Category Archives: DDOS

09/2/11

History of DOS -Denial of Service Attack

 

 

 

History of DDoS – Distributed Denial of Service -

Information provided by -Richard Stiennon Chief Research Analyst
IT-Harves - Surviving Cyber War on Amazon! Cyber Defense: Countering Targeted Attacks

Details

Victoria Secrets Self Inflicted DDoS

It was also a demonstration of an inherent weakness of the Internet Architectures employed to serve up data. So Many people attempted to view the Victoria Secrets models strut down the runway that the server failed and crashed.

Victoria’s Secret case could be considered friendly fire

Defining Moments in the development of DDoS as a weapon

Barett Lynon

Worked IT company who had a client that needed up-to-date sports info

The client in the business of gathering and disseminating sports information. They provided the up to the minute data used by Las Vegas casino in the book making operation where gamblers place bets on games scores and even detailed performance of individual athletes. Having reliable Internet access was critical to them. Agents in the field would report every detail of even amateur sports events. Every pitch, every play would be reported by an army of sports data specialist. These results would be displayed on the big board within the casino where gamblers could bet on any aspect of the game.

Gather and Disseminate

Online Gambling

First threat-encryption ransom

Received a threatening email, written convincingly in broken English, information them that hackers had infiltrated their system and encrypted their database of sport information, demanding that they pay thousands to obtain the key to decrypt the data.

Backing up data and had no problem at all just restoring the critical information.

Lyon re-design architect to resist 2nd threat of DDoS, which duly came.

Barrett helped his client quickly bolster their defensive posture. The key was to have robust web servers, gateway devices that could filter attacks, and lots and lots of available bandwidth. Within days the hacker did indeed attempt a DoS attack:and ,thanks to Barretts new architecture, the attack was thwarted.

reputation grew

began to get request from a very specific niche industry: online gaming sites

2003 there was some question about the legality of gambling online

There were dozen of companies providing such services, most of them hosted off shore in the caribbean or in Costa Rica

lucrative

One small operations consisted of tele-operators and a closet of servers in an office in Costa Rica claimed to do $2 billion in annual revenue.

Being down for an even a day meant in lost revenue

BGP routing protocol

naked under the belly of the Internet

On 2/24/2008 an engineer at an ISP in Pakistan removed YouTube from the Internet. He did this in response to a government decree. His intention was to follow the letter of the law and block access to YouTube

He Choose to do this by playing with the protocol

Packets on the Internet flow through routers. These routers maintain a list of routers based on blocks of IP addresses. When a packet is received the router reads its intended destination, looks it up in a big table and forwards it to the next router. Where does that router get that big lookup table? From other routers, of course. The protocol used to transmit those route tables is Border Gateway Protocol (BGP)

BGP to announce which IP addresses it controls to the rest of the routers on the internet

The engineer at PIENet loaded a new route into his router that said the small block address that contained the IP address of YouTube.com were controlled by him.

The results was almost instantaneous. His upstream provider in Hong Kong picked up on the new route and broadcasted it to the world. Most routers treated those routes as authoritative because they were more granular than those announced by Google. Every attempt to watch YouTube video was routed from anywhere in the world to the small ISP in Pakistan

Those request were so numerous that it flooded the link to Pakistan to such an extent that Pakistan was effectively knocked off the Internet as well.

content delivery gave a person access to the backbone of the network to fix this is-scary

de-central

the Internet is a marvel of self organization with many components that work seamlessly on top of each other

layered architecture

Web servers, layers of protocols, social networks, and routing infrastructure, all work together to provide a communication, business and social platform that is fueling changes in society and the world of commerce. But those underlying components were designed and deployed before today threats were apparent

weak link in Internet Architect

This weak link is well known by aggressors but has not been exploited in overt malicious acts. YET

attackers have recognized and attacked-China diverted 15% of all Internet traffic in 2008

Issues

What

Hacktivist use DDoS to shut down the servers and networks of political, religious and corporate organizations.

Nations in conflict use crowd source denial of service attacks to shut off access to critical sites in a show of force but also to silence a vocal critical protesters and dissidents with a revolution.

Why

Criminals attempt to extort cash payment from their target with the threat of shutting down their business.

Small business have been knows to hire botnets, collections of compromised computers to shut down a competitor.

Who

Hacktivist

Nations

Cyber criminals

Small Businesses

Achilles heel of web infrastructure DNS

attackers have recognized and attacked-China diverted 15% of all Internet traffic in 2008

what it does

The Internet is based on protocols that use source and destination packets to route traffic. When a web address, a URL, is entered into a web browser it has to translate www.yahoo.com to the IP 72.4.7.288.221, its IP address, before packets can be exchange and a visitor can see a web page

The DNS is a layer of servers all over the world that provide that function.

DNS Details

There are multiple tiers to DNS. The top level domains (TLD) are .com, .net, .gov, .edu, and the many country codes such as ee. for Estonia. Each top level domain is controlled by different organization. When you type in www.uscyberlabs.com in the URL windows you generate a request to the .com TLD server (hosted by Verisign in over 400 data centers around the world) . That server replies with the IP address of the server that is responsible for keeping track of all of the IP address associated with the uscyberlabs.com domain.

owner of the site may not own the DNS server that provides that critical information

In other words , an attacker could target the DNS server and effectively take down the web site. The problem is compounded because a DNS server often provides name services for hundreds, even thousand os separate domains.

helped some other online stores to prevent DNS attacks at Christmas

The problem is compounded because a DNS server often provides name services for hundreds, even thousand os separate domains.

Why does it Work

Ping Flood

The earliest denial of service attack was a ping flood. Anyone with a fast computer running Unix could execute a simple command that would generate a ping packets, small one-way communication used by the network monitoring product to check if a host is still responding-(PING)-to completely tie up the resources of the target computer or even completely clog its network connection. Ping floods are simple to defend against. A single rule in a router or firewall between the attacker and the target can block all pings.

This is an attack because no one though anyone would do that (PING)

easily dispatched with single firewall rule

Syn Attack

harder to stop since basis of many legit protocols

An attacker simply sends millions of SYN packets which tie up the server to the point where it cannot accept any more connections

have to block based on source, not service

once again, just block all traffic from specific IP address. Today most firewalls are capable of intercepting SYN requests

This is a dynamic rule

Bot Approach

many IP addresses

boils down to dueling bandwidths

also crowd-sourcing - Anonymous – LulzSec 

static rule blocking service request

2000: Denial-of-service and distributed denial-of-service attacks

Canadian hacker MafiaBoy launched a distributed denial-of-service attack that took down several high-profile Web sites, including Amazon, CNN and Yahoo!

A D(D)oS attack makes a computer resource, often a website, unavailable to its intended users. A common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable

uscyberlabs - el gatoMalo

gAtOmAlO -O’CoNnELL

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
06/15/11

U.S. Grills China About Cyber Attacks — InformationWeek

Chinese IP addresses have been implicated in numerous, recent distributed denial of service attacks, which top State Department officials see as a human rights issue.

In another sign that the United States government is concerned with the threat of cyber attacks originating from China, a top State Department official recently raised the case of a hacked U.S. political site directly with the Chinese Ministry of Foreign Affairs, according to a letter released by the political group Change.org.

The site, which offers tools for online political campaigns, began to be victimized by distributed denial of service (DDOS) attacks in mid April, soon after it carried a petition for China to release Chinese artist Ai Weiwi, who helped design the centerpiece of the 2008 Summer Olympics, the “Bird’s Nest” National Stadium, and who was imprisoned earlier this year in the midst of a Chinese crackdown on political dissent.

The attacks raised the ire of congressional leadership, as both House minority leader Nancy Pelosi, D-Calif., and Rep. Rosa DeLauro, D-Conn., condemned the attacks and called on the State Department to take action and bring the hackers to justice.

In response, the State Department not only condemned DDOS attacks, like the one Change.org experienced, that are “designed to stifle free speech on the net,” but also raised the issue directly with the Chinese Ministry of Foreign Affairs in late April, according to a letter from the State Department to Rep. DeLauro that was released by Change.org. The letter indicates that deputy assistant secretary of state Dan Baker raised the issue of the attack with the Chinese government during a dialogue on human rights.

“The Department will continue to press China on the importance of an open and unrestricted Internet,” says the letter, written by acting assistant secretary of state for legislative affairs Joseph Macmanus. “As part of the State Department’s Internet freedom initiative, we support efforts to protect groups and individuals from such attacks.”

The attack is only one of a number of recent attacks said to originate from China. Google in late Mayannounced that hundreds of its Gmail users, including senior U.S. officials, had been the targets of a spear-phishing campaign that originated in China. A February attack on the G-20 was similarly traced to Chinese IP addresses, and China has also been reportedly eyed in recent attacks on the International Monetary Fund. Leaked State Department cables indicate that the Chinese have been attacking U.S. government agencies and companies since at least 2002.

via U.S. Grills China About Cyber Attacks — InformationWeek.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/13/11

Interop: Cyberwar test runs yield information about defenses

Cyber warfare strategy is getting so sophisticated that network attacks suitable for major assaults are being used instead as trial runs meant solely to probe enemies with the aim of figuring out what their defenses are, an audience at an Interop security talk was told.

A distributed denial of service (DDoS) attack against South Korea earlier this year was delivered from a multilayered botnet that persisted for 10 days then halted with command and control servers flushing the bot software out of the zombie machines, according to Brian Contos, director of global security strategy for McAfee

The attack — McAfee called it 10 Days of Rain — came from a difficult to take down, multi-tiered botnet set up by North Korea, he says. Then the botnet suddenly stopped its attack and deleted itself from the systems it had taken over.

via Interop: Cyberwar test runs yield information about defenses.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/12/11

DDoS Attacks by Contract on Sharp Rise

As I monitor these news articles N. Korea comes into the China picture. I will now add Korea Cyber information into the mix. -vet4life

The Korea Internet & Security Agency (KISA) has found that DDoS attacks from China, which are presumed to be made by contract, are on a sharp rise.

“Existing DDoS attacks stopped when the hackers received money from the site after attacking a site three or four times,” said an employee of the KISA. “Contract DDoS attacks, however, continue in the form of a long-term cyber battle until the demand of the client is met.”

The Lineage Community P Site, an online café for a popular online game, was attacked via an IP from China for four days last month. “We received an email which threatens to continue DDoS attacks from an intimidator presumed to be a Chinese hacker unless we stop advertizing a specific company,” said a manager of the site. “We are at a loss as we can neither stop the advertisement for keeping the site alive nor become a target of DDoS attacks.”

The cost of instigating Chinese hackers to launch DDoS attacks varies depending on the size of a target site. But it is not so high, generally ranged from several hundred of thousands won to several millions, which has increased such cyber attacks by Chinese hackers who are hired by those who want to disturb business of their rivals or bear a grudge.

via ???? IT??? ??! ????.

–  http://english.etnews.co.kr/news/detail.html?id=201105110008

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
05/9/11

Change.org victim of DDoS attack from China

Change.org, an online petitioning platform, has come under an ongoing distributed denial of service (DDoS) attack originating from China after the site hosted a call urging Chinese authorities to release artist Ai Weiwei from custody.

The attacks, which started late Sunday, have nearly brought down the site, according to Change.org founder Ben Rattray.

DDoS attacks work by using hundreds or thousands of hacked computers to send traffic to a website, overwhelming it with data so it becomes inaccessible to normal users.

ROUNDUP: The DDoS Hall of Shame

Related Content

PayPal CISO: DDoS one big security threat among many

WordPress: DDoS attacks came from China

Has progress been made in fighting DDoS attacks?

Cisco and NSS Labs still arguing firewall vulnerability test results

View more related content

Get Daily News by Email

Change.org said the current attack originates from an expanding group of computers primarily based in China, and has yet to stop. This is the first time the site has been hit with a DDoS attack.

Change.org has been hosting a online petition calling for the release of Chinese artist Ai Weiwei, who is currently under arrest. The petition has attracted almost 100,000 people from 175 countries, making it one of Change.org’s most successful international campaigns, Rattray said.

“It’s pretty clear the attack is in response to the campaign,” he added. “It’s extraordinary that somebody in China with a high-level of technical sophistication can impact the ability for people around the world to organize.”

The online call coincided with demonstrations across the world this past Sunday, which also called for the artist’s release. Ai, who is also known for his activism, has been detained as part of a Chinese government crackdown on political dissidents in the country.

Authorities in the country have arrested other human rights activists and clamped down on the information flow, following previous online postings that began in February calling for a “Jasmine revolution” against the Chinese government.

Change.org is currently blocked in China. Internet censors in the country regularly block sites that are deemed to politically sensitive.

Despite the block, the computers involved in the DDoS attack are managing to find a way around the country’s national Internet firewall, said Rattray.

In the past, other sites have been the victims of cyber attacks coming from China. This March, blog publishing platform WordPress.com also reported being hit with a DDoS attack originating from China.

Chinese hackers have also allegedly launched cyber attacks to steal data from foreign energy accompanies, according to security vendor McAfee. In 2009, Google was also the victim of an attack originating from China that was aimed at accessing the Gmail accounts of human rights activists

The Chinese government has previously responded to these reports by denying it is involved in any cyberattacks, adding that China has also been a victim of hacking attempts.

The true source of DDoS attacks is often unclear. Although Change.org has traced the current attack to servers in China, it is also possible the computers are under the control of hackers based in another country.

Change.org reports that both the FBI and U.S. State Department are looking into the DDoS attack.

“We won’t stop or take down anything because of this DDoS attack,” Rattray said. “We believe in the fundamental right of the people to organize around issues they care about it.”

via Change.org victim of DDoS attack from China.

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit