Items tagged with DDoS

It's hard to argue that "Internet of Things" (IoT) devices can enrich our lives. From making it easier to moderate temperature in our homes to securing them, IoT is going to be a big part of our future. Unfortunately, that does lead to one problem: as more and more devices get rolled out, the inevitability is that we're going to encounter more and more vulnerabilities. Once such example is with security cameras, of which security firm Incapsula estimates there are 245 million operating around the world. This isn't the first time vulnerabilities have been discovered with such cameras. Back in 2013, TRENDnet came under fire from the FTC for selling security cameras that forgot to include the "secure"... Read more...
If you have an Android smartphone running on AT&T or Verizon’s wireless network, you could be at the mercy of hackers according to a new advisory posted to the Carnegie Mellon University CERT database. The vulnerability, which was discovered by a group of South Korean researchers, targets LTE wireless networks. LTE uses packet switching instead of older circuit switching to transfer data back and forth over the Internet. The researchers say that the new packet switching allows malicious parties to use the SIP protocol to enable a new generation of attack vectors via wireless networks.  The researchers say that if exploited, denial of service attacks can be carried out on a wireless network... Read more...
If we may impart some words of wisdom to our younger readers out there, it's to choose your role models carefully. It's a piece of advice that comes too late for half a dozen teenagers living in the U.K. who were arrested as part of a sting operation targeting users of hacking group Lizard Squad's Lizard Stresser tool. The Lizard Stresser tool is a piece of software that aids with Distributed Denial of Service (DDoS) attacks. These attacks typically consist of numerous infected systems pinging a single target with the intent of overwhelming the victim's server. Those arrested for using the tool range in age from 15 to 18 years old. They're suspected of using it to target several different organizations,... Read more...
It's not often that we learn of a DDoS attack that can be sourced from mobile devices, but as it happens, it's something that's possible on iOS devices not running the latest 8.3 software. The bug isn't exclusive to iOS, however. Because the 'Darwin Nuke' flaw exists in the Darwin kernel, the desktop OS X is also affected. To be protected there, an upgrade to 10.10.3 is required. It's unfortunately not mentioned when this bug first surfaced, but Kaspersky notes that affected devices include the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Air 2, iPad mini 2, and iPad mini - in effect, iOS devices with a 64-bit processor. Exploiting the vulnerability isn't trivial, as it's quite specific.... Read more...
Think stealing hundreds of thousands of dollars from an enterprise organization is difficult? You might be surprised after learning about how the 'Dyre' malware that IBM has been tracking operates. Like most malware, Dyre needs to infect a PC in order to work. This can be done via a number of different methods, but email is the most common. Once someone takes the bait, the waiting game begins for a bank transfer to be made. If the thieves behind Dyre are lucky enough to infect an important PC, an error message will be displayed in the event that a bank transfer is initiated, complete with a phone number to call to initiate a manual transfer. There are a couple of interesting aspects to this:... Read more...
While so many of us were getting our college basketball on this weekend, Rutgers University was dealing with an entirely different kind of challenge in the form of a distributed denial-of-service (DDoS) attack. Triggered by the efforts of a malicious entity consisting of two or more people or bots, the intent of a DDoS is to indefinitely interrupt or suspend the services of a host connected to the Internet. The attack on the Rutgers computer networks apparently took place on Friday afternoon and originated in both China and Ukraine, according to NBC New York. In an email sent out Sunday to tens of thousands of Rutgers students at 2:30PM EST, approximately an hour after the university's website... Read more...
A mere two weeks after Google decided to pull the plug on Google Code, competitor GitHub is experiencing the "largest DDoS attack" in the site's history. While the company itself isn't coming out with it, Baidu acknowledges that a great deal of traffic is coming from China. On GitHub's site, we're told that the attack began on Thursday, and while a number of common attack vectors are being exploited, some new techniques have been brought in: namely, unsuspecting people are having their traffic rerouted and are in effect contributing to the attack. At this point, the blame points to China. GitHub has said that the goal of the attack is to convince the site to remove certain content, and The Wall... Read more...
It's starting to look like the Lizard Squad saga is slowly reaching its conclusion, as UK police recently arrested another person with direct ties to the group. That development, however, isn't too interesting today; everything now coming out as a result is quite revealing.Security researcher Brian Krebs has been following Lizard Squad's antics intimately since they began, which has led the group to target much angst against him (though mostly via comments about the size of his forehead). It's a little appropriate, then, that Krebs is the one who gets to break the news about the shoddy construction of the group's DDoS-for-hire service.Not long after the public launch of this service,... Read more...
Sony just hasn’t been able to catch a break for the past few months. The company was first the subject of a hack attack by Guardians of Peace (with perhaps an assist by Lizard Squad) and more recently fell victim to Lizard Squad’s Christmas Day attack on the PlayStation Network (and Microsoft’s competing Xbox Live). While it took Microsoft roughly a day to get its Xbox Live services restored, the PlayStation Network didn’t become fully operational again until late Saturday, December 27. “PlayStation Network is back online. As you probably know, PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic designed to disrupt connectivity... Read more...
The DDoS attacks that brought down Microsoft’s Xbox Live and Sony’s PlayStation Network on Christmas Day did not sit well with consumers. But while Kim Dotcom attempted to resolve the issue by giving members of Lizard Squad, the group responsible for the DDoS attacks and looking to profit from its DDoS tool, 3,000 lifetime premium Mega accounts, there are many who wish that the members would be caught. Well, it appears that UK Police took a member of the group into custody. British law enforcement agents arrested 22-year-old Vinnie Omari, a self-professed member of Lizard Squad, on Monday when officials raided his home. The raid was confirmed by Omari who spoke to the... Read more...
Lizard Squad has been in the news quite a bit during 2014, and never for a great reason. Just this past week, the so-called 'hacker' group took down both Microsoft's Xbox and Sony's PlayStation online services, and backed off to some extent when Internet legend and Mega founder Kim Dotdom intervened. Finally, after a handful of days offline, the services came back earlier this week.You might think that after causing that mess and putting a serious damper on many holidays, Lizard Squad would take a little break. I mean, at least until 2015? Nope! As 2014 comes to a close, the group has decided to unveil a service that will make any website or online service... Read more...
The group known as Lizard Squad has certainly been busy. Since last week, the group has taken down multiple MMO companies and various networks that include Sony’s PlayStation Network and Blizzard’s Battle.net. Now Twitch can be added in the long list of targets the group has brought down with its DDoS attacks. The DDoS attacks came the day after it was announced that Amazon had purchased Twitch for $970 million (Twitch is back up). On Tuesday, the day after the announcement, the servers went offline, preventing everyone from watching or streaming. Lizard Squad announced their attack on Twitch, just like it has with previous attacks, on its Twitter account stating, “RIP... Read more...
Update, 8/28 - 3:15PM - It looks like the account in question is actually restored and functional at this point. The group's last post was about two hours ago.  We reported earlier this week about a collective called Lizard Group that was not only causing some major hassles for certain MMO companies and its players, but also caused a flight carrying a Sony executive to ground due to a hint of a bomb being on board. While this all played out, Lizard Group kept everyone up to date through its Twitter account, which had no shortage of further threats and taunts. It seemed to take forever, but Twitter has finally taken action and closed down Lizard Group's account. Assuming that the group hasn't... Read more...
During the weekend the gaming industry has been suffering from a barrage of DDoS attacks. Blizzard’s Battle.net, League of Legends, and Sony’s PlayStation Network are just some of the games and services that have experienced unexpected downtime. However, it appears one hacker group is claiming responsibility for all of these attacks and more. A group called Lizard Squad has been claiming responsibility for bringing down Battle.net, League of Legends, NCSoft, and Sony’s PlayStation Network over the past week on its Twitter account. As of the posting of this article, the organization currently claims that it will be bringing down Microsoft’s Xbox Live service too.... Read more...
The Internet is as wide and wonderful as it is dark and dangerous. So many individuals and groups use it as a powerful platform for advocacy, raising awareness, disseminating “dangerous” (to tyrants) ideas, and more, but all too often those entities face threats from actors looking to censor them, knocking them offline using DDoS attacks. Cloud provider CloudFlare has unveiled something called Project Galileo that seeks to protect against those threats. “CloudFlare is partnering with NGOs and civil society groups to identify outlets for free-expression online,” reads the website. “Once identified, CloudFlare will extend our Enterprise-class DDoS protection to ensure... Read more...
As unfortunate as it is, DDoSing is as easy to pull off as it is frustrating. With enough computers at their disposal, anyone could force enough traffic to a website in order to take it down, and even massive services are not immune. A perfect example of this is ongoing, with popular social networking site Meetup. This is a site that's ranked in the top 500 globally, but despite that, it's been down more than it's been up since DDoS attacks began on Thursday. Here's what's interesting about this particular DDoS attack: Meetup could stop it for a mere $300. Given the fact that this site spends millions each year on its own security, $300 is a drop in the bucket, and in effect, the site's losing... Read more...
There was a moment there when the Snapchat guys were feeling pretty hot. Their mobile app was exploding in popularity, and Facebook practically begged to buy the service for a cool, but the company rejected the $1 billion offer--and then the $3 billion offer Facebook made thereafter. You could call it chutzpah or hubris, but hey, Mark Zuckerberg turned down insanely lucrative offers for Facebook when he was just a pup, and he went on to build an empire. So there’s some precedent there, but Snapchat probably wasn’t counting on the wildcard problem of being repeatedly hacked to smithereens, which doesn’t help much when you’re trying to grow your popularity. Credit: Jaime... Read more...
This weekend, Dropbox experienced an outage that lasted far too long. A wing of hacker collective Anonymous claimed credit for the outage, saying it performed a database hack, which turned out to be a hoax. However, the group maintained that it did hit Dropbox with a DDoS attack, which was timed to coincide with the site’s scheduled maintenance. Dropbox has strongly denied the hack, but it hasn’t said anything about the claim of a DDoS attack, which seems odd. The company has talked around it by carefully describing the post-mortem. “On Friday at 5:30 PM PT, we had a planned maintenance scheduled to upgrade the OS on some of our machines. During this process, the upgrade script... Read more...
For a moment there, it appeared as though popular cloud storage service Dropbox had been hacked, with the user database accessed and user emails being exposed. Two loosely affiliated wings of hacker collective Anonymous, AnonOpsKorea and The 1775 Sec, claimed credit, but the whole thing was just a hoax timed to coincide with scheduled Dropbox site maintenance. Credit: TechCrunch The two groups both claimed that they compromised the Dropbox website Friday evening and accessed the site’s database, but shortly thereafter Wesley McGrew of McGrew Security noted in a tweet that the emails in the supposed database leak matched something that’s been posted on Pastebin for over a month. In... Read more...
Google is not interested in suffering a distributed denial of service (DDoS) attack--although it’s hard to imagine such an attack being successful considering Google’s vast capabilities--and the company is bringing the same DDoS-thwarting technology it uses to protect itself to the masses with Project Shield. “Project Shield is an initiative to use Google's infrastructure to protect free expression online,” reads a Google blog post. “The service currently combines Google's DDoS mitigation technologies and Page Speed Service (PSS), which allow websites to serve their content through Google to be better protected from DDoS attacks.” DDoS attacks take down websites... Read more...
Orbit Downloader is a nifty tool. It’s a web browser file downloading add-on, and it lets users more easily manage their downloaded files, download embedded videos, speed up downloads, and more. Unfortunately, it’s also apparently now an effective tool for delivering Distributed Denial of Service (DDoS) attacks. The ESET security folks discovered an extra component in the Orbit Downloader code (specifically, “orbitdm.exe”) that sends an HTTP GET request to an Orbit server, and the server spits back two URLs. One points to a version of a Win32 PE DLL file that the software downloads without the user knowing, and the other “seems to generate a response via HTTP POST... Read more...
Of all the current Internet curiosities, Bitcoin is one of the most fascinating. The digital/virtual currency is decentralized, has no change fees, and no state oversight to speak of, and nobody seems to know exactly what to do with it even as it grows in popularity and value. Case in point: On Mt. Gox, a major Bitcoin trading site, the value of Bitcoin exploded from about $100 to $265 in less than a day. Before the day was out, however, the price dropped sharply to $200. A few hours hence saw the value bottom out at $125 and then bounce around from to $180 to $140. (Click to enlarge) Then, Mt. Gox got hit with a DDoS attack--or maybe not. According to Mt. Gox, it was a victim of its own success.... Read more...
Prev 1 2 3 Next