DDoS DDoS Attack Specialist DDoS Attacks DDoS Protection Specialist
Anonymous Takes Down Minnesota Courts Website for God Knows What Reason
June 24, 2016

An unknown party claiming to be part of the Anonymous hacker collective emailed the StarTribune on Wednesday morning, June 22, claiming responsibility for the ongoing DDoS attacks that downed the Minnesota Judicial Branch’s website for most of the business day.

The attacks started around 8:00 AM, and access to mncourts.gov was restored around 5:15 PM, in the afternoon. At the time of writing, the website is still not accessible from some parts of the world, meaning the IT staff is still limiting access based on an IP filtering system.

“Anonymous Legion” takes responsibility for the attacks

In the email sent to the local newspaper, the hacker(s), who used the Anonymous Legion monicker, said they also managed to penetrate the Minnesota courts’ servers, stole data, and urged the newspaper not to believe the authorities if they denied the incident.

The attackers did not provide any proof to support their data breach allegations. Officials also informed the FBI Cyber Task Force.

This is the second time in six months when this happens to the Minnesota courts system. Last December, DDoS attacks took the same website offline for ten days between December 21 and 31. Previously, the website was hit with another DDoS attack on December 8, 2015.

No clues as to why (or if) Anonymous DDoSed the website

To this day, nobody has discovered who and why attacked the Minnesota courts system. No other judicial branch from any other state has suffered similar attacks.

This Twitter discussion from two cyber-security experts also shows the general confusion as to why Anonymous would attack this target. One of Anonymous’ biggest Twitter accounts has failed to provide any answers as well.

Outside the email the StarTribune received, there was no chatter online about the ongoing DDoS attacks.

It is exactly for these reasons that one of Anonymous’ biggest factions has decided to create a political party in the US, called The Humanity Party (THumP), to serve as the group’s official voice and to discourage smaller factions from launching blind DDoS attacks without any good reason.

THumP says it aims to coordinate Anonymous efforts in order to trigger a change in local politics, but not by launching senseless DDoS attacks, from which it will try to distance itself.


DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
June 23, 2016

The number of distributed denial of service (DDOS) attacks is on the rise and online gaming sites remain the number one target.

According to the latest State of the Internet Security report by Akamai Technologies, the number of DDOS attacks in the first quarter of 2016 was up 125% from Q1 2015 and up 22.5% from Q4 2015.

Online gaming sites – which includes not only gambling but also console gaming networks – were the targets in 55% of the Q1 DDOS attacks, about the same as in Q4. Software & technology sites ranked a distant second at 25%, while media & entertainment were third with just 5%.

On the plus side, the average duration of Q1’s DDOS attacks was 16.14 hours, down more than one-third from Q1 2015.

On the downside, Akamai says multi-vector attacks are becoming more popular, presenting greater challenges for sites’ security practitioners. Single-vector attacks have declined from 56% of the total in Q2 2015 to just 41% in Q1 2016.

Akamai counted a record 19 attacks in which the volume of data topped 100 gigabytes per second (Gbps), up from just five such mega-attacks in Q4. The previous record of 17 100-Gbps attacks was recorded in Q3 2014.

The gaming industry was targeted in three of these mega-attacks, all of which occurred the day before or the day of this year’s SuperBowl, strongly suggesting that the attackers weren’t targeting console gamers.

Akamai believes DDOS attackers are becoming more persistent in targeting specific sites. Targeted sites were hit with an average of 29 attacks in Q1, up from 15 in the same period last year. Akamai credited the rise to the ease with which attackers could now acquire DDOS attack platforms.

Akamai didn’t name names, but Q1’s most frequently targeted website was hit with 283 DDOS attacks, an average of three per day. This type of focus is typical of what Akamai called the latest DDOS trend, in which attackers “hammer away at high-value organizations, regardless of effect, looking for a moment when defenses might drop.”

DDOS attacks are also being used more and more as “a diversion technique to exhaust company resources while attacks are launched against the primary target.” Akamai suggests data exfiltration as the true motivation behind many repeated DDOS attacks.

Akamai believes a lot of DDOS attackers are now mimicking tactics pioneered by the infamous DD4BC group, which offered to forego large-scale DDOS attacks if the victims coughed up a certain number of Bitcoins.

China was the source of 27% of all DDOS attacks in Q1, followed by the United States at 17% and Turkey with 10%. Turkey has now made the top-10 for two straight quarters, which Akamai credited to Russian hackers migrating outside their home country.

Source: http://calvinayre.com/2016/06/23/business/ddos-attacks-rise-online-gaming-top-target/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Anonymous Suspected of Attacks on Central Banks in Indonesia and South Korea
June 21, 2016

Authorities in Indonesia and South Korea have told Reuters about recent DDOS attacks aimed at the websites of their central banks.

Both Bank Indonesia and Bank of Korea took action by blocking IPs from parts of the globe they don’t usually see login attempts from. A Bank Indonesia spokesperson told Reuters that their institution blocked access from 149 countries in particular.

DDoS attacks are carried out using botnets. Botnets are a collection of hacked computers that act in sync based on orders received from the hackers, who control them with the help of a master server, called a C&C (command and control) server.

Usually, the infected machines are spread all over the world, and that’s why blocking IPs from some parts of the world might stymy such attacks. This is usually considered an extreme measure.

DDoS attacks used to mask more serious intrusions

The banking industry is on pins and needless right now, as most organizations are afraid of cyber-attacks and hacks similar to the ones suffered by the central bank of Bangladesh.

Last February, hackers stole $81 million from Bangladesh’s central by hacking the SWIFT inter-bank transaction system.

DDoS attacks are regularly used to mask more serious intrusions, as they keep IT staff busy with repelling the attacks, while hackers use other methods of infiltrating their systems. None of the two banks reported other incidents.

No actual evidence that Anonymous was behind the attacks

Without knowing who exactly carried out the attacks, authorities are now putting the blame on Anonymous, who announced last May a series of attacks aimed at banks around the world.

OpIcarus, as their campaign was called, lasted only for the month of May, and the group shifted focus to stock markets in June, and that’s how OpMayhem started. Additionally, Ghost Squad Hackers, one of the most active Anonymous subdivisions, launched OpSilence, aimed at mainstream media.

Normally, such groups carry out the attacks and spend as much time bragging about what they did on Twitter. There was no chatter from known Anonymous hackers regarding DDoS attacks on the infrastructure of these two banks.

Source: http://news.softpedia.com/news/anonymous-suspected-for-attacks-on-central-banks-in-indonesia-and-south-korea-505490.shtml

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
June 20, 2016

An interesting New York Times article tells the story of how, against the backdrop of generally depressing conditions for the world’s fisheries, those in the United States have started to rebound owing to the combination of science-based guidelines and hard-won, public-private collaboration. The parlous condition of the world’s fisheries is a tragedy of the commons, because although fisheries are a critical source of protein for many populations, endemic overfishing means that 90% of the world’s fisheries are exploited in an unsustainable manner. The recent progress in the U.S. gives cause for hope. In 2014, the Marine Stewardship Council certified the West Coast U.S. fishery as sustainable and well-managed, 15 years after that entire fishery collapsed from overfishing.

DDoS: The Tragedy of the Internet Commons

There is no way you can equate the importance of the Internet to a vital source of daily nutrients for billions of people. Yet the Internet is no doubt a critical ingredient of modern society. And it’s far from being “overfished.” In fact, the Internet is exploding with promising new use cases.

Sadly, the Internet is also exploding with menace. Among other exploits, distributed denial of service (DDoS) is becoming ever more pervasive and dangerous. In the last couple of years, we’ve started to see DDoS attacks that hit a terabit per second or greater in volume. If that isn’t bad enough, attacks have the potential to swell by an order of magnitude thanks to the Internet of Things (IoT) bringing billions of new, poorly secured new devices online, ready to be exploited. Add this all up and we’re facing a future of multi-terabit DDoS attacks, big enough to bring even large Internet service provider (ISP) networks to a grinding halt.

Why is this a tragedy of the commons? One of the chief reasons why DDoS attacks are so common, pervasive and massive is because the Internet infrastructure industry allows Internet Protocol (IP) address forgery on a vast scale, enabling attackers to launch untraceable attacks with impunity from all over the globe. In essence, the Internet is full of poorly engineered networks in which botnets can thrive because those networks don’t implement well-known hygienic measures to check whether computers are sending traffic from IP addresses that have been assigned to them. In fact, up to 40% of the Internet today allows botnets to function unimpeded.

A Better Way Forward for the Internet

Trying to fix DDoS on the Internet can seem daunting, like dealing with all the fish in the seas. This where the progress made in restoring U.S. fisheries provides a hopeful angle. Using the right approach, based on science and sound management, you can really make a difference.

Back in 2000, the Internet Engineering Task Force (IETF)—the global standards body—introduced a Best Current Practice (BCP38) to address the IP-address spoofing problem. BCP38 directs Internet service providers to check incoming data traffic to ensure it’s coming from an IP address registered to the network that sent it.

To verify that IP addresses line up with their sending networks, major network-equipment manufacturers such as Cisco developed reverse-path-forwarding technologies for their routers. This approach is also known as network ingress filtering. A packet filter sits at the edge of a network to spot IP sources that have adopted an address belonging to some other network.

About 80% of large Internet backbone providers today have implemented ingress filtering. If other network operators of all sizes around the world followed suit, they would significantly reduce the impact of DDoS attacks.

When BCP38 made its debut, industry watchers suggested that the federal government should use its massive purchasing power to include ingress filtering as part of its contracting requirements. In this way, the industry could rely on market forces to improve network security, rather than imposing new regulations. But the powerful telecom lobby quickly pushed back, and Congress failed to pass federal contracting requirements.

Using known science like BCP38 is about will power and collaboration. It could take many years to get sound, scientific ground rules in place for the Internet. After all, the Internet isn’t collapsing—at least not yet—so there’s less motivation for the Internet’s commercial interests then there was for fishers who were going out of business. In the meantime, one viable idea is (at least in aggregate) to use market pressures to influence Internet service providers to halt the spread of phony IP addresses and botnet attacks.

Defend Yourself Locally, Contract With the Globe in Mind

There is no magical cure for DDoS attacks or cyber exploits. As long as humans have financial or other incentives, the attacks will continue. IT organizations must invest in an agile, multi-layered approach to defending themselves in the here and now. That effort should include perimeter-based detection systems that operate on a network-wide basis and offer flexibility to adjust alerts to changing conditions. Network organizations should also deploy deep network-traffic analytics that offer unconstrained ad hoc data exploration. Network and security experts can use that visibility to identify new attacks, prune false positive and negative alerts, and continuously improve detection and mitigation practices.

Companies and government agencies have another tool at their disposal. They can use their contracts for Internet services to make a safer Internet by requiring BCP38 compliance as part of all proposal requests. In this way, business leaders and public officials can do their part to prevent the Internet of Attacks and reduce future harm as the industry rolls out the next generation of Internet infrastructure.

Source: https://www.datacenterjournal.com/fishing-cure-ddos-attacks/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak
June 16, 2016
The official English language website of Muslim Brotherhood movement was forced to go offline after facing massive DDoS attacks!

Earlier today, a hacker going by the handle of SkyNetCentral conducted a series of distributed denial-of-service (DDoS) attack on the official website of Society of the Muslim Brothers or Muslim Brotherhood (Al-Ikhwan al-Muslimun in Arabic) forcing the website to go offline despite using CloudFlare DDoS protection service.

The hacker also conducted DDoS attacks on the official website of Freedom and Justice Party, which is an Egyptian political party affiliated with Muslim Brotherhood. That’s not all, the attacker also managed to bypass site’s security and steal Al-Ikhwan al-Muslimun’s files from the database, ending up leaking it online for public access.

Upon scanning the leaked data HackRead found it to be legit and never been leaked on the internet before. The data dump contains IP addresses, email conversation, comments and commenters’ names and IP addresses. It seems as if the hacker only managed to compromise some tables of the database without getting hold of any sensitive data. The only damage that can be caused is tracing the location of the commenters but that’s not a task just anyone can perform.

Here is a screenshot from the leaked data showing comments and IP addresses:


At the moment, the motive behind these attacks is unclear however after going through attacker’s profile it’s evident that they have been targeting Muslim Brotherhood, Council on American-Islamic Relations – CAIR and other similar organizations.

Source: https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/