DDoS DDoS Attacks
December 15, 2014

Tor users could be targeted by police next year as governments seek to combat crime and reduce political dissent, according to a researcher at the security firm Cloudmark.

Andrew Conway claimed the anonymity network is “reasonably fragile”, with police able to unmask service providers by comparing traffic spikes, generated by distributed-denial-of-service (DDoS) attacks, from just a small number of endpoints.

He added that the network was at risk of a complete shutdown if a government decided to launch a massive DDoS attack against it, which would overload the system with traffic.

Conway said: “There are only a few thousand endpoints where Tor connects to the rest of the internet. Attacking those with a DDoS is well within the capability of many organisations and states.”

“I think some oppressive regimes may decide that they have had enough of their dissidents using it and just want to shut the thing down, or some group in law enforcement may decide the same.”

The security of Tor was called into question when the FBI arrested Blake ‘Defcon’ Benthall in November for his alleged work on the second iteration of Silk Road, an ecommerce site specialising in contraband that could only be accessed through Tor.

Conway added that the police mole planted in the second Silk Road admin team was “probably” involved in the arrests that caused the first version’s collapse, and that he suspected they had used the DDoS and endpoint approach to monitor network traffic.

Despite this, he said police are still unable to track down Tor user’s IP addresses, which would be necessary to identify those purchasing contraband online.

“[Tor] still does give a level of anonymity for people looking for child pornography, but not if they are providing it,” he said.

Source: http://www.cbronline.com/news/security/could-tor-fall-victim-to-a-ddos-attack-in-2015-4468576

DDoS DDoS Attacks
Anonymous In PSN’s Defense? Hacking Group Backs Sony In Recent DDoS Attack On PlayStation Network, Demands Lizard Squad Cease Or They Will Retaliate
December 9, 2014

A hacker from Anonymous backs PSN in wake of the attacks to Sony and Microsoft’s servers last night.

A video posted in YouTube has Anonymous in PSN’s defense, demanding Lizard Squad to cease attacks on gaming servers or the hacking group will retaliate. Lizard Squad recently claimed it was responsible for the recent DDoS attacks on both the PlayStation Network and Xbox Live.

The video shows a masked man demanding the Lizard Squad discontinue its attacks on the servers, if it is really the cause of the service disruptions. The man warns Anonymous will come after them otherwise.

“You have made countless threats against Xbox Live and PlayStation Network. You have taken down their servers with relentless Distributed-Denial-of-Service attacks.”

The video could be a valid threat from Anonymous, though it is not officially hosted on the Anonymous YouTube channel. It’s also possible the video is a hoax.

“If you continue to attempt to attack the gaming communities we will take action against you. What you are doing is wrong. You are taking away the fun and enjoyment of children as well as adults. You have no real reason for taking down their servers. Your only goal is to see how far you get without getting caught.

Quit while you’re ahead because the FBI is watching you and they will find you and Anonymous will help and support them. You said your next attack on Christmas Day. We will stop at nothing to ensure that you never attack the gaming communities again. You have been warned. We are anonymous. We are legion. We do not forgive. We do not forget. Lizard Squad expect us.”

Anonymous in PSN’s defense follows through on recent attacks to Sony Pictures’ servers last month, resulting in data stolen and uploaded to file-sharing websites. The FBI is currently investigating the attacks, and has previously announced it’s close on the heels of the Lizard Squad’s identity (psu.com).

Source: http://www.kdramastars.com/articles/59850/20141208/anonymous-psn.htm

DDoS DDoS Attacks
Xbox Live: Lizard Squad hackers promise DDoS attacks at Christmas
December 3, 2014

Hacking group Lizard Squad have taken credit for a distributed denial of service (DDoS) attack on Xbox Live that left tens of thousands of users unable to connect to the service.

The attack occurred on Monday and affected primarily North American users, who when attempting to sign inwere faced with a 80151909 error code.

Lizard Squad’s Twitter page later claimed responsibility and promised further attacks around Christmas.

“That’s a small dose of what’s to come on Christmas,” reads their account, which later added: “Sony had it worse.”

In August 2014, the group hacked the PlayStation Network, bringing down the Sony platform for nearly a whole day. They claim to have brought down online PC games such as World of Warcraft, Runescape, and League of Legends, and claim attacks on Rockstar’s Grand Theft Auto Online and Bungie shooter Destiny.

Lizard Squad proclaim themselves the “kings” of DDoS attacks.

Source: http://www.ibtimes.co.uk/xbox-live-lizard-squad-hackers-promise-ddos-attacks-christmas-1477830

DDoS DDoS Attacks
Xbox Live service disrupted overnight after hacker ‘ddos’ attack
December 2, 2014

A hacker group is taking responsibility for taking down Xbox Live’s online service last night.

By Tuesday morning, Microsoft said all its Xbox Live services were “up and running.”

  • Is the sun setting on game consoles?
  • PlayStation 4 vs. Xbox One review: How they match up

Xbox support worked to resolve the issue overnight, the company tweeted from its verified support account in response to several user complaints about lack of access to the online system.

“We’re currently working to resolve this. Thanks for your patience,” one of Xbox’s support team members tweeted just before midnight Monday.

The company said it was a “busy night.”

Lizard Squad, a hacker group, claimed it was behind the attack.

“Xbox Live #offline,” the group tweeted at 5:37 p.m. Monday, later adding that the shutdown is “a small dose of what’s to come on Christmas.”

Lizard Squad calls itself the “ddos kings” in its brief Twitter bio. Ddos refers to distributed denial of service attacks —the group’s primary ammunition.

It has previously claimed responsibility for shutting down other gaming services, including Sony’s PlayStation network in August.

In a separate incident, the Lizard Squad claimed through its Twitter account that explosives might be on an American Airlines flight carrying Sony Online Entertainment President John Smedley. His plane was diverted.

Source: http://www.cbc.ca/news/technology/xbox-live-service-disrupted-overnight-after-hacker-ddos-attack-1.2857229

DDoS DDoS Attack Specialist DDoS Attacks
How to detect fraudulent activity in a cloud without invading users’ privacy
November 28, 2014

A group of researchers have found a clever way for cloud providers to detect fraudulent activities in their clouds without actually probing into the kind of activity a user performs, but by using privacy-friendly billing data.

The great thing about the cloud is that companies and users can use as much compute power or storage as needed at a specific moment and pay only for what was used.

However, fraudulent, illegal or undesired activities such as using a cloud infrastructure to launch DDoS attacks or cryptocurrency mining can ruin the experience for those who use the cloud for private and corporate purposes, as the aforementioned undesired activities can continuously suck up too much bandwidth and reduce the lifespan of the hardware.

The problem for cloud providers is the following: how to detect fraudulent or undesired activity on their infrastructure without performing network packet inspection, i.e. invading a paying user’s privacy?

“A way of doing this would be to use data aggregates, which do not give a lot of detail, such as CPU usage or the number of outgoing packets in a closed interval, to perform a first classification,” the researchers explained in a paper. “In case a fraudulent activity is suspected, then a more in-depth method can be used. This way allows users who run regular workloads to keep their privacy while detecting suspicious activity.”

The samples of data were collected from an OpenStack cluster, featuring regular workloads and fraudulent ones. By testing different classification algorithms, the researchers attempted to classify 5 types of jobs: regular workload (hadoop workload or highly CPU-intensive job), internal DDoS attack, cryptocurrency mining, and physical network failure.

Of all the OpenStack components, Ceilometer – the Telemetry Service that provides all the usage metrics cloud providers need to establish customer billing – proved to be the most useful.

By using five seconds data aggregates of several common metrics (CPU, disk and network) during various activities, and comparing the various patterns, they managed to determine – with relatively high accuracy and in a relatively short time – what type of activity customers are engaged in without discovering detailed information about what they are actually doing. Their privacy is thus preserved, and illegal or undesired activities can be made to stop.

The system has its advantages and shortcomings, but the researchers consider it a good first step of a fraudulent activity detection pipeline as more in-depth intrusion detection systems can then be deployed and will have less data to process. Also, the collected data can be reused to bill the customer.

Source: http://www.net-security.org/secworld.php?id=17693