CyberInsecure.com

Archive for the ‘DDoS’ Category

The notorious LulzSec hacking outfit has leaked over 26,000 email addresses and plain text passwords stolen from the database of an adult website Pron.com. After dumping the data online, the group encouraged people to try the login credentials on Facebook and tell the victims’ family members how they signed up for the adult site.

The reason? Just for fun. “Watch the hilarity. Tell us about it on twitter!” the hackers wrote in their announcement. Fortunately, word of the potential abuse quickly reached Facebook’s security team which forced password resets for all accounts corresponding to those email addresses.

This impressed LulzSec members, but also gave them new ideas for future attacks. “Props to Facebook security for locking all emails located on our list so fast. That’s the kind of security that earns a tip of our hat,” the hackers wrote.

“Hmm… so Facebook automatically locks every email on our list… exploitable. >:] Until next time, Facebook. Bwahahaha,” they later tweeted.

LulzSec pointed out that there were a number of .gov and .mil email addresses registered on the compromised site, as well as some 55 accounts belonging to admins of other adult portals.

Partial screenshot from the 26,000 emails and passwords txt file released online on LulzSec website:

The group didn’t stop with this leak. It also published the personal information (dox) of executive officers and other employees from vulnerability research company Endgame Systems and anti-DDoS solutions provider Prolexic Technologies.

The dox didn’t only include information about these individuals themselves, but also their spouses, children and other family members, and their respective social media accounts.

Endgame Systems is a company set up by former ISS and CIA executives with the purpose of selling offensive security solutions and zero-day vulnerability information. The HBGary Federal email leak from earlier this year revealed that the company and its management make significant efforts to keep a low profile.

Meanwhile, Prolexic Technologies has made a selling point from the DDoS attacks orchestrated by Anonymous. In 2010 the company helped firms considered by the hacktivist group as WikiLeaks enemies to protect themselves.

Credit: Softpedia.com News

Following the arrest of Julian Assange and MasterCard’s decision to block the ability of card owners to donate to WikiLeaks, the Anonymous group of hacktivists launched DDoS attacks against the Swedish Public Prosecutions Office and the credit card company.

Sites attacked by the Anonymous group have included PostFinance.ch, belonging to the Swiss bank which recently froze an account controlled by Assange, and also ThePayPalblog.com – the main blog operated by PayPal, targeted for refusing to process Wikileaks contributions. DNS outfit EveryDNS has also come into the Operation:Payback gunsights for cutting off Wikileaks’ DNS service, saying that online attacks targeted at the leak site were crippling its other customers. It seems that Mastercard’s “3D Secure” system is not working either.

Since the beginning of last week, when it began publishing leaked U.S. State Department diplomatic cables, WikiLeaks has become an organization non grata for governments and companies around the world.

It wasn’t enough that its website was the target of distributed denial-of-service (DDoS) attacks and had to move away from its primary ISP. It also got kicked out by Amazon from its hosting platform.

PayPal then stepped in and suspended the organization’s donations account, while Dyn-owned EveryDNS terminated DNS services for the wikileaks.org domain.

The latest blow to WikiLeaks came earlier this week when MasterCard publicly announced that it is taking steps to block people’s ability to donate to the organization.

WikiLeaks’ founder and editor-in-chief Julian Assange is also having problems. First, Swiss bank PostFinance suspended his personal finances account, claiming that he used a fake address when he applied for it.

Then, yesterday, he gave himself up to the UK police after an international arrest warrant was issued in his name through the Interpol for sexual assault charges in Sweden.

Anonymous, a group of Internet activists from around the world, who claim to fight against censorship and copyright, pledged support to WikiLeaks and vowed to attack anyone who stands against it. It started with the websites of PayPal last week and continued with PostFinance. Yesterday, the primary target was changed to aklagare.se, the website of the Swedish Office of Public Prosecutions.

Today the group is attacking mastercard.com, which is down at the time of writing this article. “WE ARE GLAD TO TELL YOU THAT http://www.mastercard.com/ is DOWN AND IT’S CONFIRMED! #ddos #wikileaks Operation:Payback,” Anonymous announced via its Twitter account. Mastercard’s PRs were unable to confirm any attack on payments systems but have promised us a more up-to-date statement.

It’s unlikely that hostilities will stop here, as following in MasterCard’s lead, Visa Europe also began suspending payments to WikiLeaks.

Credit: Softpedia.com News

As it was preparing to begin releasing a massive cache of secret US diplomatic cables, WikiLeaks was hit by a major distributed denial-of-service (DDoS) attack, which temporarily crippled its website.

The announcement was made from the organizations official Twitter account and read: “We are currently under a mass distributed denial of service attack.”

The identity of the attacker has not been confirmed, but a hacktivist who specializes in attacking jidhadist websites, took credit for the DDoS via his Twitter account. He also noted that “If I was a wikileaks ‘source’ right now I’d be getting a little twitchy, if they cant protect their own site, how can they protect a src?”

He publicly declared his disapproval of WikiLeaks’ actions in the past and even suggested that he has compromising information about the organization and its activities. Part of his research into WikiLeaks supposedly touches on the insecurity of its infrastructure and its inability to protect the identity of sources.

He also claims to have a tool capable of launching successful (non-distributed) denial of service attacks with little bandwidth and from a single Linux machine. If this is, indeed, the case, it might be a tool like Slowloris, which opens several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site.

Such attacks are actually possible and in general they rely on tricking Web servers into keeping connections alive for long periods of time. Opening enough such connections will eventually exhaust the web server’s resources rendering it unresponsive to others until the attack stops.

With or without the DDoS, WikiLeaks did go ahead and published the potentially embarrassing diplomatic cables, which the US government fears could endanger lives and ruin foreign relations.

Credit: Softpedia.com News

The Distributed Denial of Service (DDoS) attack launched by Anonymous against the Australian Federation Against Copyright Theft (AFACT) yesterday, has ended up affecting almost 8,000 unrelated websites.

Operation Payback, the DDoS campaign led by Anonymous against anti-piracy groups and entertainment industry associations is now over a week old.

Since September 18th, when the coordinated attacks started, the group has hit websites belonging to the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), the International Federation of the Phonographic Industry (IFPI), the British Phonographic Industry (BPI) and the Dutch Bescherming Rechten Entertainment Industrie Nederland (BREIN).

Two UK-based law firms and an Indian company called Aiplex Software involved in anti-piracy efforts have also been attacked. In fact, the actions of Aiplex, which openly admitted to DDoSing torrent sites on behalf of film studios, is what triggered this retaliation from Anonymous in the first place.

Yesterday, the group has turned its weapons against the Australian Federation Against Copyright Theft (AFACT), who’s website went offline under the flood of requests pretty fast.

However, the attack also affected AFACT’s hoster, a company called Netregistry, which offers similar services to many Australian businesses and government agencies. “A DDoS attack began to take place at approximately 8:30AM AEST, with a group of hackers attacking the firewall by flooding it with connections attempting to take down all servers.

“They had achieved success in disabling all access to some of the client facing services behind the firewall,” an announcement posted on the company’s website, reads.

The hosting provider summed up the damage by saying that “Websites running on the Zeus cluster (PHP clients not utilising Apache) experienced timeouts, webmail connections experienced timeouts and some other errors [and] access to TheConsole [control panel] was slow to none.”

According to Panda Security, which monitored most attacks since Operation Payback started, afact.org.au suffered three separate service interruptions and a total downtime of 4 hours and 27 minutes.

Credit: Softpedia.com News

Members of the Anonymous group, who have recently attacked the ACS:Law website, have now published a database containing the company’s emails on the Internet.

Anonymous is currently leading a Distributed Denial of Service (DDoS) campaign dubbed “Operation Payback” against film and recording industry organizations, as well as other associated outfits. The DDoS campaign was started by members of the 4chan image board in retaliation to the actions of an Indian company paid by film studios to harass torrent sites.

The first attack was launched against mpaa.org, the website of the Motion Picture Association of America, but after almost 24 hours of downtime, the target was switched to riaa.com (the Recording Industry Association of America). IFPI.org (the International Federation of the Phonographic Industry) was also hit and taken offline at about the same time, but this might have been caused by individuals acting on their own.

A similar attack was scheduled against bpi.co.uk (the British Phonographic Industry), but failed after the IRC channel used by the attackers to coordinate was hacked.

The latest targets are ACS:Law and Davenport Lyons, two UK-based law firms, that sent letters to thousands of alleged file sharers asking for money to avoid legal action.

Following an attack against ACS:Law’s website on Tuesday, the firm’s head Andrew Crossley, told The Register: “Big whoop. It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish.”

Several security experts warned afterwards that it’s not wise to mock Anonymous, a very determined group, which doesn’t hold back from using illegal means to harass organizations. And it looks like they were right.

A torrent uploaded yesterday evening on The Pirate Bay is called “ACS-Law leaked emails” and contains a 365 MB .rar archive with what seems to be a backup of all of the company’s mailboxes.

“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” Anonymous leaders are quoted as saying by Panda Security.

Today will mark one week of continuous Anonymous-coordinated DDoS attacks, which so far affected the websites of the Motion Picture Association of America (MPAA), Recording Industry Association of America (RIAA), the International Federation of the Phonographic Industry (IFPI), the British Phonographic Industry (BPI) and the Dutch Bescherming Rechten Entertainment Industrie Nederland (BREIN).

It all started after an Indian company called Aiplex Software, paid by local and international film studios to take links of copyrighted material off the Internet, openly admitted to DDoSing torrent sites.

Credit: Softpedia.com News

Members of the notorious 4chan image board have launched a coordinated a Distributed Denial of Service (DDoS) attack against mpaa.org, the website of the Motion Picture Association of America. The attack began at 9:00 PM EST and is still ongoing. It only took eight minutes for the MPAA website to go down.

According to an announcement posted on the Internet, 4chan members consider this a retaliation against film studios who paid an Indian company called Aiplex Software to attack torrent websites in a similar manner.

Last week, Aiplex’s managing director boasted in the media that when websites refuse to respond to DMCA takedown notices sent by his company, on behalf of local and international film studios, his team resorts to DDoS.

“[…] We flood the website with lakhs [hundred of thousands] of requests, which results in database error, causing denial of service as each server has a fixed bandwidth capacity,” he said.

Aiplex was the original target in 4chan’s attack plans, but it was replaced with MPAA at the last moment, because the Indian company’s website was hit and taken down ahead of schedule by someone else.

“Rejoice, /b/rothers, even if it was at the hands of a single anon that it was done, even if ahead of schedule. Now we have our lasers primed, but what do we target now? We target the bastard group that has thus far led this charge against our websites, like The Pirate Bay. We target MPAA.ORG!” the 4chan announcement said.

Instructions regarding what programs to use in the attack, where to get them from and what IP address to target were also included.

4chan is a popular image board that served as birthplace for numerous Internet memes. Its members have repeatedly proven that they can band together to harass organizations or individuals in numerous ways.

Credit: Softpedia.com News

Security researchers warn that multiple spam campaigns detected on Twitter over the weekend target users via replies on topics they employed in recent tweets. Most malicious links spread in this way lead to websites pushing DDoS-capable trojans controlled from Muslim countries.

British antivirus vendor Sophos warned on Saturday that phishing and malware-distribution attacks on Twitter were using the recent international debate concerning the Israeli blockade on Gaza as lure to trap sympathizers on both sides of the fence. Many of these spams pushed a dangerous trojan known as Bifrost, which, amongst other things, can be used to install additional malicious code remotely.

Chester Wisniewski, a security expert with SophosLabs Canada, announced today that Twitter malware-pushing attacks had since intensified in frequency. The spammers use a wide array of techniques, from linking directly to malware, to sending visitors to Web pages riddled with exploits or infected PDF documents.

“Unlike previous Twitter bots that follow many hundreds of users in the hopes that they will follow back, these bots are @ replying to people on topics they are using in their tweets. If you talk about Obama, they @ reply you with a message about Obama and a malicious link,” Wisniewski explains. “What surprises me is the range of exploits and malware being used. I have detected plain old trojans that expect you to install them, malicious Java code targeting vulnerabilities from the past year, malicious JavaScript redirects and poisoned document files,” he adds.

The researcher speculates that many of these attacks might be attempts from Gaza sympathizers to build botnets for Distributed Denial of Service (DDoS) purposes. This is because five of six malware samples distributed by these latest spam campaigns have command and control servers in Muslim countries like Morocco or Saudi Arabia. In addition, the fact that all samples are variants from the same malware family and all C&C servers are using the no-ip.biz DynDNS provider further suggest a connection between them.

One good piece of news is that spammers made no effort to obfuscate the malicious links via a URL shortening service. This should considerably make it easier for Twitter to block the attacks and identify the offending tweets that were already posted.

Credit: Softpedia.com News

Hackers have begun using compromised servers instead of client PCs to launch more powerful denial of service attacks. Hundreds of web servers are infected with a DoS application that transforms them into zombie drones, according to database security firm Imperva. These zombie servers are controlled using a simple web application, consisting of just 90 lines of PHP code.

Servers are harder to compromise than desktop PCs, which can potentially be compromised as easily as tricking a user into opening a maliciously constructed email or visiting a dodgy website. However once compromised servers offer more horsepower and, typically, fatter pipes for throwing out spurious traffic.

Attacks launched from web servers may also be more difficult to detect. “Trace backs typically lead to a lone server at a random hosting company,” Imperva warns.

Amichai Shulman, Imperva’s CTO, claims denial of service attacks from compromised servers are ongoing. “Now that a network of server bots has been created, it will be quite easy for them to ‘rent’ them out or increase their activity,” he said. “Companies should regularly monitor their Google presence to look for evidence of being compromised.”

Credit: The Register

Ubisoft has confirmed its rights management servers were hit by a fierce DDoS attack over the weekend that left some customers unable to play its games for much of Sunday.

The attack is an apparent protest at controversial new DRM controls by the video game publisher which mean customers have to be online in order to play its latest PC games such as Assassin’s Creed II and Silent Hunter 5.

The introduction of so-called Online Services Platform technology last month means it’s impossible to play a game without an internet connection or save progress while playing a game if an internet connection is lost. The controls, designed to combat piracy, have sparked much negative comment in the gamer community and apparently inspired action by hacktivists over the weekend that curtailed gameplay for some.

“Apologies to anyone who couldn’t play ACII or SH5 yesterday,” Ubisoft said in a post. to its official Twitter account on Monday. “Servers were attacked which limited service from 2:30pm to 9pm Paris time.”

“95 per cent of players were not affected, but a small group of players attempting to open a game session did receive denial of service errors,” it added in a later update.

Meanwhile Ubisoft’s much criticised controls have been broken by software hackers. A hacker group called Skid-Row managed to bypass DRM restrictions on Silent Hunter 5 less than 24 hours after the game was published.

Credit: The Register

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.

Broadband service has now been restored, a spokesman said, but customers are unable to call customer service because the firm’s phone system was also crippled by the attack.

“As a result of a major denial of service attack on our network we suffered a severe outage between 1am and 12.30pm Friday January 8,” Vispa commercial director Adam Binks said.

“All services have now been restored except for our phone system which has been affected as part of the problem. We are currently working with suppliers to have the main numbers diverted to other lines within the office but expect to restore the system by the end of today.”

DDOS attacks on British ISPs apparently from inside former Soviet bloc countries are common, but it is rare for them to have such a paralysing effect.

Vispa apologised to customers for the outage and said it was “taking measures to prevent such an attack happening in the future”.

Credit: The Register