DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Teen nabbed after attacks on UK government and FBI sites
August 24, 2015

His lawyers claim that their client was only on the “periphery” of a conspiracy to take down UK government and FBI sites, but a UK teen who didn’t mind boasting online about those crimes now faces the possibility of jail time.

Charlton Floate, 19, of Solihull, England, already admitted to three counts of computer misuse under the Computer Misuse Act and three counts of possessing prohibited images at Birmingham Crown Court.

The attacks took place in January 2013, when Floate and a team of other cyber criminals crippled government sites with deluges of digital traffic sent from malware-infected computers.

Such computers are often called zombie computers, and they’re widely used in botnets to gang up on sites with what’s known as a distributed denial of service (DDoS) attack.

The gang managed to knock out the UK’s Home Office site – a heavily used site that provides information on passports and immigration among other things – for 83 minutes. The group also took down an FBI site – that allowed users to report crime – for over five hours.

The prosecutor, Kevin Barry, reportedly said that in November 2012, Floate carried out two test runs, remotely attacking the computers of two men in the US.

Floate uploaded a sexually explicit video to YouTube to “mock and shame” one of his victims, and he “taunted” the other victim about having control of his computer.

Modest, he was not – Floate also reportedly bragged about the government site attacks on Twitter and on a forum frequented by hackers.

Judicial officer John Steel QC rejected Floate’s legal team’s contention that he was on the “periphery” of the cyber gang, saying that evidence pointed to his actually being central to the crimes, including organizing the attacks.

He said Floate was “clearly a highly intelligent young man”, who had become an expert in computer marketing, had written a book on the subject, and succeeded in taking down an FBI.gov website – what he called the “Holy Grail” of computer crime:

A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved.

He was the person who instituted such attacks and assembled the tools and personnel for doing so.

The Holy Grail it may be but in this case I beg to differ about how successful Floate was in getting his hands on it.

A DDoS attack isn’t a form of sophisticated lock picking, it’s just a noisy way to board the door shut from the outside.

Floate may well be bright but he stumbled once, and that’s all that investigators needed. Namely, he used his own IP address – he worked out of his mother’s home – to check up on how the attacks had gone.

Police traced the address to Floate’s mother’s home, where they seized Floate’s computer and mobile phone.

They also found evidence that he’d tried to recruit others into the gang and that he’d discussed possible weaknesses in certain websites as well as potential future targets – including the CIA and The White House.

Sentencing was adjourned until 16 October, pending a psychiatric report. Floate is currently remanded on conditional bail.

Steel said he hadn’t yet made up his mind about sentencing but added there’s “clearly potential for an immediate custodial sentence” and that Floate “should be mentally prepared for it.’

Source: https://nakedsecurity.sophos.com/2015/08/24/teen-nabbed-after-attacks-on-uk-government-and-fbi-sites/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
FBI Issues DDoS Attack Warning
August 4, 2015

The Internet Crime Complaint Center (IC3) has issued an alert regarding an increasing number of complaints from businesses hit by Distributed Denial of Service extortion campaigns via email. The FBI said it suspects multiple individuals are involved in these ransom plots.

In a typical extortion campaign, the targeted business receives an email threatening a DDoS attackon the company’s website unless it pays a ransom. Ransoms, which are usually demanded in Bitcoin form, vary in price.

The FBI, which established the IC3 in partnership with the National White Collar Crime Center, warned that the attacks are likely to expand to online industries and other sectors, especially those susceptible to suffering financial losses if they are taken offline.

According to the cybersecurity intelligence firm LIFARS, DDoS attacks overwhelm targeted websites with bogus traffic, preventing legitimate users from accessing the website. Businesses that rely on online sales and other types of web-based services are at risk of losing money after such an attack.

Victims that do not pay the ransom receive a subsequent, threatening email claiming that the ransom will significantly increase if the victim fails to pay within a given timeframe. Some businesses reported implementing DDoS mitigation services as a precaution.

Threats vary from disrupting a firm’s website, preventing customers from accessing it, to notifying victims that they will release personal data, which criminals obtain by hacking into the firm’s database.

Businesses that experienced a DDoS attack reported the incidents consisted primarily of Simple Discovery Protocol and Network Time Protocol reflection/amplification attacks, with an occasional SYN-flood and, more recently, a WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit.

DDoS attacks are becoming increasingly potent and are some of the most frequent types of cybersecurity incidents – 18% of respondents cited the attacks in a U.S. State of Cybercrime Survey, a collaborative effort between PwC, CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the U.S. Secret Service.

And, a Verisign report found that DDoS attacks against the financial services industry doubled during Q4 2014 to account for 15% of all attacks. During Q1 2015, 18% of DDoS attacks took place within the financial services industry.

Source: http://www.cutimes.com/2015/08/03/fbi-issues-ddos-attack-warning

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Hackers demand huge ransom from banks to avoid DDoS attacks
July 31, 2015

Hackers are threatening financial institutions, demanding tens of thousands of dollars from them to avoid attacks on their websites.

MarketWatch, citing a Federal Bureau of Investigation (FBI) agent, reported that hackers threatened more than 100 companies including big banks and brokerages in the financial sector to take their websites offline with distributed denial of service (DDoS) attacks, unless they pay large sums.

With DDoS, cyber criminals flood websites with unwanted traffic to stop them from functioning.

Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch that the companies have been receiving such DDoS threats since April.

He added that some companies have paid the ransom money, amounting typically in tens of thousands of dollars. These companies end up facing further trouble as hackers know that they are willing to engage.

“There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs said.

Most of the companies are willing to pay the money to avoid service disruption that could lead to big losses. A distributed denial of service outage could mean losses of more than $100,000 an hour for financial companies, according to information services and analytics company Neustar.

A hacking group leaked details of about 30,000 clients of Swiss bank Banque Cantonale de Geneve, after the Swiss bank declined its request to pay a ransom, Bloombergreported in January.

Source: http://www.ibtimes.co.uk/hackers-demand-huge-ransom-banks-avoid-ddos-attacks-1513450

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
How to minimize the impact from DDoS attacks
July 27, 2015

In early 2000, one of the first known distributed denial-of-service (DDoS) attacks shut Yahoo down for three hours when an attacker repurposed a university’s computers to flood the Internet portal’s traffic. Such synchronized attacks from multiple sources against a sole target characterize DDoS attacks, a relatively new phenomenon as compared to “traditional” denial-of-service (DoS) attacks, which originate from a single source.

Thanks in part to the increased number of devices on the Internet and the availability of high-speed Internet access for the average user, there’s a larger pool of possible sources for all kinds of technological attacks. In the early 2000s, DDoS attacks reached a speed of approximately 4 gigabit/sec. Now, they average between 10 and 60 Gbps per second – or even faster. A DDoS incident this past February peaked at almost 400 Gbps. And the average DDoS attack now lasts 17 hours.

Three types of DDoS attacks have appeared in recent years:

Resource consumption. A common instantiation resource consumption attack is a SYN flood. Attackers initiate a large number of bogus connection requests to a single destination. The targeted server acknowledges the requests, but the attackers fail to send the final pieces of information to complete the “three-way handshake” required to establish a connection between two computers. While the server waits for the expected response, new connection requests continue pouring in until all available connections are consumed, preventing communication with legitimate users. Attackers also may launch a resource consumption attack by attempting to exhaust the target server’s disk space or another finite resource by using legitimate traffic to force the server into creating large numbers of log files.

Bandwidth consumption. Attackers consume all available bandwidth on the networks leading to the targeted server by sending bogus network traffic in quick succession. The resulting surge – which doesn’t have to come from legitimate traffic or even traffic the server usually recognizes as legitimate – renders the targeted server unavailable. Its impact is greater still because it also can take down other servers on the same immediate network.

Keeping connections open.  Attackers complete numerous three-way handshakes to establish legitimate connections, but then use Slowloris software to delay the process by designing each connection to instruct the target that it is “busy.” It’s similar to answering a phone call and then being placed on hold for an hour while the person who called takes care of something else. Allowing for the possibility that these users are operating on slow or unreliable networks, the target server waits. The attackers can keep numerous connections open for extended periods by sending a data fragment to each connection every few minutes, thus tying up the server so it can’t respond to legitimate traffic.

Government networks are frequent targets

DDoS attacks on the public sector accelerated more than on any other industry in the fourth quarter of 2014. Commonly, opposition to legislation or political activism are motivators in DDoS attacks on government. Hackers aim to damage an agency’s finances, reputation or both while gaining notoriety through claims on social media.

Government agencies and the services they offer, by their nature, always will be targeted. And, because DDoS attacks can be launched with increasing ease – even by hackers with little technological expertise – agencies should operate as if a DDoS attack is inevitable. With some advance planning, agencies can reduce the perceived gains from future attacks.

Minimizing hackers’ impact

DDoS attacks cannot be prevented. They come without warning and, equally disconcerting, can escalate from start to peak effectiveness in as little as one minute. While some Internet service providers offer automatic responses, these can cause outages and shut down legitimate traffic at the same time it shuts down bogus traffic.

What agencies can – and should – do is make themselves less appealing targets. Distributing services across various locations, instead of placing them in only one data center, is the first step. That way, a single DDoS attack cannot take the agency’s entire suite of services offline, and the agency won’t have to rely exclusively on the Internet services provider’s solution, which usually is expensive.

Agencies also should consider using a content delivery network, which can mask network connections from attackers, as an entry point to its services. Such services are beneficial, but also expensive, so agencies must consider their cost-to-benefit ratio.

Another step agencies can take is establishing a relationship with a  managed services partner that can provide built-in protections from DDoS attacks targeting services they host. The services partner can distribute the services through different data centers, reducing exposure to and impact from DDoS attacks, while the agency retains control of the mission objectives the services partner delivers.

Government agencies can protect themselves against DDoS attacks. An expert partner will help them determine – before an incident occurs – how the increasing problem of a DDoS attack can be solved.

Source: http://gcn.com/articles/2015/07/27/ddos-attack-mitigation.aspx

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
DDoS Attacks Have Become a Persistent Problem
July 20, 2015

Over the last decade, distributed-denial-of-service attacks have grown from a nuisance to a persistent problem that can potentially cripple a company. The Kaspersky Lab reports that there were 12,281 unique victims of DDoS attacks during the first quarter of 2015, and these attacks targeted Web resources in 76 countries. A new report from security firm Imperva offers a deeper examination of the topic—as well as the risks and repercussions from DDoS assaults. Among other things, the “Imperva DDoS Report 2015″ found that once an organization becomes a target of DDoS attacks, it remains a target; the length of a typical attack extends beyond the period most enterprise executives expect; and, if no mitigation occurs, organizations can lose millions of dollars and also wind up with frustrated customers who decide to give their business to competitive vendors. Imperva collected data in the wild during the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures. Here are some of the key findings from the DDoS report:

Costly Consequences

An unmitigated DDoS attack costs a business U.S. $40,000 per hour, though the consequences can also include lost opportunities, data theft and loss of public trust.


Once a Website is targeted by application layer attacks, it will be attacked again—once every 10 days on average.

Timing Is Everything

71% of DDoS occurrences last under three hours, but 20% span five days or more. The longest known attack lasted 8 days.

Tools of the Trade

UDP (User Datagram Protocol) and SYN floods are the most common methods for launching DDoS attacks. They were used in more than 56% of all attacks.

Multi-Vector Attacks Diminish

56% of all network layer attacks were classified as multi-vector, compared to 81% in March 2014.

Botnet for Hire

40% of all mitigated network layer attacks fell into the botnet-for-hire category. The average subscription fee for a one hour a month DDoS package is roughly $38, with fees as low as $19.99

Application Layer Risks

A spike in activity occurred from devices infected with MrBlack, Nitol, PCRat and Cyclone malware. 15% of all attacks originated from China, followed by Vietnam, U.S., Brazil and Thailand

Bot Evolution

There is roughly the same percentage of primitive bots today as there was a year ago, but more sophisticated methods are emerging.

Searching for Results

Over the course of a year, search engine impersonator bots dropped from 58% of DDoS traffic to less than 1%.

No Escape

Overall, 40% of Imperva’s clients were exposed to attacks from botnets for hire

Source: http://www.baselinemag.com/security/slideshows/ddos-attacks-have-become-a-persistent-problem.html