Tag: ddos

Wikileaks to out itself

Online whistleblower Wikileaks is to publicly list expenses and salary earnings for its paid staff by the end of this year.

Kristinn Hrafnsson, a spokesperson,  told Wired that the Wau Holland Foundation, the Berlin-based non-profit that handles most of the money donated to WikiLeaks, will list how Wikileaks has spent funds from the more than $1 million it has raised in the last year.

We should point out that the report was expected in August so this represents a delay. But what we didn’t know was that Wikileaks staff were being paid or how much.

The report should also detail what money WikiLeaks has paid out to date for the defence fund of Army Pfc. Bradley Manning.

He is the bloke who confessed in online chats to a former hacker that he downloaded classified documents from US Army networks, including 260,000 U.S. State Department cables, and passed them to Wikileaks.

WikiLeaks had a whip round for Manning’s defence. The word on the street is that it handed out $50,000 to cover his $100,000 defence bill.

Currently Wikileaks is having trouble raising money after its credit card processor decided to terminate the relationship. Moneybookers suspended the WikiLeaks account in October after learning that WikiLeaks had been put on a US terrorist watchlist. The US has denied it.

In the last year it has raised about $800,000 in donations through PayPal or bank money transfers.

As of July, WikiLeaks had spent only $38,000 from that funding, most of it going to pay the travel expenses of Assange and its then-spokesman Daniel Domscheit-Berg, as well as to cover the costs of computer hardware, such as servers, and leasing data lines.

Apparently WikiLeaks is not currently paying a salary to Assange or other volunteers from this funding, though there have been discussions about doing so in the future.

WikiLeaks may have other sources of funding aside from money handled by Wau Holland -perhaps from private donors and other foundations – but Fulda had no knowledge of them.

WikiLeaks approached the foundation last year to manage its donations because of its reputation in supporting the concept of freedom of information. Although the foundation is run by unpaid volunteers, Fulda said its advantage is that it has a more formal structure to manage funds than WikiLeaks.

Apparently there is a separate fund for contributions to a legal defence fund for founder Julian Assange, who is facing a rape investigation in Sweden. Assange claims that the sex charges are all part of a US smear campaign against him and Wikileaks. People who believe him have apparently been giving him money. 

Interpol wants to arrest Wikileaks boss

Just when Wikileaks is in the news rather a lot lately, Interpol has issued a Red Notice for the arrest of WikiLeaks’ founder Julian Assange.

A Red Notice is an international wanted poster seeking the arrest of a fugitive, with an eye towards extradition. Assange is currently in Blighty and is expected to be arrested and extradited.

Assange has been fighting a rear guard action against staff within Wikileaks who felt that he should have stepped down until the allegations against him were dealt with.

They feared that the case would distract the media from all the leaked material he was about to put out from leaked US diplomatic cables. Some Wikileaks staff and volunteers left, including the bloke who looked after the site.  It looks like they may have been right.

A Swedish judge on November 18 ordered Assange “detained in absentia” to answer questions in a rape, coercion and molestation investigation in Stockholm.

A court approved an international arrest warrant, at which point Sweden reportedly applied to Interpol for the Red Notice. Assange’s lawyer appealed the detention order but lost. Assange filed a new appeal Tuesday to the Swedish Supreme Court.

The charges relate to sexual encounters Assange had with two women during his August visit to Sweden. The encounters began as consensual, but turned non-consensual, it’s alleged. One woman said Assange ignored her appeals to stop when the condom broke.

Assange has denied any wrongdoing, and hinted that the complaints are the result of a US “smear campaign”.  This has lead some Wikileaks fans to investigate the background of the women making the allegations.

Assange’s British lawyer counsel Mark Stephens told Wired  that his client repeatedly offered to cooperate with local investigators while he was in Sweden, and has offered to answer questions remotely from Britain.

However, all of these offers have been flatly refused by a prosecutor who is  insisting that he return to Sweden at his own expense to be subjected to another media circus that she will orchestrate. 

Wikileaks attack was a little weak

While Wikileaks was implying that there was a government conspiracy to shut it down over the weekend,  it is starting to look like the denial of service attack against it was a little over-stated.

Insecurity experts who monitored the disruptive traffic say the attack was relatively modest. While the WikiLeaks’ main web address and its “cable gate” site were unreachable it was hardly the “mass distributed denial-of-service attack” the organisation claimed.

Arbor Networks, which analyzes malicious network traffic crossing the internet’s backbones, said that the DDoS generated between 2 and 4 Gbps of disruptive traffic.

Jose Nazario, a senior security researcher at Arbor told Wired that a real mass DdoS attack would have hit the outfit for 60 to 100 Gbps. The network that hosted WikiLeaks can manage 12 to 15 gigs per second, so 2 to 4 gigs on top of that is not much.

What probably hurt WikiLeaks more was that a staff rebellion against Julian Assange’s rule cost the organisation a key technical volunteer responsible for its complex bulletproof backend.

The volunteer had set up a censorship-resistant system that decoupled WikiLeaks’ document archives from its public internet IP addresses. If it was attacked, the site could jump back to life within an hour.

The volunteer resigned in September, along with spokesman Daniel Domscheit-Berg and other staffers and took a lot of software with him. WikiLeaks was offline ever since.

Despite all this WikiLeaks was able to recover from Sunday’s DDoS attack relatively swiftly. It redirecting its web addresses to cloud servers in France and Ireland. Announced a functional “cable gate” site shortly after 4PM. It took about six hours which was not bad considering.

Hacktivist, “Jester” has taken credit for the DDoS. He has attacked websites said to be linked to radical Islam. He claimed that WikiLeaks was threatening the lives of “our troops and ‘other assets.

Single hacker could be responsible for Wikileaks DDoS

A single hacker could be behind the DDoS attacks that took down Wikileaks as it published secret US embassy cables over the weekend.

Going by the name of Jester (or th3j35t3r on Twitter), the hacker describes himself as a “hacktivist for good” and posts the message “TANGO DOWN” after a successful attack, together with a link of the sites he takes down.

In his Twitter bio he says the focus of his attacks, is “obstructing the lines of communication for terrorists, sympathisers, fixers, facilitators, oppressive regimes and other general bad guys”.

Jester hasn’t outright admitted to being the culprit of the attacks but a couple of messages on his feed point the finger to him. Recently, a couple of messages pointing to Wikileaks have appeared on Jester’s Twitter account.

The most recent of them read “www.wikileaks.org – TANGO DOWN – for attempting to endanger the lives of our troops, ‘other assets’ & foreign relations #wikileaks #fail.” He then added “If I was a wikileaks ‘source’ right now I’d be getting a little twitchy, if they cant protect their own site, how can they protect a src?”

According to Mashable he also referenced his intentions way back in September in his blog, where he described the flaws of Wikileaks’ “insurance policy,” which consists of making available an encrypted file, supposedly containing the secret documents that were leaked afterwards.

According to Jester the file is useless without a decryption key, which would be provided by Wikileaks in case someone takes the site down.

Although Jester appears a capable hacker, it’s not entirely known if he did this on his own. When Wikileaks handed out information on the Iraq war in October , both US officials and press called for a direct attack on the file-leaking organisation under the pretext of national security.

At the time a security expert told TechEye an attack would be “behind the scenes”, not direct.

“The government would not be rash, or naïve, enough to launch a direct attack now, it would be much more likely to come behind the scenes. All it does is attract publicity to WikiLeaks and lend credence to other questionable conspiracy theories that may arise on the site.”

Our source stated that a “behind the scenes attack” would be more likely, with sympathetic parties potentially attempting to protect their own interests with offensive action against the site. 

Burmese internet taken down with DDoS attack

A large-scale distributed denial-of-service (DDoS) attack has taken Burma’s (Myanmar)s  internet services down, causing intense speculation as to whether it was a government censorship programme or an outside attack.

For several days Myanmar’s Ministry of Post and Telecommunication, the country’s primary internet provider, endured a sustained DDoS attack which ended most incoming and outgoing internet traffic in the country. The Myanmar Times reported that the attacks began on October 25.

It is not clear who is behind the attack, but many eyes are on the Myanmar government itself. In 2007 the government cut the country’s internet connections as a way to crack down on political unrest. With general elections to be held soon on November 7, some people believe the government could be axing the internet connections to prevent opposition material being circulated online.

Security firm Arbor Networks estimated that the DDoS was between 10 and 15 Gb/s, which would be plenty to overwhelm the country’s 45Mb/s T3 terrestrial and satellite links. The attack also involved dozens of individual components attacking multiple IP addresses and originated from over 20 different providers.

This attack marks one of the largest against a country, much moreso than similar attacks in 2007 against Georgia and Estonia. 

Arbor Networks was not sure what motivated the attack, but believes that politics, censorship, extortion, or stock manipulation are likely candidates. Myanmar dissident websites, which are hosted outside the country, were also taken down with DDoS attacks earlier this year, suggesting a potential link between the two.

The truth about the DDoS threat, the elephant in the room

Recently TechEye was hit by a particularly nasty distributed denial of service (DDoS) attack. At first we, deluded as always, thought our servers were getting a thumping from Slashdot. The attackers will be happy to know that it took us time, effort and yes, dosh, to scramble around trying to fix it. WebScreen, which as far as we are aware is the only outfit offering thorough DDoS protection in the UK, jumped to our rescue. Thank you WebScreen. Anyway – TechEye decided it would be a good idea to have a chat with Paul Bristow, Chief Operating Officer.

It’s such a hot topic at the moment. Anonymous is taking down legal firms by way of DDoS attacks who don’t quite “get it”. Nationally, Cameron is planning to spend a billion on cyber “defence” and internationally, the US’ homeland security has announced a computing cold war’s on the cards.

But let’s start in more humble territory. Despite the high profile nature of DDoS, why on earth isn’t there more protection offered, by ISPs or by data centres? Why doesn’t it come as standard? Could it be that these companies don’t give a hoot about adequate protection against a threat that’s relatively easy to pull off and potentially very damaging unless there’s a way to spin money from it?

Bristow tells us that bar none, the easiest people to sell to are those that are already under attack or have been under attack. Normally, people think they don’t need to spend that money if they don’t have to – it’s another business cost most think is optional, until it happens. The reason you don’t see DDOS as part of every day discussion, unlike for example firewalls and password protection, encryption and data security, is that it’s not… sexy.

Its advent was in 2000. That’s a very long time if you consider how wide open an attack leaves you.

Commentators would have you believe that denial of service attacks peaked around 2005 but that is factually nonsensical – remember when it was alleged that agents in North Korea DDoS’d their capitalist neighbours in the south, just last July? And social network staples Twitter and Facebook were both taken down in August by DDoS attacks. These aren’t small businesses – Facebook is widely reported to use some of the largest data centres in the world.

The threats are out there and that’s because it’s such an easily accessible route to take. In fact, Bristow tells us, consider that you are a start-up. You have a marketing budget and you’re a small business – we don’t mean tiny, but up to $15 million. Theoretically you could spend a good chunk of it on a TV campaign or for a great deal less you could seek the services of someone who’ll coordinate a DDoS attack for you.

They exist and they’re everywhere – but they tend to operate locally. So if you’re a company in the UK, it is possible to look to your own back garden and for the right price, relatively cheaply, there is someone who can carry out an attack for you. Bristow tells us that this is undoubtedly happening. Backing it up is that calls tend to come in threes – recently three jewellery retailers independently got in touch with Webscreen within days of each other. 

And there’s no protection from an ISP. A company or business under attack must convince their ISP to restore them after they’ve been taken down, all while losing money from being taken offline. The way the ISP thinks is essentially “you’ve got your traffic and used your bandwidth,” it doesn’t matter to them whether it has all happened in the space of thousands of access requests a second. “There is no doubt about that,” WebScreen says.

“All DDoS attacks in the early days were from organised crime to put rivals in online gaming or pornography out of business, or to extort money,” Bristow tells TechEye “but the whole thing has moved on now.”

There are websites you can go onto where you provide your credit card details and that will let you hire a botnet for an hour. It’s fact, says Webscreen, that you can even take a three minute try before you buy – just to show you that it works. These services play in their own back yard, employing the capabilities of attackers in the places you’d expect – China, Russia, India. But the services themselves are sold to target local businesses.

The technical capabilities of the attackers are second to none and “almost impossible” to block  unless you have a very tightly defined geographic audience – no matter where the attacks come from, they will continue to shift locations.

More worryingly Webscreen tells TechEye that with the incredible presence of news media online, some companies are seeing DDoS attacks as a “crude alternative” to filing expensive writs through the proper legal channels.

And people in the professional games space are getting whacked by competitors too. As long as you can figure out the IP details of a rival it’s fully possible to take them out before an important competition or online event. And it’s happening. “80 or 90 percent of these attacks go unreported,” Bristow says, “No one we have worked with has publicly reported anything.” There are people who work in the online gaming industry who have been taken offline for the most important weeks of their calendar years. And it’s fact that they have lost huge profits. Not turnovers, but profits.

The reason for the lack of reports is it’s like “a red rag to a bull”. If you announce to your competitors that are getting attacked it’s a window of opportunity and you are announcing a weakness. It brings us onto another topic: socio-political attacks.

With the ease of connectivity and success, as well as wide reach, of social networks, if you can gather enough people with a common ideal – whatever that may be. A good recent example is, of course, Anonymous.

Anonymous realised that together it has the means to be a thorn in the side of the bullish recording industry and its legal agents. If you can rouse enough people to be passionate on a single topic you can pose a real threat to the unprotected. Remember again how difficult it is to trace a DDoS. They rarely result in prosecution because they demand an awful lot of resources and money – one exception to the rule is DDoS attacks on the Scientology website, which ended up with fines and someone being thrown in the clink.

To conclude, then, the DDoS threat is being widely ignored. New derivatives are being developed and cooked up all the time, for example the latest, which is called slow and low – it crashes back end servers which is a very tough technique to combat. It has been evolving for ten years. Social networking gives it a whole new dimension. Governments are starting to wise up – but that’s worrying news for a different article. 

“Statistically, DDoS is the elephant in the room. Attacks are increasing in number, power and sophistication, and there is an increase in new derivatives and social political attacks,” Webscreen tells us. 

WebScreen really saved our bacon, so we’re more than happy to tell you that the technology intelligently understands traffic flows and controls them on the way to a website – you can see everything coming in, or out, and it gives you the ability to tune your network. It’s the first company in the world to offer a commercially available anti-DDOS system, and is the only British and European provider. Paul Bristow tells us he thinks WebScreen is “at the forefront of research”.

Anti-copyright groups put The Fear on Lily Allen

Lily Allen has nothing to Smile about today.

She appears to have become the latest victim of the much publicised DDoS attacks after copyright activists decided to put The Fear up the star, and cripple her website.  

It seems she was targeted after publicly complaining that It’s Not Fair to copyright,  criticising illegal file-sharing for the financial loss it had on small artists. She has previously attacked the position of pro file-sharing artists including Radiohead’s Ed O’Brien and Pink Floyd’s Nick Mason.

However, she shut down a blog that published anti-piracy statements from fellow musicians following a spate of heated criticism.

We’re sure Lily isn’t pleased about the attack and if she could get her hands on those behind it she would Knock Em Out, unfortunately for her the group has done a great job of staying anonymous so there’s Absolutely Nothing she can do. Back to the Start for you Lily.

In September the collective calling itself Anonymous took down the MPAA and RIAA websites and last month it moved down under hitting the Australian Federation Against Copyright (AFAC). 

BT wins adjournment in anti-piracy hearing

BT has been granted an adjournment to the court order brought by law firm Gallant Macmillan in the High Court.

The London solicitors was acting on behalf of its client the Ministry of Sound, and had gone to court to force BT to hand over the personal details of hundreds of PlusNet customers suspected of illegally downloading and sharing music.

Chief master Winegarten yesterday granted the adjournment until January 2011.

According to The Guardian, BT said it would challenge such court orders until the rights holder and law firm could prove that accusations of illegal file sharing had “some basis”.

The hearing followed BT admitting last month that it sent customers’ personal details in unencrypted emails to law firm ACS:Law. This information was then leaked on the web after the ACS:Law website was hacked.

At the time, BT admitted there were “deep concerns regarding the integrity of the process being used by rights holders to obtain customer data from ISPs for pursuing alleged copyright infringements”.

It added that it wanted to make sure its customers would not be treated unfairly should any details be given out, and was “urgently exploring how this can be assured, including through the assistance of the courts”.

In a statement, BT said: “The incident involving the ACS:Law data leak has further damaged people’s confidence in the current process.

“We’re pleased that the court has agreed to an adjournment so that our concerns can be examined by the court, this will then act as a precedent/test case for the future.

“We want to ensure broadband subscribers are adequately protected so that rights holders can pursue their claims for copyright infringement without causing unnecessary worry to innocent people. We have not simply consented to these orders in the past, we have asked for stricter terms as public concern has risen.

“The data leak with ACS:Law prompted us to take further action today.

“We are also seeking a moratorium on outstanding applications and orders.”

Gallant Macmillan said last week that the controversy over ACS:Law would not stop it from pursuing legal claims against those accused of file sharing.

Not long after, the company’s site was taken offline as it became apparent it was about to become the next target of a DDoS attack. Then the Ministry of Sound record label’s website was taken offline in a DDoS attack.

Both sites were still unavailable today.

Gallant Macmillan taken offline as High Court hearing beckons

Law firm Gallant Macmillan, which last week pledged to carry on with targeting those accused of file sharing, has been taken offline.

The company’s site remained down today after it was believed to have been targeted by Operation Payback over the weekend. The action followed the law firm saying last week that the controversy surrounding ACS:Law would not stop it going ahead with its anti-piracy cases, including Simon Gallant telling BBC News that he had “no problem” pursuing legal claims.

To that end, the company is due in the High Court today to seek the personal details of hundreds of PlusNet users. The hearing, due to be before Chief Master Winegarten, was reported to be over a court order to obtain a “large number” of personal details of broadband users that Gallant Macmillan suspects of illegally downloading and sharing music from record label the Ministry of Sound.

TorrentFreak reported that the London solicitors’ website was targeted by Operation Payback at about 7pm GMT on Saturday.

According to the report, the Gallant Macmillan site was destined to become the next target of a DDoS attack but the company’s web admin decided to act first – and the GMLegal.co.uk site soon began returning the “Invalid Hostname” error.

Operation Payback told TorrentFreak: “This suggests that an administrator has manually pulled the website off the server, although the domain is still pointing to the same server.”

Then, shortly before the planned attack, the law firm was reported have taken unexpected action.

“An hour before the attack, GMLegal.co.uk changed their DNS records to point to 127.0.0.1, effectively surrendering,” TorrentFreak reported.

In another twist, just minutes after 7pm, the Ministry of Sound website was taken offline in a DDoS attack.

Today, the record label’s website remained out of action. The payment site of the company was apparently also targeted, along with its operations in other countries.

This was believed to be the first time a site that makes money from selling music had been targeted by Operation Payback. 

The site shut downs came after thousands of customer details were leaked online after a security breach at ACS:Law, resulting in all manner of ISPs pledging to take a tougher stand in the future with law firms pursuing such anti-piracy claims.

 

Anonymous won't stop DDoS attacks until it calms down

The online group, which is creating havoc by DDoSing pro-copyright company websites, has said it won’t end the attacks until it stops being angry with its enemies.

The group known only as Anonymous has caused problems for a range of companies. Earlier this month its attacks took down the MPAA and RIAA websites and earlier this week it moved down under hitting the Australian Federation Against Copyright (AFAC).

 Last week ACS:Law, the notorious law firm that seeks to turn alleged infringements of copyright into a cash cow was attacked. ACS:Law then bungled an attempt to bring its site back online and published its own email database to the public. The case is now being looked at by the UK Information Commissioner’s Office.

However this damage hasn’t seemed to appease the group. In an interview on Wednesday with security company PandaLabs, which has been in contact with Anonymous since the attacks and counter-attacks began, an organiser of the group said Anonymous had a mission to “fight back against the anti-piracy lobby”.

He added that the collective had been provoked by the UK Digital Economy Bill and “‘three-strikes legislation in the EU”.

However, it seems others are fighting back. According to PandaLabs, anonymous chat servers — which Anonymous uses to organise its attacks — are also being hit, with some evidence to suggest these strikes are coming from botnets controlled by AiPlex.

And although we were under the impression the group behind the attacks were 4Chan, the interview with Panda suggests that this is not the case. When asked by the security company what the affiliation was with the group, Anonymous replied:

“Some of us frequent 4chan, but we have no affiliation with any forum or website for that matter. We simply use them to communicate.”

The source also said it believed that piracy was “the next step in a cultural revolution of shared information. Imagine it as the beginnings to an information singularity; a beginning of true “equality of opportunity”, regardless of wealth or capacity. I would not have gotten anywhere near my accomplishments today without the books I pirated. I can’t afford them,” they said.

We’re not sure what will stop the group but we know these attacks aren’t going to make copyright holders drop piracy ideas.