Skip navigation
Help

Hacktivism

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Dan Goodin

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.

Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.

Read 3 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Dan Goodin

Wikipedia

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Read 9 remaining paragraphs | Comments

0
Your rating: None

Key parts of the infrastructure supporting an espionage campaign that targeted governments around the world reportedly have been shut down in the days since the five-year operation was exposed.

The so-called Red October campaign came to light on Monday in a report from researchers from antivirus provider Kaspersky Lab. It reported that the then-ongoing operation was targeting embassies as well as governmental and scientific research organizations in a wide variety of countries. The research uncovered more than 60 Internet domain names used to run the sprawling command and control network that funneled malware and received stolen data to and from infected machines. In the hours following the report, many of those domains and servers began shutting down, according to an article posted Friday by Kaspersky news service Threatpost.

"It's clear that the infrastructure is being shut down," Kaspersky Lab researcher Costin Raiu told the service. "Not only the registers killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole operation."

Read 3 remaining paragraphs | Comments

0
Your rating: None

The growth of hacktivism, inspired by global social movements such as Occupy Wall Street and the Arab Spring, is helping distributed denial of service attacks make a comeback. The attacks, which use thousands of hijacked computers to overload servers, increased 25% in the first quarter of 2012, compared with the final three month of 2011, according to a new report released by Prolexic, a security firm that helps companies fend-off DDoS attacks.

But the real surge was in financial companies, which have been hard hit by hacktivists. Financial firms monitored by the company saw a 3000% increase in malicious traffic this quarter, as hacker groups, such as Anonymous, went after banks such as Goldman Sachs again and again in pre-announced raids. In a different survey by Arbor Networks, another security firm, political or ideological causes were behind 35% of DDoS attacks, between October 2010 and September 2011.

Hacker groups, with social and political goals are helping bring about a “renaissance” in DDoS, a form of attack security experts had thought was fading. Before mid-2010, more sophisticated hacker exploits, such as cracking passwords, had taken the place of the DDoS assaults that security personnel view as a blunt instrument, said Gunter Ollmann, vice president of research for the security firm Damballa. And the operators of Botnets—the armies of zombie computers used for the attacks—had become more profit minded, using their hordes to run online scams, such as getting people to click on bogus ads.

But the aims of the new attacks are more grandiose, targeting governments and giant companies. Anonymous had promised a “global blackout” on March 31st, when it planned to launch attacks against the world’s root servers, which direct Internet users. The attacks generated almost no stoppage, though.

Neal Quinn, chief operating officer at Prolexic, said the key to dealing with such attacks is to conduct “fire drills” that prepare an organization for the assaults.  “How’re the events going to play out? You need to be able to figure out, if this is a two hour event or a two minute problem,” Quinn said.

Thomas Hughes, director of Media Frontiers, a web hosting company, says an attack in 2011  against one customer– a Southeast Asian news service– lasted six weeks of increasingly large waves of malicious traffic.

Tech staffs should have extra bandwidth available so that when the attacks come, the waves of traffic can be rerouted. Quinn said companies should have a continual dialogue with web-hosting providers to discuss preparedness, emergency contact information and the threat environment in their industry..

Ollmann took a dimmer view–organizations can’t fully prevent
attacks from succeeding and need to be prepared for the worst. ”Even the largest organization in the world can fall,” he said. “You need to have contingency plans in place so you can still carry out business.”

0
Your rating: None