Hackers Leave Advice for Breached Security Company

Security firm Staminus servers have been taken offline today, following a supposedly successful cyber-attack on their network. The Newport Beach, California-based hosting and distributed denial of service (DDoS) protection company went down at 8 am EST on Thursday, with the company communicating details of the event via Twitter citing it as a “rare event [that] cascaded across multiple routers in a system-wide event.”

This ‘rare event’ was quickly revealed to be a far more deliberate malicious act against the company, with a data dump of Staminus’ servers being posted to the internet shortly afterwards. This leak contained the details of a large number of customer names and email addresses as well as their database table structures, routing tables and other crucial operational information. An unnamed Staminus customer verified the contents of the hack, confirming that his details were among those released in the dump. The posters of the dump declared that they had managed to gain access to all of Staminus’ routers and networked systems, resetting them to factory settings.

The dump begins with a note from the hackers responsible for the breach, titled “TIPS WHEN RUNNING A SECURITY COMPANY.” This preface detailed a number of security flaws found while breaching Staminus’ systems in a sarcastic style:

  • Use one root password for all the boxes
  • Expose PDU’s [power distribution units in server racks] to WAN with telnet auth
  • Never patch, upgrade or audit the stack
  • Disregard PDO [PHP Data Objects] as inconvenient
  • Hedge entire business on security theatre
  • Store full credit card info in plaintext
  • Write all code with wreckless [sic] abandon

While no credit card information was visible in the dumped data, doing so unencrypted goes against Payment Card Industry (PCI) security standards and inappropriate for any company handling such details, especially one claiming to be in the security business.

Also laid bare was the colourful selection of customers that Staminus served. From a number of small gaming server operators, including those for Minecraft all the way to the Ku Klux Klan, it was found that the KKK’s official website was in fact hosted by Staminus, as well as a number of affiliated sites such as the American Heritage Committee.

While Staminus claimed that service had been restored globally, many customers took to Twitter claiming that it was not the case. Since then, the only communication from the firm has been the announcement of a statement from their CEO, which is linked to their (currently offline) site. When Staminus will regain full functionality of the network is anyone’s guess, however, it will be interesting to see how the company will recover from this major event.

DDoS Attacks Increase by 148.85 Percent

DDoS attacks are becoming more prevalent each year, and a real nuisance for service providers trying to effectively run a network. The idea behind these attacks is to overwhelm a website or network service with traffic to cause temporary disruption. It’s unclear why people engage in these measures, but perhaps it’s some sort of protest against a website’s content or anger towards society. Whatever the case, DDoS attacks are a major problem and the latest State of the Internet report makes for some alarming reading. According to the data, DDoS attacks increased by a whopping 148.85 percent in Q4 2015 compared to Q4 2014.

Furthermore, there was a 168.82 percent increase in infrastructure layer 3 and 4 attacks. Interestingly, the quantity of DDoS attacks increased by 39.89 percent versus the last quarter which shows their rapid rise. There’s a lot of quick attacks being made and the average duration decreased from 29.33 hours to 14.95 hours. This is a reduction of 49.03 percent compared to Q4 2014. The report goes onto say:

“In other words, while the average gigabits per second per attack increased, the average number of packets per second decreased,”

“In fact, only three attacks exceeded 30 million packets per second in Q4, a statistic that has steadily decreased for several quarters.”

“Sites offering booter tools are purportedly set up to allow administrators to load test their own sites. However, many of the sites are used as DoS-for-hire tools, relying on reflection attacks to generate traffic.”

Other data shows DNS-based traffic rose by 92 percent, chargen traffic went up by 52 percent and udp grew by 20 percent. There was even one attack which reached 309Gbps, and five instances of attacks over 100GBps. This is down though from Q4 2014’s figure of five. As you can see, DDoS attacks are really becoming problematic especially from the Chinese region. It looks like this trend will continue and increase at a scary pace.

Phantom Squad Threatens Week-Long Xbox Live and PSN Attack over Christmas

Following its attack on Xbox Live earlier this week, hacker group Phantom Squad has threatened to take down both Xbox Live and PlayStation Network for a week over Christmas, calling its first successful attempt a demonstration, The Independent reports. The Twitter account that Phantom Squad used to make these threats has now been suspended, but the group has returned with a new account, @PhantomLair.

“Why do we take down PSN and Xbox Live? Because cyber security does not exist,” the old Phantom Squad account tweeted, followed by, “Some men just want to watch PSN and Xbox Live burn.”

Phantom Squad is claiming that it temporarily took down PSN earlier today, but this has not yet been confirmed:

https://twitter.com/PhantomLair/status/677705163067555840

The hackers are also threatening to DDoS reddit, asking follower to vote for their preferred target:

https://twitter.com/PhantomLair/status/677716229147271168

The threatened attacks mirror those committed by Lizard Squad last Christmas, whose attacks on Xbox Live and PSN were used to advertise their new Lizard Stresser DDoS tool, which offered bespoke attacks on websites for a fee.

“The only reason we are doing this its @Xbox & @PlayStation Fault [sic],” Phantom Squad tweeted earlier today. “Because we are proving there is no cyber security PSN Fix it b4 it happens.”

Xbox Live Hit by Phantom Squad DDoS Attack

Only a few days ago, the “hacking group” known as Phantom Squad threatened to shut down Xbox Live and PlayStation Network during the Christmas period. Before I move onto today’s development, please note that the press shouldn’t really be referring to groups like Lizard Squad and Phantom Squad as hacking groups. I’ve fallen into that trap myself without thinking about it, and it’s not actually an accurate term. Using a DDoS to disrupt networking services is not hacking, and we shouldn’t give these groups a title which overemphasize their abilities. Putting that aside, it seems Phantom Squad have lived up to their promise and conducted a DDoS attack on Xbox Live. Here we can see them taking responsibility for the service outage and also tweeted about the lack of security on these networks:

This might indicate they have a motive to expose Xbox Live and PlayStation Network’s security loopholes. However, this isn’t the way to go about it, and only impacts on the enjoyment factor for new console owners during Christmas. Rather surprisingly, Twitter has suspended the groups account but luckily Ars Technica UK captured some of their Tweets. In lieu of recent events, Microsoft issued a status update on its support site which reads:

“Hey Xbox members, are you having trouble purchasing or managing your subscriptions for Xbox Live? Are you also having an issue with signing into Xbox Live? We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We’ll post another update when more information becomes available.”

Phantom Squad’s egotistical and attention seeking traits reached fever pitch as they asked for retweets to prevent PSN from being the next target:

Any hope of Phantom Squad caring about security of having some sort of moral purpose is discredited by this tweet. Clearly, they just want to cause havoc and feel better about themselves by spoiling other people’s Christmas. As a result, they need to reassess their behaviour and comprehend how they would feel if their Christmas was spoilt by an unknown group on the internet.

Large Scale DDoS Attempted Take Down of DNS Root Servers

Someone actually tried the impossible on two separate occasions, to take down the internet’s backbone. They did ultimately fail for multiple reasons, but at the same time, they actually got a surprisingly good result out of their attack.

Early last week the Internet’s DNS Root Servers, that are the authoritative reference for mapping domain names to IP addresses, were hit with a flood of as many as 5 million queries per second for up to three hours with the goal to crash the servers. The Distributed Denial of Service (DDoS) attack took place on November the 30th and December the 1st.

The DDoS attack effectively managed to take 3 of the 13 DNS Root Servers offline for a couple of hours which in itself is quite impressive. It does however not have any real effect on the world due to the nature of DNS’ structure. DNS servers are built up in a mesh structure which means that you’ll need to take down all of them at the same time to have any real effect. And that includes the thousands of DNS servers that users connect to from their ISPs as well as all the public ones. Should the request to one DNS server fail, another will jump in and you’ll merely have a minor delay and no breakdown.

According to an analysis published by the root server operators on Tuesday, each attack fired up to 5 million queries per second per DNS root name server, and that was enough to flood the network and cause timeouts on the B, C, G, and H root servers.

At this time, there is no indication of who or what was behind this large-scale DDoS attacks. The source IP addresses used in the attacks were very well distributed and randomized across the entire IPv4 address space, so there is no clue to go by. The same goes for the motive, maybe it was a ‘let’s see if we can do it’ thing.

The National Crime Agency’s Anti-Cyber Crime Campaign is Embarrassing and Ignorant

The National Crime Agency embarked on an appalling advertising campaign yesterday “aimed at educating the parents of 12-15 year old boys” who might be proponents of cyber-crime. Already we can see the ignorance flowing here, as focusing on the male gender is incorrect, and targeting such a narrow age range seems completely ludicrous. Not only that, the organization created a checklist for parents to help investigate their own children and see if they are engaging in illegal activity. This is a prior warning, the compiled list is possibly the biggest pile of nonsense I’ve read in years.

“Warning signs of cyber crime

The following behaviours may indicate a young person is at risk of getting involved in cyber crime:

  • Is your child spending all of their time online?
  • Are they interested in coding? Do they have independent learning material on computing?
  • Do they have irregular sleeping patterns?
  • Do they get an income from their online activities, do you know why and how?
  • Are they resistant when asked what they do online?
  • Do they use the full data allowance on the home broadband?
  • Have they become more socially isolated?

If a young person is showing some of these signs try and have a conversation with them about their online activities. This will allow you to assess their computer knowledge proficiency so you can understand what they are doing, explain the consequences of cyber crime and help them make the right choices.”

There’s so much wrong with the questions above that I really don’t know where to start. The idea that children spending time online is a negative concept is unbelievably outdated, and laughable. The internet is an integral part of daily life from educational activities to keeping up with friends on various social media platforms. Additionally, human beings don’t all have to be brash, loudmouth extroverts, and social isolation isn’t anything to be suspicious off. In reality, many socially isolated people are very creative and struggle to communicate with people. Anxiety is a terrible condition to deal with its impossible for non-sufferers to understand the daily torment. That’s why it’s incredibly hurtful to judge people and be suspicious of them just because they want alone time.

On another note, the one key profession society will need in the future is programmers, and they are in short supply at the high skill level. We should be actively encouraging children to attain coding skills and make their interest in this field flourish. To insinuate this passion as a negative aspect is frankly, embarrassing.

Hilariously, the NCA contradicts themselves and goes onto say:

Ways to use cyber skills positively

Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.”

According to their impeccable logic (insert sarcasm here), coding is a suspicious trait but it’s a way to use skills in a positive manner. If anyone can explain what the marketing team has been drinking, I’d love to know. This entire campaign makes zero sense and is a complete farce. While some feel the need to ridicule it, I find it very worrying that people in power have such an idiotic and uneducated viewpoint on the subject matter. As previously mentioned, the government, the actors, and anyone else involved in this mess should feel ashamed.

If you’re brave enough, here’s the cringe-worthy video in full:

University Network “Janet” Struck by Cyber Attack

Universities in the UK have been struck by a DDOS attack which caused major outages to the Janet network. This network serves over 18 million users and provides UK education bodies with a highly reliable and supposedly secure network. The cyber attacks “have resulted in reduced connectivity and disruption” in a statement on network provider, Jisc’s Facebook page. Jisc executive director Tim Kidd explained:

“We understand the importance of connectivity to colleges, universities and other public sector organisations,”

“We are doing everything in our power to ensure normal service in resumed as soon as possible, and in the meantime to minimise any disruption that users of the Janet network may be experiencing. We apologise for any inconvenience caused.”

According to the BBC, the University of Manchester sent out an e-mail after hearing complains from staff and students about connectivity problems which reads:

“By flooding the service with excessive network traffic, an attacker is attempting to exceed the capacity of the service, which causes the service to run slowly or become unavailable,” 

Apparently, the DDOS attacks have managed to disrupt the Janet network for two days and counting! This isn’t an ideal situation and means many students cannot complete their coursework or look online for reading materials. Realistically, you wouldn’t expect a huge government funded network to fall so easily to a DDOS attack and illustrates the system’s vulnerabilities. Hopefully, the network team can learn from this escapade and find better ways to fight cyber attacks in the future. It’s quite clear though that DDOS attacks are on the rise.

Anonymous Claims CloudFlare Protects Pro-ISIS Sites

Anonymous started a new offensive against ISIS following the terrible attacks on Paris and while we all like that part, it’s hard for me to take them serious in any way. They surely have a few talented people with skills and connections in their group, but for the most part, their skills go as far as pressing a button in a pre-built application in order to launch DDoS attacks on a specific target.

We’ve recently learned that their offensive isn’t going all that good and now they’ve come out and accused CloudFlare of protecting pro-ISIS websites. CloudFlare makes software which prevents denial of service attacks which is the preferred method of attack from the Anonymous group, so this doesn’t come as a big surprise. Terrorists might live with a stone-age mentality, but they do know how to use modern technology. CloudFlare faced similar accusation from the group back in 2013 when they launched an offensive against Al-Qaeda websites.

CloudFlare naturally defends itself against the accusation and as they say, it wouldn’t be a good business model for them. Groups like that will most likely pay with stolen credit card credentials and that is not good for a business. The company also stated that they would cooperate with any law enforcement agency when presented with a legal warrant or court order regarding any of their customers. So maybe Anonymous should forward their evidence to those instances instead of whining on social media about a normal service used by thousands of websites and that works as intended.

Tor Exit Nodes Hit by Large-Scale DDoS Attacks From the UK

Several operators have reported that their Tor exit nodes have been hit by large-scale DDoS attacks originating in the UK. While some abnormalities have been written off by users as “graph glitches”, the attacks have coincided with the disappearance of the Abraxas Marketplace, which has made some users quite edgy.

An anonymous operator posted to Pastebin:

“Hi, I am the operator of several exit nodes and would like to stay anonymous due to the nature of the given attacks. Since Thursday (05.11.2015 1800 UTC) I have seen large DDoS attacks on each of my exit nodes from a common /16 source. The attacks originate from UK.”

The same operator, under the username dipsh1t, later posted more details to the /r/DarkNetMarket subreddit, writing, “[Attacks are occurring at an] Interval of about 30min. A whole bunch of IPs at 20mbit/s hitting hard for 5min. And then a small amount of nodes hitting hard at around 100mbit/s per IP. They’re both TCP and UDP, primarily UDP. All nodes look identical (nmap).”

If these attacks are both legitimate and being launched by the UK, it comes a week after the launch of a new task force by UK intelligence service GCHQ to police the ‘dark web’. “An NCA and GCHQ co-located Joint Operations Cell (JOC) opens officially today,” a National Crime Agency press release from 6th November reads. “The unit brings together officers from the two agencies to focus initially on tackling online child sexual exploitation.”

 

UK E-tailers Taken Offline by DDoS Attacks

Yesterday, UK based e-tailers were the apparent victims of a DDoS attack that took Aria Technology, Novatech, and Scan Computers websites offline. Channelweb reported that Aria Taheri, the owner of Aria Technology said that after the business’s website was down for a few hours in the afternoon they received an email demanding a payment of 16.66 Bitcoins (£2,871.43). In the email, it stated that if they did not pay up that the culprits would try to take down the site for the entire Wednesday. Taheri also said that he understands that the problems being experienced by the companies are from the same DDoS attack, and that the other companies had received ransom emails as well.

Elan Raja III, the director of Scan said, “Scan are aware there has been some disruption in traffic and is investigating the cause”. Interestingly enough, today if you are trying to connect to Scan’s website you will notice that it is now protected by CloudFlare DDoS protection.

Back in February 2013 Aria website was hacked but they caught the people responsible by putting up a reward. Now they are hoping that the tactic will work again and are posting up a £15,000 bounty. So if you know who did the attack it is your time to cash in. The day that the culprits are threatening to attack Aria is their “prime day” where low prices normally drive a lot of business on its site. There will be no ransom paid as that will be sending the wrong message to nefarious parties.

Taheri went on to say, “These kinds of attacks are only designed to affect our website and make it inaccessible. However, [our customers’] information is 100 percent secure as we are PCI DSS compliant which is quite a strict web-security protocol. Also, the website unavailability will last for only a short period – a matter of hours – so the customers can always come back at a later time. We are not going to encourage more of these hackers by giving them Bitcoins, because that would only encourage others to come to us and blackmail us more. The message to the hackers is that I will spend a significant amount of money to bring them to justice. Our track record shows that we have done that before, and based on that track record I am fairly confident we can do that [again].”

Chinese Devices Mount Massive DDoS Web Attack

Cyber attacks are an increasing and dangerous threat which is perpetrated by groups and countries alike, these attacks are a substantial threat to free speech, livelihoods of website operators and also the whole infrastructure of the Internet. It’s no surprise to learn that a huge DDoS attack against a target website resulted in 650,000 devices being unwittingly enrolled into a giant cyber attack which overwhelmed its target.

And where did this attack originate from? That’s right, our friends over at the democracy-suppressing Truman Show style country that is China. The attack transmitted a staggering 4.5 billion separate requests for data in one day to the target destination. Below is an image which analyses the log timeframe of HTTP requests per hour, as you can see, requests for data ramped up dramatically within only a relatively small period of time before dissipating.

Since the attack had been levelled at a client of US Company CloudFlare, they were able to “write a dedicated script and were able to further analyze 17M log lines, about 0.4% of the total requests” They found that 99.8% of the flood was originating from China while 0.2% was labelled as “Other” They were also able to determine that 80% of the requests came from mobile devices .

So, how is it possible to booby trap an amazingly high number of devices? CloudFlare security analyst Marek Majkowski speculated that an ad network might have been the root cause which was compromised and used as a distribution vector for the attack. “It seems probable that users were served advertisements containing malicious JavaScript. These ads were likely shown in iframes within mobile apps, or mobile browsers to people while they were casually browsing the internet”

Think of this speculated but plausible scenario like this, while a user was browsing the Internet or through an app, he or she was served an iframe which contained an advertisement. This ad had been requested from an ad network who then forwarded the request to a third-party that won the ad auction. This meant that either the third-party was the “attack page” or it forwarded the user to an attack page, by doing this the user was served a page containing malicious Java Script which then launched a flood of XHR requests against CloudFlare servers.

CloudFlare have declined to name the company which had their server attacked but are warning against future cyber attacks with the same level of intensity. It’s a worrying trend which has many outlets including the Darth Vader weapon of choice “The Great Cannon.” This is also not serving the long-established technique of serving ads to consumers via the Internet, if advertisements are increasingly being injected with malicious code, consumers are going to use extensions to block them.

The Internet connects the world and is seen as a necessity and therefore a human right by powerful individuals, what countries want you to see on the net, well, that’s a whole different ball game.

Thank you blog.cloudflare for providing us with this information.

Image courtesy of cloudpro

NCA Website Temporarily Taken Offline by Lizard Squad DDOS Revenge Attack

The National Crime Agency is a UK body which tackles online cyber attacks and recently arrested 6 people for using Lizard Squad’s DDOS tool. In an act of retaliation, the hacking group conducted a DDOS attack on the NCA website. The team mockingly used the NCA’s logo in a Twitter post and publicly announced the DDOS attack. An NCA spokesperson said about the incident:

“The NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability. At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.”

Hacking via a DDOS method doesn’t usually result in long-term chaos and the majority of sites can be up and running within 1-2 hours. Of course, this greatly depends on the scale and complexity of each hacking attempt. The NCA spokesperson emphasized this and argued:

“The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”

However, Dave Larson, CTO at Corero Network Security explained the more sinister impact of DDOS attacks on network infrastructure:

“The recent reports indicating that the National Crime Agency website has been taken offline by DDoS attack, seemingly by the increasingly popular DDoS-for-hire site, Lizard Stresser is a classic example of cyber-warfare taking aim in retaliation of the recent arrests of individuals associated with the service.  

“DDoS attacks can be a nuisance, cause temporary or long term service disruptions, and take down IT security infrastructure in any organization. What is even more distributing is the potential for even greater damage in the form of smokescreen diversions allowing hackers to run additional attacks aimed at breaching sensitive data and further impacting operations.

“DDoS mitigation strategies must be viewed as more than just protecting your website, it is protecting the business, your intellectual property and your customers.” 

In my opinion, this particular hack was nothing more than an inconvenience and predatory response to the 6 arrests. Arguably, Lizard Squad hopes this sends a warning message out to government bodies trying to infiltrate the group and arrest its leading members. Personally, I feel this is more of a PR stunt and not a valid attempt to make the NCA’s website inoperable.

What do you think of Lizard Squad?

https://twitter.com/LizardLands/status/638617494702399488

Thank you The Register for providing us with this information.

Six Arrested in Lizard Squad Crackdown

Six people in the UK have been arrested for using Lizard Squad’s infamous DDoS tool, Lizard Stresser. Operation Vivarium, co-ordinated by the National Crime Agency (NCA), was a nationwide initiative involving numerous police forces and Regional Organised Crime Units (ROCUs) across the UK. It is estimated that 30% of UK businesses suffered DDoS attacks last year.

According to the NCA website, the following suspects, all male and aged 18 or under, were arrested:

A 17 year-old male from Manchester had computer equipment seized and was interviewed under caution by the NCA’s National Cyber Crime Unit (NCCU) on 27 August.

A 18 year-old-male from Huddersfield arrested and bailed on 27 August by Yorkshire and Humberside police.

A 18 year-old-male from Milton Keynes interviewed under caution by the South East ROCU on 26 August.

A 18 year-old male from Manchester arrested and bailed by North West ROCU and Greater Manchester Police on 26 August.

A 16 year-old male from Northampton arrested and bailed by East Midlands ROCU on 26 August.

A 15 year-old male from Stockport arrested by the North West ROCU and Greater Manchester Police on 24 August.

This follows two other arrests earlier this year:

  • A 17 year-old male from Cardiff arrested and bailed by South Wales ROCU and NCCU on 16 April.
  • A 17 year-old male from Northolt arrested and bailed by the Metropolitan Police on 03 March.

“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services, Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit, said. “This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.”

“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” he added.

Thank you National Crime Agency for providing us with this information.

Image courtesy of Forbes.

DDOS Attacks Reach Record Numbers in Q2 2015

The State of the Internet report from Akamai has revealed an alarming statistic concerning the prevalence of DDOS attacks. Shockingly, there was a 7 percent increase compared to the last quarter and up 132 percent from the same time last year. More worryingly, Q2 2015 contained, 12 “mega attacks” which features a peak of 1,000 gigabits per second and 50 million packets per second. One example lasted a total of 13 hours at 240 Gbps whilst most attacks revolve around a time period of 2-3 hours.

Interestingly, the data pinpoints the main source of DDOS attacks to China followed by the USA. Attackers are prioritizing their focus on online gaming networks and trying to cause utter destruction. More specifically, 35 percent of DDOS victims experienced attacks whilst using a gaming network such as Xbox Live. John Summers, VP of the Cloud Security Business Unit at Akamai said,

“The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter,”

“Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.”

Any DDOS attack is difficult to contest with and they’re starting to become an epidemic. Some websites are hit for political reasons, and others appear to be from vindictive people wanting to leave their mark. Whatever the motive, DDOS attacks are on the rise and a major problem for internet users.

Thank you Digital Trends for providing us with this information.

Hosting Companies Could Be Hit With New DDoS Attack

Denial Of Service (Or DDoS) attacks have become more and more frequent in recent years with the expansion of the internet and the speeds it can deliver information. A denial of service attack is pretty simple, you find the device you wish to disrupt and send as much data as you can to it, this means that the device quickly becomes overwhelmed and unresponsive, this can be anything from your home router to a world championship tournament.

Level 3 Communications is an American telecommunications and internet service provider company and is considered one of the main bodies for internet within the US. Their chief security officer, Dale Drew, has warned that people may have figured out how to abuse Portmap services to conduct a new form of DDoS attack, one which could have the “potential to be very, very bad”.

Portmap is an open source utility used on both Unix and windows systems, meaning that all operating systems will potentially be open to this new kind of attack. Portmap works by mapping a location and port number to essentially bind and access anything from a networked hard drive to accessing your computer from work over the internet. Either way when someone says that these ports are often left open, you can understand why being able to send lots of unwanted information to a home system could become a problem.

When ports are queried they tend to respond with lots of information about the system or just why it’s saying “NO!”. The problem you often have though is that when you get a response, groups are able to redirect this information to other networks, causing the DDoS attack, all the while the information is coming from your average family router at home.

This particular type of attack is aptly called a DDoS amplification attack, as you can probably tell, it will often result in a lot of people being affected, normally by abusing systems which a lot of people don’t realise are doing anything bad.

Level 3 has contacted ISP’s and forwarded details of those running open Portmap servers, hoping that this way they can quickly resolve the issue before it’s abused too much.

Thank you PC World for the information.

Image courtesy of West End Solutions.

DDoS Attack Puts a Stop to Valve’s Dota 2 Tournament

Well, Well, Valve’s Dota 2 international competition, The International 2015, is underway and this time things got a bit serious. The competition was reported to have suffered from a DDoS attack that blocked internet connection to the Dota 2 servers.

The attack is said to have taken place when a match between Evil Geniuses and compLexity Gaming needed to be played, halting the competition for a few hours. You know, something like this was bound to happen sooner or later, since Dota 2 needs an active internet connection to be played. It would have been nice for the title to have a LAN mode from the very start, to avoid things like this, but there you go, trolling at its best.

The saddest part about DDoS attacks is that there is not a lot that can be done to stop them. Of course, once a DDoS attack takes place, you can isolate and reduce it to prevent it from taking out your severs, but you can’t predict and prevent it. This is why Valve’s competition is still vulnerable to DDoS attacks until the tournament ends on the 8th of August.

The real question here is why did Valve rely on public Dota 2 servers for a competition such as The International? I mean, they could have easily made special modded servers, independent from the Internet, to serve as a secure playground for the tournament. I bet this is one of the things they are considering now for future events.

Thank you Tech Spot for providing us with this information

Average DDoS Attack Increasing in Magnitude Warns Arbor Networks

The size of the average distributed denial of service (DDoS) attack has increased to a worrying magnitude, according to Arbor Networks. Specialising in suites and services to protect businesses and website owners from DDoS attacks, Arbor is well placed to monitor and catalogue the latest malicious website takedowns, and the company warns that even ordinary DDoS attacks are increasing in terms of bits and packets per second.

The largest attack launched in the second quarter of 2015 was a second user datagram protocol (UDP) of 196Gbps, but even small-scale attacks during the same period (around 21%) peaked at 1Gbps, while the biggest growth was observed in the 2Gbps to 10Gbps range.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world,” Darren Anstee, Chief Security Technologist at Arbor Networks, said.

“Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood and appropriate plans, services and solutions put in place,” Anstee added.

Arbor did, however, see a significant drop in simple service discovery protocol (SSDP) reflection amplification DDoS attacks, which were at 126,000 during the first quarter, but are down to around 84,000 in the second quarter.

Thank you Computer Weekly for providing us with this information.

Reddit Rival Voat Decimated by DDoS Attacks

Voat, the Swiss news aggregation and social networking site which saw a surge in users in the wake of the big reddit blackout, has been rendered inactive due to a series of DDoS (distributed denial of service) attacks by unknown aggressors. After the recent controversy and user rebellion on reddit, Voat positioned itself as a censorship-free alternative to the popular “front page of the internet”. As of today, however, Voat has been downed by what has been described as a “layer 7 DDoS attack”:

Voat later issued a statement via its own website:

“In case you were wondering why most third party apps for Voat haven’t been working for the last 8 hours or so – we are under DDoS. Again,” Voat wrote, quoting a CloudFlare support engineer.”

“In order to keep Voat at least somewhat responsive, we’ve bumped up CloudFlare security settings which essentially breaks most Voat third party apps currently on the market. We are sorry about this and we are working on a solution and taking this time to optimise our source code even further. What doesn’t kill you – makes you stronger, right?”

Though the site is now working sporadically, a new page refresh will sometimes yield the message:  “Voat is currently being kicked by a botnet.”

Voat’s stock has been on the rise since problems erupted over on reddit, triggered by the firing of Victoria Taylor, the site’s former Director of Talent, on 2nd July, who was responsible for arranging the famous AMA (as me anything) posts, allowing users to question celebrities. In a show of defiance to protest the move, 300 of the most popular subreddits were made private for over 24 hours, and CEO Ellen Pao was forced to resign.

Voat has, admittedly, been struggling to cope with the influx of new users, its servers overwhelmed, but the site’s administrators claim that it is not a factor that is affecting the current outages.

Thank you International Business Times for providing us with this information.

Lizard Squad Hacker Convicted of 50,000 Counts of Computer Crime

A Finnish hacker, and member of the notorious Lizard Squad, has been found guilty of 50,700 charges of hacking, according to the nation’s newspaper, Kaleva. The hacker, 17-year-old Julius “zeekill” Kivimaki, was given a 2-year suspended sentence, meaning he will avoid prison on the proviso that help “to fight against cybercrime”. Any failure to meet this condition will see Kivimaki serve his 2-year sentence in prison.

Kivimaki was charged with crimes related to data breaches, felony payment fraud, telecommunication harassments, plus a number of other computer fraud and violation of privacy crimes. He was identified as a member of Lizard Squad – the perpetrators of the Xbox Live and PlayStation Network DDoS attacks last Christmas – by cybersecurity journalist Brian Krebs late last year. Shortly after, Kivimaki conducted an interview with Sky News, using the alias “Ryan”, to discuss the Xbox and PlayStation DDoS attacks.

One of Kivimaki’s victims, Blair Strater, has been left “utterly disgusted” by the court ruling, feeling that the sentence is far too lenient. Strater was a regular victim of the practice known as “swatting” – fake calls to US law enforcement that result in a SWAT team being dispatched to an address – at the hands of Kivimaki.

“I’ve lost complete faith in the justice system, and that includes the FBI. He’s harmed American targets and the FBI should have stepped in by now,” said Strater. “The reality is, Julius Kivimaki will never be made to pay for his crimes.”

Thank you The Daily Dot for providing us with this information.

Hola CEO Responds to Botnet Controversy

Hola, the peer-to-peer (P2P) VPN provider, was recently accused of allowing its customers’ network to be used to form botnets to launch malicious cyber-attacks. A group of researchers, under the banner Adios, discovered that up to 47 million people could have been inadvertently providing hackers with enough bandwidth to launch massive DDoS attacks. Now, Hola’s CEO Ofer Vilenski has spoken out about the controversy, insisting that accusations of negligence against the company are unfair, denying that its customers form part of a botnet, and that its policy for sharing user bandwidth through P2P was transparent from the start.

“There have been some terrible accusations against Hola which we feel are unjustified,” Vilenski said in a post on Hola’s website. He went on to explain what he calls the “three issues” regarding the allegations:

1. Hola is about sharing resources

We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service. After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.

We have changed our site and product installation flows to make it crystal clear that Hola is P2P, and that you are sharing your resources with others. This information is now “in your face” – and no longer appears only in the FAQ.

2. Does Hola make you part of a botnet?

No! Hola makes its money by selling its VPN service to businesses for legitimate commercial purposes, such as brand monitoring (checking the prices of their products in various stores), self test (checking how their corporate site looks from multiple countries), anti ad fraud (ensuring that the adverts are not inserted enroute to use), etc.

There was some concern that by selling our VPN services to enterprise customers, we were possibly exposing our users to cyber criminal traffic that could get them in trouble (Thus the ‘botnet’ accusation). The reality is that we have a record of the real identification and traffic of the Luminati [Hola’s commercial name] users, such that if a crime is committed, we can report this to the authorities, and thus the criminal is immediately identified. This makes the Hola/Luminati network unattractive to criminals – as opposed to Tor for example, which provides them complete anonymity for free.

Last week a spammer used Luminati by posing as a corporation. He passed through our filters and was able to take advantage of our network. We analyzed the incident, and built the necessary measures in our processes to ensure that such incidents do not occur, and deactivated his service. We will cooperate with any investigation of the incident to ensure that he will be punished to the fullest extent.

3. Vulnerability of the Hola client

Part of the growing pains of creating a new service can be vulnerability to attack. It has happened to everyone (Apple iCloud, Snapchat, Skype, Sony, Evernote, Microsoft…), and now, to Hola. Two vulnerabilities were found in our product this past week. This means that there was a risk of a hacker being able to operate remote code on some devices that Hola is installed on. The hackers who identified these issues did their job, and we did our job by fixing them. In fact, we fixed both vulnerabilities within a few hours of them being published and pushed an update to all our community. We are now undergoing an internal security review, as well as an external audit we have committed to with one of the big 4 auditing companies’ cyber auditing team.

It’s a strong defence, but is contradicted by the findings of numerous security firms that the VPN is still riddled with security holes that can be easily exploited by hackers.

Image courtesy of TechRadar.

GitHub Gets Hit by the Biggest DDoS Attack in Site’s History

GitHub, the popular website used for projects spanning from game engines to security applications and even web app frameworks, is apparently suffering the biggest DDoS attack in the website’s history, which they believe to originate from China.

The attack appears to have started last Thursday and has all its staff working on mitigating the access problems since then. GitHub states that the attack “involves a wide combination of attack vectors,” which “includes every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic.”

“Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content,” GitHub says.

Wall Street Journal reports that GitHub’s traffic surge is based on visits intended for China’s largest search engine, Baidu. Security experts told the publication that the vast levels of traffic has paralysed GitHub over the DDoS attack’s duration.

The attack, which leads back to China, apparently targets two specific sections of GitHub. One of them is Greatfire.org, an anti-censorship organization dubbed the “Great Firewall of China”, which releases tools to help Chinese citizens bypass the county’s censorship controls, and the other links to copies of the New York Time’s Chinese language website and other banned domains.

Security specialist Anth@x from Insight Labs believes that the attack was due to HTTP hijacking by replacing some JavaScript files from Baidu with malicious ones, having Block Execution also used in order to prevent looping. The security specialist even goes further and states that non-Chinese users are now also being “weaponized” to target the country’s targets.

“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” Anth@x posted on Insight Labs.

GitHub’s status updates twitter account has been keeping us updated with the attack’s status. While yesterday they reported that “all systems reporting at 100%. Attack traffic continues, so we remain on high alert.”, about an hour ago, they stated that “The DDoS attack has evolved and we are working to mitigate”.

Baidu apparently denies involvement in the attack and states that it “was not intentionally involved in any traffic redirection”.

Thank you ZDnet for providing us with this information

Sony Announced That PSN Europe Is Going to Get Its Service Status Indicator Soon

Up until now, Sony had no feature that would allow users to check if the PSN network is up and running in Europe. Whether you had trouble connecting to the store or accessing online functions, you wouldn’t have known if your Internet connection was at fault or Sony’s PSN was down.

However, this is about to change very soon. Sony has just announced that it would add a service status indicator for PSN in Europe, giving users the option to check whether the servers for PSN are up or down. The company has also launched a similar service indicator in America recently, so it would have made sense to launch a similar service in Europe as well.

Sony seems to have been moving slow in terms of providing users with a service indicator, having Nintendo already providing a similar service to its users long before Sony even added its feature in America. Also, Sony’s PSN is known to go down often either by DDoS attacks, hacking, maintenance or even unexpected outages. Therefore, the service indicator seems to be quite useful for the majority of players using PSN.

Thank you Gamingbolt for providing us with this information

Greatfire.org Under Attack After Wall Street Journal Story

Greatfire.org is a site that collects data on the Great Firewall of China and shares real-time and historical information about blocked web sites and searches, with a particular focus on Google and Baidu. Now Greatfire.org has become the victim of their first ever distributed denial of service (DDoS) attack, most likely following a recent article in the Wall Stree Journal that highlight backlashes to U.S. Cloud providers that are being used to get around China’s Great Firewall.

This tactic used didn’t just bring down the website by flooding it with lots of requests, 2.6 billion requests per hour at the time of the official blog post. Websites are not equipped to handle that kind of volume, so they usually end up offline. That is only part of the issue though as Greatfire.org now also faces a lot of extra bandwidth costs.

The site is hosted on Amazon’s Cloud service where you pay for traffic. The DDoS attack accumulated about 2500 times the usual traffic which could end with an extra bill of $30,000 – that is if Amazon doesn’t wave the charges due to them originating from an attack. It would be fair to them to do it, but they aren’t obligated to do so. This kind of attack is aggressive and is an exhibition of censorship by brute force. Attackers resort to tactics like this when they are left with no other options.

Thanks to Greatfire.org for providing us with this information

Battlefield Hardline on Xbox One Hit by DDoS Attack

The much-anticipated first-person shooter Battlefield Hardline was released on Tuesday, but gamers who purchased the Xbox One version may have been left disappointed trying to play online after it fell victim to a distributed denial of service (DDoS) attack.

Developer Visceral acknowledged the problem on its Twitter account once it started:

https://twitter.com/Battlefield/status/578028265496915968

Then revealed the news that the game had been hit by a DDoS attack:

https://twitter.com/Battlefield/status/578061417007345664

As of Wednesday afternoon, the attacks were still occurring. So far, there have been no reports of problems with the PC, PlayStation 3, PlayStation 4 or Xbox 360 versions of the game. The perpetrators are as yet unknown, with no one stepping forward to take responsibility.

Source: Digital Trends

Femsplain Blog Targeted with DDoS Attack on Women’s Day

According to Amber Gordon, the founder of Femsplain, the blog has been taken down Sunday by a DDoS attack for a period of 3 hours, when the services came back online. The attack cannot be deemed as random, with the site been attacked on international Women’s Day.

Gordon has shared a tweet with a screenshot clearly showing the outstanding traffic increase during the time of the attack. She has also noted that these type of attacks are not rare, however, the attacks haven’t been so severe until now.

It is also said that Twitter accounts taking responsibility for the attack used the hashtag #inteernationalwomensday, clearly emphasising that the attack was not chosen at random.

Femsplain is said to have been created late last year to create a place for women to discuss topics from online harassment to Gamergate. It has a group of female contributors who publish stories to the site, as well as share reader submissions.

Thank you The Verge for providing us with this information

PlayStation Network Down Again

According to the official PlayStation Twitter account, PlayStation Network has suffered another outage. There is no news as to why, or whether it is down to another malicious attack, à la the Christmas DDoS attack on PSN by Lizard Squad.

As of this morning, PlayStation were reported to be slowly restoring the online gaming service:

Source: TweakTown

Lizard Squad Claims Responsibility for Facebook Outage

As you probably know by now, Facebook and Instagram both experienced outages in the last few hours. Droves of Social Media addicts turned to Twitter to vent their frustrations at the “social apocalypse”. Now, news has surfaced that Lizard Squad is claiming responsibility.

Yes, the group behind the Christmas DDoS attacks on PSN and Xbox Live have declared that it was indeed them who caused the outage.

Now considering their notorious Christmas attacks and the fact that they shut down the website of Malaysia Airlines just yesterday, it makes it seem likely that it was indeed Lizard Squad who were behind this outage.

However, Facebook has since issued a statement, claiming that the outage was not caused by any sort of attack, but that it was their fault due to a change in their systems.

“This was not the result of a third party attack but instead occurred after we introduced a change that affected our configuration systems. We moved quickly to fix the problem, and both services are back to 100 percent for everyone,” the company said in a statement emailed to CNBC.

So who knows? Perhaps Lizard Squad is using their new-found fame to claim responsibility for what was just a glitch?

Source: RT