How it feels to be under DDoS attack

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1094

At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest

One million machines, including routers, used to attack banks

ZyXEL_Prestige_600_series_20070304

Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

Security economics: black market price of hacked servers drops to $6

5900608214_8c609f61e7_b (1)

A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up. Read the rest

DDoSers sell attacks for $5 on Fivver

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1068

Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic. Read the rest

Web security company breached, client list (including KKK) dumped, hackers mock inept security

Screen-Shot-2016-03-11-at-12.00.51-PM-640x263 (1)

Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. Read the rest

Google launches Project Shield, to protect news sites from DDoS attacks

animation

Insecure desktop operating systems (and even server/CMS vulnerabilities) has led to the creation of enormous, powerful botnets comprised of thousands, hundreds of thousands, or even millions of machines -- and thanks to the law of supply and demand, it's remarkably cheap and easy to rent time on a botnet and blast any site of your choosing off the Internet. Read the rest

Wargames-style map shows ongoing internet attacks

wargamescyber

The Norse Map is a Wargames-style visualization of ongoing attacks on servers around the world. Though it shows honeypots rather than actual private or government targets, the result is a live snapshot of trends in computer mischief.

Dubai seems to be getting quite a pounding today. Read the rest

Life inside a DDOS "booter site"

The internal records of Lizardsquad's Lizardstresser -- a service that would, for money, flood sites with traffic intended to knock them off the Internet -- were dumped to Mega by Doxbin's former operator, providing an unprecedented public look at the internal workings of booter. Read the rest

Brian Krebs's "Spam Nation"

In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.

Online activism and why the Computer Fraud and Abuse Act must die

MOLLY-LARGE
Courts have appreciated that even distributed denial of service attacks can be legitimate form of public protest. Molly Sauter on the insane U.S. law used to criminalize them and other forms of online activism.

Microsoft non-pologizes for misleading judge, seizing No-IP's DNS

Yesterday, Microsoft convinced a judge to let it take over No-IP's DNS service, shutting down name service for many websites, in order to stop a malware attack. Today, the company fake-pologized. Read the rest

Cyber-crooks turn to Bitcoin extortion

Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. Read the rest

Basecamp, Meetup hit by extortionist's 20Gb/s DDoS

If you're a Basecamp user who couldn't get into your account yesterday, here's why: the company refused to pay ransom to a criminal who hit them with a 20Gb/s denial-of-service flood, apparently by the same person who attacked Meetup, who uses gmail addresses in this pattern: "dari***@gmail.com." Read the rest

How UK spies committed illegal DoS attacks against Anonymous

A new Snowden leak, reported by NBC, documents the UK spy agency Read the rest

MIT Master's Thesis on Denial of Service attacks as a form of political activism

Molly sez, "For the past two years I've been researching activist uses of distributed denial of service actions. I just finished my masters thesis on the subject (for the Comparative Media Studies program at MIT). Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space. The internet acts as a vital arena of communication, self expression, and interpersonal organizing. When there is a message to convey, words to get out, people to organize, many will turn to the internet as the zone of that activity.

"Online, people sign petitions, investigate stories and rumors, amplify links and videos, donate money, and show their support for causes in a variety of ways. But as familiar and widely accepted activist tools--petitions, fundraisers, mass letter-writing, call-in campaigns and others--find equivalent practices in the online space, is there also room for the tactics of disruption and civil disobedience that are equally familiar from the realm of street marches, occupations, and sit-ins? This thesis grounds activist DDOS historically, focusing on early deployments of the tactic as well as modern instances to trace its development over time, both in theory and in practice.

"Through that examination, as well as tool design and development, participant identity, and state and corporate responses, this thesis presents an account of the development and current state of activist DDOS actions. It ends by presenting an analytical framework for the analysis of activist DDOS actions."

This is a subject I've given some thought to -- after reading the introduction to Molly's thesis, I'm convinced that this is something I need to read in full. Read the rest

DDoS storm breaks records at 300 Gbps

The Internet has been groaning under the weight of a massive distributed denial of service (DDoS) attack on the Domain Name Service, apparently aimed at anti-spam vigilantes Spamhaus, in retaliation for their blacklisting of Dutch free speech hosting provider Cyberbunker. At 300 mbps, the DDoS is the worst in public Internet history.

“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of Cloudflare. “It’s so easy to cause so much damage.”

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second.

“It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.”

Spamhaus, one of the most prominent groups tracking spammers on the Internet, uses volunteers to identify spammers and has been described as an online vigilante group.

In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks, in which they flood Spamhaus with traffic requests from personal computers until its servers become unreachable. But in recent weeks, the attackers hit back with a far more powerful strike that exploited the Internet’s core infrastructure, called the Domain Name System, or DNS.

As bad as this is, it could be a lot worse. An anonymous paper called Internet Census 2012: Port scanning /0 using insecure embedded devices reports on a researcher's project to scan every IPv4 address for publicly available machines that will accept a telnet connection and yield up a root login to a default password. Read the rest

Skype's IP-leaking security bug creates denial-of-service cottage industry

It's been more than a year since the WSJ reported that Skype leaks its users' IP addresses and locations. Microsoft has done nothing to fix this since, and as Brian Krebs reports, the past year has seen the rise of several tools that let you figure out someone's IP address by searching for him on Skype, then automate launching denial-of-service attacks on that person's home.

In the above screen shot, we can see one such service being used to display the IP address most recently used by the Skype account “mailen_support” (this particular account belongs to the tech support contact for Mailien, a Russian pharmacy spam affiliate program by the same name).

Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (one of these services was used in an attack on this Web site, and on that of Ars Technica last week). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account. The resolvers work regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel.

Beyond exposing one’s Internet connection to annoying and disruptive attacks, this vulnerability could allow stalkers or corporate rivals to track the movement of individuals and executives as they travel between cities and states.

Privacy 101: Skype Leaks Your Location Read the rest

More posts