The New York Times Company was a victim of online attacks earlier this week that slowed down The New York Times Web site and limited access to articles and other types of content.

According to Danielle Rhoades Ha, a company spokeswoman, the Web site became unavailable to “a small number of users” after a denial-of-service attack, a tactic used by hackers to slow or halt Web traffic by bombarding a host site with requests for information. She added that the company did not “have confirmation on who is responsible for the most recent attacks on”

The announcement follows attacks that were made on The Times’s site late last year. In January, the newspaper announced that its computer systems had been infiltrated by Chinese hackers who found passwords for reporters and other employees. The attacks took place as The Times investigated the relatives of Wen Jiabao, China’s prime minister, and how they had built up a multibillion-dollar fortune during his political tenure. David Barboza, the author of the article, won a Pulitzer Prize.

Attacks on media organizations are not unique to The Times. Shortly after the January announcement by The Times, officials at The Wall Street Journal and The Washington Post also reported that their Web sites had been attacked by Chinese hackers. On Friday, the Syrian Electronic Army said it had hacked the Web site and several Twitter accounts that belonged to The Financial Times. In the past, it has attacked other media companies, including The Associated Press and The Onion.


A former cloud-networking executive’s advice is for the telecom industry to get going with software-defined networking (SDN) and to do something bigabout distributed denial-of-service (DDoS) attacks.

They aren’t directly related issues, but they were both on the mind of Dennis Brouwer, the afternoon keynoter at POTE on Tuesday. Brouwer recently started his own consulting firm, The Brouwer Group, but he previously launched the Converged Cloud strategy at Savvis and stuck around as a senior vice president after Savvis was acquired by CenturyLink Inc.

On the subject of SDN, Brouwer is a true believer in open-source and thinks carriers will have to embrace it to make sure “that the capabilities that service providers want to fold into their infrastructures become viable.”

The OpenDaylight Foundation is making a run at that, building an open-source SDN framework. Brouwer didn’t directly refer to the number of large vendors involved in OpenDaylight, but he did note that a dynamic SDN ecosystem “can’t be just the usual big providers.”

Some carrier has to come out and champion SDN as well, in a way much bigger than what’s been done so far, he said. Someone has to take the lead by showing what’s possible. It would have to be a carrier with a wide reach, one that owns not just a network but data centers, and maybe mobile networks and some content as well.

Candidates would include the big U.S. carriers now that they’ve acquired cloud operations — Brouwer mentioned Verizon Communications Inc. with its Terramark acquisition, as well as his old CenturyLink home and AT&T Inc., which he noted has done work internally. A sleeper possibility would be Comcast Corp..

Regarding DDoS, Brouwer talked about the attacks becoming more vicious — arriving at speeds that can exceed 60Gbit/s — and harder to trace, since the attack can now come from “everywhere.” Once considered a nuisance, DDoS attacks have become serious, looming threats.

“As you talk with the companies that are being targeted by these attacks, they’re saying, to use the old Jaws analogy, ‘We’re looking for a bigger boat,'” he said.

Companies have dealt with DDoS on their own, but the potential for a national emergency means some kind of federally coordinated response is necessary, Brouwer said. He didn’t say federally mandated. His point was that the companies facing this threat — banks in particular — need to pool and organize their efforts, and find a way to join forces if necessary. Any number of government agencies would be appropriate for that job, Brouwer said.
For protection against your eCommerce site click here.


Will the Anonymous-lead Operation USA (#OpUSA) scheduled for Tuesday disrupt leading U.S. government and banking websites?

An “#OpUSA target list” posted to Pastebin two weeks ago named nine government websites — the White House and Department of Defense’s public-facing websites among them — and 133 banks and credit unions as primary targets. “We will now wipe you off the cyber map,” read the Pastebin post, signed by N4M3LE55 CR3W. “Do not take this as a warning. You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs.”

In a show of solidarity, the distributed-denial-of-service bank-attack outfit known as al-Qassam Cyber Fighters, which as part of Operation Ababil has been successfully disrupting financial websites for months, Monday promised to take the week off. “Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack,” read a statement posted to the group’s Pastebin.

By Tuesday afternoon, however, despite a plethora of hacked-site reports, the OpUSA attacks appeared to be targeting low-level — and possibly random — sites in the United States and abroad, arguably causing little damage.

The Tunisian Hackers Team, for example, claimed to have dumped a SQL database for the Blood Bank of America that appeared to contain about 3,000 usernames and hashed passwords. Among other attacks, AnonGhost members BilalSbXtra & Dr.SaMiM_008 posted what they said were 10,000 credit card numbers, including expiration dates and security codes, as well as account holders’ names and addresses — that were apparently stolen from an online store. Some of the published information also included social security numbers, bank account routing numbers and answers to secret questions. The group also claimed to have hacked 29 Israeli websites.

Meanwhile, Mauritania Attacker Tuesday claimed to be preparing to release “all governments emails of USA.” It published a teaser showing some doxed addresses — which included both and addresses, as well as numerous accounts with service providers — but with obscured passwords.

Hacking groups or collectives claiming to participate in OpUSA include Anonymous and affiliates AntiSec and LulzSec Reborn. Other groups that have pledged their assistance include Ajax Team, Mauritania Attacker, Muslim Liberation Army, Redhat, Team Poison Reborn and ZHC.

Not all OpUSA-related attacks began Tuesday. Hacking group X-Blackerz Inc claimed Monday to have released 23 emails and passwords for Honolulu Police Department staff. Meanwhile, AnonGhost Team got an early start Saturday, claiming via Pastebin that it had defaced about 900 pages, which included multiple Web pages in the domain of Hack-DB, which tracks hacktivism and cybercrime. A message posted to defaced sites read “we are everywhere” and left a scrolling list of the group’s official members.

Many of the groups that pledged to take part in the one-day hackathon had previously joined forces for the ongoing Operation Israel (#OpIsrael) campaign, which last month promised to “erase” Israel from the Internet. “We promised to take Israel off the cyber map. We succeeded,” read a recent OpUSA target list post. OpIsrael attackers last month claimed to have disrupted 100,000 Israeli websites and caused $3 billion in damage. But Israeli officials disputed hacktivists’ claims, saying while there had been a lot of bluster there was little “real damage,” and that the country’s critical infrastructure remained unaffected.

Likewise, in the lead-up to OpUSA, the U.S. Department of Homeland Security appeared to expect similar low-level attacks aimed to publicize attackers’ anti-U.S. grievances but that would cause little lasting damage. In a confidential DHS memo issued last week and obtained by security reporter Brian Krebs, DHS said the attacks “likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation.”

Not all hacktivist activity this week has been conducted under the OpUSA banner. The Syrian Electronic Army resurfaced Monday when it seized control of the Twitter feed for the satirical news outlet The Onion. The group posted fake news headlines relating to Israel’s recent missile strikes against military targets in Syria. Another tweet suggested that the Israeli government was allied with Al Qaeda.

In the wake of the Twitter account takeover, The Onion responded in typical fashion: “Following today’s incident in which the Syrian Electronic Army hacked into The Onion’s Twitter account, sources … confirmed that its Twitter password has been changed to OnionMan77 in order to prevent any future cyber-attacks.” The story quoted “Onion IT specialist Nick Abersold” as saying that the new password would be “virtually impenetrable.”

Satire aside, in the wake of the numerous news organizations’ Twitter account takeovers by the Syrian Electronic Army, Twitter last week issued a memo last week warning media outlets to take appropriate security precautions, as it expected the account takeovers to continue.

For protection against your eCommerce site click here.


The Department of Homeland Security characterizes as a nuisance the threatened May 7 Operation USA attack against U.S. federal government and banking websites, contending some of the participants possess only rudimentary hacking skills.

Still, if the attack is perceived as a success in the hacking community, more nefarious actors could try more vicious disruptions against U.S. sites, DHS says in an alert.

The hacktivist group Anonymous, in a posting on the website Pastebin, says OpUSA will target nine U.S. federal government websites, including the White House and Defense Department, as well as 133 financial institutions on May 7

A government official says DHS is fully aware of this threat and is working with federal and private-sector partners to put in place mitigation strategies. Homeland Security, in the alert, says it expects the hacktivists to attempt distributed-denial-of-service attacks that could temporarily halt or slow down website traffic. The alert also notes the hacktivists could attempt homepage defacement and data leaks.

According to the DHS alert, first reported by IT security blogger Brian Krebs and confirmed by a DHS official, the attacks likely would result in limited disruptions and mostly consist of nuisance-level attacks against public accessible webpages and possibly data exploitation.

A Nuisance with a Caveat

Former CIA Chief Information Security Officer Robert Bigman says that DDoS attacks are largely a nuisance, but adds a caveat: “If the DDoS attacks continue and veterans can’t file claims and travelers can’t get passports, then the public will motivate Congress to address the problem. Short of that, things will not change.”

Another IT security expert, though, contends attacks such as those threatened by Anonymous could prove more damaging. “Some DDoS attacks are only a nuisance, but, as we’ve seen in the DDoS attacks on banks, these kinds of attacks are often just a smokescreen to distract from real damage elsewhere,” says Dwayne Melancon, chief technology officer at IT security provider Tripwire. “Writing off DDoS attacks as merely a nuisance is irresponsible, without data to substantiate that disposition.”

DDoS attacks, indeed, have taken a toll on American banks. Since last September, the FBI counts more than 200 separate DDoS attacks on at least 46 financial institutions [see FBI: DDoS Botnet Has Been Modified].

Bigman, who retired last year from the CIA after 30 years, says federal agencies that deem their public-facing websites as mission-critical should be better prepared to defend their sites against the attacks. “The ones who use the website largely as an information serving platform – most of the intelligence community – are, ironically, less well protected,” he says.

Assessing Hackers’ Skills

The alert, prepared by Cyber Intelligence Analysis Division within DHS’s Office of Intelligence and Analysis, says the actors behind OpUSA most likely will rely on commercial tools to exploit known vulnerabilities rather than develop their own tools and exploits.

“This suggests some of the participants possess only rudimentary hacking skills capable of causing only temporary disruptions of targeted websites,” the alert says. “Nevertheless, OpUSA participants likely will exaggerate the scope and impact of their attacks as a way to attract attention and draw more capable criminal hackers to future hacking efforts.”

Tripwire’s Melancon cautions against underestimating the sophistication of the expected May 7 attack, saying that attitude is risky. “It is better to prepare for a strong attack than to be caught flat-footed because you expected an amateurish attack, but ended up being confronted by a competent attacker,” he says.

Lessons to Be Learned

Even if the attacks are somewhat successful, they could help website operators defend against future attacks. “OpUSA, if launched, will actually expose vulnerabilities and help to reduce the number of targets that are susceptible to easy exploitation by more targeted adversaries,” says Richard Stiennon, an IT security analyst and author of the book “Surviving Cyberwar.”

The DHS alert says promoters of OpUSA, though not necessarily its instigators, include individuals linked to websites that host violent extremist content, including a member of a web forum that hosts al-Qaida-inspired content.

Anticipating the attack, the Credit Union National Association is alerting its members of the “chatter” tied to OpUSA.

“It is not possible to assess the veracity of the threat at this time, but it is important that credit unions be aware and prepared at all times,” Tom Nohelty, vice president of information technology at CUNA, says in a statement. “Some of the largest credit unions are included in a list of targets for the purported May attack so heightened awareness is warranted.”

Among the targets mentioned in the Anonymous posting are the American Airlines and Alliant credit unions.

Being on Guard

The credit union association offered this advice to defend against the potential May 7 digital assault:

  • Actively monitor in-bound Internet traffic that day. Network teams should be prepared to block traffic from specific IP addresses in an effort to maintain their website’s ability to respond to normal business requests;
  • Alert members about the OpUSA threat and ask them to execute critical online banking business on a different day or come into the credit union office; and
  • Educate call-center staff on the symptoms of a DDoS attack so they can better serve the members and notify their network teams if an attack is under way.

A DHS spokesperson says the department is sharing information with industry, state and local governments and international partners to address cyberthreats and develop effective security responses.

For protection against your eCommerce site click here.


Government IT managers should be aware that distributed denial of service (DDOS) attacks may become more than just a frustrating nuisance that they need to deal with on their networks. Such attacks may increasingly be used as a ploy used to create background interference during a major emergency. Think of it as creating a communication traffic jam that keeps first responders stuck in low gear.

But first, a little update on where DDOS stands today. A study by Prolexic Technologies reports a 718 percent increase  this year in the overall bandwidth consumed by DDOS attacks, while a recent report from Verizon says that most recent DDOS attacks have been launched by activist groups. Many Internet service providers have reported a general increase in DDOS-related traffic.

Meanwhile, the Homeland Security Department and the FBI have issued an alert noting that they are aware of dozens of (TDOS) attacks aimed at government or financial communications centers. This variation is similar to DDOS attacks. Computer-controlled calls are made in a high volume, but they target voice lines rather than computers. So far the targets have been mostly administrative, not 911, telephone lines. But that could change.

Evidence of DDOS attacks launched in conjunction with real emergencies is spotty, but there have been instances.

In 2010, after a hurricane in Myanmar/Burma, an international DDOS attack targeted some of the media sites that had relocated after the storm. This made it difficult for them to share government news.

This year, not long after the Boston Marathon bombing, the social news site Reddit set up a section to allow visitors to post photos and share theories about the event. The pages grew in popularity and received attention from the mainstream press, particularly after it has misidentified several people as suspects. Once that happened, the site became the target of a massive DDOS attack which shut off contact for over 50 minutes while site managers worked to re-rout traffic and address security issues. High-traffic sights often use content delivery networks (CDNs), essentially a distributed system of servers housed at multiple data centers. At the peak of the attack, Reddit was hit with more than 400,000 requests per second to its CDN. The requests came from “thousands of separate IP addresses, all hammering illegitimate requests, and all of them simultaneously changing whenever we would move to counter,” according to a statement made by one of the Reddit editors.

The banking industry has been targeted many thousands of times with DDOS attempts, sometimes in conjunction with specific news events related to economic reports.

Government needs to be aware of these connections because, in extreme situations, DDOS could be used to block Internet access to critical services like traffic controls, river or dam monitoring, contact with police and more.

For protection against your eCommerce site click here.