More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

By John E Dunn

Techworld — More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat.

Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said.

“Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note.

A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week.

There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours.

Two thirds said the direct cost of all this DDoS was about $10,000 (APS6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour.

The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance.

The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs.

Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services.

However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them.

“With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.”

The company markets its own cloud-based mitigation service, SiteProtect. Three years ago its UltraDNS service was itself the victim of a DDoS attack.

Source: http://www.cio.com/article/706594/U.S._Firms_Over_Reliant_on_Firewalls_to_Defend_Against_DDoS_Attacks?taxonomyId=3089

The Pirate Bay is getting pounded with a denial-of-service attack and most of the likely suspects deny involvement.

by Greg Sandoval May 16, 2012 12:56 PM PDT

There’s a good whodunit developing over at The Pirate Bay, the popular BitTorrent file-sharing service.

An unknown entity has launched a large distributed denial-of-service attack (DDoS) against The Pirate Bay and rendered the site largely inaccessible for more than a day. The Pirate Bay posted a note to its Facebook page confirming the attack. Site operators wrote: “We don’t know who’s behind it but we have our suspicions.”

Suspicions are all anybody seems to have at this point. Here’s a list of the top suspects and where they stand on the issue.

– The Motion Picture Association of America: A spokesman for the trade group for the top six Hollywood film studios, a group that over the years has become one of The Pirate Bay’s arch nemesis, told CNET “The MPAA has no involvement and does not condone DDoS attacks.”

– The Recording Industry Association of America: A representative for the trade group for the four major music labels, also denied that the organization was behind the attack. He pointed out that the RIAA has been the victim of multiple DDoS attacks and has denounced the practice.

– Anonymous: The mysterious hacktivist group that is well known around the world for launching DDoS attacks, has denied responsibility. The Pirate Bay admonished Anonymous’ for its tactics when the group recently launched a DDoS attack against Virgin Media, the first Internet service provider in the United Kingdom to block The Pirate Bay.
“Yes, The Pirate Bay is down,” wrote Anonymous in a Twitter post. “Yes it’s under DDoS attack. No we don’t know who from. We’ll update as we hear more.”

Of course the MPAA and RIAA don’t speak for every copyright owner around the world. Plenty of filmmakers and musicians not affiliated with those groups consider The Pirate Bay a scourge and believe that site operators enrich themselves at artists’ expense.

Anonymous also doesn’t speak for every hacker in the world or for everyone who has the capability to launch a DDoS attack.

The only reason that anyone would even suspect Anonymous, which has always been a huge supporter of The Pirate Bay, is because of BitTorrent site’s strong condemnation last week of DDoS attacks — even attacks launched in support of the service.

“We do not encourage these actions,” The Pirate Bay wrote after Virgin Media came under attack, according to the blog Torrentfreak. “We believe in the open and free

Internets, where anyone can express their views. Even if we strongly disagree with them and even if they hate us.”

So, where does this leave us? Is it a government that is attacking the site or an angry group of tech-savvy indie filmmakers or musicians? Is it a rogue element of Anonymous? If you have any suspicions, please share them in the comments.

Source: http://news.cnet.com/8301-1023_3-57435710-93/who-is-behind-murky-ddos-attack-against-the-pirate-bay/

By: Jeremy Nicholls

The internet is an ideal destination for like-minded people to come together.

This is as true for people who are reaching out to friends, colleagues and strangers to raise money for charity as it is for groups of individuals who plan to use cyber attacks to make political or ideological statements.

It is the latter group, ‘hacktivists’ as they have come to be called, who are having a profound impact on today’s security threat landscape.

Research from Arbor Networks’ annual Worldwide Infrastructure Security Report (a survey of the internet operational security community published in February) supports this. Ideologically motivated hacktivism and vandalism were cited by a staggering 66 per cent of respondents as a motivating factor behind distributed denial-of-service (DDoS) attacks on their businesses.

One of these attacks last month targeted the BBC – the attack took down email and other internet-based services and the BBC suspected the attack was launched by Iran’s cyber army in a bid to disrupt BBC Persian TV. Then there was the takedown of the Home Office website with the promise of a series of weekly attacks against the Government.

But it’s not just high-profile, politically connected organisations at risk. Any enterprise operating online, which applies to just about any type and size of business operating in the UK, can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Nobody is immune.

An influx of new attack tools entering the market are readily available and fast to download. This video demonstrates how many tools are available today to anyone with a grievance and an internet connection; furthermore, the underground economy for botnets is booming.

Botnets ‘for hire’ are popular – unskilled attackers are able to hire botnet services for bargain-basement prices. Just as an enterprise can subscribe to a technology provider or a cloud-based DDoS mitigation service, hacktivists can subscribe to a DDoS service to launch attacks.

While hacktivism has gained tremendous press attention recently, there is evidence of DDoS attacks being used for competitive gain. For example, the Russian security service FSB arrested the CEO of ChronoPay, the country’s largest processor of online payments, for allegedly hiring a hacker to attack his company’s rivals. He was charged with a DDoS attack on rival Assist that paralysed the ticket-selling system on the Aeroflot website.

This all has overwhelming implications for the threat landscape, risk profile, network architecture and security deployments for all service providers and enterprises.

With the democratisation of DDoS has come a change in the attacks themselves. The methods hackers use to carry out DDoS attacks have evolved from the traditional high-bandwidth/volumetric attacks to stealth-like application-layer attacks and state attacks on firewalls and IPS, with a combination of any or all three being used in some cases.

Multi-vector attacks are becoming more common. A high-profile attack on Sony in 2011 had the company blinded of security breaches that compromised user accounts on the PlayStation Network, Qriocity and Sony Online Entertainment, because it was distracted by DDoS attacks.

Whether used for the sole purpose of shutting down a network or as a means of distraction to obtain sensitive data, DDoS attacks continue to become more complex and sophisticated. While some DDoS attacks have reached levels of 100Gbps, low-bandwidth, application-layer attacks have become more prominent as attackers exploit the difficulties in detecting these ‘low-and-slow’ attacks before they impact services.

Of the respondents surveyed in Arbor’s report, 40 per cent reported an inline firewall and/or IPS failure due to a DDoS attack, and 43 per cent reported a load-balancer failure.

While these products have a place and are an important part of an organisation’s overall IT security portfolio, they are not designed to protect availability. To ensure the best possible protection, organisations should adopt a multi-layered approach – combining a purpose-built, on-premise device with an in-cloud service.

DDoS mitigation is not a short-term fix. At Arbor Networks, we believe that this is something that should sit within a company’s overall risk-planning considerations. Just as physical security can be impacted by fire or extreme weather, digital security includes evaluating threats to availability, namely DDoS attacks.

It is becoming increasingly important to develop a plan to identify and stop them before they impact services, just as you would with natural disasters such as earthquakes or floods.

It is time for companies to start considering DDoS in their business-continuity planning. If they don’t, and they are targeted, the resulting chaos and lack of tools extends the outage and increases the costs both from an immediate financial perspective, and in terms of longer-term brand damage.

 

Source: http://www.scmagazineuk.com/the-changing-face-and-growing-threat-of-ddos/article/241020/

15/05/2012

Information Commissioner’s Office’s website appears to be latest target of hacktivists

Privacy watchdog appears to be under Distributed Denial of Service attack

Update: The ICO has just released this statement about the DDOS attack it is suffering.

ICO spokesperson said:”Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack.

“The website itself has not been damaged, but people have been unable to access it. We provide a public facing website which contains no sensitive information.

“We regret this disruption to our service and we are working to try to bring the website back online as soon as possible.

“As mentioned it seems to be intermittently available at the moment and our web team our working to resolve the problem.”

Hackers appear to have launched a Distributed Denial of Service (DDOS) attack against the website of the Information Commissioner’s Office.

The site is currently offline and when we called to verify if this was the case, a representative for the ICO told us at 9.55am that it was going into a meeting to discuss the situation. The privacy watchdog said it would release an update when it had some news.

However we were told that it was hoped that the site would be back online soon.

If it is indeed a DDOS attack, it is not known who may behind it or why. But the last week has seen a spate of these attacks including those against internet service providers’ (ISPs) sites, including Virgin Media and Talk Talk, which have been targeted recently by strands of the Anonymous group.

They were protesting against the ISPs blocking customer access to file-sharing site The Pirate Bay.

André Stewart, President International at Corero Network Security said: “The takedown of the Information Commissioner’s Office website by an apparent Distributed Denial of Service attack is, once again, evidence that Government organisations need to be better prepared for the growing threat from cybercrime carried out by politically or ideologically motivated hacktivists.”

Source: http://www.computeractive.co.uk/ca/news/2174709/information-commissioners-office-website-goes-offline-suspected-ddos-attack

Published: 14 May, 2012, 20:00

Businesses have suggested it. The government has all but confirmed it. And according to one alleged member, they both might very well be right. A hacker tied to Anonymous says the loose-knit collective may be the most powerful organization on Earth.

“The entire world right now is run by information,” Chris Doyon tells Postmedia News from an undisclosed location in Canada. “Our entire world is being controlled and operated by tiny invisible 1s and 0s that are flashing through the air and flashing through the wires around us. So if that’s what controls our world, ask yourself who controls the 1s and the 0s”

“It’s the geeks and computer hackers of the world,” says Doyon.

In a world where the most critical of information isn’t locked up in vaults but instead encoded in easily obtainable binary, Doyon says that crackers like those in Anonymous are in possession of some of the most powerful knowledge known to man.

Doyon, who is reported to be in his late 40s, was charged last year for partaking in a Distributed Denial of Service attack on the website for the county of Santa Cruz, California. Since February, however, he has resided in Canada after using what he says is the new “underground railroad” to escape persecution for alleged computer crimes in the States.

Authorities say that, under the handle of Commander X, Doyon acted as a ringleader of sorts of the Anonymous collective, an operation described by its own participants as one that lacks leadership altogether.

“If you are asking me if he’s an activist and tried to change the world for better. Yes, he did. I don’t know if that makes him a member of Anonymous, but he is certainly an activist working on social change for the betterment of mankind,” his attorney, Jay Leiderman, told Cnet in September.

“Yes, I am immensely proud and humbled to my core to be a part of the movement known as Anonymous,” Doyon reportedly told reporters upon leaving a California courthouse last year.

Regardless of if he can actually be linked to the organization — and to what degree — Doyon says that the group is capable of more than one might imagine.

“Right now we have access to every classified database in the US government. It’s a matter of when we leak the contents of those databases, not if,” says Doyon.

It wasn’t computer nerds slaving over codes to help crack the system uncover that info either, says Doyon.

“You know how we got access?” asks Doyon. “We didn’t hack them. The access was given to us by the people who run the systems. The five-star general (and) the Secretary of Defense who sit in the cushy plush offices at the top of the Pentagon don’t run anything anymore. It’s the pimply-faced kid in the basement who controls the whole game, and Bradley Manning proved that. The fact he had the 250,000 cables that were released effectively cut the power of the US State Department in half. The Afghan war diaries and the Iran war diaries effectively cut the political clout of the US Department of Defense in half. All because of one guy who had enough balls to slip a CD in an envelope and mail it to somebody.”

“There’s a really good argument at this point that we might well be the most powerful organization on Earth. The entire world right now is run by information,” he adds.

Doyon landed in hot water after he allegedly launched a DDoS attack against authorities the Santa Cruz website after the county imposed a ban on outdoor camping. According to authorities, Doyon engaged in the assault in December 2010, nearly a year before the Occupy Wall Street movement encouraged protestors to camp outdoors in public spaces from coast to coast. In September 2011 he was formally charged in the DDoS attack and fled to Canada five months later. Had he stayed in the US, he would have been prohibited from using social networking sites like Facebook and Twitter, as well as chatroom clients that connect to IRC networks.

“They’ve taken away my freedom of speech,” he explained to the Santa Cruz Sentinel at the time.

Today Doyon says he is safe north of the border but is awaiting another move abroad. “[W]e’re in negotiation with several countries in Europe to try to get a permanent political asylum situation set up for myself as well as for any other Anons and information activists who might need it,” he tells Postmedia. “It’s too bad Canada will not find the political courage to protect information activists from America like they did in the ‘60s with the draft dodgers. That’s the reality of it, but they will probably not actively seek to track me down.”

Source: http://rt.com/usa/news/anonymous-us-doyon-world-219/