Pakistan Government gets DDoS – Government Official websites go black!

At about 7:00 PM Pakistan Time on Sunday the 6th March, almost all of the websites hosted by the Government of Pakistan – were down due to distributed denial of service attacks. Government of Pakistan websites are hosted by their absolutely incompetent agency called National Telecommunication Corporation (www.ntc.net.pk ) and are protected by Internet’s most famous scammers, Server4Sale / BlockDos.

The websites of Senate, FIA (Federal Investigation Agency), National Assembly, and all the Ministries, etc. including the official portal of Pakistan (www.pakistan.gov.pk) were all down due to the inability of NTC and sammers Server4Sale / BlockDoS to handle the DDoS attack.
Recently, after awarding a controversial contract to Server4Sale / BlockDoS which is possibly going to be investigated for collusion by Transparency International and the Auditor General of Pakistan, the downtime of these websites has increased dramatically.
As per contract details there is penalty of Rs. 10,000 per minute that websites are down. On Sunday the attack continued, and it seemed as though both the entities involved in the protection of Pakistan Government’s Official Websites were incapable of doing a simple job of protecting them.

http://dos-attacks.com/2011/03/06/pakistan-government-gets-ddos-government-official-websites-go-black/

CO.ZA suffers DDoS attack

Attempts to datamine the CO.ZA web Whois service causes an inadvertent DDoS attack which influences service availability
Many users complained about service problems on the CO.ZA web Whois service this weekend, and Uniforum now confirmed that they have experienced problems which resulted in delayed response times or degraded service availability.
“According to our investigations it appears that attempts to data mine the CO.ZA web Whois service has resulted in an inadvertent Distributed Denial or Degradation of Service (DDoS) attack,” said Theo Kramer, UniForum SA Chairman.
Kramer explained that their Whois system has been under severe pressure over the weekend as a result of what appears to be distributed data mining attempt on our web Whois service.
“Necessary remedial steps are being taken and we are monitoring our systems to ensure that the impact of this bot flood is minimized,” said Kramer.
Kramer also advised users to make use of http://captcha.coza.net.za or whois://whois.coza.net.za while they address this issue.
“The CO.ZA registration system, DNS system, EPP test system and alternate Whois systems were not affected,” said Kramer.

http://mybroadband.co.za/news/internet/19059-COZA-suffers-DDoS-attack.html?utm_source=twitterfeed&utm_medium=twitter

4chan hackers leak internal Bank of America emails

Anonymous, a group of online hackers that frequently take up politically charged causes such as bringing down the websites for Visa and other credit card companies, has released a massive batch of internal Bank of America emails.
It looks like the hacker group, which frequents online message board 4chan, made good on a promise Wikileaks founder Julian Assange made several months ago. Anonymous sided with Assange when several sites and services like PayPal cut ties with Wikileaks’ enigmatic founder amid concerns about the legality of the site. Assange and Wikileaks indicated that they planned to publish the documents in December.
But that was then — before Assange was arrested on suspicion of sexual offenses in December. Wikileaks began making headlines after it released 251,000 secret U.S. state department documents. The site created a stir among world governments, who have denounced the site’s actions, and it was booted by its domain name service provider EveryDNS. Assange and the sie also had their accounts suspended from Amazon’s S3 and EC2 online cloud hosting services and PayPal.
Anonymous’ host site for the internal emails has received enough traffic to bring it to its knees. VentureBeat reporters were unable to access the site shortly after the documents were posted. Errors indicated that the site had crashed due to a traffic overload — which kind of ironic after Anonymous coordinated massive direct denial of service (DDoS) attacks on other sites that are designed to send inordinate amounts of traffic and overload servers.
The documents indicate that Bank of America improperly foreclosed on several homes during the height of the financial crisis in 2008 that began one of the worst recessions since the great depression. The report came from a former employee with Balboa Insurance — a risk management and insurance firm. The employee reportedly corresponded with Bank of America employees and was told to falsify loan numbers on documents to force Bank of America to foreclose on homeowners.

http://venturebeat.com/2011/03/13/anonymous-bank-of-america/

Facebook: DDoS attacks don't down the site, our screw-ups do

TechRadar met up with a number of Facebook engineers today, who explained the changes that were happening with the site in terms of implementing HTML 5 and how they work with the daily challenges of keeping the site upright.
One of the things mentioned was how the company works to curtail DDoS attacks, which according to Facebook happen very rarely.
"As far as I know, we have only had one or two DDoS attacks on the site," explained David Recordon, senior open programmes manager, at Facebook.
"You would need a pretty big botnet to attack us and I don't think they would want to put all their effort into downing the site and expose their ways.
"When we have site blips people think we are having an attack – it's not, it is usually us screwing up but it's fixed within an hour."
Facebook attack
To keep Facebook and its API free from attack, the site does have a number of teams in place that monitor the site for security flaws and try and fix them ad hoc.
Recordon explained that there is a "site integrity team" in place whose sole job it is to check the site for imperfections and there are other techniques being used.
"We use a combination of technology and the systems that we have built from scratch," said Recordon.
Jason Cross, the first UK-based Facebook platform engineer, told to TechRadar that there are other security measures in place, one of which is protecting its Like button functionality from click jackers.
"We have click-jacking prevention techniques that we don't talk about and we try and stop it within our code, but we also speak to browser vendors," said Cross.

"Click-jacking is a very clever hack that people are doing. There is an on-going dialogue across the whole industry to prevent this, though."
Security response
Jason Sobel, engineering manager at Facebook, explained to TechRadar that there were internal security procedures in place if the site is compromised, but there is also a reliance from external sources to let them know what is going on.
"We have a number of levels of security response," explained Sobel.
"We have a security incident team, and we get reports from white hat hackers who are trying to help us out which is great.
"We have other security glitches that aren't reported to us directly but we try and fix them within hours of them happening.
"We also have a team of internal white hats who find security holes before they are made public and this again is a massive help."
Code red
Interestingly, problems with Facebook that come from the site's code are ultimately down to the person who created it.
So an engineer, no matter how low down the chain he is, could expect a midnight call if things on the site go awry and it is their code that is causing the problems.
"There are 24/7 engineers who watch all the monitoring data we have and make sure that if there is something that crashes or there are unusual trends on the site, we can fix them," said Sobel.
"If they don't know how to fix it, then we have app operations who know how to solve a vast number of problems. But the last resort is that we phone the engineer who created the code in the middle of the night to sort it."
Cross, who recently came back from a Facebook boot camp where he created some code for the site's photo section, explained a bit more about the situation.
"The developer has ultimate responsibility for the code, from its inception up until it is superseded.
"So it is scary if you are that developer, but what that makes you do is write code in the right way.
"It is all about relationship and accountability."

  

http://www.techradar.com/news/internet/facebook-ddos-attacks-don-t-down-the-site-our-screw-ups-do-935088?src=rss&attr=newsintern

WordPress.com DDoS Attacks Primarily From China

After recovering from the largest Distributed Denial of Service attack in the service’s history (“multiple Gigabits per second and tens of millions of packets per second”) yesterday morning, blog host WordPress.com was attacked again very early this morning, finally stabilizing its service at 11:15 UTC (around 3:15 am PST).
WordPress.com serves 18 million sites, many of them news sites like our own,  which lead some to conjecture that the attacks had come from the Middle East, a region experiencing its own Internet issues at the moment. Not so says Automattic founder Matt Mullenweg, who tells me that 98% of the attacks over the past two days originated in China with a small percentage coming from Japan and Korea.
According to Mullenweg one of the targeted sites was a Chinese-language site operating on WordPress.com which also appears to be blocked on Baidu, China’s major search engine. WordPress.com doesn’t know exactly why the site was targeted and won’t release the name until it does. Based on the extent of the attacks Mullenweg tells me that they appear to be politically motivated.

“WordPress.com was hit with a another wave of attacks today (the fourth in two days) that caused issues again. This time we were able to recover more quickly, and also determined one of the targets to be a Chinese-language site which appears to be also blocked on Baidu. The vast majority of the attacks were coming from China (98%) with a little bit of Japan and Korea mixed in.”

While Mullenweg tells me that DDoS attacks are fairly common at WordPress.com but its the strength of its infrastructure (distributed across three data centers in three cities) usually prevents anyone from noticing. The recent attacks have impacted not just WordPress.com sites, other servers in the same part of the network causing the outages. WordPress.com is collaborating with upstream providers to shift the attacks.
Says Mullenweg, “Right now there are huge asymmetric risks on the internet because any bad actor, for a few tens of thousands of dollars, has the online equivalent of a dirty nuke and can bring even the largest sites to their knees and silence millions of voices.”
WordPress.com isn’t the only one suffering from recent DDoS attacks, a slew of South Korean sites also took a hit during the same time period.

http://techcrunch.com/2011/03/04/wordpress/

Dozens of South Korean Websites Attacked

 

(SEOUL, South Korea) — Hackers attacked about 40 South Korean government and private websites Friday, prompting officials to warn of a substantial threat to the country's computers.
The South's National Cyber Security Center said they had seen signs of a "denial of service" attack, in which large numbers of computers try to connect to a site at the same time in an attempt to overwhelm the server.

A top South Korean cybersecurity company, AhnLab, said in a statement that the targets included websites at South Korea's presidential office, the Foreign Ministry, the National Intelligence Service, U.S. Forces Korea and some major financial institutions.
The Korea Communication Commission said websites had reported no immediate damage.
AhnLab spokesman Park Kun-woo said the attacks were similar to ones that have targeted South Korean websites in the past, in that they were denial of service attacks and largely targeted the same sites.
AhnLab said a computer user discovered a bug in their system Thursday night. After analyzing it, AhnLab found malicious software designed to attack websites and told the targets in advance so that they could prepare. As a result, Park said, there had only been a brief slowing of some of the websites.
AhnLab was providing free programs to repair infected computers.
Government officials have said that previous denial of service attacks on South Korean government websites were traced to China. It was not immediately clear where Friday's attack originated.

Park said people often point to China as the source of such attacks because a large amount of malware originates there. Malware is malicious software designed to access a computer without the owner's consent.
Cyberattacks on South Korea in 2009 were initially blamed on North Korea, but experts later said they had no conclusive evidence that Pyongyang was responsible.
South Korean media have previously reported that North Korea runs an Internet warfare unit aimed at hacking into U.S. and South Korean military networks to gather information and disrupt service.

 

http://www.time.com/time/world/article/0,8599,2057185,00.html?goback=.gde_2677290_member_45926840

Anonymous resumes Operation Payback with attack on BREIN

Anonymous, while continuing their actions to support protestors in North Africa, the Middle East, and Wisconsin, has resumed their most infamous operation to date - Operation Payback. On Thursday, the mass protest started with a Distributed Denial-of-Service (DDoS) attack on the Dutch anti-Piracy organization BREIN.

The attack on BREIN (anti-piracy.nl) started just after 12:00 a.m. on Thursday morning Eastern Standard Time. In a matter of minutes, 10 people using the LOIC software Anonymous is known for, were able to take the organization’s website offline.
From that point, it remained offline, only appearing intermittently around 04:00 EST. At the time this article goes to press, the domain is offline.
BREIN is the Dutch acronym for Protection Rights Entertainment Industry Netherlands. It’s also the Dutch word for brain. They have been linked to Hollywood anti-piracy efforts, and were selected by Anonymous for recent actions against a large Warez domain that impacted a legit business in the crossfire.
While targeting a Warez (illegal software) Topsite, BREIN seized several servers from hosting provider WorldStream. Among the equipment seized were servers owned by a legit ISP with no connection to the illegal software domain. According to reports, the ISP owner lost $138,000 USD worth of equipment in the BREIN raid.
TorrentFreak has more information here, including allegations of BREIN installing backdoors on the seized servers and hijacking the ISP owner’s GMail accounts.
In addition to the Warez raid that snared a legit business, Anonymous is also targeting BREIN for Operation Payback’s resurrection because of their involvement with the takedown of 11 Usenet related domains.
While the Usenet domains also included access to illegal software, BREIN’s actions resulted in cutting Usenet connections to legitimate groups, removing their right to communicate in the process. In all, the Usenet raids by BREIN impacted nearly a million people.
Right now, Anonymous is using the DDoS attack on BREIN to build momentum. They plan to stick with smaller targets until support grows. Once that happens, then the sky is the limit for them when it comes to selecting a new target for cyber protest.

“Since early 2011, Anonymous has busied itself with very successful operations which it can be very much proud of. Not only has Anonymous proven that it is a force to be reckoned with, it has grown in strength and diversity, and it continues to gain numbers and attract attention from all over the world,” a statement from Anonymous reads.
“Operation Payback has now begun its "researching" phase, due to some actions taken by some copyright organisations, including "BREIN", who have censored popular sites on the internet over the past couple of weeks. This censorship can't be taken lightly, it is time to avert some attention to them and enable them to [realize] that this kind of censorship will not be tolerated, Anonymous style.”
Operation Payback started as a campaign by Anonymous against the anti-piracy efforts of groups such as the RIAA, MPAA, ACS Law, AiPlex, and AFACT. In addition, the operation has also taken on, and taken out, MasterCard, Visa, the Swiss bank Post Finance, PayPal, and others.
Update:
Five minutes after this story was published, Anonymous started targeting ifpi.org.
From their domain: "IFPI represents the recording industry worldwide, with a membership comprising some 1400 record companies in 66 countries and affiliated industry associations in 45 countries."

http://www.thetechherald.com/article.php/201109/6896/Anonymous-resumes-Operation-Payback-with-attack-on-BREIN