DDoS attack firing Rabobank offline

Dutch media are reporting that last weekend, the RABO bank suffered from system failure rendering its online banking facilities inaccessible for several hours. Today it turns out that the cause had been a Denial of Service (DOS) attack. The bank will now go and file a criminal complaint with Dutch law enforcement authorities.
On the same day the Dutch Minister for Security and Justice Mr. Ivo Opstelten announces the birth of a National Cyber Security Center as well as the expansion of the Dutch Team High Tech Crime to remedy the cyber threat.
The Dutch Police Union (ACP) made public that legal encryption tools pose a big threat to enforcement activities both on a national and international level. It wants the developers of encryption software to cooperate with enforcement authorities and calls for international regulatory measures as well.

http://vrritti.com/2011/02/22/dutch-rabo-bank-to-file-criminal-complaint-having-suffered-cyber-attack-dutch-national-cyber-security-center-coming-up-and-call-to-address-problems-caused-by-data-encryption/

Westboro Baptists Stage Fake Anonymous Threat

The controversial Westboro Baptist Church isn't exactly a beloved organization. However, when it claimed that ethereal hacking group Anonymous had threatened to take the WBC down, it was apparently just a bold-faced lie to garner publicity.
Anonymous is known for taking on targets big and small that range from the U.S. government to Gene Simmons. One common thread through Anonymous' attacks is that they all seem to go along with the group's ideals of open government or freedom of speech.
The WBC has some pretty insane views, in my humble opinion, the least terrible of which calls Batman and Superman false idols. At the worst, the WBC praises terrorism for, well, some crazy reason probably not even worth discussing. The organization claims it received an open letter from Anonymous that said: "We will target your public websites, and the propaganda and detestable doctrine that you promote will be eradicated; the damage incurred will be irreversible, and neither your institution nor your congregation will ever be able to fully recover."
Anonymous put out a press release denying it had written the letter, believing it to be a trap to "harvest IPs to sue." The press release reads: "When Anonymous says we support free speech, we mean it. We count Beatrice Hall among our Anonymous forebears: 'I disapprove of what you say, but I will defend to the death your right to say it.'"
While it might be nice to see Anonymous take on the WBC, it unfortunately just doesn't make sense. It'd be like taking down the website of the crazy guy that yells at you when you walk down the street, on a slightly larger scale.

http://www.escapistmagazine.com/news/view/107893-Westboro-Baptists-Stage-Fake-Anonymous-Threat

US domain seizures disable 84,000 websites

Thousands of legitimate websites were apparently accidentally taken offline last week, when the US Departments for Justice and Homeland Security seized the domains of websites allegedly hosting counterfeiting and child sexual abuse content (also reported here and here).
It appears that the DHS unknowingly targetted the dynamic DNS service afraid.org, which provides URLs for 84,000 websites under subdomains of mooo.com. As a result, thousands of innocent website owners found their homepages replaced with the following message:

The seizure of mooo.com was reversed last Sunday, but at the time of writing the DHS is yet to publically acknowledge its mistake.
Domain seizures have become a subject of controversy in the US, where copyright-related seizures have become increasingly commonplace. Critics claim that the practice violates the First Amendment of the US Constitution by placing a “prior restraint” on speech.
The practice is likely to re-ignite long-standing international concerns about the US government’s privileged relationship with ICANN. Foreign governments, especially those in the Middle East under pressure from a populace newly empowered by the Internet, will draw attention to the contrast between this US action to enforce its own laws and its support for unrestricted free speech abroad.
On the other side of the Atlantic, Nominet is consulting on its own domain deletion policies. The US mistake will give Nominet reason to be very careful about adopting procedures that give an unbalanced assumption of authority to law enforcement complaints.

https://publicaffairs.linx.net/news/?p=2866

DDoS attacks: coming to a network near you

There has already been much fallout from the recent massive release of information by the WikiLeaks organisation--including attacks on WikiLeaks itself by those angered by its actions that aimed to disrupt and discredit the organisation. This saw WikiLeaks targeted by a variety of sustained distributed denial of service (DDoS) attacks that aim to make its web presence inaccessible.
Although these attacks were seen to be relatively modest in size and not very sophisticated, the publicity that they received has served to raise awareness of the dangers of such attacks, which can be costly and time-consuming to defend against. DDoS attacks occur when a hacker uses large-scale computing resources, often using botnets, to bombard an organisation's network with requests for information that overwhelm it and cause servers to crash. Many such attacks are launched against websites, causing them to be unavailable, which can lead to lost business and other costs of mitigating the attacks and restoring service.
DDoS attacks are actually extremely widespread. A recent survey commissioned by VeriSign found that 75% of respondents had experienced one or more attacks in the past 12 months. This is echoed in recent research published by Arbor Networks of 111 IP network operators worldwide, which showed that 69% of respondents had experienced at least one DDoS attack in the past year, and 25% had been hit by ten such attacks per month. According to Adversor, which offers services to protect against DDoS attacks, DDoS attacks now account for 4% of total internet traffic. Another provider of such services, Prolexic Technologies, estimates that there are 50,000 distinct DDoS attacks every week.
The research from Arbor Networks also shows that DDoS attacks are increasing in size, making them harder to defend against. It found that there has been a 102% increase in attack size over the past year, with attacks breaking the 100Gbps barrier for the first time. More attacks are also being seen against the application layer, which target the database server and cripple or corrupt the applications and underlying data needed to effectively run a business, according to Arbor's chief scientist, Craig Labovitz. Among respondents to its survey, Arbor states that 77% detected application layer attacks in 2010, leading to increased operational expenditures, customer churn and revenue loss owing to the outages that ensue.
Measures that are commonly taken to defend against DDoS attacks include the use of on-premise intrusion detection and prevention systems by organisations, or the overprovisioning of bandwidth to prevent the attack taking down the network. Others use service providers, such as their internet service provider (ISP) or third-party anti-DDoS specialists, which tend to be carrier-agnostic, so not limited to the services offered by a particular ISP. The first two options are time-consuming and costly to manage by organisations and they need the capacity to deal with the massive-scale, stealthy application-layer attacks that are being seen.
With attacks increasing in size and stealthier application-layer attacks becoming more common, some attacks are now so big that they really need to be mitigated in the cloud before the exploit can reach an organisation's network. ISPs and specialist third-party DDoS defence specialists monitor inbound traffic and when a potential DDoS attack is detected, the traffic is redirected to a scrubbing platform, based in the cloud. Here, the attack can be mitigated thus providing a clean pipe service--the service provider takes the bad traffic, cleans it and routes it back to the network in a manner that is transparent to the organisation.
Guarding against DDoS attacks is essential for many organisations and vital especially for those organisations with a large web presence, where an outage could cost them dearly in terms of lost business. DDoS attacks are becoming increasingly targeted and are no longer just affecting larger organisations. Rather, recent stories in the press have shown that organisations of all sizes are being attacked, ranging from small manufacturers of industry food processing equipment and machinery through to large gambling websites.
By subscribing to cloud-based DDoS mitigation services, organisations will benefit from a service that not only provides better protection against DDoS attacks than they could achieve by themselves, but can actually reduce the cost of doing so as the cost of hardware and maintenance for equipment required is spread across all subscribers to the service and organisations don't need to over-provision bandwidth as the traffic is directed away from their networks. For protecting vital websites, subscribing to such a service is akin to taking out insurance for ensuring that website assets are protected, and the organisation can protect itself from the cost and reputational damage that can follow from a successful DDoS attack that renders services unavailable

http://www.computerweekly.com/blogs/Bloor-on-IT-security/2011/02/ddod-attacks-coming-to-a-network-near-you.html

The Leaked Plan to Attack WikiLeaks and its Supporters

Anonymous could launch Stuxnet attack on Iran

Anonymous, the leaderless 'hacktivist' collective that recently launched DDoS attacks in support of WikiLeaks, claims to have got hold of the Stuxnet worm - and could use it to launch further attacks on targets including Iran's nuclear programme.


Israeli and US secret services are alleged to have created Stuxnet in order to launch the sophisticated cyber attack on Iran.
Anonymous claims it has obtained details of the worm from the emails of security researchers HBGary, after the collective attacked the company's website earlier this month in revenge for the US firm's help for the FBI in identifying alleged members of Anonymous.
As yet, Anonymous has not announced its intention to use the malicious code - but the 'online living consciousness' has signalled its disapproval of the Tehran regime in an open letter to the Iranian people, stating:
"People of Iran, you will not be denied your right to free speech and free press; your right to freedom of assembly, uncensored information and unlimited access to the Internet; your right to a life without oppression and fear."
The group plans to launch attacks in support of the country's pro-democracy 'green movement'.
But security experts have raised doubts over Anonymous's ability to exploit the worm in order to carry out attacks on Iran - in particular with regard to high-profile targets such as the Bushehr nuclear reactor complex, the target of the original attacks last year.

Russian experts working on the reactor recently warned the Kremlin that damage caused by the earlier Stuxnet attack could cause 'another Chernobyl' if Iranian nuclear chiefs press ahead with their existing timetable for bringing the site on-stream.
"It would be possible [for Anonymous to use Stuxnet in an attack]," Orla Cox of security analysts Symantec told the UK's Guardian newspaper. "But it would require a lot of work, it's certainly not trivial.
"The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target - that requires a lot of research."

http://www.thinq.co.uk/2011/2/14/anonymous-may-launch-stuxnet-attack-iran/

DDoS bot Darknessis given away for free

A DDoS (distributed denial-of-service) bot called Darkness, which can be used to put websites offline, has been released for free on cyber-criminal forums.
This botnet tool, which attacks websites by creating a high number of page requests to let servers reach their maximum capacity and force them to crash, is very popular in hacker community because it’s more effective than many other tools.
 This means DDoS attacks are now both easier and cheaper to run, and the potential threat to individuals and organizations is sensitive.
 Although Darkness does not use any new DDoS techniques, its coding is widely considered to be tighter than most of its contestants, so needs fewer resources to perform the same number of attacks. This means that fewer systems need to be infected and controlled by the bot for it to be effective.

 The group behind cyber threat information site Shadowserver, who describe their mission as “to understand and help put a stop to high stakes cybercrime in the information age”, said: “Darkness is an effective and efficient DDoS bot. With this free public release we expect to soon see a wider deployment of Darkness command and control servers.”
 DDoS attacks have been prevalent recently. Both MasterCard’s and Paypal’s European sites were forced offline late in 2010 by supporters of whistle-blowing web site Wikileaks.

http://technewscast.com/tech-security/ddos-bot-darknessis-given-free/