DistributedDenialOfService
Latest
Arizona man gets 20 months in prison for emergency system DDoS attacks
Denial of service attacks are serious by themselves, but doubly so when they target vital systems... and one perpetrator is finding that out first-hand. A court has sentenced Arizona resident Randall Charles Tucker (who nicknamed himself the "Bitcoin Baron") to 20 months in prison for launching distributed denial of service attacks against city websites, including damaging attacks against Madison, Wisconsin. He not only took down the city's website, but "crippled" its emergency communication system to the point where first responders had trouble reaching the 911 center. It also 'degraded' the automatic dispatching for emergency crews.
UK police crack down on people paying for DDoS attacks
Distributed Denial of Service (DDoS) attacks are on the rise, affecting individuals, private businesses and government-funded institutions alike. As part of a large warning to cybercriminals, the UK's National Crime Agency (NCA) has arrested 12 individuals for using a DDoS-for-hire service called Netspoof. "Operation Vulcanialia" targeted 60 citizens in total, and led to 30 cease and desist notices, and the seizure of equipment from 11 suspects. The NCA says it had two focuses: arresting repeat offenders and educating first-time users about the consequences of cybercrime.
Hackers target firm protecting against denial of service attacks
When you dedicate your company to protecting against hacks, you make yourself a bigger target for those hacks... and one firm is learning this the hard way. Staminus, an online hosting service that focuses on protecting against distributed denial of service attacks, was the victim of an apparently giant hack last week. In addition to going offline until Thursday night, the company has confirmed that the intruders took customer data that includes payment card info, user names and (thankfully hashed) passwords. The perpetrators claim to have hijacked and reset the majority of Staminus' routers.
Lizard Squad takes revenge on UK police with DDoS attack
Lizard Squad has claimed responsibility for a temporary takedown of the UK's National Crime Agency (NCA) website, almost certainly in response to a series of arrests targeting customers of the hacker collective's DDoS-for-hire service. Last week, the agency announced that UK police had apprehended six British teenagers for using Lizard Stresser, a tool developed by Lizard Squad which allows anyone to cripple websites with Distributed Denial of Service (DDoS) attacks. All of the suspects were released on bail and the NCA said it would be visiting 50 addresses to issue warnings to registered users.
UK police arrest teens for using Lizard Squad's paid DDoS service
Six British teenagers have been arrested for using Lizard Stresser, a Distributed Denial of Service (DDoS) tool developed by the troublesome hacker collective Lizard Squad. According to the National Crime Agency (NCA), these individuals, who have now been released on bail, targeted a national newspaper, a school, gaming companies and various online retailers. They paid in "alternative" currencies such as Bitcoin in order to stay anonymous, however those measures have proven futile. Lizard Squad rose to prominence last year when it took down the PlayStation Network and Xbox Live. The group quickly claimed responsibility and, as if it were marketing stunt, launched Lizard Stresser -- a takedown-for-hire service that allowed anyone to cripple unsuspecting sites.
US government to beat back botnets with a cybersecurity code of conduct
Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary "code of conduct" for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June "Green Paper" on cybersecurity, in which the Department of Commerce's Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it's giving special consideration to two models adopted overseas. Australia's iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan's Cyber Clean Center, which has installed so-called "honeypot" devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers' personal information, while others are openly wondering whether OS-makers should be involved, as well. The code's public comment period will end on November 4th, but you can find more information at the source link, below.
