Advertisements

How Your DVR was Hijacked to Help Epic Cyberattack

The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.

“The complexity of this attack is because it’s so distributed. It’s coming from tens of millions of source IP addresses that are globally distributed around the world. What they’re doing is moving around the world with each attack.”

An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy. How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.

Dyn, a provider of Internet management for multiple companies, was hit with a large-scale distributed denial of service attack (DDoS), in which its servers were flooded with millions of fake requests for information, so many that they could no longer respond to real ones and crashed under the weight.

[Read the full story here, at USAToday]

Who orchestrated the attack is still unknown. But how they did it — by enslaving ordinary household electronic devices such as DVRs, routers and digital closed-circuit cameras —is established.

The attackers created a digital army of co-opted robot networks, a “botnet,” that spewed millions of nonsense messages at Dyn’s servers. Like a firehose, they could direct it at will, knocking out the servers, turning down the flow and then hitting it full blast once again.

The specific weapon? An easy-to-use botnet-creating software called Mirai that requires little technical expertise. An unknown person released it to the hacker underground earlier this month, and security experts immediately warned it might come into more general use.

Mirai insinuates itself into household devices without the owner’s knowledge, using them as platforms to send the sever-clogging messages even as the device continues to do its day job for its true owner. Read the rest of this entry »

Advertisements

DDoS Attacks are Getting Much More Powerful and the Pentagon is Scrambling for Solutions

Industry reports are out that show the number of DDoS attacks is trending upward, even hitting new highs.

 reports: No wonder the Pentagon has announced it’s working on a plan to fund tools and researchers to help organizations defend themselves against the pervasive threat of cyber assaults known as distributed denial-of-service (DDoS) attacks.

“The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter. Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.”

— John Summers, vice president of Akamai’s cloud security business unit

In recent days, the agency said it’s looking to fund researchers who can come up with tools as part of a program starting next April that would, among other things, help organizations recover from DDoS attacks in a maximum of 10 seconds. And the acknowledgement of that hunt for researchers for the program, called Extreme DDoS Defense, arguably comes not a moment too soon.

A few new industry reports are out that show the number of DDoS attacks is trending upward, even hitting new highs. Their provenance and targets take many forms – from organized, malicious hackers targeting sophisticated organizations to more isolated incidents where, experts say, the intent is to just find a weakness somewhere, anywhere. But the result is a kind of cyber blitz that’s growing in number and aggressiveness.

Hackers published two million passwords online, security experts have said (Picture: Alphaspirit/Getty)

Hackers published two million passwords online, security experts have said (Picture: Alphaspirit/Getty)

New York Magazine was among those organizations recently hit by a DDoS attack, and at a critical moment. After publishing the blockbuster results of an interview with 35 women who’ve accused Bill Cosby of sexually assaulting them, the magazine’s website was knocked offline by what appeared to be a DDoS attack.

Attacks like those, said Incapsula co-founder Marc Gaffan, are not only on the rise but “have essentially been going up for the last two years, quarter over quarter.”

[Read the full story here, at BGR]

His company is a cloud-based application delivery service. According to another cloud services provider, Akamai Technologies, DDoS attacks were up 132% in the second quarter compared to the same period in 2014. Read the rest of this entry »


Chinese Internet Censorship in One Chart


Trove of China Rail Riders’ Personal Data Leaked Online

china-rail

The Chinese company didn’t confirm the number of travelers affected, but computer security monitoring websites estimated the hack revealed the details of more than 130,000 passengers

’Tis the season, it seems, for unwanted disclosures.

Personal data of travelers on the world’s most populous nation have been illegally leaked into the public domain – right at the start of the ticket-buying rush ahead of China’s massive Lunar New Year migration in February.

User names, passwords and email addresses of train riders in China were stolen from an official railway ticket sales website, www.12306.cn, and are now circulating on the Internet, China Railway Corp. said in a Christmas Day statement on its official microblog. The state rail company blamed the leak on third-party software used by travelers trying to beat online queues. Those who provide the software say it can help users leapfrog others in making online purchases. Read the rest of this entry »


“This is just warming up Russian pig!”

The website Kremlin.ru, the page of the office of Russian Federation President Vladimir Putin's government, was taken offline this morning by a distributed denial of service attack.

The website Kremlin.ru, the page of the office of Russian Federation President Vladimir Putin’s government, was taken offline this morning by a distributed denial of service attack.

Kremlin gets DDoS’d by Anonymous Caucasus

For Ars Technica reports: In the latest round of a wave of cyberattacks on Russian targets, the official websites of the Russian Federation’s president and central bank were taken offline this morning in what the Kremlin’s press office called a “serious DDoS attack.” The attack also targeted “a number of other Web portals,” according to the Kremlin statement. The sites are back online for most users, but the attack is still ongoing.

Read the rest of this entry »