September 2, 2014

In brief: Callcentric hit by malicious series of DDoS attack

(LiveHacking.Com) – Callcentric, a VoIP Internet phone service, has sent an email to its subscribers telling them about a malicious series of DDoS attacks which have been launched against the service. The company are treating the attacks as a Direct Criminal Act with clear malicious intent. This is based on the persistent, aggressive, and evolving nature of attacks. The company has been in direct contact with the FBI and FCC to report the matter and to prompt and an investigation.

According to the email, the attacks are targeting Callcentric’s SIP Servers:

  • As a result of these attacks, users may experience drops in system registration, which can ultimately lead to inconsistent inbound/outbound calling results.
  • Customer’s using “Call Forwarding” to temporarily route their inbound calls to a 3rd party number (SIP URI, Cellphone, PSTN line, etc.) should not experience difficulty in receiving calls.

“We can appreciate and share in everyone’s frustration regarding these malicious attacks and we continue to work around the clock to deploy software\hardware updates and upgrades in effort to mitigate against them,” said Callcentric. “At Callcentric we have always been and remain committed to providing great value, reliable service, and putting our customer’s first. Once this matter has been fully resolved our corporate management team will be performing a complete review and we will work to provide a fair resolution to address any inconvenience that our customers’ have experienced resulting from these attacks.”

Denial of Service attacks reach 150 gigabits per second, higher rates expected

(LiveHacking.Com) – Alex Caro the Chief Technology Officer for Akamai Technologies has told ZDNet that the company has seen Denial of Service attacks which have reached 150 gigabits per second. This is in line with a growing trend for hackers to use DoS as a means to disrupt a websites for ideological, political or commercial reasons. From 2010 to 2011 Akamai saw the number of DDoS attacks against their customers double. This trend is expected to continue in 2012 and 2013.

Akamai’s experiences are similar to those of others in the security industry. According to a hacker forum study, which security vendor Imperva carried out last year, 22% of discussions focused on DoS, slightly higher than SQL injection which accounted for 19% of all discussions. In its Hacker Intelligence Initiative, Monthly Trend Report #12 the company reveals that hackers are now favoring DoS attacks aimed at the Web application layer (rather than at the IP and TCP layers) as these types of attacks decrease costs and are harder to detect.

Distributed Denial of Service attacks, which split the attack load among many machines simultaneously, are being used most to get the public’s and media’s attention. Such attacks are usually accompanied by announcements that reveal the reasons (ideological etc) behind the attack. However DDoS attacks are not limited to hacktivists. DDoS attacks have been used to disrupt businesses for monetary gain including blackmailing a company to pay a ransom other wise the site will be attacked.

The good news is that companies like Akamai seem able (at the moment) to absorb this malicious data.

“Today, we’re probably serving eight, maybe ten terabits per second of traffic at peak, so a 150 gigabit per second denial of service attack is actually fairly small when all is said and done,” said Caro.

Anonymous Moves Against Multiple UK Government Websites with DDoS Attack

(LiveHacking.Com) – The hacker group Anonymous has attacked three UK government websites, including the Prime Minister’s site, in a protest about the extradition of British citizens to the USA and about a proposed new law to increase the surveillance powers of the British state. The so-called hacktivists disrupted traffic  through a series of distributed denial of service (DDoS) attacks, designed to take the websites offline by flooding them with more traffic than they can handle. The sites attacked were homeoffice.gov.uk (Home Office), number10.gov.uk (Prime Minister’s Office) and justice.gov.uk (Ministry of Justice). By Sunday morning all the sites appeared to be functioning normally again.

It appears that the attacks were in response to a proposed new law would allow the British government to conduct some trials in secret and allow authorities to track the phone calls, emails, text messages and online activity of everyone in the country.

The group took credit for the attack in a series of tweets  (herehere and here) which specifically mention the UK’s proposed “draconian surveillance proposals” and “derogation of civil rights.”

The attack could be considered as quite courageous, especially in light of recent efforts by global law enforcement agencies to crackdown on the group’s cyber protests. Sophos noted on its blog that “other hacktivists who have launched DDoS attacks against websites belonging to British authorities have been arrested in recent history, and are currently facing trial.”

In a separate attack,  the group targeted the website of the US House of Representatives but failed to prevent access.

DDoS Attack Tool Comes to Android

(LiveHacking.Com) – McAfree has reported that the common Low Orbit Ion Cannon (LOIC) denial of service (DoS) tool has been ported to Android. ‘Ported’ might be too strong of a word as this mobile device version is in fact a wrapper around the Javascript version. Nonetheless, this is an interesting advancement in the ubiquity of hacking tools.

Hacktivism (hacking as political or social protest) is becoming increasingly popular with groups like Anonymous using hacking tools to launch distributed denial of service attacks on organizations all over the world. LOIC, one such tool used by the hackers, was originally developed to stress-test websites, however it has now been effectively used by hackers to take websites offline by sending a flood of TCP/UDP packets which overwhelms the server and makes it inaccessible.

Originally written in C#, LOIC inspired the creation of an independent JavaScript version. This version allowed a DoS attacked to be launched from a web browser. In conjunction with PasteHTML, which allows anyone to post HTML onto the web anonymously (no pun intended), and the free AppsGeyser service, which converts web pages into an App, an Android App has been created which encapsulates the Javascript version of LOIC in an Android app. Specifically, the version spotted by McAfee, targets the Argentinian government, but theoretically an Android app can be created to attack any web site. When the app is launched a WebView component is used to run the JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters.

“Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools,” wrote Carlos Castillo for McAfee.

Two Days of DDoS Attacks Affect Hong Kong Stock Exchange News Web Site

(LiveHacking.Com) - The web server used by the Hong Kong Stock Exchange to post company announcements has come under two days of denial of service attacks. This has resulted in changes to the way the exchange makes important company announcements, including quarterly and yearly financial results, available to the exchange members.

The hkexnews.hk site, where Hong Kong-listed companies such as HSBC bank and Cathay Pacific airline post their announcements, to comply with disclosure requirements, came under attack on Wednesday. The exchange then implemented a filter mechanism to fend off further attacks. On Thursday Hong Kong Exchanges and Clearing Limited (HKEx) said it is still observing malicious traffic attempting to access the HKExnews website and is continually adjusting and strengthening the filter mechanism.

In a statement, Hong Kong Exchanges said “In the course of the investigation, it was determined that a mixture of attacking techniques had been deployed to intentionally interrupt the operation of the HKExnews website. The malicious traffic originated from a network of personal computers, the majority of which were based outside Hong Kong.”

As a result of these attacks the HKEx has adopted a number of measures to ensure that investors have timely access to announcements by issuers.

These measures include a bulletin board service that contains a list of all documents published by issuers, paid advertisements in selected local newspapers with a list of companies which plan to release results announcements and email summaries of the notices of announcements published on the Bulletin Board.

This DDoS highlights the dangers of the dependance on a single resource. To alleviate the risks in the future, HKEx will seek to implement a more decentralised model for investors’ access to company announcements.

Apache 2.2.19 Released: Security Update and Bug-fix

The Apache HTTP Server Project team released the new version 2.2.19 of the Apache HTTP Server (httpd).

This new version is a security update and bug-fix release to address CVE-2011-1928 and CVE-2011-0419 DoS vulnerabilities. This release also corrects a versioning incompatibility in 2.2.18 and it is a major release of the stable branch, and represents the best available version of Apache HTTP Server according to the project’s website.

The Apache 2.2.19 includes some new features such as Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.

This new release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.3.12, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs.

Apache HTTP Server 2.2.19 is available for download here.

 

WordPress.com Targeted in Largest Denial of Service Attack in its History

Yesterday WordPress.com was targeted by an extremely large Distributed Denial of Service attack (DDoS) which resulted in disruptions to the service for about two hours. According to the WordPress.com status page the “size of the attack is multiple Gigabits per second and tens of millions of packets per second.”

There is no news yet on who launched the attack and for what reason. TechCrunch spoke to WordPress’ founder Matt Mullenweg, “This is the largest and most sustained attack we’ve seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet.”

WordPress.com is the commercial side of the popular open source WordPress blogging platform. Its VIP Hosting solutions serve blogs like CNN’s Political Ticker, Dow Jones’ All Things D and the BBC’s Top Gear. WordPress.com itself sees about 300 million unique visits monthly.

WordPress.com is currently reporting normal service on its site and on its Twitter feed, but continues to monitor the situation closely.

DDoS Assault on PayPal Website

Pandalabs blog has reported about a DDoS assault on PayPal website by an anonymous group.

Apparently the site came under a massive distributed denial of service (DDOS) attack by Operation : Payback group. This group is an anonymous, decentralized movement which fights against censorship and copywrong with reference to its website.