Wikileaks have just published the Erdoğan Emails, which is claimed to represent years' worth of email from the APK, the Turkish ruling party, with messages dating from 2010 to as recent as July 6. Read the rest
When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest
At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest
Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest
A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up. Read the rest
Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic. Read the rest
Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. Read the rest
Insecure desktop operating systems (and even server/CMS vulnerabilities) has led to the creation of enormous, powerful botnets comprised of thousands, hundreds of thousands, or even millions of machines -- and thanks to the law of supply and demand, it's remarkably cheap and easy to rent time on a botnet and blast any site of your choosing off the Internet. Read the rest
The internal records of Lizardsquad's Lizardstresser -- a service that would, for money, flood sites with traffic intended to knock them off the Internet -- were dumped to Mega by Doxbin's former operator, providing an unprecedented public look at the internal workings of booter. Read the rest
Yesterday, Microsoft convinced a judge to let it take over No-IP's DNS service, shutting down name service for many websites, in order to stop a malware attack. Today, the company fake-pologized. Read the rest
Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. Read the rest
A new Snowden leak, reported by NBC, documents the UK spy agency Read the rest
Molly sez, "For the past two years I've been researching activist uses of distributed denial of service actions. I just finished my masters thesis on the subject (for the Comparative Media Studies program at MIT). Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space. The internet acts as a vital arena of communication, self expression, and interpersonal organizing. When there is a message to convey, words to get out, people to organize, many will turn to the internet as the zone of that activity.
"Online, people sign petitions, investigate stories and rumors, amplify links and videos, donate money, and show their support for causes in a variety of ways. But as familiar and widely accepted activist tools--petitions, fundraisers, mass letter-writing, call-in campaigns and others--find equivalent practices in the online space, is there also room for the tactics of disruption and civil disobedience that are equally familiar from the realm of street marches, occupations, and sit-ins? This thesis grounds activist DDOS historically, focusing on early deployments of the tactic as well as modern instances to trace its development over time, both in theory and in practice.
"Through that examination, as well as tool design and development, participant identity, and state and corporate responses, this thesis presents an account of the development and current state of activist DDOS actions. It ends by presenting an analytical framework for the analysis of activist DDOS actions."
This is a subject I've given some thought to -- after reading the introduction to Molly's thesis, I'm convinced that this is something I need to read in full. Read the rest