Largest “DDoS” Attack on Record Slowing Internet: Security Experts

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Social Media, Technology & Digital Security  Comments Off
Mar 272013
 

Largest Attack on Record Slowing Internet: Security Experts

‘Bazooka’ Attacks Slowing Internet: Security Experts

Security Week
March 27, 2013

Largest "DDoS" Attack on Record Slowing Internet: Security Experts

Largest “DDoS” Attack on Record Slowing Internet: Security Experts

 

WASHINGTON,  March 27, 2013  (AFP)  –

The Internet may have been slowed by one of the largest cyber attacks ever seen, which targeted a European group that patrols the Web for spam, security experts said Wednesday.

The attacks targeted Spamhaus, a Geneva-based volunteer group that publishes spam blacklists which are used by networks to filter out unwanted email, and led to cyberspace congestion which may have affected the overall Internet, according to Matthew Prince of the US security firm CloudFlare.

The attacks began last week, according to Spamhaus, after it placed on its blacklist the Dutch-based Web hosting site Cyberbunker, which claimed it was unfairly labeled as a haven for cybercrime and spam.

While the origin of the attacks has not been identified, some experts pointed the finger at Cyberbunker, possibly in coordination with Eastern European cyber-criminals.

CloudFlare, which was called for assistance by Spamhaus, said the attackers changed tactics after the first layer of protection was implemented last week.

“Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth,” Prince said.

“Once the attackers realized they couldn’t knock CloudFlare itself offline… they went after our direct peers.”

Prince said the so-called denial of service attack, which essentially bombards sites with traffic in an effort to disrupt, was “one of the largest ever reported.”

Over the last few days, he added, “we’ve seen congestion across several major Tier 1 (networks), primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare.”

“If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why,” he said in a blog post.

Prince noted that these attacks used tactics different than the “botnets” — these came from so-called “open resolvers” which “are typically running on big servers with fat pipes.”

“They are like bazookas and the events of the last week have shown the damage they can cause,” he said. “What’s troubling is that, compared with what is possible, this attack may prove to be relatively modest.”

A spokesman for the network security firm Akamai meanwhile told AFP that based on the published data, “the attack was likely the largest publicly acknowledged attack on record.”

“The cyber attack is certainly very large,” added Johannes Ullrich of US-based SANS Technology Institute, saying it was “a factor of 10 larger than similar attacks in the recent past.”

“But so far, I can’t verify that this affects Internet performance overall,” he told AFP.

Spamhaus, which also has offices in London, essentially patrols the Internet to root out spammers and provides updated lists of likely spammers to network operators around the world.

CloudFlare estimates that Spamhaus “is directly or indirectly responsible for filtering as much as 80 percent of daily spam messages.”

The attacks began after Spamhaus blacklisted Cyberbunker, a Web hosting firm which “offers anonymous hosting of anything except child porn and anything related to terrorism.”

Cyberbunker denounced the move on its blog.

“According to Spamhaus, CyberBunker is designated as a ‘rogue’ host and has long been a haven for cybercrime and spam,” the Cyberbunker statement said.

“Of course Spamhaus has not been able to prove any of these allegations.”

Prince said of the latest incident: “While we don’t know who was behind this attack, Spamhaus has made plenty of enemies over the years… We’re proud of how our network held up under such a massive attack and are working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.”

Related Reading:   Cyberattack Capable of Downing Entire Internet Is Unlikely

Direct Link:  http://www.securityweek.com/largest-attack-record-slowing-internet-security-experts

Former Anonymous member convicted in attacks against PayPal, MasterCard, Visa

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Dec 212012
 

Former Anonymous member convicted in attacks against PayPal, MasterCard, Visa

Former hacktivist ‘Nerdo’ was found guilty of conspiring to attack companies as part of Anonymous’ Operation Payback

Computer World
by Lucian Constantin
December 6, 2012

Christopher Weatherhead played an integral role in Anonymous's cyber-attacks

Former hacktivist ‘Nerdo’ was found guilty of conspiring to attack companies as part of Anonymous’ Operation Payback

IDG News Service –

A 22-year-old U.K. man was convicted for his involvement in a series of distributed denial-of-service attacks launched by the hacktivist group Anonymous against PayPal, MasterCard, Visa and other companies in 2010.

Christopher Weatherhead, of Northampton, U.K., was convicted Thursday at London’s Southwark Crown Court on one count of conspiracy to impair the operation of computers, contrary to the U.K. Criminal Law Act of 1977, the U.K.’s Crown Prosecution Service said in a blog post.

Weatherhead, who used the online handle “Nerdo,” was arrested in January 2011 and was charged in September that same year with computer-related offenses in relation to Anonymous’ “Operation Payback” attack campaign.

Denial-of-service attacks launched as part of “Operation Payback” originally targeted companies and organizations from the music industry that were involved in combating online piracy. However, the campaign later switched its focus toward PayPal, MasterCard, Visa and other financial companies, because of their decision to stop processing donations or providing other services to Wikileaks.

Three other men arrested in the U.K. in connection with the same attacks, Jake Birchall, Ashley Rhodes and Peter Gibson, pleaded guilty earlier this year to one count each of conspiracy to impair the operation of computers.

According to the Crown Prosecution Service, the DDoS attacks cost PayPal, MasterCard, Visa, the British Recorded Music Industry, Ministry of Sound and the International Federation of the Phonographic Industry APS3.5 million ($5.6 million) in additional staffing, software and loss of sales.

Russell Tyner, crown advocate for the CPS Organised Crime Division, described Weatherhead in a statement Thursday as a “cyber criminal who waged a sophisticated and orchestrated campaign of online attacks.” This was not a victimless crime, he said.

During his hearing on Thursday, Weatherhead told the court that he was only an observer to some of the attacks and only acted as communications manager for Anonymous, taking care of some chat rooms, The Guardian reported.

The judge said that he wants to have as much information as possible before sentencing Weatherhead and the other three co-conspirators, but described the offenses as serious and warned that they could face jail time.

Weatherhead was released on bail and is banned from using Internet chat rooms and posting online under a different name aside from his own. He will be sentenced in January next year at a date that has yet to be set.

 

Direct Link:  http://www.computerworld.com/s/article/9234434/Former_Anonymous_member_convicted_in_attacks_against_PayPal_MasterCard_Visa?taxonomyId=82

Anonymous Launches OpIsrael DDoS Attacks After Internet Threat

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Nov 162012
 

Anonymous Launches OpIsrael DDoS Attacks After Internet Threat

Hacktivist collective said the attacks are in response to the Israeli government threatening to sever all Internet connections to and from Gaza strip.

 

Information Week
by Mathew J. Schwartz
November 15, 2012

 

Masked “ANONYMOUS” Member

 

The hacktivist group Anonymous Thursday announced that it would begin launching online attacks against a number of Israeli government sites, as part of its ongoing Operation Israel (OpIsrael).

The Anonymous distributed denial-of-service (DDoS) attacks began at 10 a.m. Israeli time (3 a.m. Eastern time).

“Since this morning they’ve been trying to take down several Israeli websites, including the prime minister’s website, the IDF [Israel Defense Force] website, banks, airlines, and so on,” said Ronen Kenig, director of product marketing for security products at Radware, speaking by phone from Tel Aviv. “They published a list of four to five attack tools that they’ve asked their supporters to use, including the mobile LOIC, and network flooding attack tools.” In addition, he said, attackers have been launching brute-force attacks against the IDF’s blog, in an attempt to find working access credentials.

 

** Read 10 Strategies To Fight Anonymous DDoS Attacks


To date, however, the attacks — which Kenig characterized as being “well coordinated” — appear to have had minimal effect against the public-facing websites. “Some websites have suffered from defacements,” he said. “None of the government ones, but some private ones that may relate somehow to military equipment have been defaced.”

The Anonymous-organized attacks were preceded one hour earlier by the uploading of an Anonymous-issued statement to AnonPaste. It said that the Anonymous DDoS attacks were a response to Israel’s reported threat to disconnect Gaza Strip from the Internet. “When the government of Israel publicly threatened to sever all Internet and other telecommunications into and out of Gaza they crossed a line in the sand,” according to the statement.

In case the Gaza Strip’s Internet connection does get severed, the Anonymous statement included a link to a downloadable “Care Package For Gaza,” which is a 1 MB zipped file that it said “contains instructions in Arabic and English that can aid you in the event the Israel government makes good on it’s (sic) threat to attempt to sever your Internet connection,” as well as tips “on evading IDF surveillance.”

The zipped file includes two documents, both written in Arabic and English. One is an oft-reprinted 2007 guide to basic first aid written by an Egyptian physician, Dr. Ehab El-Said Mohamed. The other, titled “TechGuideForInternetShutDownGAZA.pdf,” tells people that if their Internet connection gets severed, they should attempt to find a short-wave radio and build a 65.5-foot antenna.

By comparison, the Anonymous DDoS attacks are more advanced. According to Radware, the attackers have been using SYN floods via TCP/IP, initiating more connection requests to a server than it can handle, which can make it unreachable. They’ve also been using ICMP attacks, which floods a network by exploiting misconfigured network devices to broadcast large quantities of packets to all devices connected to that network.

 

* RELATED:    Who Is Anonymous: 10 Key Facts 

 

Attackers have also been using LOIC, which is a PC-based tool for launching a DDoS attack against a website of the user’s choosing, if used in manual mode. When used in “hive mind” mode, meanwhile, the tool’s target can be controlled by attack organizers. Although an early version of LOIC, used in attacks against PayPal, broadcast the IP address of the person using it to the site being attacked — unless they were using a VPN — developers have since updated the tool to better hide users’ tracks. A more recently released version of LOIC also now runs on mobile phones.

Kenig said it was impossible to tell from where the OpIsrael Anonymous DDoS attacks are being launched. “We don’t know, but we know that according to what was published, it’s mainly Anonymous members that are supporting the Palestinians in Gaza Strip. They are the ones who have been launching this campaign, and they’re looking for supporters,” he said. “We saw in the [IRC] channels loads of correspondence in Arabic, so we can guess where it comes from.”

Previous DDoS Anonymous attacks, including against PayPal and record industry trade groups, succeeded in knocking those sites offline not via LOIC attacks, but rather through the participation of botnet controllers, who brought the necessary packet-spewing firepower to bear. So far, however, Kenig said there’s no sign that botnets have been used in these OpIsrael attacks. “At this point, it looks like there is no botnet involved, but mainly supporters using LOIC, mobile LOIC, and the usual stuff for Anonymous,” he said.

As of press time, the government websites under attack remained reachable, although the IDF website appeared to be loading slowly. Meanwhile, the website of an Israeli surveillance camera manufacturer had been defaced with an image of smoke rising from the Gaza Strip, together with a “Stop bombing Gaza!!” warning, saying that “millions of Israelis & Palestinians are lying awake, exposed & terrified.” The website has been previously defaced with Anonymous messages.

The Anonymous OpIsrael campaign began after Israel and Gaza militants exchanged fire in what’s been described as the most intense violence to have occurred in the Gaza Strip since 2009. The conflict escalated after Israel warned that that after days of rocket attacks emanating from the Gaza Strip, it would increase the frequency of its targeted assassinations of top Hamas officials.

Israel Wednesday launched “Operation Pillar of Defense,” which opened with an airstrike against a car carrying Ahmed al-Jaabari, who headed the Izz el Deen al Qassam, which is the military wing of Hamas. The airstrike killed him, together with at least one other occupant. The Israeli Defense Force has begun releasing black-and-white footage of its airstrikes.

 

Direct Link:  http://www.informationweek.com/security/attacks/anonymous-launches-opisrael-ddos-attacks/240142149

 

Why the Government’s Cybersecurity Plan Will End in Catastrophe

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Nov 122012
 

Why the Government’s Cybersecurity Plan Will End in Catastrophe

 

Computer World
by Rob Enderle
October 19, 2012

 

 

CIO –

Last week Defense Secretary Leon E. Panetta presented his case for an invasive system to monitor the nation’s private systems in order to better identify and respond to cyber threats.

Panetta correctly points out that the likelihood of a 9/11 scale cyber attack is real-and if something isn’t done, large sections of the U.S. infrastructure could fail. He uses as an example the successful attack on ARAMCO, a Saudi Arabian state owned oil company, which wiped 30,000 computers, causing massive data loss and rendering them temporarily useless.

\

News: Future Cyber Attacks Could Rival 9-11, Cripple US, Warns PanettaGet the latest IT news and analysis from Constantine von Hoffman’s IT Security Hack blog

The proposed remedy is to provide the U.S. government with broad access to private systems so that malware can be quickly identified and removed and other national threats identified and stopped. The problem is that such access creates privacy issues and may itself be a bigger problem than the threat it attempts to eliminate. Not only is the requested change unlikely to happen any time soon, it may increase the potential for either a domestic or foreign cyber attack.

 

Central Network Eliminates Natural Protection

One hidden benefit in the fact that our systems often don’t share information well or have a common security structure is that attacks against infrastructure therefore have to be tightly targeted. This means an attack on one private or public system probably won’t even work on most others, since they run a variety of different security packages, operating systems and applications, all surrounded by different policies.

One of the reasons we haven’t yet had a repeat of 9/11-that is, an attack that reaches catastrophic levels-is because these systems just don’t interoperate very well or share information at a low level. The amount of work to carry out such an attack currently exceeds the resources of the attackers.

Create a central network where systems regularly and automatically share information in real time, though, and you also create a single point of access where such an attack can be perpetrated. You change an impossible problem into one that is just very difficult-and, given both public and private practices to put off spending on security until there is a credible threat or demonstrated damage, attacking this centralized system will likely get easier over time for an outside entity and may be too attractive for a properly placed disgruntled employee to pass up.

 

Commentary: Failure of Senate to Pass Cybersecurity Act Leaves Us All At RiskBlog: Security Pros Blast US Cybersecurity Laws

The government’s recent history with security is a case in point. The death of the U.S. Ambassador to Libya showcased a situation in which the risks were real, and known, yet protections were reduced. After the attack, the political system focused on finding someone to blame, not assuring that the problem wouldn’t recur.

In short, the very system Panetta is suggesting could be the key to causing the thing he is trying to avoid.

 

A Better Short-Term Cybersecurity Solution

I see several things the government could do instead.

  • Strengthen liability laws in order to fast-track the process for compensating companies that suffer damage caused by inadequate protection.
  • Assure that compensation came from the budgets of the government organizations whose systems were targeted, in a manner similar to the way insurance companies pay out settlements. This would force agencies to increase their security budgets and audit the results to ensure they aren’t too exposed.
  • Provide a common, required reporting method to report an identified attack along with a requirement for minimal legal coverage.

 

Analysis: How the U.S Can Avoid a ‘Cyber Cold War’

All this could all be done without connecting the systems or creating a central government body to access them. There would be little additional government cost and few, if any, privacy concerns for anyone not perpetrating or directly connected to an attack. In short, such a plan would promote a higher level of prevention through better-funded protection.

 

‘Cyber 9/11′ Will Only Be Followed By More, Worse Attacks

Panetta’s plan suggests that an attack is unavoidable. The problem with a method that almost assumes an attack will happen, or requires a successful attack in order to be implemented, is that it usually does more harm than good.

After 9/11, poorly planned responses crippled the airlines industry and nearly bankrupted the country-and the integration of government communication systems that could have prevented the event in the first place is still not complete.

The real concern is that we do, in fact, get hit with a 9/11 cyber attack, as the Department of Defense has anticipated, and that the response to the event either creates an even bigger financial or privacy problem or sets the stage for a much larger attack. None of these are mutually exclusive. Unfortunately, we need to anticipate such a dire outcome. If you are driven to interconnect your systems nationally, then doing it quickly, let alone at all, would be a very unwise idea.

 

Direct Link:  http://www.computerworld.com/s/article/9232604/Why_the_Government_39_s_Cybersecurity_Plan_Will_End_in_Catastrophe?taxonomyId=82

AFP issues hacking warning after ASIO attack

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
Aug 102012
 

AFP issues hacking warning after ASIO attack

 

ABC NEWS / Australia

August 11, 2012

 

 

Photo: Anonymous has been credited with infiltrating government and company websites across the world. (AFP: Attila Kisbenedek)

 

Federal Police have issued a stern warning to computer hackers who have been trying to crash Australian government websites.

Hacking movement Anonymous has been credited with infiltrating government and company websites across the world, and now members of the group have set their sights on Australia.

Acting under the banner of the Anonymous movement, hackers yesterday unsuccessfully tried to bring down the Australian Security Intelligence Organisation and the Defence Signals Directorate websites.

Both agencies say their websites have not been infiltrated and they do not store classified information there.

Federal Police are warning hacking-related offences can carry a jail term of up to 10 years.

“The difficulty is finding this loosely-based group who advertise their activism online but have been notoriously difficult to pin down in person,” a spokesperson said.

Anonymous says the hacking aims to protest against the Federal Government’s plans for surveillance powers it claims would allow more personal details to be stored on web servers.

The group is already facing a police investigation into allegations its members have taken 40 gigabytes of confidential customer data from AAPT, one of Australia’s biggest phone companies.

 

*  Related Story: AAPT confirms hackers stole customer data

 

Direct Link:  http://www.abc.net.au/news/2012-08-11/afp-issue-warning-to-hackers/4192116

 Older Entries