DDoS DDoS Attacks DDoS Defense
Cyberattack deals crippling blow to Canadian government websites
June 18, 2015

A cyberattack crashed federal government websites and e-mail for nearly two hours Wednesday – an incident that raises questions about how capable Ottawa’s computer systems are of withstanding a sustained assault on their security.

The attack began some time after noon ET and individuals purporting to be part of the hackivist group Anonymous later claimed responsibility, saying they were protesting the passage of C-51, anti-terror legislation that gives new powers to intelligence and security agencies.

Over a couple of hours, the e-mail accounts of government employees stopped working and the Canadian government’s presence on the Internet temporarily disappeared. Dozens of websites for major federal departments were rendered inaccessible, from Industry, to Natural Resources, to Justice, to Foreign Affairs, Trade and Development.

It was the most high-profile cyber attack in this country since Chinese state-backed hackers broke into Canada’s premier scientific research agency last year. Sources told The Globe earlier this year those hackers were trying to use National Research Council computers as a conduit to reach the rest of the federal government.

The Harper government announced $58-million in the 2015 budget to improve Ottawa’s cyber security and guard against future hacking attacks.

During the Wednesday assault, cabinet ministers told Canadians to use the telephone to reach Ottawa.

Some time around 2 p.m. ET, the cyberattack subsided and normal operations resumed.

Treasury Board President Tony Clement said it could have been a lot worse.

“I think our imaginations could think of ways in which it could be worse, but obviously, this is inconvenient for the public and for government, and we don’t like to see it happen,” Mr. Clement said.

He said Canadian government security officials are analyzing what happened to prevent a recurrence.

“There’s always concern that this is part of a pattern, and I’m sure that our best security people and tech people are working on ways to make sure that that is not a template,” or model, for future attacks.

Mr. Clement described what happened as a denial-of-service attack that targeted computer servers for the gc.ca domain – the basis for many Canadian government websites.

During an assault such as this, hackers flood a website with outside requests to communicate, leaving it unable to deal with legitimate Web traffic and liable to shutting down. They often harness a multitude of computers to attack a single target and, in this case, are called distributed denial of service (DDoS) attacks.

Public Safety Minister Steven Blaney insisted that Canadians’ personal data were not stolen or released by these attacks.

He vowed Canada will track down those responsible, saying anger at the Anti-terrorism Act, 2015, is no justification.

Massachusetts-based Arbor Networks, a security software company, has amassed some information on what happened.

Arbor’s Security Engineering & Response Team recorded a series of 15 attacks on a single Canadian government Internet Protocol (IP) address between 12:10 p.m. and 2 p.m. ET. The longest sustained assault lasted 54 minutes.

Normally, the flood of traffic for a DDoS attack comes from “botnets” – masses of hacked computers that can be ordered to attack remotely – but the Canada attack did not come from any of the networks known to Arbor’s researchers.

The attacking machines came from a wide variety of locations, though four came from an anonymous IP address in Korea, the company said.

Mr. Clement said Ottawa is constantly bombarded by computer attacks. “There are incursions practically every day of every year. Usually, those incursions are unsuccessful … and so we always have to continue to make our sites and our information as impervious to attack as possible. Usually, that works. Sometimes, it doesn’t, and today was a day when it didn’t work,” he said.

On Twitter and on YouTube, individuals claiming to be part of Anonymous took credit for the attacks. “Today, Anons around the world took a stand for your rights,” a video said. “We will not allow our freedoms to be stripped one by one.”

With reports from Shane Dingman and John Ibbitson

Source: http://www.theglobeandmail.com/news/national/canadian-government-websites-appear-to-have-been-attacked/article24997399/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Complacency about DDoS attacks puts businesses at risk, survey shows
June 12, 2015

Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks, a survey shows

Complacency about distributed denial of service (DDoS) attacks is putting businesses at risk, a survey has revealed.

Investment in specific DDoS protection is relatively low, according to a survey by F5 Networks at Infosecurity Europe 2015 in London.

Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks and 39% admitting it is likely their organisation has already been targeted.

Similarly to advanced persistent threats (APTs), many DDoS attacks are starting to be characterised by long durations, repetition and changing attack vectors, according to a recent report by Imperva.

Almost 40% of the organisations questioned are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents, but investment in specific DDoS protection, either on or off premise, scored much lower.

However, firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, according to a report published in March by communications and analysis firm Neustar.

With cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear increasing mitigation capacity alone is not enough, said Neustar senior vice-president and fellow Rodney Joffe.

“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.

Gary Newe, technical director of UK, Ireland and Sub-Saharan Africa at F5, said he was surprised DDoS attacks are not among the top three concern for businesses.

“DDoS attacks are still coming thick and fast, with an ever-increasing level of sophistication. Businesses must continue to invest in protecting themselves against attacks of this kind,” he added.

The survey also revealed the evolving technology landscape is making security more challenging, with 76% of respondents stating that with cloud computing and increased use of personal mobile devices for work purposes, the ability to maintain consistent security and availability policies has become more difficult in the past three years.

However, respondents are still looking to innovate and take on board opportunities to drive efficiencies in their business. More than a quarter of respondents are looking to use software defined networking (SDN) technologies in their datacentre in the near future, but 20% believe SDN environments are more vulnerable to attacks. The top three security concerns are bugs and vulnerabilities in the applications (26%), the exploitation of centralised controllers (21%) and the development and deployment of malicious applications on controllers (15%).

Source: http://www.computerweekly.com/news/4500248055/Complacency-about-DDoS-attacks-puts-businesses-at-risk-survey-shows

DDoS DDoS Attacks DDoS Defense
Teen hires hacker to take down school district IT systems
May 26, 2015

A 17-year old boy from Idaho has been accused of paying a hacker to launch DDoS attacks against his school district.

The teen reportedly hired a third party to organise a week’s worth of distributed denial-of-service campaigns this month against the West Ada school district – the largest educational district in the state. The cyberattacks affected networks at all 52 schools including payroll, online textbooks, virtual teaching and standardised testing.

DDoS attacks coordinate computers around the world to overwhelm a server and cripple its processing ability. The ‘service’ is readily available for hire online for a surprisingly low cost – a brief browse discovered a bargain deal at $260/week.

The district’s IT staff managed to trace the IP address to a 17-year-old at Eagle High School. Another student at middle school level is also allegedly under investigation for a similar attack shortly afterward.

At the time of the hacking many students were undertaking Idaho Standard Achievement Testing online. The DDoS attacks caused the school systems to lose the test and results data and students were required to re-sit their exams multiple times.

According to a report by KTVB-TV News, the teen has been arrested and may face State and Federal computer crime felony charges. If the unnamed student is found guilty he is likely to have to serve up to 180 days in juvenile prison. The suspect has also been suspended from Eagle High and risks potential expulsion.

The minor’s parents are being held financially responsible for the damage caused by the attacks.

This is not the first time a teen has attempted to bring down their school system. In April this year, a 14-year-old in Florida managed to sidestep his middle school’s IT security using just his computer skills to access to the main server and locate files containing data from FCAT, Florida’s standardised comprehensive assessments.

Source: http://thestack.com/teen-hires-hacker-ddos-attack-school-district-260515

DDoS DDoS Attacks
Teen arrested after allegedly taking down school district’s Web access
May 21, 2015

Technically Incorrect: A 17-year-old from Idaho is reportedly accused of paying a third party to organize DDoS attacks against his school district.

You’re 17 and you don’t like school.

Please join the hundreds of millions around the world who feel like you and just accept it until they leave.

An Idaho teen, however, is being accused of taking things out on not only his own school but his whole school district.

It’s unclear why he might have done this. What is more clear is that he allegedly paid a third party to organize multiple distributed denial-of-service (DDOS) assaults upon the West Ada School District. A DDOS assault is when computers around the world overwhelm a server to the point where it can’t function properly.

As KTVB-TV reports, all 52 schools in the district suddenly found their Internet access kept dying. They couldn’t blame Comcast or Time Warner, could they? It seems not.

So officials investigated, a process that led them to a 17-year-old at Eagle High School. He was allegedly located through an IP address. Another student, this time of middle school level, is also reportedly under investigation.

Idaho Standard Achievement Testing, which has been occurring over the last 10 days, requires online access. Because of this disruption, many had to take the tests again, which is the height of cruelty.

The system allegedly also lost record of kids’ results, according to the report. Which would be doubly galling if you did better the first time than the second.

Given that the teen allegedly paid someone to orchestrate such attacks, one assumes that he understood what effect they might have. In this case, he’s reportedly been arrested and may be charged with a felony. He has also been suspended, pending a potential expulsion, according to the report.

I have contacted West Ada School District to ask whether this teen was a student who’d been in trouble before and whether there’s any indication of his motivation. Long is the spectrum with fun at one end and spite at the other. I will update, should I hear.

Kids, it may seem funny or even splendidly mean to interfere with a school’s IT systems. But you know that nothing stays secret too long in this world, don’t you? Not even your Snapchats.

Source: http://www.cnet.com/news/teen-arrested-after-allegedly-taking-down-school-districts-web-access/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Hong Kong Banks Targeted By DDOS Attacks, Bitcoin Payout Demanded
May 19, 2015

On May 9, an international group of hackers launched distributed denial of service (DDoS) attacks on two of the largest financial institutions in Hong Kong. Hong Kong police confirmed that they have received reports from the Bank of China and the Bank of East Asia claiming that the hackers demanded payments in bitcoin.

“The two institutions later received emails demanding payments in bitcoins, or there would be another round of attacks,” a spokesman said.

According to The Standard Hong Kong, the hackers overwhelmed the websites of the two banks with traffic from multiple sources, causing irregular spikes in Internet traffic and forcing some of the websites’ resources to be unavailable.

However, both banks stressed that none of its data and customer accounts were compromised.

Finance Magnets reported that the Cyber Security and Technology Crime Bureau has classified the case as “blackmail” and has begun an investigation.

The attack imposed on the two banks is similar to the DDoS attacks launched on the official corporate websites of banks in China and Hong Kong, most notably the People’s Bank of China in late 2013. The investigators at the time believed that the attacks were a result of the issuance of new rules which prohibited financial institutions from dealing with bitcoin.

The State media reported that they believed “bitcoin fans” have initiated the attack, as a response to prohibiting the use of digital currencies in China.

The local media began to speculate that the recent attack initiated on the Bank of China and the Bank of East Asia might have been launched by a group of hackers known as DD4BC. The group is currently listed on Bitcoin Bounty Hunter and has attacked several websites, including Finnish Bitcoin wallet and exchange Bitalo and Bitcoin sports betting platform Nitrogensports.

“DD4BC threatens the Bitcoin Community with DDoS extortion, blackmailing and slander,” Bitcoin Bountry Hunter explained. “Famous Bitcoin services like Bitalo.com and Nitrogensports.com were attacked and blackmailed.”

The banks declined to release information of the emails received by the hackers and the amount of BTC demanded.

If the DDoS attacks are continuing, the two banks may lose up to $100,000 an hour, American Banker reports. AMR (American Banker Reports) stated that “the average bandwidth consumed by a DDoS attack increased to 7.39 gigabits per second, according to Verisign’s analysis of DDoS attacks in the fourth quarter of 2014.”

A few days have passed since the Cyber Security and Technology Crime Bureau began investigating the case, but the case hasn’t showed any progress.

Source: https://bitcoinmagazine.com/20449/hong-kong-banks-targeted-ddos-attacks-bitcoin-payout-demanded/