Anti-Israel hackers stepped up their attempts to pull down Israeli sites over the weekend, with numerous attempted denial of service (DDoS) attacks against Israeli government sites. Hacker sites listed numerous websites they claimed to have disabled, and several sites reported slowdowns on Saturday night, but nearly all the sites the hackers claimed to have taken down were operating normally.

Among the sites that experienced actual downtime due to attacks were those of Israel’s Education Ministry and Central Bureau of Statistics, which was still offline as of Sunday morning.

Meanwhile, Israeli hackers began to retaliate against the anti-Israel hack attacks, called #OpIsrael, with an operation of their own against sites in countries associated with the anti-Israel groups. A group called the Israeli Elite Strike Force over the weekend disabled dozens of sites in Pakistan, Iran, Syria, and several north African countries – and even acquired a domain name associated with the OpIsrael attack — opisrael.com. Instead of listing the sites anti-Israel hackers have defaced, that site features educational facts about Israel and the Jewish people, and a warning to anti-Israel groups that Israeli hackers were ready to fight fire with fire.

Israeli Elite Strike Force seems to have been organized quickly in the past few days, in response to the threat by anti-Israel hackers to “erase Israel from the Internet” on April 7. The hackers released a list of some 1,300 Israeli sites that they planned to strike, claiming to have begun their attacks already on Saturday. But a check of most of the sites that the hackers claimed to have disabled – sites belonging to the Bank of Israel, the Tax Authority, the Central Bureau of Statistics, and other government agencies – showed they were operating normally. Several sites were hacked by groups associated with OpIsrael, but most of those were privately owned sites.

The hackers claimed to be identified with Anonymous, but Dr. Tal Pavel of MiddleEasterNet said that the group behind OpIsrael was most likely an ad-hoc assembly of Arab hacktivists calling themselves “Dangerous Hackers.” The group was not necessarily associated with international hacking group Anonymous, Pavel said, and on Saturday, individuals claiming to be members of Anonymous posted on the forum site 4Chan that they were not associated with OpIsrael. However, another alleged Anonymous site, possibly located in Sweden, on Saturday night claimed that Anonymous hackers were involved in the anti-Israel cyber attack.

A Twitter feed, ostensibly by Anonymous hackers, claimed it had stolen passwords and information from Israeli sites, including the Facebook account login data for Israeli government officials. However, Pavel said, such claims could not be trusted, because hacker groups often recycled old information from previously leaked databases, claiming it was fresh, in order to score a public relations victory. In several instances in recent days, said Pavel, he discovered that names and passwords hackers claimed to have stolen from Israeli servers last week were several years old.

Meanwhile, Israeli Elite Strike Force worked on Saturday night to pull down more sites. The group started attacking sites in Pakistan Friday but took off for Shabbat.

“We wish all our JEWISH brothers a Shabbat Shalom,” the group said in its Twitter feed. “This was just a little taste before the day of rest. Hell’s Fire To Come.”

For protection against your eCommerce site click here.

Source: http://www.timesofisrael.com/as-cyber-war-begins-israeli-hackers-hit-back/

As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.

Two different Bitcoin services, an exchange and an online storage service, reported yesterday they are experiencing service disruptions because of a distributed denial-of-service attack and a database hack, respectively. Naturally, both the trading exchange Mt. Gox and the storage service Instawallet, are encouraging customers not to panic sell.

Mt Gox, a Tokyo-based exchange, issued a statement yesterday that it was blaming a trading lag that resulted in 502 errors and users not being able to reach their accounts on a DDoS attack.

Mt. Gox said it was unaware who was behind the attack and speculated that the attackers could have two motives: a) destabilize Bitcoin as a virtual currency; or b) cash in for a large profit once the currency’s value drops by buying low.

Mt. Gox said it will continue to be able to trade, and that it has hired security company Prolexic, which specializes in DDoS mitigation.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said in a release. “By separating the data center from the Mt.Gox website, we will continue to be able to trade.”

Mt. Gox said it is the largest Bitcoin exchange and handles more than 80 percent of all U.S. dollar trades and 70 percent of all currencies. Prior to this year, the company said an average of 9,000 new accounts were created monthly; that number jumped during the first three months of the year when 57,000 new accounts were created. The company said it can fix, but won’t be able to eradicate, a lag in trading because, as is the case with all currency exchanges, it will always be in the attackers’ crosshairs.

“[We] understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally,” the release said. “These are not new phenomena and have been present since the beginning of time when humans first started trading.”

The company also said it is working on a new trade engine that will scale its infrastructure to accommodate spikes in trade volume. “Lag will always be there, but our mission is to make lag as small as possible,” the statement said.

Meanwhile, Instawallet, an online Bitcoin storage service put a notice on its website that its services would be suspended indefinitely because of a database hack.

“Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is,” the notice said. “In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.”

The notice gave no indication how many Bitcoins were stolen in the attack. It said that any account with a balance of fewer than 50 Bitcoins would be refunded, and any with more than 50 would be processed on a case by case basis.

These aren’t the first attacks against Bitcoin exchanges. Bitcoinica was compromised last May and more than $87,000 in Bitcoins were stolen; the exchange said user currency was not stolen, only the company’s. In September, BitFloor reported it had been robbed by hackers of $250,000, most of the currency the company had on hand, it said at the time. Hackers were able to access a backup copy of wallet encryption keys in an unencrypted area of the server, the company said.

For DDoS protection click here.

Source: http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-two-bitcoin-services-040413

If you’ve had issues lately with your Internet being slow, it’s because the Internet is undergoing the biggest DDoS attack in its history. If you can’t reach Netflix, or are having difficulties accessing other sites, then it might be due to this huge online fight between CyberBunker, a Dutch hosting company, and Spamhaus, an anti-spam group. This Web war began when Spamhaus blacklisted the Dutch company as spammers. If the cyberattacks escalate, security experts told the New York Times that “people may not be able to reach basic Internet services, like e-mail and online banking.”

Steve Linford, chief executive for Spamhaus, told BBC that the scale of this cyberattack has been “unprecedented. These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we’re talking about 50 gb/s.”

The attacks have been ongoing since March 15 and are “being investigated by five different national cyber-police-forces around the world.” Companies like Google “made their resources available to help ‘absorb all of this traffic’.” Linford added, “They are targeting every part of the internet infrastructure that they feel can be brought down. We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” The anti-spam group alleged that “Cyberbunker, in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, is behind the attack.”

Last week, when CloudFlare first talked publicly about the DDoS attacks on Spamhaus, CloudFlare CEO Matthew Prince explained, “These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.” CloudFlare relied on Anycast, which “means the same IP address is announced from every one of our 23 worldwide data centers. When there’s an attack, Anycast serves to effectively dilute it by spreading it across our facilities.” When Spamhaus was back online, the spam-fighting group said “they were DDoS’d by Russian spam gangs.”

“Millions” of people surfing the Web might be affected by these cyberattacks that are exploiting the Domain Name System (DNS), the “Internet’s core infrastructure.” It “functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.” Linford told the BBC, “The attack’s power would be strong enough to take down government internet infrastructure.” International Business Times added that the congestion “threatens critical infrastructure” systems.

“These things are essentially like nuclear bombs,” Prince told the New York Times. “It’s so easy to cause so much damage.” Patrick Gilmore, chief architect at Akamai Networks, added, “It is the largest publicly announced DDoS attack in the history of the Internet.”

Regarding CyberBunker, Gilmore said, “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

CyberBunker says it will host anything except child porn and terrorism-related content; it became the host for The Pirate Bay in 2009. It is housed in a five-story former NATO bunker. Built in 1955, NATO used the building as a “radio base band relay station and for local espionage and counter-espionage.” The building “comprises tunnels and operations rooms on four levels, one above ground designed as a decontamination area and three underground, with five-meter-thick reinforced concrete outer walls.” The facility “was constructed to operate in an energy saving capacity, totally cut off from the outside world, for over 10 years. Up to 72 people could survive in the bunker.” CyberBunker said that a Dutch SWAT team previously attempted to breach the building, but “it must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range.”

CyberBunker disputes Spamhaus’ claims that it is “designated as a ‘rogue’ host and has long been a haven for cybercrime and spam.” The Dutch host told Bloomberg, “The only thing we would like to say is that we do not, and never have, sent any spam.” Current operator of the CyberBunker, Sven Olaf Kamphuis, said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” He claimed that Cyberbunker is “retaliating against Spamhaus for ‘abusing their influence’. Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet. They worked themselves into that position by pretending to fight spam.”

For DDoS protection click here.

Source: http://blogs.computerworld.com/cybercrime-and-hacking/21967/biggest-ddos-attack-history-slows-internet-breaks-record-300-gbps

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack.

“The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets. Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks. These attacks can disrupt service by deluging websites with high traffic.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.” In December, Wells customers had trouble accessing the website for four days.

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

For DDoS protection click here.

Source: http://www.huffingtonpost.com/2013/03/26/wells-fargo-cyber-attack_n_2958093.html

JP Morgan Chase is recovering from a DDoS attack that knocked it’s website, and online banking offline on Tuesday, making them the latest victim in a wave of DDoS attacks against financial institutions.

Initially, the DDoS prevented access completely for some customers, and then the attack created intermittent outages and connections that were sluggish and slow. Customers were greeted with a notice on Chase.com that simply stated that the site was “temporarily down.” Mobile banking was unaffected by the attack, Chase said.

The bank confirmed the DDoS attack to the media, but would not, or could not disclose technical details such as peak traffic or length of attack. As of Tuesday evening, Chase.com was working as normal.

Earlier this month, a group calling itself Izz ad-Din al-Qassam Cyber Fighters, promised new DDoS attacks against the finance sector, having previously targeted several American banks successfully. At the time their warning was delivered, Bank of America, PNC Bank, Wells Fargo, and Citibank were all having connection issues or were offline entirely.

Earlier this year, a study by the Ponemon Institute said that 64% of IT staffers working within the financial sector said that their banks had suffered at least one DDoS attack within the previous 12 months, and 78% of those respondents said that DDoS attacks will either continue or increase in 2013.

“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” said Marty Meyer, president of Corero Network Security, the company that commissioned the Ponemon study.

“Many Organizations assume traditional firewalls can provide protection against DDoS and zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.”

For DDoS protection click here.

Source: http://www.securityweek.com/jp-morgan-chase-blasted-offline-during-ddos-attack