DDoS takes down UK's Russian embassy website before PM visit to Moscow

It has been 5 years since a British leader has visited Moscow. On the eve of the first visit since a Kremlin critic was killed in London, the website for the Russian Embassy in London was attacked by a distributed denial of service attack.
British Prime Minister David Cameron has been very vocal in the past about the killing of Alexander Litvinenko who was poisoned in 2006 by radioactive polonium-210, but has worked in the last year since taking over as Prime Minister to mend the relationship with Russia and President Dmitry Medvedev.
“Prior to the visit of Prime Minister David Cameron to Russia, the website of the Russian Embassy in London was brought down by a suspected DDoS attack,” the embassy said in a statement.
The site went down on Friday, came back up on Saturday, then fell again on Sunday. It is currently live.

http://www.techi.com/2011/09/ddos-takes-down-uks-russian-embassy-website-before-pm-visit-to-moscow/

HKEx - Hong Kong stock exchange Hacked

Trading in Hong Kong was disrupted on Wednesday by a hacking incident on the Hong Kong Exchange website. "Our current assessment that this is a result of a malicious attack by outside hacking," Charlies Li, chief executive of Hong Kong Exchanges & Clearing, told reporters.

The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks.Although the Hong Kong stock exchange also operates an alternative backup site for posting the results, it chose to halt trading of the affected stocks for the afternoon session.Stocks affected included HSBC, Cathay Pacific, China Power International and the Hong Kong exchange itself.It is unclear at this point whether the attack actually compromised the site, or if it was merely a denial of service attack.

"It was the first time for a suspension due to such a kind of technical problem and one involving so many companies," Alfred Chan, chief dealer at Cheer Pearl Investment in Hong Kong. Hackers attacked the Zimbabwe stock exchange website on Friday, forcing a shutdown of the site and hampering traders monitoring performance on the 79-company bourse.

http://www.thehackernews.com/2011/08/hkex-hong-kong-stock-exchange-hacked.html

Morocco: Militant Website Sustains DDoS Attack

The Moroccan militant website Mamfakinch! has come under a distributed denial-of-service (DDoS) attack on Sunday 31 July, 2011, which blocked the access to its main platform for several hours. The website is now back online.
What is Mamfakinch! and why has it been attacked?
Mamfakinch!
In the wake of the Arab revolutions, a couple of Moroccan online activists launched a militant website on February 17, 2011. They called it Mamfakinch!, which in Moroccan Arabic means “We won't give up!”.

In the six months of its existence Mamfakinch! has attracted a record audience of over a million unique visitors across its two main outlets which comprise an online news portal and a blog. The site's goal, according to its members, is to provide a platform for free expression for opposition voices and pro-democracy activists.
Against the backdrop of the Arab revolutions, Mamfakinch! set about to aggregate, curate and disseminate citizen media material, emulating the work of similar outlets in the region, notably the celebrated Tunisian news portal Nawaat.org.
But as Mamfakinch! readers and supporters have grown in number, so too have its detractors. “The website has gained a lot of popularity in the Moroccan activist blogosphere but we had also attracted a lot of enemies. Attacks against the website have started very early on but they are becoming increasingly aggressive” says this site's co-manager who also explains that the platform is receiving regular threats and countless derogatory comments. [Please note: the Mamfakinch! representatives interviewed in this article wish to remain anonymous].
One video recently surfaced on the internet purporting to show an attack against Mamfakinch!. The site was quick to publish an article [Fr] in which it (very sarcastically) dismissed the alleged attack as “a miserable spoof”.
The Attack
This Sunday, while the website was securing the exclusive live coverage of the pro-democracy marches and demonstrations being held across the kingdom, access to its main portal was denied. The blockade lasted for several hours before the site again became accessible late in the evening.
According to the site administrators, Mamfakinch! came under a large-scale DDoS attack. “The attack seems to originate from thousands of dynamic IPs localted in Saudi Arabia (!)” says the website's webmaster. The site's server has, in the matter of a few hours, became overloaded with the amount of new automated IPs' requests.
“The site is now up and running and we have taken measures to insure that such attacks don't happen in the future… although no one can be absolutely sure” says this co-founder of the site who adds that his colleagues, “for obvious security reasons, prefer not to disclose details of the steps taken to secure access to the site.”
Like in Ben Ali's Tunisia
Before the revolution in Tunisia, Morocco was praised for the relative freedom enjoyed by its internet users. But the country is now seeing a surge in attacks against online dissidents, several of whom have had their Facebook or email accounts hacked into. Phishing techniques were probably used to harvest account passwords.
DDoS attacks, infiltration techniques and blockage of dissident domain names were common during the Ben Ali era in Tunisia. Those types of attacks are increasingly becoming commonplace in Morocco. The site of the irreverent magazine Demain Online has not yet recovered from an attack it suffered over a month ago. The website 20Fevrier.com, believed to be related to the pro-democracy movement in Morocco, also came under attack several weeks ago. It has been offline ever since.
“The more they attacks us, the more we learn!”
Paradoxically, in the Arab world, the most experienced activists usually come from the most repressive environments. After a long confrontation with their governments, Tunisian and Egyptian activists have become experts in circumvention tools. This expertise is now being transferred to other countries in the region where militants are learning each day as they struggle against attempts to censor their voices online.
This statement from a member of Mamfakinch! sums up the situation quite well: “The more they attack us, the more we learn! Let them come!”

Anonymous unsheathes new, potent attack weapon

Better DDoS attacks ahead

Members of Anonymous are developing a new attack tool as an alternative to the LOIC (Low Orbit Ion Cannon) DDoS utility.
The move follows a spate of arrests thought to be connected to use of the LOIC, which by default does nothing to hide a user's identity.

The new tool, dubbed RefRef, due to be released in September, uses a different approach to knocking out websites. LOIC floods a targeted site with TCP or UDP packets, a relatively unsophisticated yet effective approach, especially when thousands of users use the tool to join voluntary botnets.

RefRef, by contrast, is based on a more sophisticated application-level approach designed to tie up or crash the servers behind targeted websites instead of simply flooding them with junk traffic, according to a blog post on the development by an Anonymous-affiliated blog.
"Anonymous is developing a new DDoS tool," the post explains. "So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website."
RefRef, which uses a "target site's own processing power against itself" is undergoing field trials, with tests against Pastebin, the blog post by AnonOps Communications reports.
Arrests in UK, Spain and Turkey connected to LOIC-powered attacks have already prompted some core members of Anonymous to move towards using a new server and dropping LOIC in favour of other attack tools, such as Slow Loris and Keep-Dead DoS. This now seems to be purely a stop-gap measure while RefRef undergoes development.
LOIC was originally developed for network stress-testing, but later released into the public domain where, years later, it became a weapon of choice for hacktivists, most notably in the Operation Payback attacks against financial service organisations that blocked accounts controlled by Wikileaks last December following the controversial release of US diplomatic cables.
The problem with LOIC is that unless attacks are anonymised by routing them through networks, such as Tor, then users will be flinging junk packets that are stamped with their IP address at the targeted systems. These IP addresses can then be traced back to suspects by police.
Whether or not RefRef does a better job at anonymisation, by default, remains unclear but early experiments suggest that Anonymous is brewing a more potent attack tool. "Supposedly, the tool will DoS a targeted website with ease," Dancho Danchev, an independent cyber-threats analyst told El Reg. ®

Network Solutions Fights Off Multiple DDoS Attacks:

Two attacks on consecutive days left Web host and domain name registry Network Solutions' customers unable to access their Web sites and servers.

A distributed denial-of-service (DDoS) attack was carried out against Network Solutions on yesterday afternoon, and again this morning, according to a post on the company's official blog by spokesman Shashi Bellamkonda.
"Our engineers worked quickly to mitigate the attacks and services are in the process of being restored," he wrote. "We continue to monitor this situation, as potential risk still exists for these attacks to recur."
Some customers complained of outages and said they could not reach the sites hosted by Network Solutions, and were having trouble accessing their e-mail and reaching their servers as of Tuesday afternoon. The company's Twitter feed was still saying that employees were working on bringing its network back online.

http://news.hitb.org/content/network-solutions-suffers-two-ddos-attacks