the motivation—and the motivation is money—you need to disrupt what they are seeking.”
Source: http://www.eweek.com/security/how-do-booters-work-inside-a-ddos-for-hire-attack/

Pavel Vrublevsky, the co-founder and owner of ChronoPay, one of Russia’s largest e-payment providers, was found guilty of masterminding a DDoS attack on Aeroflot’s website in 2010, RAPSI reports from the courtroom on Wednesday.

Vrublevsky, Maxim Permyakov and Igor and Dmitry Artimovich were charged with organizing a DDoS attack on Aeroflot’s website, which is run by the Assist processing company. Aeroflot’s online ticket sales system was down for several days.

The investigators believe that Vrublevsky tried to terminate a service contract to sell e-tickets between Aeroflot and Assist in July 2010, thus eliminating a rival firm.

According to the Prosecutor General’s Office, Vrublevsky instructed Permyakov, the Chief Security Expert at ChronoPay, to hire the Artimovich brothers to hack into Aeroflot’s website. The brothers, who used a network of virus-infected computers, were paid over $20,000.

They attacked the website from July 15 to 24, blocking the e-ticket payment system.

The firms incurred substantial financial losses. Assist lost 15 million rubles ($488,090) and Aeroflot lost more than 146 million rubles ($4.75 million).

Acting upon an appeal filed by the defense lawyers earlier, the court dropped the charges under Article 273 of the Criminal Code, which stipulates a punishment for creating a harmful program, due to the expiration of the statute of limitations.

The case is being heard under Article 272 on illegal access to computer information protected by law, which resulted in its destruction, blocking, modification or copying.
Aeroflot is a member of the SkyTeam global alliance and is based at the Sheremetyevo Airport in Moscow. In 2011, Aeroflot transported over 14 million passengers. The Federal Agency for State Property Management is Aeroflot’s main shareholder with a 51.17% stake. Around 15% of the airline is held by companies belonging to businessman Alexander Lebedev.

Source: http://www.rapsinews.com/judicial_news/20130731/268388485.html

A quarter of UK companies have experienced a distributed denial-of-service (DDoS) attack, with telecoms and e-commerce the most targeted sectors.

According to research by Neustar, 22 per cent of the 381 UK businesses it surveyed had experienced a DDoS attack, of which, 53 per cent of telecoms, 50 per cent of internet/e-commerce and 43 per cent of retail were affected.

Talking to SC Magazine, Susan Warner, market manager for DNS services and DDoS solutions at Neustar, said that there is not a network that has not experienced a DDoS attack and asked what the cost could be if a site is down for a period of time.

She said: “Also consider the impact on IT, how many people are being consumed by a DDoS attack and what are they losing operationally? What we are seeing is a cost impact, but cost and risk management will feel the impact.”

The survey discovered that the IT team would be the hardest hit according to 69 per cent of respondents, while 57 per cent said customer service would feel the effect. In terms of how many people were required to mitigate an attack – 40 per cent said two to five people, 35 per cent said only one person, while 12 per cent said more than ten would be required.

The attack sizes being launched on UK businesses are not big; 40 per cent said that they are less than 100Mbps, while 30 per cent said that they are less than 1Gbps. However, 22 per cent can persist for over a week, although 63 per cent can last less than a day.

Warner said: “When you are being [attacked by a] DDoS constantly, there is an impact on the IT team. DDoS is not just taking down the website and interface, but also [affects] critical communications.”

Asked what companies use to defend against a DDoS attack, 72 per cent said a firewall, 40 per cent a router and 32 per cent switches. A third (34 per cent) has deployed specialist technology – 20 per cent a cloud-based DDoS service, nine per cent IP-based prevention and five per cent DDoS hardware.

Source: For protection against your eCommerce site click here.

Distributed denial of service attacks are one of the biggest threats to the internet, with one recent report indicating that there are more than 7000 attacks every day – a figure considered by many experts to be conservative.

One of the primary functions of DDoS is to extort the victim. In her paper on DDoS, Molly Sauter draws a distinction between hacktivist DDoS (for civil disobedience) and criminal DDoS (for financial gain). Now Corero Network Security is warning of growth in the latter, and predicting an increase in DDoS aimed at online gaming and particularly gambling sites over a summer of sport.

The standard methodology, Corero’s CEO Ashley Stephenson told Infosecurity, is to preface the threat with some minor incursion on the network. Then follows the warning message: check your logs; we did that – and unless you pay us a very large amount of money we’ll bring your network down.

The threat is real and the consequences severe. In reality, most large companies refuse to pay, said Stephenson. Slush funds are increasingly difficult to maintain and disguise, not least in the UK following the Bribery Act. Any payment would usually need to be paid via some third-party ‘services’ company; and the criminals would want payment in something like bitcoins or Paypal (and one of the largest clearing houses for illegal money, Liberty Reserve, was shut down by the FBI in May.) A secret payment is not easy to organize.

But refusing to pay has its own problems: the fulfillment of the threat. “These attacks go beyond simple annoyance,” said Stephenson, “with an average cost of over £150,000 per DDoS attack.” The evolution of ‘reflection’ attacks, where an attacker can increase the attack bandwidth eightfold by using open resolvers, means that small groups can now deliver major DDoS attacks – up to and beyond 100 Gbps.

The result is a growing, but hidden, crime. Neither side likes to talk publicly. “More often than not these blackmail threats go unreported,” said Stephenson. “We tend to hear about them,” he added, “when a threat is received and a decision taken to ignore it.” Companies then turn to specialist DDoS mitigators such as Corero to ensure their defenses.

The alternative, paying up, is no solution. “Some companies opt to pay the ransom rather than go public with the attack in the hope that this will satisfy the hackers, though this is rarely the case and may lead to the site continually being targeted.” It’s a difficult decision for a company that entirely relies on its uptime for its business. Prevention, through DDoS preparation, is far better than cure – and is the only real solution to a summer of hidden DDoS crime.

Source: http://www.infosecurity-magazine.com/view/33208/extortion-the-hidden-crime-fueled-by-ddos/