Digital First Aid Kit: where to turn when you're DoSed or have your accounts hijacked

A group of NGOs, including the Electronic Frontier Foundation, offer a suite of tools for diagnosing and mitigating the kinds of attacks faced by dissidents and independent media all over the world, especially when they threaten the powerful. Read the rest

Denial-of-Service attacker tells Brian Krebs he's working for the FBI

Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks.

Now, Krebs has uncovered an even weirder booter story: Ragebooter is another DoS company, but this one is run by a guy who claims to be working part time for the FBI, and who says that the FBI has its own login to his site, and review all the IP addresses and other traffic data it logs.’s registration records are hidden behind WHOIS privacy protection services. But according to a historic WHOIS lookup at, that veil of secrecy briefly fell away when the site was moved behind, a content distribution network that also protects sites against DDoS attacks like the ones Ragebooter and its ilk help to create (as I noted in Monday’s story, some of the biggest targets of booter services are in fact other booter services). For a brief period in Oct. 2012, the WHOIS records showed that was registered by a Justin Poland in Memphis...

... “I also work for the FBI on Tuesdays at 1pm in memphis, tn,” Poland wrote. “They allow me to continue this business and have full access. The FBI also use the site so that they can moniter [sic] the activitys [sic] of online users.. They even added a nice IP logger that logs the users IP when they login.”

When I asked Poland to provide more information that I might use to verify his claims that he was working for the FBI, the conversation turned combative, and he informed me that I wasn’t allowed to use any of the information he’d already shared with me.

Read the rest

Inside the world of "booters" -- cheesy DoS-for-hire sites

Brian Krebs delves into the world of "booter" services, low-level, amateurish denial-of-service websites where you can use PayPal to have your video-game enemies' computers knocked off the Internet by floods of traffic. Many booter services run off the same buggy codebase, and Krebs was apparently able to get inside the administrative interfaces for them and get some insight into their business.

One such is "Asylum," which appears to be run by Chandler Downs, a 17-year-old Chicago-area honor-roll student who reportedly made $35,000 in PayPal payments in exchange for denial-of-service attacks. Asylum even has an ad (narrated by an actor hired through the casual labor exchange site Fiverr) where, for $18/month, you can launch unlimited DoSes against "skids on Xbox live."

Young Mr Downs claimed that his service was not used to attack people, but only for legitimate stress-testing, then he changed his story and said he was only managing the service for someone else, and "You are able to block any of the 'attacks' as you say with rather basic networking knowledge. If you're unable to do such a thing you probably shouldn't be running a website in the first place."

Nixon noted that all of the packets incoming from the traffic she ordered to her test machines appeared to have been sent from spoofed IP addresses. However, when she used the “Down or Not?” host checker function on Asylum, the site responded from what appears to be the real Internet address of one of the servers that are used to launch the attacks:

Read the rest

Denial of service attacks used to cover up fraudulent bank transfers

Brian Krebs documents a sophisticated offline/online attack on banks. Thieves combine a fraudulent wire-transfer to an innocent jewelry store with a denial-of-service attack on the bank that ties up the IT and other staff. The jeweler has been told that the money is to buy expensive jewels and watches, which are given to a stooge recruited as a courier and reshipper.

The bureau says the attacks coincide with corporate account takeovers perpetrated by thieves who are using a modified version of the ZeuS Trojan called “Gameover.” The rash of thefts come after a series of heavy spam campaigns aimed at deploying the malware, which arrives disguised as an email from the National Automated Clearing House Association (NACHA), a not-for-profit group that develops operating rules for organizations that handle electronic payments. The ZeuS variant steals passwords and gives attackers direct access to the victim’s PC and network.

In several recent attacks, as soon as thieves wired money out of a victim organization’s account, the victim’s public-facing Internet address was targeted by a network attack, leaving employees at the organization unable to browse the Web.

A few of the attacks have included an odd twist that appears to indicate the perpetrators are using money mules in the United States for at least a portion of the heists. According to an FBI advisory, some of the unauthorized wire transfers from victim organizations have been transmitted directly to high-end jewelry stores, “wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).”

DDoS Attacks Spell ‘Gameover’ for Banks, Victims in Cyber Heists Read the rest

Black Flag bassist Kira Roessler's custom bass guitar stolen

The Studio City, CA home of legendary bassist Kira Roessler (Black Flag, Dos) was broken into yesterday. Among the belongings reported stolen: her custom bass guitar. While losing any of one's possessions to theft is a huge bummer, this is *really* sad. According to The Groove Music Life:
The bass is a three-quarter-scale instrument custom-made by California-based luthier Mark Garza with a Rickenbacker-style body and Telecaster-style headstock with the name "Garz" on it; according to Kira there is also a small nick in the headstock. It is the only model of its kind in existence; it has been Roessler's main instrument for the past several years.

Hopefully, the uniqueness of this instrument will aid in identifying it if it turns up somewhere, and the odds of its return to Roessler are greater. If any Boing Boing readers happen to see it or have any leads, they're welcome in the comments. Read the rest

2600 Magazine condemns DDoS attacks against Wikileaks censors

2600: The Hacker Quarterly, has published a public statement opposing the Anonymous denial-of-service attacks on the services that abetted the censorship of Wikileaks. 2600's position is that the inexcusable moral cowardice of Visa and Mastercard and PayPal, etc, do not justify the use of brute force. Additionally, 2600 says that DDoS attacks are tactically unsound, as they create sympathy for these companies, and are used as a pretense for more attacks on Internet freedom. Finally, 2600 wants to strong disassociate "hackers" from people who merely run a piece of push-button DoS software, and to ensure that the security specialists, experimenters, hobbyists and others who make up its community are not unfairly associated with the DDoS attacks.
The assault on Wikileaks must not be overshadowed by the recent denial of service attacks and these certainly must not be allowed to be associated with the hacker community. This will play right into the hands of those who wish to paint us all as threats and clamp down on freedom of speech and impose all kinds of new restrictions on the Internet, not to mention the fact that the exact same types of attacks can be used on "us" as well as "them." (Interestingly, it was only a week ago that "hackers" were blamed for denial of service attacks on Wikileaks itself. That tactic was ineffectual then as well.) Most importantly, these attacks are turning attention away from what is going on with Wikileaks. This fight is not about a bunch of people attacking websites, yet that is what is in the headlines now.
Read the rest