ddos
Latest
UK police crack down on people paying for DDoS attacks
Distributed Denial of Service (DDoS) attacks are on the rise, affecting individuals, private businesses and government-funded institutions alike. As part of a large warning to cybercriminals, the UK's National Crime Agency (NCA) has arrested 12 individuals for using a DDoS-for-hire service called Netspoof. "Operation Vulcanialia" targeted 60 citizens in total, and led to 30 cease and desist notices, and the seizure of equipment from 11 suspects. The NCA says it had two focuses: arresting repeat offenders and educating first-time users about the consequences of cybercrime.
Bungie is banning Destiny's biggest cheaters
As video game makers continue to incorporate more online and multiplayer elements into their games, they need to give special consideration to how they deal with cheaters. Consoles are locked down by default, meaning players have fewer tools to manipulate their experience, but Bungie has confirmed it's (finally) ready to drop the banhammer in an attempt to stop people ruining Destiny's competitive multiplayer modes.
4chan might have knocked out Hillary Clinton call centers yesterday
It shouldn't come as a shock that many denizens of internet cesspool 4chan are fans of Donald Trump. So it's also not a huge surprise that one 4chan user apparently took it upon himself to disrupt a segment of Hillary Clinton's get out the vote call centers. As reported by The Verge, workers with NextGen Climate (a group dedicated to raising awareness to climate change issues) noticed problems with their automated calling program yesterday -- it got slower and eventually would cut out for hours at a time.
That time your smart toaster broke the internet
Where were you the day the internet died? Last Friday the internet had its biggest hiccup to date when a whole bunch of major websites were maliciously knocked offline. Harnessing the weak security of internet-connected devices, like DVRs and cameras, the attackers used botnets implanted on the devices to traffic-overload the one business keeping those sites' domain names functional.
Vulnerable webcams used in major internet attack recalled
This past Friday, some of the biggest sites and services on the internet were effectively shut down by a major distributed denial of service attack (DDoS). As the day wore on, it was revealed that hacked Internet of Things devices like webcams and other connected home devices were the tools used to carry out the attack, and now at least some of the hacked devices are being recalled. The BBC reports that Chinese manufacturer Hangzhou Xiongmai has issued a recall for its faulty webcams that were involved in the attack.
The looming specter of cyberwar with Russia
In the world of cyber (as in security), the question of the week seems to be, "Are we going to cyberwar with Russia?" White House Press Secretary Josh Earnest thinks so. A week after President Obama singled out Russia as being responsible for cyberattacks on targets including the Democratic National Committee, Earnest said in a briefing that the administration would be serving a "proportional" response to Putin and the gang.
Blame the Internet of Things for today's web blackout
Today's nation-wide internet outage was enabled thanks to a Mirai botnet that hacked into connected home devices, according to security intelligence company Flashpoint. The distributed denial of service attack targeted Dyn, a large domain name server, and took down Twitter, Spotify, Reddit, The New York Times, Pinterest, PayPal and other major websites.
US investigating Friday's internet blackout as 'criminal act'
This morning, several sites were shut down due to a distributed denial of service (DDoS) attack on Dyn, a large domain name server. Sites affected include Twitter, Spotify, the New York Times, Reddit, Yelp, Box, Pinterest, Paypal and potentially a lot more. It seems as if this attack was focused on the east coast. Now Reuters is reporting that the US government is investigating it to see if it was a "criminal act." The news outlet reports that it's not clear yet on who's responsible and the Department of Homeland Security has said that it's "investigating all potential causes." According to Dyn, it resolved one attack earlier this morning, but there was a second attack a few hours later. As of this writing, some sites like Twitter and Spotify appear to be back up, but there are still sporadic outages that result in broken images and links. Update: According to Krebs, security firm Flashpoint is now reporting that a Mirai-based botnet is involved in the attack on Dyn. Mirai is a malware that specifically targets IoT devices like routers, DVRs and cameras, turning them into bots that then report to a central server that could then send out mass DDoS attacks like we saw today.
Some of the biggest sites on the internet were shut down this morning (update: down again)
Happy Friday! If you've had trouble this morning accessing your favorite internet outlet, you're not alone. Dyn, one of the internet's biggest domain name servers (DNS) got hit with a distributed denial of service (DDoS) attack this morning, making it quite difficult to reach some of the biggest sites and services on the web. Twitter, Spotify, the New York Times, Reddit, Yelp, Box, Pinterest and Paypal are just a handful of the sites under siege this morning.
Report confirms IoT botnet took down Krebs' security site
Two weeks ago, security researcher Brian Krebs' site KrebsOnSecurity got knocked offline by one of the biggest DDOS attacks ever recorded, which peaked at 620 Gbps. What happened? Akamai, which had been protecting the site for free but ultimately had to unload it as the sustained traffic would have cost them millions of dollars, released a postmortem today. In it, they confirm that the attacker mainly used the Mirai malware to ovewhelm Krebs' site, though there may have been another botnet involved. But the most crucial distinction from a normal DDOS strike: These bots were mostly IoT devices.
Security writer recovers from massive revenge cyberattack
Journalists are no stranger to making enemies bent on retaliation. However, it's becoming increasingly difficult to survive that retaliation in the internet era... just ask security writer Brian Krebs. An unknown party knocked his website offline last week with a massive distributed denial of service attack (620Gbps of non-stop data) as revenge for exposing two major cyberattack sellers who've since been arrested. He's only back online after taking advantage of Alphabet's Project Shield, which protects journalists against censorship-oriented denial of service campaigns. His previous anti-DDoS provider, Akamai, had little choice but to drop him -- the company tells the Boston Globe that a sustained attack on that level would have cost the company "millions."
Major cyberattack seller knocked offline as it faces arrests
One of the more popular cyberattack peddlers just came crashing down. Israeli law enforcement has arrested Yarden Bidani and Itay Huri as part of an FBI investigation into their alleged control of vDOS, one of the most popular paid attack platforms. According to information unearthed by security guru Brian Krebs from a third-party hack targeting vDOS, the two teens raked in at least $618,000 launching "a majority" of the distributed denial of service campaigns you've seen in recent years. The platform itself is also offline, although that's due to one of vDOS' victims (BackConnect Security) using a bogus internet address claim to stem the flood of traffic hitting its servers.
'Pokémon Go' expansion marred by a possible cyberattack
Good news! Pokémon Go is available in 26 more countries... if you get a chance to play, that is. Trainers can now grab the mobile game across a wider swath of European nations (such as the Netherlands and Sweden), but temporarily went down amid reports of a possible distributed denial of service attack. The internet collective PoodleCorp claims to have flooded Pokémon Go servers worldwide with enough traffic to effectively render them useless.
Lizard Squad hacked thousands of cameras to attack websites
The hacking collective Lizard Squad isn't relying solely on masses of compromised PCs to cause some grief online. Security researchers at Arbor Networks have discovered that the outfit compromised several thousand closed-circuit cameras and webcams to create a botnet that it promptly used for denial of service attacks against bank, gaming sites, governments and internet providers. Each device might not be as individually powerful as a PC, but they add up -- some attacks flooded sites with as much as 400Gbps of data.
Sophisticated hack attack? Don't believe the hype.
You wouldn't believe how sophisticated hacking has become in the past few years. It has, in fact, gotten so mind-blowingly complex and erudite that this word, sophisticated, is now the only one human beings can really use to describe any single act of computer-security violation. Actually, no. The word, at best, has almost always been used to cover up egregious screwups of breached companies, and shoddy reporting. Or, when at a loss to understand even the most mundane of hacks. Even high-minded publications step into infosec's linguistic dung heap and track the word throughout their pieces on whatever latest rehashed cyber-bomb hysteria-of-the-week they're pushing.
Feds indict seven Iranians for hacking banks, NY state dam
Just days after accusing Syrian hackers of a wide range of crimes, US Attorney General Loretta Lynch unsealed an indictment against seven Iranian nationals on Wednesday, charging that the men launched dozens of denial of service attacks against targets beginning in 2011. These included the cybersystems of numerous US banks including JP Morgan, PNC and Capital One, as well as the NYSE and AT&T. They are even accused of trying to take control of a small dam in Rye, NY at one point.
ProtonMail's encrypted email is now available to all
After a two-year, invitation-only beta, ProtonMail has opened its privacy email service to the public and launched new mobile apps. The app is encrypted end-to-end and, like Apple's iPhone, can't even be accessed by the company itself. It also has a strong pedigree, having been founded by scientists from CERN and MIT following Edward Snowden's NSA revelations. While ProtonMail has been used by nearly a million people during the beta, anyone can now sign up. "This way, we put the choice in the hands of the consumer, not government regulators," says co-founder Andy Yen.
Hackers target firm protecting against denial of service attacks
When you dedicate your company to protecting against hacks, you make yourself a bigger target for those hacks... and one firm is learning this the hard way. Staminus, an online hosting service that focuses on protecting against distributed denial of service attacks, was the victim of an apparently giant hack last week. In addition to going offline until Thursday night, the company has confirmed that the intruders took customer data that includes payment card info, user names and (thankfully hashed) passwords. The perpetrators claim to have hijacked and reset the majority of Staminus' routers.
Google's Project Shield helps any news site beat DDoS attacks
The distributed denial-of-service attack, better know as a DDoS, is one of the more basic but effective ways of shutting down a website you might want to torment. Often, hackers use them to silence sites who hold viewpoints they disagree with, making it a popular tool for internet censorship. A few years ago, Google launched Project Shield, a tool that would let small sites route their traffic through Google in an effort to avoid such attacks -- and today, Wired is reporting that virtually any news site can sign up to be part of Project Shield and use Google's technology to stay online in the face of a DDoS attack.
Skype hides IP addresses to protect users from online trolls
Let's be honest: it's pretty hard to find someone who will be genuinely happy for you when you win something. When it comes to online gaming, however, that probability falls to zero. Losing a multiplayer game leaves some people so angry that they'll go out of their way to force fellow players offline. In order to do this, gamers can use tools to locate a target's IP address from just their target's Skype username and then launch a DDoS attack to overload their internet connection. It's not the most common attack vector but Microsoft has changed the way its messaging app works so that gamers, and the wider Skype community, can rest a little easier knowing it's harder for them to be tracked.
