Tag: ddos

German hackers ask cash for their work

You have to admire the balls of a group of German hackers who dub themselves XMR Squad.

The outfit spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for ‘testing their DDoS protection systems.

Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company’s business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL.

While the group advertised on Twitter that its location was in Russia, a German reporter who spoke with the group via telephone said: “The caller had a slight accent, but spoke perfect German.”

Following the attention it got in Germany after the attacks, the group had its website and Twitter account taken down.

Hackers mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.

BBC under hack attack

Skull and crossbonesThe BBC websites were under attack earlier today, the corporation has confirmed.

Rory Cellan-Jones, a technical reporter for the BBC, said on Radio 4 that the websites were attacked using a distributed denial of service (DDoS).

He said that the BBC was regularly attacked by hackers but had means to tweak its site to recover from the attack.

The attack not only affected the maun BBC web site but also its iPlayer TV and iPlayer radio app.

The attacks started happening around 7AM today, but by 10.30AM everything was working normally again.

No one has claimed responsibility for the attack, and Cellan-Jones said the BBC hadn’t received cash demands from the perpetrator or perpetrators.

Prolexic warns of spike in DrDoS attacks

DDoS protection company Prolexic has warned of a spike in the number of Distributed Reflection and Amplification Denial of Service, or DrDoS, attacks, which have notably grown over the last year.

The company points out that common networked devices such as printers, cameras, hubs, sensors and routers are increasingly being taken advantage of and turned into nodes to launch malicious attacks part of wider botnets.

These can be tough to pin down because they often spoof the actual origin of the attack.
DrDoS attacks, the whitepaper points out, are made possible because of the original design of RFC – the most widely used protocols were built for functionality over security which can leave them wide open.

In a whitepaper, Prolexic outlines in technical terms how three common network protocols are used to launch the attacks – these are Simple Network Management Protocol, or SNMP, for communicating with IP based devices, Network Time Protocol, or NTP, used to synch time and data information across networks, and Character Generation Protocol, or CHARGEN, for debugging network connections.

Prolexic warns that, over time, as more servers and IP devices are added, DrDoS threats will grow because networks will grow. In the short term it is unlikely that security gaps will be plugged because this would need entirely new protocols, and for the current batch the problems can be found at the core of their architectures.

To lower the threat, Prolexic advises Sysadmins to disable or restrict functionalities in these protocols. 

DDoS attacks getting bigger, more frequent

The frequency and power of DDoS has skyrocketed over the past few months and the first quarter of 2013 will go down in history as the worst quarter for DDoS attacks in history. 

According to data from Prolexic (PDF),  Q1 was a “landmark quarter” for DDoS attacks. The outfit described the volume of attacks as “remarkable,” with more bandwidth and sophistication. Average attack bandwidth was up 718 percent from the last quarter. It went from 5.9Gbps to a staggering 48.2Gbps in the space of just three months.

“Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” Prolexic said. “This indicates that advanced malicious actors have become more adept at harnessing the power of large DDoS botnets. Furthermore, it indicates that the malicious groups behind these large-scale attacks are becoming more organized and are coordinating with different veteran crime organizations.”

The vast majority of DDoS attacks originate from small, independent actors and they tend to top out at about 1Gbps. However, 50Gbps is more than enough to bring down huge organisations, such as banks, and cause headaches for even the biggest players. The recent spike in bandwidth means that more low-skilled actors could be able to execute serious attacks. 

Worse, at this point nobody seems to be taking these DDoS kids seriously. Small DDoS attacks are viewed as a nuisance and there are simply too many of them to investigate and nab the perpetrators. As the number of botnets and the bandwidth are growing at an alarming pace, they could cause a lot more damage while staying under the radar. 

Android Trojan can mount DDoS attacks

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks.

Dubbed TheAndroid.DDoS.1.origin, it can turn any mobile phone into an attack device at the press of a button.

Android.DDoS.1.origin creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched. This means that users will not even be aware that they have been infected.

The Trojan connects to a remote server and transmits the phone number of the compromised device to criminals and then waits for further SMS commands.

It can be used to attack a specified server or send an SMS.

It is apparently easy for criminals to send a command to attack a server all they have to do is put in the parameter [server:port]. When they do this the phone will hit the specified address with data packets.

It can also be used to send SMS spam.

The only way  users can tell that they have been hit by the Trojan is if their phone connection performance is slower than a 150 year old hibernating turtle who has not had his first morning cup of coffee.

Their internet and SMS should go through the ceiling too, particularly if messages are sent to are premium numbers,

Dr Web thinks that the Trojan is spread using social engineering tricks although the source has not been found yet.

Writing in the company bog, Dr Web said that it is continuing to investigate the virus and hopes to come up with a few answers soon. 

Japan hit by cyber attacks as island dispute continues

Japanese authorities have claimed a number of cyber attacks on its financial sector and other institutions are a retaliation from China over a land dispute.

The websites of 19 Japanese banks were made temporarily unavailable following cyber attacks originating from China, according to Japan’s National Police Agency, which claimed that many of the targets had been named on hacking group sites.

Other organisations such as the Tokyo Institute of Technology said that they had been targeted which resulted in the theft of personal data, as well as other government departments also targeted in distributed denial of service (DDOS) attacks.

Some websites were altered – with a picture of the Chinese flag appearing on one site – according to the Japanese Times. The attacks are believed to have ceased, though Japanese authorities are warning organisations to take precautions against further threats.

The attacks are believed to be protesting the nationalisation of islands in the East China Sea, Diaoyu and Senaku, which were previously privately owned.   

The move by the Japanese government to purchase the resource rich islands has sparked outrage in China and has led to a wave of anti-Japan protests.

Such protests have caused a number of Japanese firms operating in China to suspend factor production. Panasonic was one of the companies which chose to temporarily suspend production this week, claiming that workers in its Chinese component factories had “sabotaged” its operations.

McAfee: Malware at highest level for four years

Malware attacks are at the highest level for four years according to a McAfee report, with a malicious code writers finding new ways to attack mobile devices.

The Intel owned security company today revealed the results of its quarterly Threats Report, highlighting a 1.5 million increase in malware since the first quarter of 2012.  

McAfee Labs’ 500 researchers uncovered almost 100,000 malware samples each day, as attacks became more varied.

“Attacks that we’ve traditionally seen PCs are now making their way to other devices,” Vincent Weafer, senior vice president of McAfee Labs. said.  

This included Apple’s Mac devices targeted by the Flashback trojan, for example, as well as the ‘Find and Call’ malware worming its way into the Apple Store.

Also, attacks on mobile devices continued to increase after an explosion of mobile malware in the first quarter, according to McAfee. Nearly all of the new instances of malware were directed towards the Android operating system – including mobile botnets, spyware and SMS-sending malware.

Ransomware, malware which restricts access to a device until money is given to the attacker, was also on the increase, and is becoming a popular tool for cybercriminals. Instances of ransomware, typically targeting PCs, have increased with attacks favouring mobile devices.

Cyber criminals have also found new ways to control botnets to ensure anonymity, such as using Twitter.  Botnets, computer networks of infected machines used to send spam or to launch distributed denial of service (DDOS) attacks, are now being controlled through the social media site, with attackers tweeting commands to all infected devices. Overall instances of botnet infections reached a 12 month high during the quarter.

Malware being spread through USB thumb drives showed significant increases, with 1.2 million new samples of the AutoRun worm.  Password stealing  malware samples also increased by 1.6 million. 

NHS Trust faxed patient data to the wrong number for three months

A London Community Healthcare trust has been slapped with a fine of £90,000 after the Information Commissioner’s Office found it in serious breach of the Data Protection Act.

The watchdog, which had its website hacked last week amid accusations that it didn’t protect citizen’s privacy enough,  first became aware of the NHS Trust’s wrong doings back in March 2011.

This was after after patient lists from the Pembridge Palliative Care Unit, intended for St John’s Hospice, were faxed to the wrong recipient.

The patient lists were said to contain sensitive personal data relating to 59 individuals. This including medical diagnoses and information relating to their domestic situations and resuscitation instructions.

The individual informed the Trust in June that they had been receiving the patient lists, which consisted of around 45 faxes over a three month period. However, they claimed that to protect privacy, they had shredded them.

The ICO conducted an investigation that found the trust had failed to have sufficient checks in place to ensure sensitive information sent by fax was delivered to the correct recipient. It also barked at the trust for failing to provide robust data protection guidance, and training to the members of staff that had accidentally sent the faxes.  

Stephen Eckersley, the ICO’s Head of Enforcement, said that the fact that this information was sent to the wrong recipient for three months without anyone noticing made the case “all the more worrying”.   

Anonymous hater hit Pirate Bay

A former member of Anonymous, who now hates the outfit and helps the feds, has claimed responsibility for an attack which downed the Pirate Bay and Wikileaks.

The “traitor”, who goes by the name AnonNyre, has claimed responsibility for the Distributed Denial of Service (DDoS) attack that kept the site offline for days.

In a Pastebin  message, AnonNyre explains that he attacked The Pirate Bay because he was against Anonymous and does not support it any more. Apparently he also helps the FBI grass up Anonymous members.

He said that Pirate Bay was a press release website for Anonymous and so he thought by taking it down he would make life impossible for Anonymous.

” Get on your knees, Anonymous. I am a one-man army. I am not a hacker. I am a security killer,” he said.

Nyre doesn’t explain how he pulled off the feat, but the smart money is that he used a botnet of a respectable size.

Nyre might not be behind the Wikileaks attack which was also under a DDoS attack, and for much longer. 

"Inadequate" ICO hit by Anonymous

A group working under the banner of Anonymous has succeeded in bringing down the ICO’s website with a suspected DDoS attack.

The privacy watchdog’s site was down for all of yesterday after a group identifying with the  collective dealt its blow.

According to a Tumblr page, the team – calling itself Anon A Team – targeted the privacy watchdog because they believed it lacked independence and had repeatedly failed “to protect the public’s privacy from hacking or data protection breaches.”

It also claimed that the law protecting privacy was “inadequate and with disproportionate measures in relation to political protests but none for the civil service or media,” as well as a systematic bias in the way the press reports public interest stories – as a consequence of its failure to give sufficient weight to certain stories.

“There is zero commitment by all our regulators to protect UK citizens from data protection breaches,” it continued.

The group described the Leveson inquiry as a “farce”.

The sentiments were echoed in an interview at TechWeek Europe, where someone claiming to be affiliated with Anonymous said the watchdog was not “equipped, nor have the motivation to ensure that we are protected”.

The attack was met with mixed feelings by the security industry with many refusing to comment.

However, one security professional did speak with TechEye under anonymity. “Hackers are far cleverer than heads of states, government bodies and companies,” the source said. “No matter how much security is in place, if Anonymous wants to take you down, it will.

“Do I agree with this attack? They do have a point about privacy,” the source said.

The ICO itself refused to speak beyond issuing a generic statement:

“Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack. The website itself has not been damaged, but people have been unable to access it. We provide a public facing website which contains no sensitive information.

 “We regret this disruption to our service; however we are pleased that our website is now available.”