Tuesday, November 23, 2010

The Botnet Threat

The challenge for CIOs and law enforcement is countering a very sophisticated threat that is entering a hyper-growth stage. With increased revenue comes increased investment in new tools and better techniques. This blended threat cycle feeds on itself and is growing bigger every day.

One of the main challenges for CIOs is recognizing there is a problem. Unlike standard spyware or adware, a bot's malware infection can install kernel-level rootkits that modify many of the tools and libraries upon which all programs on the system depend and allow it to hide from standard anti-virus, intrusion detection, or anti-spyware applications. CIOs generally become aware of botnet infiltrations through end-user complaints about performance issues, third-party reports of attacks originating from their IP space, victims' reports of DDoS floods, detection of excessive inbound or outbound port scanning, or unusual traffic patterns on the network. In other words, most times, it's difficult to know if a bot or bots have infected the network until it is too late.

As the black market for malicious code and stolen information grows, botnets are quickly becoming the tool of choice for those with malicious intent. Like mainstream service providers, botnets will evolve to reflect the demands of the market. They will add features over time to spread quicker, harvest more specific information, and perpetrate DDoS attacks more efficiently. CIOs can expect to see security vendors roll out new approaches to combat the threat. In the meantime, it is important that they stay vigilant to protect individuals, intellectual property, and their organization's critical infrastructure.

Thursday, November 18, 2010

Who is Annonymous?

Operation Payback

A voice of the people for the people!

We’ve been following Operation Payback closely since it surfaced back in early September and even after two months of strikes against antipiracy advocates, little is known about the group behind the DDoS attacks. Known simply as Anonymous, the DDoS participants remain shrouded in mystery and undoubtedly prefer to remain that way.
This week, TorrentFreak was able to speak with some of the members of Anonymous and gain some insight as to who they are and why they choose to participate in Operation Payback missions. According to one spokesperson who talked with the website, there are two main groups that make up Anonymous.
A core group, made up of about a dozen members, plans and manages the organization’s activities. Another, much larger group actually assists in carrying out the DDoS strikes. Most are geeks, file-sharers, and programmers.
“The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack,” the spokesperson claims. “Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets.”
While it’s clear from the name Operation Payback why Anonymous is carrying out their attacks, it hasn’t been well explained what the group actually wanted to accomplish by causing disruptions to organizations like the RIAA and MPAA. It would seem that they are rallying for an end to copyright laws, but that isn’t exactly the case.
“Some of us have the vision of actually getting rid of copyright/patents entirely, but we are at least trying to stay slightly realistic,” explains the group’s spokesperson.
And Anonymous does believe that they’ve made some mistakes along the way and hope to improve in the future. While some members of the group believe that anarchy is the answer, the core group seems to harbor some regret in having executed the attacks on the UK Intellectual Property Office and the US Copyright Office.
So where does Operation Payback go from here?
“What we are now trying to do, is to straighten out ideals, and trying to make them both heard and accepted,” the spokesperson told TorrentFreak. “Nobody would listen to us if we said piracy should be legal, but when we ask for copyright lifespan to be reduced to ‘fair’ lengths, that would sound a lot more reasonable.”
From the sounds of the statements made by Anonymous members, there seems to be much less animosity and more rational consideration going on in this stage of the group’s mission. Time will tell if this change of attitude helps the group gain more traction in accomplishing revisions to copyright law.

South Korea has installed digital "bunkers" to prevent a repeat of the massive distributed-denial-of-service (DDoS) attacks that crippled parts of the country last year.


South Korea is continuously under DDoS attack.....

The nation was floored after huge streams of junk internet data poured across South Korea's networks last year, targeting the infrastructure of government and businesses in what is known as a DDoS attack.
It took-out parts of the communications networks for up to a week, also hitting US targets, before the malware behind the DDoS attacks self destructed.

He said there have not been further DDoS attacks on the scale of the 2009 assaults, but that attacks have increased in size. The bunkers are hoped to help mitigate part of the problem against further attacks.


Monday, November 15, 2010

DDoS as a Service......

The IMDDOS botnet is operated out of China and has been growing at the rate of about 10,000 infected machines every day for the past several months, to become one of the largest active botnets.

The site offers various subscription plans and attack options, and provides tips on how the service can be used to launch effective DDoS attacks. It even provides customers with contact information for support and customer service.
Anyone with knowledge of Chinese can essentially subscribe to the service and use it to initiate DDoS attacks against targets of their choice, anywhere around the globe and with next to no effort, Ollman said.
Paid subscribers are provided with a unique alias and a secure access application which they download on to their systems. Users wishing to launch an attack use the application to log into a secure area on the Web site where they can list the hosts and servers they want to attack and submit their request.

Many of the hacking tools and services sold on such sites are inexpensive, highly customizable and designed to be used by novices. Prices for malware tools often start at just $20.
As in the case of the IMDDOS botnet, such sites often offer support services, formal product upgrades, end-user license agreements and tools that let customers verify how effective their attacks really are.


Friday, November 12, 2010

Planned DDoS attack against Irish Recorded Music Association (IRMA).


Operation Payback was supposed to be on a break for a while, but that was before the word got out that the FBI was investigating their activities. The attempt to carry out an attack this soon could be a not-so-subtle message to the FBI that they are undeterred.
The group still has quite a list of possible targets that they have yet to hit, most of which are outside of the United States. Where they will strike next is anyone’s guess.


Thursday, November 11, 2010

Romanian Hacker takes down Royal Navy web site

A Romanian hacker known as 'Tinkode' who has been connected to attacks on sites run by Nasa and the US Army took down the Website of the Royal Navy!! The cause of the attack is believed to be an SQL code injection vulnerability. Such methods have been used in the past to trigger major security breaches.

Tinkode's activities appear to be have been more mischievous than dangerous...

Currently the site displays a window notifying visitors that the site is undergoing essential maintenance.

The attack comes just days after the pan European Cyber-war simulation. The drill attempted to recreate a co-ordinated effort to cripple network infrastructure throughout Europe, and test international cyber defence systems and agencies......codenamed 'Cyber Europe 2010'.


RIAA vs Lime Wire

Lime Wire is back after less than a month of being shutdown......... 

A four-year law suit brought on by the RIAA on behalf of eight major music publishers, LimeWire was officially shutdown late last month. Federal Judge Kimba Wood found the company, LimeWire LLC, and its founder, Mark Gordon, guilty of assisting users in committing copyright infringement on a "massive scale." Damages expected to total at least $1 billion will be assessed when the case resumes in January 2011.

To quote Chris Pirillo : “Shortly after the software was forced to shut down, a horde of piratical monkeys climbed aboard the abandoned ship, mended its sails, polished its cannons, and released it free to the community.” All dependencies on LimeWire LLC’s servers have been removed, all remote settings have been disabled, the Ask toolbar has been unbundled, and all features of LimeWire PRO have been activated for free. Thus, the creators claim that LimeWire Pirate Edition (LPE) will work better than the last stable version of the old client.
The RIAA better head back to the drawing board.


Politically provoked DDoS attacks on the increase...

The perpetrators at this stage are unknown, although Phayul.com is an independently run and self reliant news portal of the Tibetan community. This is another perfect example of the increasing infringement on freedom of speech.


Wednesday, November 10, 2010

FBI`s investigations into 4chan 'Anonymous' DDoS attacks


Over the past two months, a group calling itself "Anonymous," with links to the 4chan Web forum and image board, has launched distributed denial-of-service attacks (DDoS) against Web sites operated by the Motion Picture Association of America, The Recording Industry Association (RIAA), Hustler magazine, rocker Gene Simmons, The British Phonographic Industry, and other similar groups in France, Australia, Spain and elsewhere.

Tuesday, November 9, 2010

Dubai ranked amongst top 8 cities suffering from network attacks

67% of attacks on computers located in Dubai are distributed denial of service attacks (DDoS). DDoS attacks are usually performed by utilizing Botnets, mainly aiming to try to disable or limit access to online services located in the country, targeting primarily E-commerce type of websites. 


EU runs first pan-European cyber-war simulation


In Thursday's exercise, codenamed 'Cyber Europe 2010', experts from all 27 EU states plus Iceland, Norway and Switzerland faced 'simulated attempts by hackers to paralyse critical online services in several EU member states,' a statement released in Brussels read.


Politically provoked DDoS attacks

A new computer Trojan named Vecebot is a new malware family and has been associated to denial of service (DDoS) attacks against bloggers who have posted critical comments against the ruling Communist Party and Chinese mining operations in the nation, as reported by ThreatPost on October 29, 2010.
According to the analysis, targets of the Vecebot botnet were estimated somewhere between 20,000-30,000 hosts. These hosts included some of the famous blogs and online forums of Vietnam. Further, as per the analysis, the launch of Vecebot might have been synchronized with the "Vietnam Blogger Day" on October 19, 2010, an online civil action to commemorate the launch of a blogger and political detainee who exploited the name Dieu Cay.


Georgia Vs Russia

Officially the war between Georgia and Russia began with a series of distributed denial of service attacks – commonly known in the IT security industry as DDoS attacks – that crippled not only the country’s infrastructure, but its judiciary and its entire government decision-making apparatus.


Saturday, November 6, 2010

First Jail Sentence For Romanian BitTorrent Site Operator

The owner of a Romanian BitTorrent tracker has been the first person in the country to receive a jail sentence for his actions. Following complaints from the Business Software Alliance, Kartel.ro was closed in 2007 but it has taken three years for the case to come to a conclusion. The outcome is a 6 month suspended sentence and an unspecified fine.
The Romanian division of the Business Software Alliance has been trumpeting various successes from its work cracking down on the use of unauthorized software.


Former Student Gets 30 Months in Prison for DDoSing Conservative Figures and Using Botnets

Mitchell L. Frost, age 23, of Bellevue, Ohio a former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting Denial of Service Attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet zombies.

The former student also admitted initiating denial of service attacks against University of Akron computer servers on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 1⁄2 hours, preventing all students, faculty and staff members from accessing the network. The University claimed that response and remediation efforts to restore network services cost over $10,000. 

Friday, November 5, 2010

Pulling the plug on a country.......

Burma has been offline since Tuesday, when a massive DDoS attack clogged the country's modest 45 Mbps Internet pipeline with junk traffic hitting at a rate of between 10 and 15 Gbps.....


DDoS attacks by agentless botnets

 Interesting article on http protocol flaws that could result in DDoS attacks by agentless botnets: 

 A flaw in the HTTP protocol leaves the door open for attackers to wage a new form of distributed denial-of-service (DDoS) attack that floods Web servers with very slow HTTP "POST" traffic.


Wednesday, November 3, 2010

A busy week for DDoS

It`s been a busy week for DDoS.....

"The losses a business can incur through a targeted DDoS attack are enormous, even if they're not out of action for long. We have typically found that businesses attempt to protect themselves with dated measures such as over-bandwidth provisioning, which are costly and ineffective", he added.
Bruun went on to say that businesses should consider investing in managed services. For a growing number of organisations, he argues that the most cost-effective and comprehensive solution is a managed DDoS mitigation service.


Tuesday, November 2, 2010

A New Cyber Arms Dealer


DDoS for Hire...it seems that cyber terrorists are combining forces and setting up shop everywhere, first china now Iran...