Al-Qaida's Shamukh Chat Forum Under Attack

Al-Qaida's top-tier Al-Shamukh chat forum is facing an ongoing electronic attack, that has rendered the forum totally unreachable, according to a terrorism expert.The attack on Shamukh is similar to one reported in June this year, and first the domain and then subsequently the underlying data server were both taken down separately, Evan Kohlmann of Flashpoint Partners said in an email late Monday.

The difference this time however is that al-Qaida now has an alternate secondary forum to distribute its propaganda and media, known as "Al-Fidaa". "In other words, shutting down Shamukh is still quite an annoyance, and it certainly causes jihadi webmasters headaches, but it hasn't had the same effect of gagging al-Qaida's media machine," said Kohlmann who has spent over a decade tracking al-Qaida and other terrorist organizations.

Al-Fidaa is not yet under attack, but it would be interesting to see if a similar electronic attack is launched against this forum as well.

The identity of the attackers is still not known, but it looks like someone launched a coordinated assault on the forum that was designed to cripple the whole system, Kohlmann said.

Typically, that's not the kind of thing that happens because of a lightning strike or a handful of people relying on a tool like LOIC (Low Orbit Ion Cannon), he added.

LOIC is a network stress-testing tool that floods sites with data, making them unable to serve legitimate visitors. This type of attack is called a distributed denial of service (DDoS) attack.

Kohlmann said in a Twitter message earlier on Monday that web domain names servicing Shamukh chat forum have come under apparent attack by unknown hostile parties. He later reported that the forum was "totally unreachable".

A threat to "cut the tongue" of U.S. TV host and comedian David Letterman was posted on the forum in August.

http://www.pcworld.com/businesscenter/article/240637/alqaidas_shamukh_chat_forum_under_attack_says_expert.html

Leading Industry Analyst Firm Cites Prolexic in Recent Hype Cycle Report

 

Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced that it has been mentioned as a sample vendor in a report entitled, “Hype Cycle for Infrastructure Protection, 2011” by respected industry analyst firm Gartner. In the August 10 report, Gartner predicts DDoS defense will achieve mainstream adoption in less than two years and lists it as “highly beneficial” on its Priority Matrix.

Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced that it has been mentioned as a sample vendor in a report entitled, “Hype Cycle for Infrastructure Protection, 2011” by respected industry analyst firmGartner.

In the August 10 report, Gartner predicts DDoS defense will achieve mainstream adoption in less than two years and lists it as “highly beneficial” on its Priority Matrix.

A DDoS attack is an attempt to make a computer resource (i.e. web site, e-mail, voice, or a whole network) unavailable to its intended users. By overwhelming a web site and/or server with data and/or requests, the target system either responds so slowly as to be unusable or crashes completely. The data volumes required to do this are typically achieved by a network of remotely controlled Zombie or botnet [robot network] computers.

"Gartner client calls on DDoS have increased and DDoS services are nearing "must-have" status. Any Internet-enabled application that requires guaranteed levels of availability should employ DDoS protection to meet those requirements."

According to Gartner Vice President and Research Fellow, John Pescatore, Gartner client calls on DDoS have increased and DDoS services are nearing "must-have" status. In the report, he states, “DDoS mitigation services should be a standard part of business continuity/disaster recovery planning and be included in all Internet service procurements when the business depends on the availability of Internet connectivity. Any Internet-enabled application that requires guaranteed levels of availability should employ DDoS protection to meet those requirements.” The report also lists 10 sample DDoS mitigation providers, including Prolexic.

“Because DDoS is all we do, we have more expertise, more experience and more network resources dedicated to fighting these attacks than any other provider,” said Scott Hammack, chief executive officer at Prolexic. “That’s why large, complex attacks that can overwhelm other providers always end at Prolexic.”

Since 2003, Prolexic has been protecting Internet facing infrastructures against all known types of DDoS attacks at the network, transport and application layers with a distributed global network of scrubbing centers. By dedicating more bandwidth to attack traffic than any other provider – supplemented by proprietary tools, techniques, and experienced security experts – Prolexic has been able to handle the largest and most sophisticated DDoS attacks ever launched.

Prolexic’s singular focus on DDoS mitigation also avoids potential conflicts of interest between business groups for companies that offer multiple service lines. This can occur when a DNS provider also offers “add on” DDoS mitigation services, for example. If the same infrastructure that supports DNS services is overwhelmed by a DDoS attack, it is possible that DDoS customers will be sacrificed to protect DNS customers and the company’s core business. Pure play DDoS mitigation providers like Prolexic do not have this concern.

“Five of the ten largest global banks, e-Commerce providers, payment processors and others with mission critical Internet-facing infrastructures trust Prolexic to protect them from DDoS attacks and restore availability in minutes,” said Hammack. “That’s why Prolexic is the gold standard for DDoS monitoring and mitigation.”

http://www.prweb.com/releases/2011/8/prweb8742612.htm

IT security – a priority for African businesses

As Kenya prepares to host the IDC IT Security Roadshow, Kaspersky Lab is proud to be a part of such a thought leading event, as the company aims to stress the importance of proactive security measures that businesses operating in East Africa need to understand and implement today, for future success.

“91% of companies have experienced at least one IT security event from an external source in the last 12 months. This high statistic certainly proves just how crucial corporate IT security is now more than ever. The reality is that cybercriminal activity targeted at the corporate has, and will continue, to grow on a global scale, especially as newer, more innovative technologies evolve and become critical business competitive tools. And with the prediction that East Africa will be a significant contributor to Africa’s forecasted growth of 3.7%² in 2011 – the African continent will continue to boom economically where the business landscape will grow – making businesses operating in African countries an ideal target for cybercriminals,” says Sergey Novikov, Kaspersky Lab Head of EEMEA Research Centre.

In their recently released report, Worldwide Security Products and Services 2011 Top 10 predictions, the IDC drew some interesting conclusions that closely correspond to Kaspersky Lab’s strategy and vision in this regard. Of these, the IDC predicts that consumers and enterprises will continue to grow their spending on Endpoint Security at surprising rates – the reason being obvious – corporate IT security is a necessity! Customers and enterprises are looking  for  an  integrated  approach  that  offers  a  broad  range  of  protection from malicious cyber attacks, accidental  disclosure  of  sensitive  information  (consumer  and  corporate),  usage  by  unauthorised  users  (identity  fraud), and  applications (botnets).

“For many years now, Kaspersky Lab has taken an integrated approach to protection in our product offering and believe that IT Security should be top of mind for all businesses operating within the African continent. Apart from the traditional organisation of DDoS attacks, cybercriminals today have a main focus of targeting corporate servers for stealing corporate data and African businesses are not excluded,” says Novikov.

The IDC further predicts that small and medium enterprises (SMEs) globally will see more targeted attacks against data and resources. Small businesses will see increasing attacks on customer data.  Attempts to take full control of servers, PCs, and storage arrays for botnets, DDoS attacks, spam, phishing, hacktivism, and other uses are also expected to increase.

“With SMEs accounting for an estimated 60%³ of all employment in East Africa, and contributing up to 30% of gross national product, the SME sector in East Africa cannot afford to experience such attacks on their organisations, as the results could be detrimental likely having a ripple effect on the economy,” adds Novikov.

The conference will be taking place at the Hilton Hotel in Nairobi, where Novikov aims to provide insight into the above at the IDC IT Security Roadshow, to ensure that businesses operating within the African landscape are made aware of such threats that exist and take the necessary action required to avoid the impact of these attacks.

“The reality today is that proactive security is a requirement for all businesses, to ensure effective protection against such threats and attacks. Corporate servers are being attacked continuously and should such activity continue to take place, a business could stand to loss everything. Implementing the necessary corporate IT security measures now is the next major step for East African based businesses in effectively protecting enterprises – ensuring success and as such, continued positive growth of the African continent,” concludes Novikov.

Morocco: Militant Website Sustains DDoS Attack

The Moroccan militant website Mamfakinch! has come under a distributed denial-of-service (DDoS) attack on Sunday 31 July, 2011, which blocked the access to its main platform for several hours. The website is now back online.
What is Mamfakinch! and why has it been attacked?
Mamfakinch!
In the wake of the Arab revolutions, a couple of Moroccan online activists launched a militant website on February 17, 2011. They called it Mamfakinch!, which in Moroccan Arabic means “We won't give up!”.

In the six months of its existence Mamfakinch! has attracted a record audience of over a million unique visitors across its two main outlets which comprise an online news portal and a blog. The site's goal, according to its members, is to provide a platform for free expression for opposition voices and pro-democracy activists.
Against the backdrop of the Arab revolutions, Mamfakinch! set about to aggregate, curate and disseminate citizen media material, emulating the work of similar outlets in the region, notably the celebrated Tunisian news portal Nawaat.org.
But as Mamfakinch! readers and supporters have grown in number, so too have its detractors. “The website has gained a lot of popularity in the Moroccan activist blogosphere but we had also attracted a lot of enemies. Attacks against the website have started very early on but they are becoming increasingly aggressive” says this site's co-manager who also explains that the platform is receiving regular threats and countless derogatory comments. [Please note: the Mamfakinch! representatives interviewed in this article wish to remain anonymous].
One video recently surfaced on the internet purporting to show an attack against Mamfakinch!. The site was quick to publish an article [Fr] in which it (very sarcastically) dismissed the alleged attack as “a miserable spoof”.
The Attack
This Sunday, while the website was securing the exclusive live coverage of the pro-democracy marches and demonstrations being held across the kingdom, access to its main portal was denied. The blockade lasted for several hours before the site again became accessible late in the evening.
According to the site administrators, Mamfakinch! came under a large-scale DDoS attack. “The attack seems to originate from thousands of dynamic IPs localted in Saudi Arabia (!)” says the website's webmaster. The site's server has, in the matter of a few hours, became overloaded with the amount of new automated IPs' requests.
“The site is now up and running and we have taken measures to insure that such attacks don't happen in the future… although no one can be absolutely sure” says this co-founder of the site who adds that his colleagues, “for obvious security reasons, prefer not to disclose details of the steps taken to secure access to the site.”
Like in Ben Ali's Tunisia
Before the revolution in Tunisia, Morocco was praised for the relative freedom enjoyed by its internet users. But the country is now seeing a surge in attacks against online dissidents, several of whom have had their Facebook or email accounts hacked into. Phishing techniques were probably used to harvest account passwords.
DDoS attacks, infiltration techniques and blockage of dissident domain names were common during the Ben Ali era in Tunisia. Those types of attacks are increasingly becoming commonplace in Morocco. The site of the irreverent magazine Demain Online has not yet recovered from an attack it suffered over a month ago. The website 20Fevrier.com, believed to be related to the pro-democracy movement in Morocco, also came under attack several weeks ago. It has been offline ever since.
“The more they attacks us, the more we learn!”
Paradoxically, in the Arab world, the most experienced activists usually come from the most repressive environments. After a long confrontation with their governments, Tunisian and Egyptian activists have become experts in circumvention tools. This expertise is now being transferred to other countries in the region where militants are learning each day as they struggle against attempts to censor their voices online.
This statement from a member of Mamfakinch! sums up the situation quite well: “The more they attack us, the more we learn! Let them come!”

Anonymous unsheathes new, potent attack weapon

Better DDoS attacks ahead

Members of Anonymous are developing a new attack tool as an alternative to the LOIC (Low Orbit Ion Cannon) DDoS utility.
The move follows a spate of arrests thought to be connected to use of the LOIC, which by default does nothing to hide a user's identity.

The new tool, dubbed RefRef, due to be released in September, uses a different approach to knocking out websites. LOIC floods a targeted site with TCP or UDP packets, a relatively unsophisticated yet effective approach, especially when thousands of users use the tool to join voluntary botnets.

RefRef, by contrast, is based on a more sophisticated application-level approach designed to tie up or crash the servers behind targeted websites instead of simply flooding them with junk traffic, according to a blog post on the development by an Anonymous-affiliated blog.
"Anonymous is developing a new DDoS tool," the post explains. "So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website."
RefRef, which uses a "target site's own processing power against itself" is undergoing field trials, with tests against Pastebin, the blog post by AnonOps Communications reports.
Arrests in UK, Spain and Turkey connected to LOIC-powered attacks have already prompted some core members of Anonymous to move towards using a new server and dropping LOIC in favour of other attack tools, such as Slow Loris and Keep-Dead DoS. This now seems to be purely a stop-gap measure while RefRef undergoes development.
LOIC was originally developed for network stress-testing, but later released into the public domain where, years later, it became a weapon of choice for hacktivists, most notably in the Operation Payback attacks against financial service organisations that blocked accounts controlled by Wikileaks last December following the controversial release of US diplomatic cables.
The problem with LOIC is that unless attacks are anonymised by routing them through networks, such as Tor, then users will be flinging junk packets that are stamped with their IP address at the targeted systems. These IP addresses can then be traced back to suspects by police.
Whether or not RefRef does a better job at anonymisation, by default, remains unclear but early experiments suggest that Anonymous is brewing a more potent attack tool. "Supposedly, the tool will DoS a targeted website with ease," Dancho Danchev, an independent cyber-threats analyst told El Reg. ®

Layer 7 Application attacks - (DDoS)

Security attacks are moving ‘up the stack.’  90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’  SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10.  Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000.  These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.
Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector. 

It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended.  Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work.  Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched.  A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.

http://psilvas.wordpress.com/2011/06/22/cure-your-big-app-attack/

Use your brain - don't let your PC turn into a zombie

IF you're in an office, like I am, take a look around. If there are 10 computers in the room, chances are one of them is a zombie.

According to a University of Sydney cyber security expert studies have shown about one in five home computers and one in 10 work computers are "zombies" that have been taken over and used to conduct illegal activity.
"The global average is 20 to 25 per cent that are probably infected which means about one in five," said Professor Michael Fry from the university's school of IT.
"These computers are taken over remotely and incorporated into botnet networks."
Botnets are networks of computers enslaved by malware allowing the "bot herder" or "bot master" to control them remotely.
Prof Fry said remotely-controlled computers were being used in everything from organised crime to cyber warfare.
"Controllers use botnets for stuff like identity theft, to launch mass spam campaigns, phishing attacks, and online advertising 'click fraud'," he said.
"But the big one that they are becoming the weapon of choice for are distributed denial of service attacks."
A denial-of-service attack is when someone directs such a huge volume of requests to a target website that the web server can't respond and the site becomes inaccessible to everyone.
A distributed denial-of-service, or DDoS, attack occurs when hundreds or thousands of infected zombie computers are enlisted to help.
Prof Fry said botnets were today's "weapon of choice" for organised crime conducting DDoS attacks and there was a strong suspicion in cyber security circles that governments had also used botnets to sabotage others countries' IT systems.
He said individuals were already using attacks such as these to extort money right here in Australia.
"We had a case where a man in Alice Springs had his system go down one day," Prof Fry said.
"A little later he received an email from a group saying 'this was us and pay up or we’ll do it again'. He told them no and the next day they attacked him, bringing his whole system down."
They are even reports that individuals are able to hire botnets for a fee.

• One in five home computers are enslaved "zombies"
• Enslaved PCs used by "botmasters" in cyber attacks
• That means my computer has more of a life than I do

Aim for the head
Prof Fry said the systems which were the most vulnerable to these sorts of attacks were "unpatched" machines — computers which haven't been updated with the latest defences from software providers.
"These regular update requests can be a nuisance but are essential to stay ahead in the day to day battle against cyber crime," he said.
Craig McDonald is the founder and chief executive of MailGuard, a company specialising in the online security needs of business. He said it was essential for individuals and businesses to check for regular software updates.
"You're only as protected as the last update," Mr McDonald said.
"And for businesses, as email is highly used for 'doing business', I would recommend a multi-layered managed email filtering service."
Mr McDonald said individuals needed to ensure they followed all the directions given by their software and to run full scans of all computers.
Prof Fry said the identification of malware could sometimes be extremely hard and the process had become an "arms race".
"The less sophisticated ones can be tracked down and stopped, but the detection of zombies or the detection of bot masters can be very difficult," he said.
"The whole thing is an arms race. You can develop a tool that is very good at detecting them but as soon as you do people are working to get better at covering their tracks.
"It’s a global problem — governments, ISPs and everyone else."

The biggest threat?
Last week Attorney-General Robert McClelland and Defence Minister Stephen Smith said the Australian Government would work towards the creation of its first ever national strategy for dealing with cyber security.
"The Cyber White Paper will examine what we need to do to protect ourselves online, the role of government, industry and the public in protecting our interests," McClelland told a cyber security function in Sydney.
The paper will be completed in the first half of next year and would look at a broad range of areas including consumer protection, cyber safety, cyber crime, cyber security and cyber defence, he said.
Earlier this year the Federal Parliament was the subject of a cyber attack with the computers of at least 10 federal ministers, including Prime Minister Julia Gillard and Defence Minister Stephen Smith, targeted and confidential emails possibly accessed.
The head of Sydney University's Centre for International Security Studies, Professor Alan Dupont, said cyber attacks were "possibly the biggest security threat facing Australia".
"Of course we need to understand the technical detail of cyber crime in order to keep ahead of the game but we want people to think more broadly about cyber security," Prof Dupont said.
"We are stressing the importance of how cyber attacks are conducted, why and by whom, in order to enhance understanding of systems' susceptibility to attacks.
"If we don't get on top of this in a defensive sense, everything on a computer network is vulnerable to attack."

Read more: http://www.news.com.au/technology/use-your-brain-dont-let-your-pc-become-a-zombie/story-e6frfro0-1226070293650#ixzz1OaFtTJ9F

Is Obama Planning to Lose World War III?

In a cyberwar fought in an Internet-driven, overconnected world, things get turned upside down. The best offense is a defense. If a cyber-attacker disables your military command and control system, shuts down and catastrophically damages your power grid, makes your telecommunication system non-functional, and cripples your financial system, there isn’t much left to fight with.

Think of what the state of the country would be without these systems. Without power and telecommunications, there would be no logistic systems, supermarket shelves would be empty, credit cards wouldn’t work and money would be unavailable from ATM’s. Water would stop flowing to your home, and since gasoline would be unavailable from electric powered pumps, your car would not work. Among the other systems subject to attack: pipelines, sewage, and water supply. You get the idea.

If President Obama and the rest of our nation’s leaders aren’t actively implementing our cyber-defenses, they are implicitly planning to lose World War III.

For a long time I thought the idea of software designed to cause great physical damage to systems was fanciful. Then I came across a story in Thomas C. Reed’s 2004 book, At the Abyss: An Insider’s History of the Cold War. Reed was a former Secretary of the Air Force and told a story about a massive, three-kiloton explosion of a Soviet pipeline–the most massive non-nuclear explosion ever observed from outer space.

According to Reed, Russian agents stole software used to control the pipeline. As it happened, the CIA had anticipated the theft and deliberately programmed the software to go haywire. Sure enough, in 1982, when the Soviets deployed the stolen software, the pumps kepts pumping while valves were shut, producing pressure in excess of those the pipeline joints and welds could stand. The massive explosion soon followed.

I certainly hope there will never be a third world war, but I know there will be an increase in cyber-warfare, cyber-terrorism, cyber-crime, and cyber–vandalism. One only has to read the newspapers to be convinced that such incidents are on the rise.

In early 2007, Estonia came under cyber-assault. Estonia is one of the most Internet-dependent countries in the world. Ninety-six percent of its banking transactions are online. Citizens pay for parking using their cell phones. The attacks first targeted government sites and then were used to knock news sites offline. They culminated on May 10 when Hansabanka, the country’s largest bank, was forced to shut down its online operations shutting down ATM’s and severing the bank’s connections to the rest of the world.

South Korea has been attacked on numerous occasions. In 2009 a series of DDOS (Distributed Denial of Service) attacks were launched against government, news media, and financial web sites. More attacks occurred early this year. The April 12 attack paralyzed the Nonghyup Bank network for a week. The attacks were believed to have been originated by the North Koreans.

On April 19, 2011, Sony began investigating a cyber-attack that was a “very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes.” Sony discovered that credit card data and email addresses had been stolen from 77 million user accounts. Further investigation revealed that information was stolen from another 24.6 million online gambling accounts.

These assaults take two general forms. The first are attacks from the outside and usually take the form of DDOS (Distributed Denial of Service) attacks. In these attacks, an unauthorized remote user seizes control of thousands of computers and orders these “zombies” to flood websites with millions of messages. The overloaded systems become saturated and can no longer carry out routine operations. This type of attack brought down the Hansabanka and Nonghyup Banks.

The second form of attack is far more dangerous. The attacker gets inside the system and seizes control of the system operation or disables the system. The attacker may plant a “logic bomb” that will wake up on command or at some time in the future and might erase the system or perform some function that will injure the system under its control.

Stuxnet is a worm that was introduced into the Siemens programmed logic controllers at the Natanz uranium enrichment facility in Iran. It is believed the worm rapidly cycled the centrifuges to 1410 cycles per second and then slammed on the brakes, slowing them to 2 cycles. The rapid deceleration tore centrifuges apart. The same type of logic controller is used in numerous SANDA (Supervisory Control and Data Acquisition) systems in nuclear power and chemical plants. In a nuclear plant, such a logic bomb could cause a meltdown.

It is also possible for an attacker to use software trap doors to seize control of a command and control system and cause it to issue orders. In this scenario, troops might be ordered to attack the wrong target.

We are planning to lose World War III because we are unwilling to aggressively confront the cyber-defense issue. Confronting it is inconvenient, costly, involves regulation, and gives the government a potential window into our private lives.

But in an overconnected Internet-driven world, we must think about our current systems differently.

Here’s the problem we face: The Internet was never designed to be secure. It was designed by academics to serve the needs of trusted colleagues. While it will be impossible to make any system no matter how carefully conceived entirely secure, it is inconceivable that the existing Internet and systems based on it can be made more than marginally secure. This is not to say that the security of these systems cannot be improved.

The current activity of cyber-criminals offers convincing evidence that existing systems can be easily penetrated, and many of those systems have already been compromised. Infected computers and portable memory devices may have already introduced malware to numerous existing systems. The structure of the Internet makes it virtually impossible to identify the source of a well-executed attack.

My guess is that we can improve existing systems enough so they can continue to serve the Public and Private system users but that the current system can never be made secure enough to protect Secure and Mission Critical systems.

It is critical that we protect to the highest degree possible our Mission Critical systems. Among them are military command and control systems, systems controlling financial networks and the transfer on money within the network, networks that control our electric power. And, to a lesser extent, we need to protect other systems as well.

A few suggestions: We should consider physically disconnecting our Mission Critical systems from external networks. We should consider requiring all major ISP’s (Internet Service Providers) to install the capability to do deep packet inspection. In the case of a DDOS attack, these systems could quarantine the packets used to barrage and choke Internet systems. And we should give regulatory agencies the power to impose certain standards for cyber-security on businesses.

Doing these things will be expensive and create many inefficiencies. Many businesses will oppose these actions. Liberals and conservatives alike will worry about the potential loss of privacy and government intrusion into our lives that could result from the abuse of information collected with deep packet inspection. But realistically, it is hard to see many businesses and utilities going to the trouble and inconvenience of taking these types of actions unless they are forced to do so.

In an Internet-driven, overconnected world, power has become asymmetric. Small groups can do immeasurable amounts of damage with relatively small efforts.

Right now our country is the most vulnerable and most tempting target for cyber-terrorists and criminals. We have a highly developed physical and commercial infrastructure that is heavily dependent on the Internet. We cannot function if the Internet is shut down.

North Korea is possibly the country best positioned to attack us. They can launch cyber-attacks but their national infrastructure is so primitive that there is nothing for a cyber-warrior to attack. Cyber-terrorist are in a similar position. They have no banks or power stations for us to disable.

Our Defense Department is probably in a position to launch the most devastating and comprehensive cyber-attacks of any nation. Unfortunately, those attacks will not do much to defend many of our important systems. Probably all of them are not secure enough to withstand a sophisticated assualt.

So let’s get on with building the type of offense an Internet-driven, overconnected world requires. The new rule for that environment is “The best offense is a superior defense.” Relying as we currently do on having the best offense is a plan for losing World War III. Let’s start playing defense.

http://blogs.forbes.com/billdavidow/2011/05/24/is-obama-planning-to-lose-world-war-iii/

DDoS Attacks: Your Customers At Risk

Distributed denial of service (DDoS) attacks are an increasing concern for organizations large and small, according to new survey results out released from the Interop computer networking show. Among the findings: organizations reported that they've been unable to keep up with attacks that have plagued them more frequently over the past year, according to the survey, commissioned by Symantec's VeriSign and conducted by Merrill Research. Researchers polled 225 IT decision makers. Security remains a top concern in organizations, as IT professionals struggle to keep up with the mounting threat. Here's a look at the results.

• 78 percent of respondents reported that they are extremely or very concerned about DDoS attacks.
• 67 percent say that they expect the frequency and strength of denial of service attacks to increase or stay the same over the next two years.
• Close to two-thirds of respondents who experienced a DDoS attack in the past year said they sustained more than one attack.
• 11 percent said they had experienced six or more DDoS attacks in the past year.
• 60 percent of the respondents rely on their web sites for at least 25 percent of their annual revenue.
• 53 percent of the respondents said they experienced downtime in the past year, with DDoS attacks accounting for one-third ? 33 percent of all downtime incidents.
• More than two-thirds said their downtime impacted customers and half reported they lost revenue.
• 87 percent of IT pros believe that DDoS protection is very important for maintaining availability of websites and services.
• 71 percent of respondents who don’t have DDoS protection said they plan to implement a solution in the next year.
• 40 percent plan to outsource their DDoS protection, 31 percent plan to implement an in-house solution, and 29 percent are still undecided on their approach for protection.

http://www.channelinsider.com/c/a/Security/DDoS-Attacks-Your-Customers-At-Risk-212836/

After Sony PSN hack, ‘civil war’ fractures hacker group Anonymous

A "splinter group" has reportedly taken control of two websites that host hacker group Anonymous' primary communications channels in an attempt to decentralize the group.

Anonymous, the hacktivist group whose members were recently accused of conducting a massive breach of Sony’s PlayStation Network, appears to be coming apart at the seams following a “coup d’etat” takeover of the group’s primary communications network.
According to website Thinq_, a “splinter group” has seized control of two websites used by Anonymous to organize their various distributed denial of service (DDoS) attacks against their corporate and geopolitical enemies. Those site are AnonOps.net and AnonOps.ru, both of which host the Internet relay chat (IRC) channels used by Anonymous members.
A member of the AnonOps network staff, who goes by the name “Ryan,” tells Thinq_ that he and a number of other disaffected Anonymous members seized control of the sites because they believed the group had become too centralized. They also accuse some members of “behind-the-scenes string-pulling” that allowed these Anons to assume leadership positions in the previously headless organization.
Before now, it has been widely stated that Anonymous has no central leadership, a tactic used to limit the ability of law enforcement (or anyone else, for that matter) from discovering Anonymous members’ real identities, or infiltrating their operations. This, says Ryan, is “bullshit.”  In fact, he says, there are ten users that make all the decisions during a DDoS campaign, which is done in a single IRC channel.
“There is a hierarchy. All the power, all the DDoS – it’s in that channel,” he says.
To further make his point, Ryan leaked the IP addresses of more than 650 AnonOps users to the Internet — a move he says was “regrettable but necessary” to prove that their system for organizing attacks was insecure, and promote the idea that Anonymous must decentralize to survive.
The Anonymous members that Ryan says act as puppet masters for the group firmly refute his claims, and insists that it is Ryan, not they, who has gone off the deep end.
“[Ryan] accuses us of trying to control Anonymous from behind the scenes,” one Anon told Thinq_. “In fact, the channel he refers to was for chat moderation and he himself was part of it.”
The group says that Ryan — who is allegedly behind the controversial transformation of Encyclopedia Dramatica into ‘Oh Internet’ — is threatening to use an 800,000-computer-strong botnet (a group of computers taken over by hackers) to attack AnonOps, if they are able to take back the site from the splinter group. They also called Ryan “dangerous,” prone to “outbursts,” and “arrogant and narcissistic.”
“We all knew Ryan was dangerous,” said one Anon. “Just how dangerous nobody was quite sure. He has always had little outbursts. We knew one day there would be a massive one, but we were never sure when.”

http://www.digitaltrends.com/computing/after-sony-psn-hack-civil-war-fractures-hacker-group-anonymous/

State Blamed in LiveJournal Attack

LiveJournal Russia, the country's main platform for uncensored political discussion, recovered Tuesday from its biggest-ever hacker attack — which bloggers said could not have been staged without state resources.
The Cyrillic segment of the blogging service, which numbers 4 million Russian-language users, was first hit by a cyber attack last Wednesday.
Hackers used computers infected by malware, mostly in Asian and Eastern European countries, to flood the servers with requests, paralyzing them for seven hours. A second wave followed Monday, again rendering LiveJournal.com inaccessible in Russia.
Initial speculation suggested that the attacks had targeted individual bloggers, possibly Kremlin critics. Such incidents have taken place before. But LiveJournal management reported that the whole site had been targeted.
"The attack targeted dozens of top bloggers and communities" indiscriminately, said Ilya Dronov, development director with the site's owner, SUP.
"The reason for attack is more than clear in this case — someone wants LiveJournal to disappear as a platform," he said Tuesday in a post on his own LiveJournal blog, Igrick.
The hackers sought to leave the Russian blogosphere without a single stable platform to operate on, dispersing them to other social networks where "it's easier to fight individual users," Dronov wrote.
He stopped short of naming any names, predicting only that more attacks would follow. SUP will have to ship more powerful equipment to Russia to resist further attacks, Dronov said.
The company "doesn't exclude a lawsuit option," Svetlana Ivannikov, head of LiveJournal Russia, said late Monday in a statement. But she also identified no suspects.
Bloggers, however, minced no words, naming the Kremlin as the only power capable of staging such a large attack.
Anton Nosik, a prominent LiveJournal blogger and former director of SUP, wrote on Snob.ru that massive attacks require considerable administrative and "financial support."
He admitted that it was hard to estimate the attack's cost, but said the pro-Kremlin Nashi movement might be behind it because it was in the past accused — though not convicted — of hacking the blogs of opposition activists and of a cyber attack on the Estonian government's site.
Alexei Navalny, a popular blogger and anti-corruption activist, said the attacks were a start for the Kremlin's "counter-propaganda plan" ahead of the upcoming State Duma vote and presidential race.
The Kremlin has not commented on the accusations, while Nashi spokeswoman Kristina Potupchik said by telephone Tuesday that they were "some person's groundless assumptions."

 http://www.themoscowtimes.com/news/article/state-blamed-in-livejournal-attack/434552.html

Anonymous Declares War on Sony

In Sony’s effort to pursue George “GeoHot” Hotz and other Playstation hackers to the ends of the earth (literally), they’ve poked the sleeping giant of Anonymous, the 4chan based hivemind who under the guise of “freedom of information” has now officially declared war on Sony, and has launched attacks ranging from bringing down their websites (and possibly the PSN) to publishing personal information of the executives.
The “press release” by Anonymous says things like “You have abused the judicial system in an attempt to censor information about how your product works” and more tellingly, “You saw a hornet’s nest, and you stuck your penises in it.”
But even though it may seem childish on the surface, Anonymous is not a group to be trifled with. They’ve taken on corporations before, most recently places like Bank of America, Paypal and a whole host of companies that decided to act against kindred spirit Wikileaks in various ways.
Yesterday, they took down Sony and Playstaion.com, and the Playstation Network was non-functional most of the day. There’s no official confirmation that despite claims of “routine maintenance,” this was actually because of Anonymous, but it seems like an awfully big coincidence if not. By taking down the service, Anonymous would presumably be trying to draw customer’s ire toward the company, as most wouldn’t know who was responsible for the outage.
But today there’s a new battlefront, as Anonymous has turned to start finding and publishing personal information about Sony executives. When the info is located, advice on the forums suggest to crank call them on Skype, place Craigslist erotic personals in their name and send their friends and loved ones “STD postcards” announcing a newly acquired disease. No one ever said they were mature, as often being straight up malicious overshadows the primary directive of the group. Nothing is sacred, and dueling with Anonymous is like trying to have a fistfight where your opponent kicks you in the groin, throws sand in your face and stabs you with a razor blade.

As of now, Sony.com and Playstation.com are online, and the PSN is back up almost everywhere. I agree that Sony isn’t handling this hacking disaster particularly well, but it’s hard to condone Anonymous’s tactics either.

http://blogs.forbes.com/insertcoin/2011/04/05/anonymous-declares-war-on-sony/

Anonymous' Operation Empire State Rebellion Releases "Civil Disobedience" Video #2

Two weeks ago the Anonymous hacker collective released a video indicating it was moving to a peaceful form of civil disobedience, until such time as the Fed is abolished, to be preceded by the "sign of good faith" that is Bernanke's stepping down. Needless to say, so far Bernanke has not quit. So today Anonymous' OpESR has released a second video which unlike the previous one is more or less a collage of hacker-friendly video clips. Hopefully there is some more to this latest form of anonymous activism than the clever use of iMovie...

http://www.zerohedge.com/article/anonymous-operation-empire-state-rebellion-releases-civil-disobedience-video-2

Anonymous targets American Israel PAC: Operation Palestine

OpPalestine
Sunday those claiming to represent the Internet hacktivist group known as "Anonymous" launched a cyber attack against The American Israel Public Affairs Committee (AIPAC). The attack is aimed at the website, aipac.org, and conducted via a modified LOIC (Low Orbit Ion Cannon) used to execute DDoS attacks. A distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
According to the announcement from Anonymous:

America's Pro-Israel Lobby (AIPAC) is known for being one of the most powerful lobbies, keeping politicians in their pockets. During 2009, the U.S. provided Israel with at least 8.2 million per day in military aid and $0 in military aid to the Palestinians.
We are having none of it.

The notice goes on to give "attack instructions" on the installation and utilization of the LOIC (low orbit ion cannon).
Currently Anonymous is experiencing something of a renaissance, with numerous operations running as well as a robust recruitment drive in full swing. Using social media sites like Twitter and Facebook as well as Internet Relay Chat rooms (IRC) the group has conducted successful campaigns against such targets as Scientology, Visa and MasterCard, the Westboro Baptist church and the Internet security firm HBGary.

Nevertheless, it is important to recall that Anonymous is a mysterious organization - a headless monster, lacking any identifying hierarchy or command structure. No one press release, no one statement, no one tweet, no one blog post, speaks for all who pledge allegiance to the group. While there apparently are leaders and followers involved in particular operations, there is no leadership in the traditional sense.

At the time of posting, the AIPAC website was still up and running. The announcement and other information is available via Twitter search: #OpPalestine, as well as a Facebook page "Operation Palestine."

http://www.examiner.com/anonymous-in-national/anonymous-targets-american-israel-pac-operation-palestine

March 2011 - the hardest hit month on record for hacktivist attacks

March is being hailed the most active Hacktivist month on record. So far this month we have seen:

• March 3rd, DDoS attack on Korean e-Commerce and government institutions
• March 4th, DDoS attack on Wordpress.com
• March 6th, attack on the French government’s interest in the G20
• March 9th, DDoS attack on Codero managed hosting provider – disrupting Twitter
• March 9th, group Anonymous declares “Operation Payback” against BMI.com and calls for sustained and disabling attacks from its members

These attacks have prompted the Financial Services – Information Security Advisory Council (FS-ISAC) to issue an advisory (2011-03-24) warning all financial service member companies of a possible Denial-of-Service attack. In preparation it has republished the national CERT guidance.
Those identified as being at high risk include: large financial institutions—banks, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g. electric, gas, internet Service Providers and National Power grid providers.
Radware has devised a checklist to help these institutions secure their networks more effectively.

1) Architecting the perimeter for attack mitigation

• Use a security-in-depth approach to fully prepare for attacks. Employ an anti-DDoS security strategy to alert to, and mitigate, all attack traffic and “clean the pipe” – at the very edge of the organisational network.
• Ensure the solution has perimeter-specific capabilities to detect anomalous reconnaissance and intrusion activities as they happen; repelling all application-level attacks; discriminating between legitimate and illegitimate traffic, and a logging/correlation system to collect detailed attack data and quickly report

2) The need for complementary security technologies

• In addition to basic IPS and firewall protection, deploy a multi-faceted security solution to ensure the mitigation of known and unknown attacks successfully. These should include:
  • Anti-DoS and DDoS attack tools (at the network and application layers) to prevent network flood attacks
  • Network behavioural analysis tools with real-time signature writing capabilities to defend against application misuse attacks and zero-day attacks
  • Intrusion prevention systems to guard against known application vulnerabilities
  • Application-level active defence mechanisms – such as challenge & response
  • Active emergency counter-attack strategies (Smart Hands / Man-in-the-Loop Capability)

3) Be prepared for a counter-attack

• Devise a plan to include skilled technicians in the event of attack to ensure the tools, alerts, correlation and mitigation are being handled properly.
• Ensure the teams are ready to provide immediate assistance and active mitigation or counter-attacking defence actions as soon as the system is under attack.
• Active defence is the concept of a proportional counter-attack to smoulder last vestiges of the DDoS attack and to provide for some necessary closure to a painful incident.

http://www.it-director.com/business/content.php?cid=12677

Internal Affairs website goes down

Days before hackers were set to attack it, the Internal Affairs website is down.
A spokesman for the department said it had not yet established what had happened but was investigating.
Restoring services was the priority, he said.
A video on the internet by hacker collective Anonymous detailed its opposition to Internal Affairs implementing internet filtering this month.
''Internet censorship as seen in China, India, Australia, the United States as well as the United Kingdom has become one of the greatest atrocities to free speech and government transparency since the cold war,'' the group said.
''It is for this that we the people, must and will step forward to dismantle the Government's control over the internet.''
The group promised a series of attacks to start next Monday, but the site was already down today.
''The attacks will continue until The Department of Internal Affairs vetoes their own decision and releases the free flow of information to New Zealand.''
The message concludes: ''You cannot find us. You cannot stop us. We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.''
A message on the Internal Affairs website said it was temporarily unavailable and apologised for the inconvenience.
Technology writers Kris Notaro and Wes Strong have written about Anonymous saying it began as a movement in 2003 on a series of internet chat boards and has gone from targeting small time hypocrites to large multinational corporations bringing it from the background of hacker culture to the forefront of global politics.
It gained notoriety in 2010 after shutting down Mastercard, Visa, and Paypal during what it called Operation Payback.
Those major corporations stopped providing their services to Wikileaks, which had been using them to accept donations into the Wikileaks defence fund.
Last year's Parliament InTheHouse link was taken over by Turkish hacker Iskorpitx.

http://www.stuff.co.nz/technology/digital-living/4804937/Internal-Affairs-website-goes-down

Anonymous sends a message to ‘the South African people’

Anonymous, the shadowy online ‘hacktivist’ group that is rapidly gaining worldwide fame uploaded a video to YouTube on the 18th of March entitled “Message from Anonymous: To the South African people”, calling on the people to rise up and take back their country from corrupt and inept rulers.
The message, which had been viewed 800 times at the time of writing, begins with some grainy footage of wind sweeping over Table Mountain, evoking the famous Winds of Change speech by Harold Macmillan which foreshadowed the end of the colonial era. The video then cuts to a head shot of a smiling mask and a female computerized voice begins with the words “to the people of South Africa, Anonymous would like to address you on the state of your society”.
The message goes on to detail how the people have been robbed of the wealth of the country, and how companies like Anglo American and the Oppenheimer family have gotten rich at the expense of the masses. This is followed by a list of South Africa’s social problems, from drugs and murder to domestic violence and organised gangs “while the police are rendered impotent by the very laws that govern South Africa”.
How long will we allow this to go on, asks the voice of Anonymous, before exhorting the people to “stand up and show the world that enough is enough”. The final part of the message is a warning to the government that the people will stand it no longer, and drives home the message “expect us”.
The tone of the message shifts from speaking in the third person in the first half of the message, to something more inclusive at the end. “We the people are taking our country back”, “Enough of selling our resources to the West” says the voice, and the switch to first person plural indicates that the message originates in South Africa from a homegrown branch of Anonymous.
It’s been a watershed few months for Anonymous. From highly-publicised attacks against the enemies of WikiLeaks to strategic DDOS attacks on Middle Eastern dictatorships and a strategic humiliation of online security firm HBGary, the “hacktivist” group has gone from strength to strength. Just last week, it declared that it would be taking on the might of the ‘global banking cartel‘ in what would be its most ambitious target to date.
This particular message from Anonymous to South Africa is short on details, and offers no solution to the multitude of problems which, to be frank, even the government themselves are aware of. There are no targets, timelines or direct threats which are all hallmarks of Anonymous modus operandi thus far.
The message does seem to be closely associated with a Facebook group called “Taking Back South Africa! 2011“, a community organisation with 300 followers that seems to be advocating a radical overthrow of the political system in South Africa. It even carries the group’s logo at the end.
When approached by Memeburn about its plans for the future, the organisation wrote “Our plan is first of all to create more awareness of this movement and increase online numbers which will allow us to get more material across. We plan to create more videos and written material which we will release online. Our strategy is to focus on 3 core fundamental problems which all South Africans suffer from and can agree on: Poverty, Crime and Government Corruption.”
One of the things which the video does do is point to the fact that, in a leaderless movement such as this, anyone can step forward and claim to speak on behalf of the collective. Is this message really from Anonymous, or is it simply the work of some South African activists who are seeking to shake up the South African political scene with some bold pronouncements? We’ll be watching to see if this develops any further.