Monday, March 28, 2011

Anonymous' Operation Empire State Rebellion Releases "Civil Disobedience" Video #2


Two weeks ago the Anonymous hacker collective released a video indicating it was moving to a peaceful form of civil disobedience, until such time as the Fed is abolished, to be preceded by the "sign of good faith" that is Bernanke's stepping down. Needless to say, so far Bernanke has not quit. So today Anonymous' OpESR has released a second video which unlike the previous one is more or less a collage of hacker-friendly video clips. Hopefully there is some more to this latest form of anonymous activism than the clever use of iMovie...


http://www.zerohedge.com/article/anonymous-operation-empire-state-rebellion-releases-civil-disobedience-video-2

Wikileaks DDoS spawns security arms race


Ever since supporters of Julian Assange took to the internet to launch DDoS attacks against Wikileaks naysayers, companies have woken up to a need to protect their entire infrastructure, and F5 Networks and their customers are now preaching the need to wrap all network applications into a secure environment.
Jason Needham, senior director of product management for F5, said that companies now more than ever need to protect every part of their online infrastructure, not just mission-critical applications.
"Wikileaks has woken up the industry to the fact that it's not about [protecting against] losing content, but it's also [protecting against] virtual protesting where flash crowds come in and try to take a service offline based on an agenda and protest of sorts," Needham said.
The real challenge in the conflict, he went on, is identifying who is a valid user and who intends to do the organisation harm online.
"One of the things F5 goes into organisations talking about is how to solve the DoS problem and its many faces. One of the faces it takes is from the unintelligent brute force attack, another face it takes is valid application-based attacks."
These application-based attacks work to disguise themselves as normal user interactions in order to exploit security vulnerabilities like SQL injections, Needham said.
The solution, according to Kurt Hansen, F5 Network's local managing director, is to deploy a breadth of security activities "from intelligent filtering to dynamic security policies to really trying to decipher good users from bad users and help organisations stay online".
Hansen said that the bar had been lowered for people to take to the internet as hacktivists, with the only prerequisite being a working internet browser.


IPv6 isn't riding to the rescue

Needham also said the implementation of IPv6 wouldn't raise the bar for application-level security.
"The application security problem does not go away with IPv6. It's not going to solve the problem of DoS [attacks] and it's not going to solve the problem of application-based threats," Needham said, adding that the design of IPv6 may in fact make security enforcement more difficult.

"One of the inherent security functions of IPv6 is a point-to-point security tunnel between two devices, which means you're now encrypting all of your application-layer traffic from the attacker through to whatever they're attacking," he added.

According to F5, the only way to effectively deal with evolving security threats is to respond swiftly and implement faster technology with staff like Mark Wallis, who is a network administrator for credit card payment company Qvalent.
Wallis recently implemented a quick fix to a Java exploit without having to write a software patch, which, in the banking industry, can take time due to regulatory constraints.
Instead, Wallis wrote a rule into Qvalent's application firewall as a line of defence against the global Java exploit.
"We now look for that magic number within [our application firewalls]. It's never a number you're going to see in day-to-day transactions … and it's the type of thing we can get a fix out for within a 24-hour period," Wallis said.
Wallis went on to predict that the exploit may find its way into a new worm before a software patch comes to hand.
"What everyone is betting is that [the exploit] is going to pop up in a worm very quickly. I guarantee you that the next Stuxnet is going to be looking for that [exploit] and it's just so dead simple," Wallis said.

http://www.zdnet.com.au/wikileaks-ddos-spawns-security-arms-race-339309259.htm

Anonymous targets American Israel PAC: Operation Palestine



OpPalestine
Sunday those claiming to represent the Internet hacktivist group known as "Anonymous" launched a cyber attack against The American Israel Public Affairs Committee (AIPAC). The attack is aimed at the website, aipac.org, and conducted via a modified LOIC (Low Orbit Ion Cannon) used to execute DDoS attacks. A distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
According to the announcement from Anonymous:
America's Pro-Israel Lobby (AIPAC) is known for being one of the most powerful lobbies, keeping politicians in their pockets. During 2009, the U.S. provided Israel with at least 8.2 million per day in military aid and $0 in military aid to the Palestinians.
We are having none of it.
The notice goes on to give "attack instructions" on the installation and utilization of the LOIC (low orbit ion cannon).
Currently Anonymous is experiencing something of a renaissance, with numerous operations running as well as a robust recruitment drive in full swing. Using social media sites like Twitter and Facebook as well as Internet Relay Chat rooms (IRC) the group has conducted successful campaigns against such targets as Scientology, Visa and MasterCard, the Westboro Baptist church and the Internet security firm HBGary.

Nevertheless, it is important to recall that Anonymous is a mysterious organization - a headless monster, lacking any identifying hierarchy or command structure. No one press release, no one statement, no one tweet, no one blog post, speaks for all who pledge allegiance to the group. While there apparently are leaders and followers involved in particular operations, there is no leadership in the traditional sense.

At the time of posting, the AIPAC website was still up and running. The announcement and other information is available via Twitter search: #OpPalestine, as well as a Facebook page "Operation Palestine."


http://www.examiner.com/anonymous-in-national/anonymous-targets-american-israel-pac-operation-palestine

March 2011 - the hardest hit month on record for hacktivist attacks


March is being hailed the most active Hacktivist month on record. So far this month we have seen:
  • March 3rd, DDoS attack on Korean e-Commerce and government institutions
  • March 4th, DDoS attack on Wordpress.com
  • March 6th, attack on the French government’s interest in the G20
  • March 9th, DDoS attack on Codero managed hosting provider – disrupting Twitter
  • March 9th, group Anonymous declares “Operation Payback” against BMI.com and calls for sustained and disabling attacks from its members
These attacks have prompted the Financial Services – Information Security Advisory Council (FS-ISAC) to issue an advisory (2011-03-24) warning all financial service member companies of a possible Denial-of-Service attack. In preparation it has republished the national CERT guidance.
Those identified as being at high risk include: large financial institutions—banks, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g. electric, gas, internet Service Providers and National Power grid providers.
Radware has devised a checklist to help these institutions secure their networks more effectively.

1) Architecting the perimeter for attack mitigation
  • Use a security-in-depth approach to fully prepare for attacks. Employ an anti-DDoS security strategy to alert to, and mitigate, all attack traffic and “clean the pipe” – at the very edge of the organisational network.
  • Ensure the solution has perimeter-specific capabilities to detect anomalous reconnaissance and intrusion activities as they happen; repelling all application-level attacks; discriminating between legitimate and illegitimate traffic, and a logging/correlation system to collect detailed attack data and quickly report
2) The need for complementary security technologies
  • In addition to basic IPS and firewall protection, deploy a multi-faceted security solution to ensure the mitigation of known and unknown attacks successfully. These should include:
    • Anti-DoS and DDoS attack tools (at the network and application layers) to prevent network flood attacks
    • Network behavioural analysis tools with real-time signature writing capabilities to defend against application misuse attacks and zero-day attacks
    • Intrusion prevention systems to guard against known application vulnerabilities
    • Application-level active defence mechanisms – such as challenge & response
    • Active emergency counter-attack strategies (Smart Hands / Man-in-the-Loop Capability)
3) Be prepared for a counter-attack
  • Devise a plan to include skilled technicians in the event of attack to ensure the tools, alerts, correlation and mitigation are being handled properly.
  • Ensure the teams are ready to provide immediate assistance and active mitigation or counter-attacking defence actions as soon as the system is under attack.
  • Active defence is the concept of a proportional counter-attack to smoulder last vestiges of the DDoS attack and to provide for some necessary closure to a painful incident.
http://www.it-director.com/business/content.php?cid=12677

Thursday, March 24, 2011

Serious cyber attack targets EU institutions on eve of summit

Today is the first day of the first EU summit that takes place under the Hungarian presidency, and European leaders have gathered in Brussels to discuss matters such as the rising European debt crisis and the Libyan unrest and the subsequent military action.



But on the very eve of the summit, an unexpected occurrence cast a dark shadow over the event. The BBC reports that the European Commission and the External Action Service - the Community's diplomatic arm - have been hit by a "serious" cyber attack.

So far, details about the attack have not been divulged.

"We are already taking urgent measures to tackle this. An inquiry's been launched. This isn't unusual as the commission is frequently targeted," said EU spokesman Anthony Gravali.

An anonymous source confirms: "We're often hit by cyber attacks but this is a big one." Other sources compare the attack to the recently revealed one that targeted the computers of the French Ministry of Finance, when more than 150 machines were compromised.

Even though Gravali says that the European Commission will not speculate on the origin of the attacks, the similarities raise the possibility that the attackers could be the same ones that targeted the French. At the time, internal sources said that some of the files were redirected to Chinese sites, but they conceded that this fact doesn't say much.

The entire European Commission staff has been asked to change their passwords and to make sure to exchange information via secure email systems. The Commission has also shut down external access to email and the Comission's intranet, so that unauthorized information doesn't leak out.
http://www.net-security.org/secworld.php?id=10792

Internal Affairs website goes down


Days before hackers were set to attack it, the Internal Affairs website is down.
A spokesman for the department said it had not yet established what had happened but was investigating.
Restoring services was the priority, he said.
A video on the internet by hacker collective Anonymous detailed its opposition to Internal Affairs implementing internet filtering this month.
''Internet censorship as seen in China, India, Australia, the United States as well as the United Kingdom has become one of the greatest atrocities to free speech and government transparency since the cold war,'' the group said.
''It is for this that we the people, must and will step forward to dismantle the Government's control over the internet.''
The group promised a series of attacks to start next Monday, but the site was already down today.
''The attacks will continue until The Department of Internal Affairs vetoes their own decision and releases the free flow of information to New Zealand.''
The message concludes: ''You cannot find us. You cannot stop us. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.''
A message on the Internal Affairs website said it was temporarily unavailable and apologised for the inconvenience.
Technology writers Kris Notaro and Wes Strong have written about Anonymous saying it began as a movement in 2003 on a series of internet chat boards and has gone from targeting small time hypocrites to large multinational corporations bringing it from the background of hacker culture to the forefront of global politics.
It gained notoriety in 2010 after shutting down Mastercard, Visa, and Paypal during what it called Operation Payback.
Those major corporations stopped providing their services to Wikileaks, which had been using them to accept donations into the Wikileaks defence fund.
Last year's Parliament InTheHouse link was taken over by Turkish hacker Iskorpitx.

http://www.stuff.co.nz/technology/digital-living/4804937/Internal-Affairs-website-goes-down

Wednesday, March 23, 2011

Anonymous sends a message to ‘the South African people’

Anonymous, the shadowy online ‘hacktivist’ group that is rapidly gaining worldwide fame uploaded a video to YouTube on the 18th of March entitled “Message from Anonymous: To the South African people”, calling on the people to rise up and take back their country from corrupt and inept rulers.
The message, which had been viewed 800 times at the time of writing, begins with some grainy footage of wind sweeping over Table Mountain, evoking the famous Winds of Change speech by Harold Macmillan which foreshadowed the end of the colonial era. The video then cuts to a head shot of a smiling mask and a female computerized voice begins with the words “to the people of South Africa, Anonymous would like to address you on the state of your society”.
The message goes on to detail how the people have been robbed of the wealth of the country, and how companies like Anglo American and the Oppenheimer family have gotten rich at the expense of the masses. This is followed by a list of South Africa’s social problems, from drugs and murder to domestic violence and organised gangs “while the police are rendered impotent by the very laws that govern South Africa”.
How long will we allow this to go on, asks the voice of Anonymous, before exhorting the people to “stand up and show the world that enough is enough”. The final part of the message is a warning to the government that the people will stand it no longer, and drives home the message “expect us”.
The tone of the message shifts from speaking in the third person in the first half of the message, to something more inclusive at the end. “We the people are taking our country back”, “Enough of selling our resources to the West” says the voice, and the switch to first person plural indicates that the message originates in South Africa from a homegrown branch of Anonymous.
It’s been a watershed few months for Anonymous. From highly-publicised attacks against the enemies of WikiLeaks to strategic DDOS attacks on Middle Eastern dictatorships and a strategic humiliation of online security firm HBGary, the “hacktivist” group has gone from strength to strength. Just last week, it declared that it would be taking on the might of the ‘global banking cartel‘ in what would be its most ambitious target to date.
This particular message from Anonymous to South Africa is short on details, and offers no solution to the multitude of problems which, to be frank, even the government themselves are aware of. There are no targets, timelines or direct threats which are all hallmarks of Anonymous modus operandi thus far.
The message does seem to be closely associated with a Facebook group called “Taking Back South Africa! 2011“, a community organisation with 300 followers that seems to be advocating a radical overthrow of the political system in South Africa. It even carries the group’s logo at the end.
When approached by Memeburn about its plans for the future, the organisation wrote “Our plan is first of all to create more awareness of this movement and increase online numbers which will allow us to get more material across. We plan to create more videos and written material which we will release online. Our strategy is to focus on 3 core fundamental problems which all South Africans suffer from and can agree on: Poverty, Crime and Government Corruption.”
One of the things which the video does do is point to the fact that, in a leaderless movement such as this, anyone can step forward and claim to speak on behalf of the collective. Is this message really from Anonymous, or is it simply the work of some South African activists who are seeking to shake up the South African political scene with some bold pronouncements? We’ll be watching to see if this develops any further.


Friday, March 18, 2011

Hacker group Anonymous declares war on ‘global banking cartel’


The faceless, decentralised on-line community known as “Anonymous” posted a video on YouTube on Monday declaring war against the international banking system in a movement it is calling “Operation Empire State Rebellion”.
In the video, Anonymous explains how this movement would involve a “relentless campaign of nonviolent, peaceful civil disobedience” until its demands are met. These demands begin with the resignation of Federal Reserve Chairman, Ben Bernanke, but ultimately it seeks to “break up the global banking cartel centered at the Federal Reserve, International Monetary Fund, Bank of International Settlements and World Bank”.





This is the most ambitious goal yet to be set by Anonymous in what is turning out to be a watershed year for online activism. From highly-publicised attacks against the enemies of WikiLeaks to strategic DDOS attacks on Middle Eastern dictatorships and a strategic humiliation of online security firm HBGary, the “hacktivist” group has gone from strength to strength.
Clearly, it’s showing tremendous strength and confidence in taking on the might of the international financial system, and the group must believe that it has the weight of public opinion behind it. Anonymous has also been actively recruiting members through its Tumblr blog, and Twitter hashtag #OpNewBlood.
The move against giant financial institutions has already begun, according to the New American, which reported that “earlier this week, Anonymous released a series of e-mails allegedly showing that Bank of America was regularly engaging in fraud and criminal activity”.
The ties between Anonymous and WikiLeaks are not clear, but both organisations claim to have information that will do tremendous damage to some major global financial institutions.
It seems obvious that the Federal Reserve will not bow to Anonymous’ demands, and neither will the online group back down. We can expect some fireworks in the near future.

http://memeburn.com/2011/03/hacker-group-anonymous-declares-war-on-global-banking-cartel/

Wednesday, March 16, 2011

DDoS Attacks Up 22 Percent In Second Half Of 2010

The second half of 2010 saw a steep rise in distributed denial-of-service attacks and other Web attacks that caused downtime, according to a new report from Trustwave's SpiderLabs.



Organizations were hit by more distributed denial-of-service attacks in the second half of 2010, and their applications were knocked offline because of poorly implemented defenses, according to a Web hacking report.
The number of DDoS attacks jumped 22 percent to become the most frequently used attack vector in the second half of 2010, Trustwave found in its semiannual Web Hacking Incident Database report, released March 14. DDoS attacks successfully disrupted commerce and brought down Websites and large organizations, the company found. More than 32 percent of all attacks in the second half of 2010 involved DDoS attacks, according to the report. SQL Injection was the second most popular vector, at 21 percent.
The primary goal appeared to be aimed at causing downtime, SpiderLabs, Trustwave's security research and testing group, wrote on its Anterior blog. Incidents that resulted in some kind of application downtime jumped 21 percent to account for 33 percent of all attacks, the report found. Defacement and leakage of information were the second and third most popular outcomes.
"This is mainly a result of ideological hacking efforts utilizing distributed denial of service (DDoS) attacks as part of the Anonymous Group versus Anti-Piracy and WikiLeaks events," wrote Ryan Barnett, the principal investigator on the report. The incidents include the attacks on PayPal and MasterCard, according to the report.
The report analyzed top outcomes, attack methods and weaknesses for vertical markets. When broken down by vertical, SQL injection attacks remained popular for government agencies and retail organizations. About 24 percent of all attacks against government agencies and 27 percent of incidents in retail were by SQL injection, the report found. The two sectors had the same application weakness: improper input handling within the application that attackers exploited the most. The most common outcome after an attack on a government agency was defacement, while credit card numbers were more likely to be stolen from retail.
In contrast, the most common attack method for financial services was stolen credentials, at 36 percent. Applications lacked, or did not have enough, authentication built-in, the report found. The financial sector suffered financial losses in 64 percent of the attacks.
"Cyber-criminals never stop trying to exploit Web applications," said Nicholas J. Percoco, senior vice president and head of SpiderLabs.
Most businesses "wrongly assume" that network hardware will stop DDoS attacks, or believe their Website will not be targeted, Trustwave found. The increase in the number of attacks in 2010 "proves" that organizations, regardless of size, need to test their applications to understand how they would fare under attack, the report said.
Along with being vulnerable to automated brute force and DoS attacks, businesses need to test their sites for cross-site-scripting flaws and that input handling does not allow SQL injection attacks, according to Barnett. Applications need to have strong authentication processes and sufficient authorization rules and be configured correctly, he said. Other top tactics included CSRF and domain name hijacking, click-fraud, and other brute force tactics to crack passwords, he said.
The WHID is a database of Web application-related security incidents and the business impact of those attacks. The latest report analyzed data from 75 incidents reported between July 2010 and December 2010. To be included in WHID, an incident must be publicly reported, be associated with Web application security vulnerabilities and have an identified outcome, Trustwave said.

http://www.eweek.com/c/a/Security/Denial-of-Service-Most-Common-Attack-Vector-in-Second-Half-2010-629236/

Tuesday, March 15, 2011

Pakistan Government gets DDoS – Government Official websites go black!

At about 7:00 PM Pakistan Time on Sunday the 6th March, almost all of the websites hosted by the Government of Pakistan – were down due to distributed denial of service attacks. Government of Pakistan websites are hosted by their absolutely incompetent agency called National Telecommunication Corporation (www.ntc.net.pk ) and are protected by Internet’s most famous scammers, Server4Sale / BlockDos.

The websites of Senate, FIA (Federal Investigation Agency), National Assembly, and all the Ministries, etc. including the official portal of Pakistan (www.pakistan.gov.pk) were all down due to the inability of NTC and sammers Server4Sale / BlockDoS to handle the DDoS attack.
Recently, after awarding a controversial contract to Server4Sale / BlockDoS which is possibly going to be investigated for collusion by Transparency International and the Auditor General of Pakistan, the downtime of these websites has increased dramatically.
As per contract details there is penalty of Rs. 10,000 per minute that websites are down. On Sunday the attack continued, and it seemed as though both the entities involved in the protection of Pakistan Government’s Official Websites were incapable of doing a simple job of protecting them.

http://dos-attacks.com/2011/03/06/pakistan-government-gets-ddos-government-official-websites-go-black/

Monday, March 14, 2011

CO.ZA suffers DDoS attack


Attempts to datamine the CO.ZA web Whois service causes an inadvertent DDoS attack which influences service availability
Many users complained about service problems on the CO.ZA web Whois service this weekend, and Uniforum now confirmed that they have experienced problems which resulted in delayed response times or degraded service availability.
“According to our investigations it appears that attempts to data mine the CO.ZA web Whois service has resulted in an inadvertent Distributed Denial or Degradation of Service (DDoS) attack,” said Theo Kramer, UniForum SA Chairman.
Kramer explained that their Whois system has been under severe pressure over the weekend as a result of what appears to be distributed data mining attempt on our web Whois service.
“Necessary remedial steps are being taken and we are monitoring our systems to ensure that the impact of this bot flood is minimized,” said Kramer.
Kramer also advised users to make use of http://captcha.coza.net.za or whois://whois.coza.net.za while they address this issue.
“The CO.ZA registration system, DNS system, EPP test system and alternate Whois systems were not affected,” said Kramer.

http://mybroadband.co.za/news/internet/19059-COZA-suffers-DDoS-attack.html?utm_source=twitterfeed&utm_medium=twitter

4chan hackers leak internal Bank of America emails


Anonymous, a group of online hackers that frequently take up politically charged causes such as bringing down the websites for Visa and other credit card companies, has released a massive batch of internal Bank of America emails.
It looks like the hacker group, which frequents online message board 4chan, made good on a promise Wikileaks founder Julian Assange made several months ago. Anonymous sided with Assange when several sites and services like PayPal cut ties with Wikileaks’ enigmatic founder amid concerns about the legality of the site. Assange and Wikileaks indicated that they planned to publish the documents in December.
But that was then — before Assange was arrested on suspicion of sexual offenses in December. Wikileaks began making headlines after it released 251,000 secret U.S. state department documents. The site created a stir among world governments, who have denounced the site’s actions, and it was booted by its domain name service provider EveryDNS. Assange and the sie also had their accounts suspended from Amazon’s S3 and EC2 online cloud hosting services and PayPal.
Anonymous’ host site for the internal emails has received enough traffic to bring it to its knees. VentureBeat reporters were unable to access the site shortly after the documents were posted. Errors indicated that the site had crashed due to a traffic overload — which kind of ironic after Anonymous coordinated massive direct denial of service (DDoS) attacks on other sites that are designed to send inordinate amounts of traffic and overload servers.
The documents indicate that Bank of America improperly foreclosed on several homes during the height of the financial crisis in 2008 that began one of the worst recessions since the great depression. The report came from a former employee with Balboa Insurance — a risk management and insurance firm. The employee reportedly corresponded with Bank of America employees and was told to falsify loan numbers on documents to force Bank of America to foreclose on homeowners.

http://venturebeat.com/2011/03/13/anonymous-bank-of-america/

Friday, March 11, 2011

Facebook: DDoS attacks don't down the site, our screw-ups do


TechRadar met up with a number of Facebook engineers today, who explained the changes that were happening with the site in terms of implementing HTML 5 and how they work with the daily challenges of keeping the site upright.
One of the things mentioned was how the company works to curtail DDoS attacks, which according to Facebook happen very rarely.
"As far as I know, we have only had one or two DDoS attacks on the site," explained David Recordon, senior open programmes manager, at Facebook.
"You would need a pretty big botnet to attack us and I don't think they would want to put all their effort into downing the site and expose their ways.
"When we have site blips people think we are having an attack – it's not, it is usually us screwing up but it's fixed within an hour."
Facebook attack
To keep Facebook and its API free from attack, the site does have a number of teams in place that monitor the site for security flaws and try and fix them ad hoc.
Recordon explained that there is a "site integrity team" in place whose sole job it is to check the site for imperfections and there are other techniques being used.
"We use a combination of technology and the systems that we have built from scratch," said Recordon.
Jason Cross, the first UK-based Facebook platform engineer, told to TechRadar that there are other security measures in place, one of which is protecting its Like button functionality from click jackers.
"We have click-jacking prevention techniques that we don't talk about and we try and stop it within our code, but we also speak to browser vendors," said Cross.

"Click-jacking is a very clever hack that people are doing. There is an on-going dialogue across the whole industry to prevent this, though."
Security response
Jason Sobel, engineering manager at Facebook, explained to TechRadar that there were internal security procedures in place if the site is compromised, but there is also a reliance from external sources to let them know what is going on.
"We have a number of levels of security response," explained Sobel.
"We have a security incident team, and we get reports from white hat hackers who are trying to help us out which is great.
"We have other security glitches that aren't reported to us directly but we try and fix them within hours of them happening.
"We also have a team of internal white hats who find security holes before they are made public and this again is a massive help."
Code red
Interestingly, problems with Facebook that come from the site's code are ultimately down to the person who created it.
So an engineer, no matter how low down the chain he is, could expect a midnight call if things on the site go awry and it is their code that is causing the problems.
"There are 24/7 engineers who watch all the monitoring data we have and make sure that if there is something that crashes or there are unusual trends on the site, we can fix them," said Sobel.
"If they don't know how to fix it, then we have app operations who know how to solve a vast number of problems. But the last resort is that we phone the engineer who created the code in the middle of the night to sort it."
Cross, who recently came back from a Facebook boot camp where he created some code for the site's photo section, explained a bit more about the situation.
"The developer has ultimate responsibility for the code, from its inception up until it is superseded.
"So it is scary if you are that developer, but what that makes you do is write code in the right way.
"It is all about relationship and accountability."
  
http://www.techradar.com/news/internet/facebook-ddos-attacks-don-t-down-the-site-our-screw-ups-do-935088?src=rss&attr=newsintern

Wednesday, March 9, 2011

WordPress.com DDoS Attacks Primarily From China

After recovering from the largest Distributed Denial of Service attack in the service’s history (“multiple Gigabits per second and tens of millions of packets per second”) yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST).
WordPress.com serves 18 million sites, many of them news sites like our own,  which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea.
According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China’s major search engine. WordPress.com doesn’t know exactly why the site was targeted and won’t release the name until it does. Based on the extent of the attacks Mullenweg tells me that they appear to be politically motivated.
“WordPress.com was hit with a another wave of attacks today (the fourth in two days) that caused issues again. This time we were able to recover more quickly, and also determined one of the targets to be a Chinese-language site which appears to be also blocked on Baidu. The vast majority of the attacks were coming from China (98%) with a little bit of Japan and Korea mixed in.”
While Mullenweg tells me that DDoS attacks are fairly common at WordPress.com but its the strength of its infrastructure (distributed across three data centers in three cities) usually prevents anyone from noticing. The recent attacks have impacted not just WordPress.com sites, other servers in the same part of the network causing the outages. WordPress.com is collaborating with upstream providers to shift the attacks.
Says Mullenweg, “Right now there are huge asymmetric risks on the internet because any bad actor, for a few tens of thousands of dollars, has the online equivalent of a dirty nuke and can bring even the largest sites to their knees and silence millions of voices.”
WordPress.com isn’t the only one suffering from recent DDoS attacks, a slew of South Korean sites also took a hit during the same time period.

http://techcrunch.com/2011/03/04/wordpress/

Dozens of South Korean Websites Attacked

 

(SEOUL, South Korea) — Hackers attacked about 40 South Korean government and private websites Friday, prompting officials to warn of a substantial threat to the country's computers.
The South's National Cyber Security Center said they had seen signs of a "denial of service" attack, in which large numbers of computers try to connect to a site at the same time in an attempt to overwhelm the server.

A top South Korean cybersecurity company, AhnLab, said in a statement that the targets included websites at South Korea's presidential office, the Foreign Ministry, the National Intelligence Service, U.S. Forces Korea and some major financial institutions.
The Korea Communication Commission said websites had reported no immediate damage.
AhnLab spokesman Park Kun-woo said the attacks were similar to ones that have targeted South Korean websites in the past, in that they were denial of service attacks and largely targeted the same sites.
AhnLab said a computer user discovered a bug in their system Thursday night. After analyzing it, AhnLab found malicious software designed to attack websites and told the targets in advance so that they could prepare. As a result, Park said, there had only been a brief slowing of some of the websites.
AhnLab was providing free programs to repair infected computers.
Government officials have said that previous denial of service attacks on South Korean government websites were traced to China. It was not immediately clear where Friday's attack originated.

Park said people often point to China as the source of such attacks because a large amount of malware originates there. Malware is malicious software designed to access a computer without the owner's consent.
Cyberattacks on South Korea in 2009 were initially blamed on North Korea, but experts later said they had no conclusive evidence that Pyongyang was responsible.
South Korean media have previously reported that North Korea runs an Internet warfare unit aimed at hacking into U.S. and South Korean military networks to gather information and disrupt service.
 
http://www.time.com/time/world/article/0,8599,2057185,00.html?goback=.gde_2677290_member_45926840

Thursday, March 3, 2011

Anonymous resumes Operation Payback with attack on BREIN


Anonymous, while continuing their actions to support protestors in North Africa, the Middle East, and Wisconsin, has resumed their most infamous operation to date - Operation Payback. On Thursday, the mass protest started with a Distributed Denial-of-Service (DDoS) attack on the Dutch anti-Piracy organization BREIN.

The attack on BREIN (anti-piracy.nl) started just after 12:00 a.m. on Thursday morning Eastern Standard Time. In a matter of minutes, 10 people using the LOIC software Anonymous is known for, were able to take the organization’s website offline.
From that point, it remained offline, only appearing intermittently around 04:00 EST. At the time this article goes to press, the domain is offline.
BREIN is the Dutch acronym for Protection Rights Entertainment Industry Netherlands. It’s also the Dutch word for brain. They have been linked to Hollywood anti-piracy efforts, and were selected by Anonymous for recent actions against a large Warez domain that impacted a legit business in the crossfire.
While targeting a Warez (illegal software) Topsite, BREIN seized several servers from hosting provider WorldStream. Among the equipment seized were servers owned by a legit ISP with no connection to the illegal software domain. According to reports, the ISP owner lost $138,000 USD worth of equipment in the BREIN raid.
TorrentFreak has more information here, including allegations of BREIN installing backdoors on the seized servers and hijacking the ISP owner’s GMail accounts.
In addition to the Warez raid that snared a legit business, Anonymous is also targeting BREIN for Operation Payback’s resurrection because of their involvement with the takedown of 11 Usenet related domains.
While the Usenet domains also included access to illegal software, BREIN’s actions resulted in cutting Usenet connections to legitimate groups, removing their right to communicate in the process. In all, the Usenet raids by BREIN impacted nearly a million people.
Right now, Anonymous is using the DDoS attack on BREIN to build momentum. They plan to stick with smaller targets until support grows. Once that happens, then the sky is the limit for them when it comes to selecting a new target for cyber protest.




“Since early 2011, Anonymous has busied itself with very successful operations which it can be very much proud of. Not only has Anonymous proven that it is a force to be reckoned with, it has grown in strength and diversity, and it continues to gain numbers and attract attention from all over the world,” a statement from Anonymous reads.
“Operation Payback has now begun its "researching" phase, due to some actions taken by some copyright organisations, including "BREIN", who have censored popular sites on the internet over the past couple of weeks. This censorship can't be taken lightly, it is time to avert some attention to them and enable them to [realize] that this kind of censorship will not be tolerated, Anonymous style.”
Operation Payback started as a campaign by Anonymous against the anti-piracy efforts of groups such as the RIAA, MPAA, ACS Law, AiPlex, and AFACT. In addition, the operation has also taken on, and taken out, MasterCard, Visa, the Swiss bank Post Finance, PayPal, and others.
Update:
Five minutes after this story was published, Anonymous started targeting ifpi.org.
From their domain: "IFPI represents the recording industry worldwide, with a membership comprising some 1400 record companies in 66 countries and affiliated industry associations in 45 countries."

http://www.thetechherald.com/article.php/201109/6896/Anonymous-resumes-Operation-Payback-with-attack-on-BREIN