Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
Hong Kong Student Gets Probation Time for DDoS Attack During Occupy Campaign
July 28, 2016

A judge at the Fanling Court in Hong Kong has sentenced Chu Tsun-wai, 20, of Hong Kong, to 15 months of probation for launching a DDoS attack on a Chinese bank’s website during the 2014 Hong Kong Occupy protests.

The judge also ruled that the suspect’s Mac computer be confiscated as punishment for carrying out the attack, SCMP reports.

Chu, who is one of the top students at his university, had decided to get involved in the Occupy protests that were taking place in Hong Kong during the autumn of 2014.

Teen was inspired by one of Anonymous Asia’s videos

The teen saw a video posted online by the Anonymous hacker collective, which was warning Hong Kong police to stop the violence against Hong Kong Occupy protesters.

The group threatened to hack government websites and release personal information belonging to Hong Kong police officers. The group also called out for others to participate in its protests.

The prosecution says that Chu went online and searched on Google for ways to carry out DDoS attacks.

He launched one such DDoS attack against the Shanghai Commercial Bank’s website. Police say that the student sent 6,652 HTTP requests in 16 seconds on the bank’s website, on October 12, 2014.

Bank website barely noticed the attack

This sounds odd since a Web server should, in theory, be capable of handling much more than 6,000 requests per second, but Chinese authorities have come down hard on people who participated in the protests, to begin with.

The judge was lenient on Chu because this was his first offense and because the bank’s website didn’t go offline.

Chinese news outlet Ejinsight reports that one of Chu’s professors wrote the judge a letter asking the judge to give the suspect a second chance.

Public broadcaster RTHK reported that Chu also stands to face disciplinary hearings at his university.

Below is the original video that started it all, with the Anonymous group calling out for attacks against Hong Kong police officials during the Occupy protests.

Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks
DDoS attacks increase by over 80 percent
July 27, 2016

In the second quarter of this year DDoS attacks increased by 83 percent to more than 182,900, according to the latest threat report from security solutions company Nexusguard.

The report shows that Russia has become the number one victim country. Starlink — a Russian ISP supporting small, medium and large enterprises — received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, as measured in the previous quarter.

Nexusguard’s researchers attributed this increase to nationalist hactivists organizing a targeted attack to take out Russian businesses, rather than outbreaks driven by popular DDoS-for-hire activity. As a result, they advise businesses to safeguard their infrastructures and check service provider security to ensure continuity for their web presence.

The United States and China continue to hold spots in the top three target countries. Brazil remains in the top 10, as well, but saw its attacks decline by more than half. Nexusguard also recorded increases in other attack varieties, including routing information protocol (RIP) and multicast domain name system (mDNS) threats. Hackers are experimenting with new attack methodologies, and with the upcoming Olympics in Brazil and political tensions around the world, researchers predict these factors will contribute to a DDoS spike in Q3.

“We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” says Terrence Gareau, chief scientist at Nexusguard. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US. The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure”.


Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Defend Against DDoS Stop DDoS Stop DDoS Attacks
Internet Service Providers in Mumbai targeted in DDoS attack
July 25, 2016

By Asheeta Regidi

Internet service providers (ISPs) in Mumbai are being targeted in a distributed denial of service attack (DDoS), said to be India’s largest ever attack, and also the world’s largest attack against ISPs. The attack is of a huge magnitude of 200 gigabytes per second. This is the reason behind the recent slowing down of the internet experienced by users around Mumbai. In a first, an FIR was filed against the DDoS attack with the Mumbai police.

What is a DDoS attack?

Most websites are designed to handle a certain amount of traffic at a given time. A denial of service attack will bombard the websites with requests, overloading the website until its server crashes, thus denying access of the website to legitimate users. A distributed denial of service attack is the same attack on a much larger scale, using a large number of computers infected with malware, known as a botnet, to overload the website.

In the present case, the DDoS attack is being conducted against the ISPs themselves, preventing legitimate internet access to all of the ISP’s customers. The motive behind the current attack is unknown, which can range from anything between blackmail, disrupting a competitor or just miscreants having fun. The effects on the ISPs can be quite harmful, losing customer loyalty being the primary one.

Increasing number of DDoS attacks around the world

All around the world, DDoS attacks have been on a rise. Most recent were the attacks on the Pokemon Go servers and the websites of the US Library of Congress. In fact, hackers have threatened to take Pokemon Go offline on August 1st through a DDoS attack. The reason for this rise is that DDoS attacks are very easy to conduct. The earlier effort required in creating a botnet is also no longer required, since botnets are now available for hire and on sale. Symantec reports a price range of between USD 10 to 1000 per day for acquiring such botnets on the cyber black market. In fact, botnets-for hire were reported to be responsible for almost 40% of the DDOS attacks in 2015.

Combating the DDoS attack

Fighting a DDoS attack is not easy. The Mumbai police are reported to be blocking out the IP addresses from which the requests are originating in the current attack. However, since these IP addresses belong to the botnet, it does not block out the actual perpetrator, who will be controlling them remotely. In fact, the easy availability of botnets gives the cybercriminal the ability to combat preventive measures by putting more and more infected computers at work on the attack.  Another method is to make more hardware and bandwidth available, in order toallow legitimate users to enter. This is one of the few methods which temporarily mitigates the flood of requests. This option, however, is only available to larger ISPs. This is probably why the favoured targets in the current Mumbai attacks are small and medium sized ISPs, who do not have the infrastructure and resources to combat the attack.

DDoS attacks can last for a few hours, to weeks, to even months. Inevitably, they only stop when the perpetrator decides to stop. Finding an effective solution to this is urgent.

Indian laws inadequate for international investigation

The real problem, however, arises with finding the perpetrator. The requests being sent in a DDoS attack involves going through routers, and the investigative process gets more complicated with every new router involved, which are usually several in number. Additionally, the botnet need not be entirely in India. Even if the botnet is entirely in India, chances are that the perpetrator himself is located outside India.

The current Mumbai attack is reported to have originated from Eastern Europe and China. Legally, the Information Technology Act, 2000 and the Indian Penal Code, 1860 are adequately equipped to deal with the situation. Section 43(f) of the IT Act punishes ‘causing denial of access’ to a computer resource. Section 4 of the IPC gives the Indian police the power to act against a person outside India committing a crime against an Indian computer resource.

Though the basic laws are in place, laws enabling investigation overseas and extradition of a criminal from abroad are missing. Such laws are usually in the form of individual treaties between countries or through ratifying multilateral treaties. Existing Indian treaties for investigation and extradition do not include cybercrimes.  The Budapest Convention on Cybercrime is at present the only multilateral international convention enabling investigations and extradition w.r.t, cybercrime. India, however, has refused to ratify this Convention, since it was drafted without the involvement of developing countries like India.The result is that despite the fact that a large number of cybercrimes originate outside India, investigation outside India can take any amount of time. The time factor plays a major role in cybercrime investigation, where the evidence is so delicate that it can be deleted or modified in seconds. The result is that though on paper, the laws are in place, practically speaking investigations are difficult.

Investigating and catching the criminals behind this increasing number of cybercrime from abroad is in itself a difficult process, without adding the issue of inadequate laws. Even if the Indian government chooses not to ratify the Budapest Convention, it needs to provide police and cybercrime investigative authorities with an alternative solution to enable international investigation.

The author is a lawyer with a specialisation in cyber laws and has co-authored books on the subject.


Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Defend Against DDoS Stop DDoS Stop DDoS Attacks
DDoS attacks are getting worse
July 22, 2016

Just a couple of days after a horrendous DDoS attack took down Pokemon GO servers for a day, Arbor releases its new report on the state of DDoS around the globe, which basically says things are only getting worse.

The reasons are still the same — DDoS attacks are simple to launch, cheap and easy to obtain, for anyone “with a grievance and an internet connection”.

Over the past 18 months, Arbor detected an average of 124,000 DDoS attacks a week. The peak size jumped a stunning 73 percent compared to 2015, up to 579Gbps. Just in the first six months of 2016, there have been 274 attacks over 100Gbps — in the whole of 2015 there have been 223 such attacks.

When it comes to attacks over 200Gbps, things are even worse — 46 such attacks in the first half of this year, compared to 16 in all of 2015. Great Britain, the US and France are the top three targets for attacks of over 10Gbps.

“The data demonstrates the need for hybrid, or multi-layer DDoS defense,”, said Darren Anstee, Arbor Networks’ chief security technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target.  However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1Gbps and 90 percent last less than one hour. On-premise protection provides the rapid reaction needed and is key against ‘low and slow’ application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS”.

Published under license from, a Net Communities Ltd Publication. All rights reserved.


Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Defend Against DDoS
Latest massive DDoS attack suggests criminals are plotting long campaigns
July 21, 2016

Behind the scenes, DDoS attacks are still evolving. What, if anything, does it all mean?

DDoS is moving from individual attacks to whole campaigns

DDoS attackers just keep at it but the way they keep at it continues to evolve. According to an Akamai note, on 18 June, an unnamed “large European media organisation” (presumably e-gaming) experienced a sudden DDoS assault that in 10 minutes rose to a peak of 363 Gbps.


That’s a large attack by any standards Akamai’s description of the events of that day reveals other interesting trends worth paying attention to such as the way DDoS criminals are expanding the complexity of their attacks while the defenders find themselves building huge global defences simply to keep up.

It’s probably not a complete surprise that the attack bundles extreme size with the use of six different attack types; DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood. Barely 2 percent of attacks use this multi-pronged approach but it’s clearly a growing trend. As reported by Computerworld UK, on 14 June, days before the attack reported by Akamai, mitigation provider Incapsula recorded an even more massive flood that also used the spray and pray technique.

The attack also abused DNSSEC because, the criminals have cleverly fathomed, the DNS security protocol generates larger responses and can therefore be used to boost DNS amplification still further. Akamai has mentioned such tactics in several of its traffic reports during 2015 and 2016 but it is ironic that a security standard should end up being manipulated in this way.

It’s developed so the extent that, “malicious actors continue to use open DNS resolvers for their own purposes, effectively using these resolvers as a shared botnet. The attack techniques and duration of the attack point to the likelihood of booter services available for lease in the DDoS-for-hire underground marketplace.”

Intriguingly, a geographical analysis of the IP addresses used to generate a portion of the SYN traffic suggest that it came from home and SoHo routers hijacked by the KaitenSTD botnet.

 Latest massive DDoS attack suggests criminals plotting long campaigns

Why does any of this matter?  Almost without exception these attacks go unnoticed by Internet users and businesses are usually only affected if they are unlucky enough to share a datacentre with a targeted organisation.

“From a technical perspective, the discovery and subsequent increasing employment of new attack vectors or botnets always represent significant, albeit grim milestones,” Akamai concluded.

But that’s a technical way of looking at the problem. The real story hidden inside the numbers is that this was only the latest in a long string of much smaller attacks on the company by this group or groups over 34 weeks. The first conclusion is that a growing number of DDoS attacks are no longer best described as singular events so much as campaigns that go on for months and perhaps even, shortly, years.

As these attacks morph into larger and sometimes unpredictable surges, mitigation is also changing to meet that challenge with Akamai revealing that its scrubbing centres (the places traffic is diverted to be cleaned) spans several locations around the globe for this attack alone.

Disaster averted in a way – as with the huge Incapsula attack of 14 June the 363 Gbps was defended by Akamai, which has the resources to deal with it.  But as the recent downing of Pokemon GO shows, plenty hit the mark. The victims are out there even if we often don’t hear about them.