DDoS DDoS Attacks
11 arrested over cyberattacks on 70 government websites
October 22, 2014

Seventy official sites targeted by hackers ‘partly from other regions’ who declared ‘cyberwar’ after tear gas was used on Occupy protesters

Eleven people have been arrested over cyberattacks on more than 70 government websites this month after hackers warned of retaliation for the use of tear gas on democracy protesters.

The cyberattacks are believed to have been directed under the banner of Anonymous, a brand adopted by hackers and activists around the globe.

No information was changed or stolen, nor were the government’s online services affected significantly, Secretary for Commerce and Economic Development Greg So Kam-leung told lawmakers yesterday.

Attackers made the sites intermittently inaccessible through a flood of access requests, he said.

“Attacks launched by the hackers’ group originated partly from Hong Kong, and partly from other regions,” So said.

“Since any internet user can join Anonymous, [the attackers] could have originated from anywhere in the world and it is hard to find out their nationalities.”

Police had arrested eight men and three women, aged 13 to 39, on suspicion of accessing computers with criminal or dishonest intent, he said.

On October 2, web users identifying themselves as Anonymous hackers declared “cyberwar” on the government and police force after tear gas was fired at Occupy Central demonstrators late last month.

So told a Legislative Council meeting that more than 70 official sites were made temporarily inaccessible by so-called distributed denial-of-service (DDoS) attacks. During such attacks, website infrastructure is overwhelmed by a huge bombardment of traffic, overloading servers and slowing down the site’s functionality. So stressed that security was not compromised.

In contrast, hundreds of phone numbers and email addresses of the Ningbo Free Trade Zone and a job-search site run by the Changxing county administration, both in Zhejiang province, were exposed by Anonymous this month, apparently in support of the protesters. The data also included individual IP addresses and names.

So said hackers had hit some local websites as well, but did not have a significant impact on the city’s economic activities.

Lawmakers asked if the hacking was related to Occupy and the alleged involvement of “external forces” in the movement.

So said it could not be linked to any specific country as many computers originating from different places were involved. Police were investigating further.

The website of pro-democracy newspaper Apple Daily has also been the target of cyberattacks in recent weeks, coinciding with a blockade of its offices in Tseung Kwan O by pro-Beijing protesters.

No group has claimed responsibility for those cyberattacks, which followed similar attempts to make the Apple Daily website inaccessible in June when Occupy held an electoral reform “referendum”.

Source: http://www.scmp.com/news/hong-kong/article/1622171/more-70-hong-kong-government-websites-under-attack-anonymous-hackers

DDoS DDoS Attacks DDoS Defense
Thought you knew about DDoS? Think again
October 21, 2014
Twitch.tv is just the latest distributed denial-of-service (DDoS) victim in a seemingly never-ending stream of attacks. Shortly after Amazon announced that it had acquired the streaming gaming service, Twitch.tv experienced a coordinated DDoS attack that completely shut it down. For those who make their livelihood through the service, this attack was more than a nuisance. Failing to understand how DDoS attacks work and how dangerous they can be leaves your network open to risk. Below is a compilation of myths that you need to overcome if you hope to protect your assets.

Myth 1: Hackers launch DDoS attacks to consume network bandwidth.

In the news, the seriousness of a DDoS attack is typically measured by the size or amount of attack traffic (e.g. number of Gigabits per second). By using only this measure, the media leads many people to mistakenly believe that all DDoS attacks are targeting bandwidth resources. In fact, DDoS attacks can also be designed to consume system and application resources as well. Thus, the size of the attack traffic is only one of several aspects that determine the severity of an attack.

That’s because the same amount of attack traffic can produce a greater or lesser impact depending on the method employed. Sometimes, people mistakenly assume that SYN flood attacks are a type of DDoS attack that targets network bandwidth resources. In fact, the primary threat posed by SYN flood attacks is their consumption of connection table resources. Even with exactly the same level of attack traffic, a SYN flood attack is more dangerous than a UDP flood attack.

Myth 2: DDoS attacks are always flood attacks.

A DDoS attack connotes the idea of speed. Many people think of UDP flood attacks, SYN flood-type attacks, RST flood-type attacks and the like when they hear the phrase “DDoS attack.” In fact, although flood-type attacks account for a large proportion of DDoS attacks, not all of them are. There are also low-and-slow attack methods. Essentially, a DDoS attack consumes a large number of resources or occupies them for a long period of time in order to deny services to other users. Flood-type attacks rapidly send a large amount of data and requests to the target, but low-and-slow attacks are different. They slowly but persistently send requests to the target and thus occupy resources for a long time, eating away at the target’s resources bit by bit. If we view a DDoS attack as an assassination, a flood-type attack is like an assassin who uses a machine gun. A low-and-slow attack is akin to death by a thousand cuts.

Myth 3: Botnets of hijacked PCs are the source of all DDoS attacks.

Internet security professionals adhere to the tenet that all DDoS attacks are launched from botnets. However, not all attacks are carried out by botnets composed of personal computers that have been hijacked by hackers. As technology has advanced, the processing performance and bandwidth of high-performance servers used by service providers have rapidly increased. Correspondingly, the development and use of traditional botnets composed of PCs have slowed. Besides the processing capability factor, PCs normally have very limited bandwidth resources, and their in-use periods fluctuate. Therefore, some hackers have begun to look to high-performance servers; these were used during Operation Ababil’s attacks on U.S. banks. In addition, attacks are not always carried out by commandeering sources; the hacktivist group Anonymousprefers to launch attacks using large numbers of real participants. We call this a “voluntary botnet.”

Myth 4: Vandalism and mischief are the only goals of DDoS attacks.

People don’t understand the motives of hackers; why use all that brainpower for no purpose? DDoS attacks take some technical skill and directly result in the destruction of network service availability. This doesn’t seem to benefit hackers, but hiding behind this simplistic stereotype are hackers who know the value of a bitcoin. The current generation of hackers are much more sensitive to benefit calculations than average people. They use destructive power in exchange for profit, they use destructive deterrents to avoid losses to themselves and they use destruction as leverage to shift the playing field to their advantage. Destruction is only one part of DDoS attack motivation; the true goal is almost always profit of some sort.

Myth 5: DDoS attacks are not a concern for small websites and businesses.

If you operate a website, even if you derive little income from it or engage in non-profit activities, you are still not exempt. Any site can be considered fair game for profit. When cybercriminals are choosing extortion targets, they know that attacks on major websites may be more profitable, but at the same time the costs and risks are usually also greater. However, with smaller sites, their defenses are usually weaker and an attack is more likely to succeed. Furthermore, competition is one of the major reasons that spurs DDoS attacks. Newcomer businesses may attack established businesses to steal customers, and established businesses may attack newcomers to remove potential competition. Malicious retaliatory attacks might not be concerned with size and scale; they may just want to prove a point. As long as a website is vulnerable, it may suffer a DDoS attack. 

Source: http://www.scmagazine.com/understanding-the-ddos-threat/article/376191/
DDoS DDoS Attack Specialist DDoS Attacks
DDoS Attacks: Legitimate Form of Protest or Criminal Act?
October 20, 2014

The Coming Swarm’ argues that distributed denial of service attacks are a legitimate form of protest.

Amendment I – Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

A basic premise of a democratic society gives its citizens rights to participate in debate and effect change by taking to the streets to demonstrate. In the U.S., this is enshrined in the Bill of Rights under the First Amendment.

But what happens when we all effectively live, work, shop, date, bank and get into political debates online? Because online, as Molly Sauter points out in her book The Coming Swarm, there are no streets on which to march. “Because of the densely intertwined nature of property and speech in the online space, unwelcome acts of collective protest become also acts of trespass.”

Sauter argues that distributed denial of service (DDoS) attacks are a legitimate form of protest. Or at least one that needs to be examined in a larger context of lawful activism, rather than hastily and disastrously criminalized under the Patriot Act.

Sauter is currently doing her Ph.D. at McGill University in Montreal after completing her Masters at MIT. Prior to attending MIT she worked as a researcher at the Berkman Center for Internet and Society at Harvard. So she’s been thinking about civil disobedience and digital culture for a while, although she admitting during a recent phone interview that “adapting and re-writing a Masters thesis into a book during the first year of doctorate study is not recommended.”

As Sauter examines in The Coming Swarm, DDoS campaigns are not new. In fact they’ve been used for almost 20 years in support of various political movements from pro-Zapatista mobilization to immigration policy in Germany and, most notably, at 2010 G20 in Toronto.

“Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space,” she told PCMag. “Actions that take place in the online sphere can only ever infringe on privately held property. The architecture of the network does not, as of yet, support spaces held in common.”

The book also delves into extensive technical discussion on the evolution of simple denial-of-service attacks, where a single computer and Internet connection breaches a firewall, floods a server with packets, and overloads the system so that it malfunctions and shuts down.

According to Sauter, it was the switch to distributed denial-of-service attacks that really got the authorities’ attention. Mainly because the distributed nature of attack, using zombie machines to hide the original source of the activists’ IP addresses and often effect malware, made detection almost impossible. It was then that the nature of digital debate was re-framed as a criminal act rather than civil disobedience.

The Coming Swarm is thoroughly thought-provoking and meticulously researched (as one might expect from a peer-reviewed publication under the Bloomsbury Academic imprint). It will be an important contribution as more enlightened public policy makers try to understand digital culture rather than just contain it.

The Coming Swarm arrives Oct. 23 and can be purchased as an e-book on Bloomsbury.com.

Source: http://www.pcmag.com/article2/0,2817,2469400,00.asp

DDoS DDoS Attacks DDoS Defense
The Evolution of DDoS: Risk Mitigation for Retailers
October 15, 2014

By Martin Brown, Chief Security Futures Architect, BT Global Services
For retailers, e-commerce has not only become a convenient way for customers to research items, browse new inventory and ultimately purchase goods, but it has also turned into a large revenue generator. According to Forrester, e-commerce sales are expected to rise from $231 billion to $262 billion in the U.S. this year, a 13 percent increase. This robust growth has been attributed to more consumers using their smartphones and tablets to complete transactions.

Eventually, revenue from e-commerce is expected to surpass that of brick-and-mortar locations, so it is crucial that retailers are investing in online platforms early, as well as ensuring that their IT systems can combat any issues they might encounter.

Figuring out which issues to take seriously can be an issue in the ever-changing landscape of digital technology. The Target credit card breach or eBay website hack can make retailers want to quiver in fear, but the threats and seriousness of these issues are not something to be discounted. An issue with a mobile application or website could paralyze a business and can quickly cost a retailer thousands or even millions of dollars. One of the known threats to retailers that could ultimately cause a significant disruption to e-commerce retailers is a DoS or DDoS attack.

What is a Dos / DDoS attack?
At a fundamental level a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.

Although the means to carry out, motives for, and targets of a DDos or DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend connectivity to the Internet.

Perpetrators of these attacks typically target sites or services hosted on high-profile web servers, such as banks, retail or card payment gateways. The term is generally used in reference to computer networks but is not limited to this field.

While firewalls and IPS/IDS (intrusion prevention and detection) services can offer a certain amount of protection if configured appropriately, once the internet pipe between the ISP (Internet Service Provider) and customer is overloaded the net effect is that the DoS/DDoS is successful as not only is the target of the attack affected but any other services routed down the same link are also impacted.

How big is the problem?
DDoS has become the weapon of choice for many cyber attackers but also serves as a useful distraction to divert scarce security engineering resources from other backdoor attacks undertaken concurrently with the DDoS.
The largest recorded attack in 2014 so far, as reported by Arbor Networks, was 325 Gigabits/second (Gbps) directed at a user in France.

In February 2014 BT, working together with Arbor, its technology partner, successfully mitigated an attack of 54 Gbps against a large UK retail organization. This attack, had it been successful, could have affected daily online business of around $8 million and seriously impacted brand reputation.  Fortunately this customer already was  a subscriber to the BT DDoS mitigation service and normal service was restored within 10 minutes of the attack starting.



BPS = bits per second,   PPS = packets per second

Source:  Arbor Networks

As can be seen from the table above the scale of DDoS attacks is continuing to grow and that trend is predicted to continue over the next five years.

When the target of a DDoS attack is a revenue-generating website, the result is twofold. First, the company may need to manage brand damage and customer dissatisfaction, which have a less defined cost associated with them. Second is a more recognizable loss of revenue driven either by online customer activity being significantly reduced or lost due to being unable to interact with the website for orders or changes.

How can technology help?
There are several companies in the marketplace working to help retailers and other businesses combat DDoS/DoS attacks. For example, some services provide an automated system which, when specific triggers are met, prevents downstream links to customer sites being saturated with traffic therefore not only the target has been protected but the other services using the connection are also protected.

Services that provide mitigation at the core of the network can combat high volume attacks more efficiently and effectively. Perimeter mitigations effectively protect the infrastructure from malicious traffic targeted at networks or hosts, which can result in significant volumes of malicious traffic being discarded before it can be of any harm.

Some service providers that own their own network typically are able to surgically reroute traffic right down to the individual IP address and pass it through a DDoS mitigation or scrubbing center before dropping the cleansed traffic into the target’s local network. This means that the right traffic can get through to the customer’s network such as order placements, while the malicious traffic is discarded.

How can retailers mitigate risk?
The threat of DoS and DDoS attacks is real and not slowing down anytime soon. The potential to be affected by these types of attacks is a very present and harsh reality for businesses everywhere. The key to mitigating this risk is preparation – knowing who your allies are in your time of need. This is especially true for retailers. Attacks happen quickly and the results can be catastrophic.

With the continued growth and importance of e-commerce, retailers need to be taking appropriate precautions to ensure that their customers, bottom lines and reputations do not suffer in the event of an attack.

Martin Brown is the chief security futures architect for BT Global Services. Using his 20 years of security industry experience, he is responsible for the strategic determination, definition and down-streaming of new and innovative security products and services for BT, as well as managing relationships with BT security partners. 

Source: http://apparel.edgl.com/case-studies/The-Evolution-of-DDoS–Risk-Mitigation-for-Retailers95880?googleid=95880

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
Researcher makes the case for DDOS attacks
October 11, 2014

When you start with the premise that capitalism is illegitimate it’s easy to dismiss other people’s property rights.

To some people, a political mission matters more than anything, including your rights. Such people (the Bolsheviks come to mind) have caused a great deal of damage and suffering throughout history, especially in the last 100 years or so. Now they’re taking their mission online. You better not get in their way.

Molly Sauter, a doctoral student at McGill University and a research affiliate at the Berkman Center at Harvard (“exploring cyberspace, sharing its study & pioneering its development”), has a paper calling the use of DDOS (distributed denial of service) attacks a legitimate form of activism and protest. This can’t go unchallenged.

Sauter notes the severe penalties for DDOS attacks under “…Title 18, Section 1030 (a)(5) of the US Code, otherwise known as the CFAA” (Computer Fraud and Abuse Act). This section is short enough that I may as well quote it here verbatim:

(5)(A) [Whoever] knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

There are other problems with the CFAA with respect to some legitimate security research and whether it technically falls afoul of the act, but that’s not the issue here.

Sauter goes on in some detail with the penalties under Federal law for violating this act and, no argument here, they are extreme and excessive. You can easily end up with many years in prison. This is, in fact, a problem generally true of Federal law, the number of crimes under which has grown insanely in the last 30 or so years, with the penalties growing proportionately. For an informed and intelligent rant on the problem I recommend Three Felonies a Day by Harvey Silverglate. Back to hacktivist DDOS attacks.

She cites cases of DDOS attacks committed against Koch Industries, Paypal, the Church of Scientology and Lufthansa Airlines, some of these by the hacktivists who call themselves Anonymous. In the US cases of the attacks against Koch, Paypal and the Church, the attackers received prison time and large fines and restitution payments. In the Lufthansa case, in a German court, the attacker was sentenced to pay a fine or serve 90 days in jail; that sentence was overturned on appeal. The court ruled that “…the online demonstration did not constitute a show of force but was intended to influence public opinion.”

This is the sort of progressive opinion, dismissive of property rights, that Sauter regrets is not happening here in the US. She notes, and this makes sense to me, that the draconian penalties in the CFAA induce guilty pleas from defendants, preventing the opportunity for a Lufthansa-like precedent.

This is part and parcel of the same outrageous growth of Federal criminal law I mentioned earlier; you’ll find the same incentive to plead guilty, even if you’re just flat-out innocent, all over the US Code. I would join Sauter in calling for some sanity in the sentencing in the CFAA, but I part ways with her argument that political motives are a mitigating, even excusing factor.

Sauter’s logic rises from a foundation of anti-capitalism:

…it would appear that the online space is being or has already been abdicated to a capitalist-commercial governance structure, which happily merges the interests of corporate capitalism with those of the post-9/11 security state while eliding democratic values of political participation and protest, all in the name of ‘stability.’

Once you determine that capitalism is illegitimate, respect for other people’s property rights is no longer a problem. Fortunately, the law protects people against the likes of Anonymous and other anti-capitalist heroes of the far left.

I would not have known or cared about Sauter’s article had it not been for a favorable link to it by Bruce Schneier. Schneier is a Fellow at the Berkman Center.

Progressives and other leftists who think DDOS, i.e. impeding the business of a person or entity with whom you disagree in order to make a political point, should consider the shoe on the other foot. If I disagree with Schneier’s positions is it cool for me to crash his web site or those of other organizations with which he is affiliated, such as the Berkman Center, the New America Foundation’s Open Technology Institute, the Electronic Frontier Foundation, the Electronic Privacy Information Center and BT (formerly British Telecom)? I could apply the same principle to anti-abortion protesters impeding access to a clinic. I’m disappointed with Schneier for implying with his link that it’s legitimate to engage in DDOS attacks for political purposes.

It’s worth repeating that Sauter has a point about the CFAA, particularly with respect to the sentences. It does need to be reformed — along with a large chunk of other Federal law. The point of these laws is supposed to be to protect people against the offenses of others, not to protect the offender.

Source:  http://www.zdnet.com/researcher-makes-the-case-for-ddos-attacks-7000034560/