Articles about Ddos

Operator of DDoS protection service named as Mirai author

The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs. On his website this week, Krebs names a chap called Paras Jha, owner of a distributed denial-of-service …
Darren Pauli, 20 Jan 2017
id4_white_house_648

Trump inauguration DDoS protest is 'illegal', warn securobods

A software engineer is calling on netizens opposed to Donald Trump to visit the Whitehouse.gov site and overload it with traffic tomorrow. The call to mark inauguration day by "occupying" whitehouse.gov as a form of protest against Donald Trump’s presidency is likely to succeed only in getting participants into trouble, …
John Leyden, 19 Jan 2017

ProtonMail launches Tor hidden service to dodge totalitarian censorship

ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users. The move is designed to counter actions "by totalitarian governments around the world to cut off access to privacy tools" and the Swiss company specifically cited "recent events such as the …
zombie_648

Linux is part of the IoT security problem, dev tells Linux conference

The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's linux.conf.au see the Internet of Things. Presenting to the Security and Privacy miniconf at linux.conf.au, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention …
DDOS

3... 2...1... and 123-Reg hit by DDoSers. Again

Updated Just days into the new year, and poor old 123-Reg is already experiencing problems, this time in the form of a DDoS attack - something it is no stranger to. Customers have been in touch with El Reg to report their websites and email services have been down as a consequence of the attack. The outfit tweeted just over an hour …
Kat Hall, 06 Jan 2017

A year in infosec: Bears, botnets, breaches ... and elections

How often can we say that an IT blunder might have changed the course of world history? Hillary Clinton’s use of a private email server whilst serving as outgoing US President Barack Obama’s Secretary of State became a key element in the US presidential election this year. The FBI investigation around Clinton’s use of a …
John Leyden, 26 Dec 2016
Surpised man mobile phone photo by Shutterstock

Windows 10 nags, Dirty Cow, Microsoft's Linux man love: The Reg's big ones for 2016

Systems got bigger and more removed from ordinary mortals during 2016 as West Coast tech firms centralised more and more computing on server farms. Google, Facebook and Microsoft wanted us to slap on virtual reality goggles and ask artificial intelligences to serve our voice-activated commands. Cars, lorries and taxis minus …
Gavin Clarke, 22 Dec 2016
iot_internet_of_things

Why don't people secure their IoT gadgets? 'It's not my problem'

Canonical, maker of Ubuntu Linux and its Internet of Things variant, has discovered the obvious – that people cannot be trusted to secure their connected devices. Thibaut Rouffineau, evangelist for Ubuntu Core and the Internet of Things, admitted late last week that developers and IoT device makers know people seldom update …
Thomas Claburn, 20 Dec 2016
testing

Hack attack fear scares Canadian exam board away from online tests

Every year Ontario’s Education Quality and Accountability Office (EQAO) tests secondary school students in their literacy skills. This year it rolled out online tests and the results weren't good. In October the online pilot test of the Ontario Secondary School Literacy Test (OSSLT) was deployed and quickly fell over with its …
Iain Thomson, 17 Dec 2016
DDoS

DDoS in 2017: Strap yourself in for a bumpy ride

DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. Whole industries have developed around launching and preventing DDoS campaigns as black hats and white hats battle for dominance, and 2017 …
Robin Birtstone, 16 Dec 2016
Kids car snow, image via Shutterstock

DDoS script kiddies are also... actual kiddies, Europol arrests reveal

Law enforcement bods at Europol have arrested 34 users of Distributed Denial of Service (DDoS) cyber-attack tools and interviewed and cautioned 101 suspects in a global crackdown. Unsurprisingly, the users identified by Europol’s European Cybercrime Centre (EC3) were mainly young adults under the age of 20. The body worked …
Kat Hall, 12 Dec 2016
flames_648

US think-tank wants IoT device design regulated, because security

Washington DC think tank the Institute for Critical Infrastructure Technology is calling for regulation on "negligence" in the design of internet-of-things (IoT) devices. Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a …
Team Register, 09 Dec 2016
Shaun of the dead zombies cricket bat movie still. Copyright Universal Pictures

Mirai variant turns TalkTalk routers into zombie botnet agents

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots. The vast majority (99 per cent) of these 2,398 Mirai-infected devices are TalkTalk routers, according to security researchers at DDoS mitigation firm Imperva Incapsula. “The botnet devices’ geolocation is very uncommon for DDoS botnets …
John Leyden, 08 Dec 2016
Image by hobbit http://www.shutterstock.com/gallery-1008401p1.html

Can ISPs step up and solve the DDoS problem?

Solve the DDoS problem? No problem. We’ll just get ISPs to rewrite the internet. In this interview Ian Levy, technical director of GCHQ’s National Cyber Security Centre, says it’s up to ISPs to rewrite internet standards and stamp out DDoS attacks coming from the UK. In particular, they should change the Border Gateway Protocol …

1.4bn records from HaveIBeenPwned offered for your analytical pleasure

Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his “HaveIBeenPwned” data set for other security researchers to analyse. He's deduped his nearly two-billion record dataset – there's a lot of pwnage in the world, people – down to a domain-based 135-megabyte text file that …

CloudFlare warns of another massive botnet, er, flaring up

CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast. In a blog post, the content delivery network said it has been watching a flood of attack traffic that started two weeks ago and appears to have been coming from one person testing out its abilities before moving it to …
Kieren McCarthy, 05 Dec 2016

If your smart home gear hasn't updated recently, throw it in the trash

When was the last time your smart thermostat, lights, hub, camera, or power socket was updated? If it was a while ago, you may want to think about chucking it in the garbage. That's according to DNS mage and security expert Paul Vixie, who has been using his status in the internet world to increasingly warn about the dangers …
Kieren McCarthy, 05 Dec 2016

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so. Problems at the Post Office …
John Leyden, 02 Dec 2016

'AWS is fast, punches above its weight, stings Oracle, but no knockout'

AWS re:Invent Amazon made news in a big way this week, kicking out more than a dozen new features and services for the AWS cloud at its annual re:Invent conference. The Bezos money machine announced products ranging from database offerings to DDoS protection and developer tools at its annual cloud compute summit. While industry analysts …
Shaun Nichols, 02 Dec 2016

AWS CTO: 'I truly hated the relationship with software tool vendors'

AWS re:Invent Amazon Web Services turned its focus to developers in day two of its re:Invent conference in Las Vegas, kicking out a handful of new features designed to make life easier for those who develop and maintain cloud applications. CTO Werner Vogels said that the features, ranging from new analysis utilities to storage management …
Shaun Nichols, 01 Dec 2016
Surfers

Hull surfers cut off by router attack

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack. Local telco KCOM blamed difficulties for its customers which began over the weekend and remains ongoing on an attack it said was targeted at models of routers it supplies to some of its customers. Since …
John Leyden, 01 Dec 2016
Crop of doctor with pen and clipboard

EU puts out prescription for smart hospitals

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines. The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of …
John Leyden, 25 Nov 2016
Australian Parliament House Canberra

IBM pays up after 'clearly failing' DDoS protection for Australia's #censusfail

Australia's census all-but failed due to a combination of poor design, bad operational decisions, human error and numerous lazy and/or bad decisions that could have been avoided had warnings about corporate culture been heeded, or Australian government agencies properly educated about what it takes to deliver digital services …
Simon Sharwood, 25 Nov 2016
Twilight Zone, 'Time Enough At Last'

It's time: Patch Network Time Protocol before it loses track of time

The maintainers of the Network Time Protocol daemon (ntpd) have pushed out a patch for ten security vulnerabilities. Leading the fixfest is a trap-crash turned up by Cisco's Matthew Van Gundy. If ntpd is configured with the trap service enabled, a malformed packet causes a null pointer dereference and crash it. A Windows bug …
Robots massed photo via Shutterstock

Dyn Dyn Dyn – we have a buyer: Oracle gobbles Internet of Things DDoS victim

Oracle is buying Dyn, the internet infrastructure outfit whose A-list customers were struck by a global DDoS from internet-attached "things" in October. The software giant is buying Dynamic Network Services (Dyn) to speed up cloud computing traffic. Financial terms were not disclosed Dyn's platform controls and optimises …
Gavin Clarke, 21 Nov 2016

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

Congress provided a masterclass in selective hearing Wednesday when urged by experts to do something about the increasing risk posed by poor IoT security. At a session of the House's Energy and Commerce Committee into last month's attack on DNS provider Dyn that caused widespread disruption to online services, several security …
Kieren McCarthy, 16 Nov 2016
zombie_648

Origin of the beasties: Mirai botnet missing link revealed as DVR player

Security researchers have discovered a "missing link" in the Mirai botnet that may prompt a rethink in what makes up the zombie network. The release of Mirai's source code in early October revealed that malware scans for telnet before attempting to hack into devices, using a brute-force attack featuring 61 different user/ …
John Leyden, 14 Nov 2016
Russian hacking

Russian banks floored by withering DDoS attacks

At least five Russian banks weathered days-long DDoS attacks this week. A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims include Sberbank and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports. The attacks were powered by compromised IoT devices, …
John Leyden, 11 Nov 2016
DDOS

How to avoid DDoSing yourself

In the wake of the last month's distributed denial of service (DDoS) attack against Dyn, a DNS management service, Google engineers want to remind application developers that self-harm represents a more realistic risk. Just as US citizens have a greater chance of being crushed by falling furniture than to dying at the hands of …
Thomas Claburn, 10 Nov 2016
segula_bulb_648

IoT worm can hack Philips Hue lightbulbs, spread across cities

Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off. The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF], exploits hardcoded symmetric …
Darren Pauli, 10 Nov 2016

UK's 'FBI' hit by DDoS barrage

The public-facing website for the UK's National Crime Agency has wobbled today under a Distributed Denial of Service Attack. The NCA – dubbed Britain's FBI – told The Register its site was "an attractive target" and that "attacks on it are a fact of life." A spokesperson dismissed the skiddies' tool of choice, and branded …
Ice, image via Shutterstock

Finns chilling as DDoS knocks out building control system

Residents in two apartment buildings in the Finnish town of Lappeenranta had a chill-out lasting more than a week after a DDoS attack battered unprotected building management systems. The apartments are managed by a company called Valtia. The attack blocked the building management systems' Internet connections, according to …
clinton vs Trump poster illustration. Photo by Shutterstock/editorial use only

Was IoT DDoS attack just a dry run for election day hijinks?

Comment The distributed denial of service attack that took down DNS provider Dyn, and with it access to a chunk of the internet, was one of the largest such assaults seen. The attack exploited Internet of Things devices – notably webcams built by XiongMai Technologies. The gadgets had default login passwords that allowed them to be …
John Oates, 08 Nov 2016

In dire straits after #CensusFail, ABS to axe up to 150 staff

After the collapse of Australia's Census on August 9, Prime Minister Malcolm Turnbull told radio shock-jock Alan Jones “Lots of people are trying to find out who to blame and what heads should roll” at the Australian Bureau of Statistics (ABS). And now we know that the first heads to roll will be rank and file staff, at least …

Mirai IoT botnet blamed for 'smashing Liberia off the internet'

The West African country of Liberia was allegedly flooded offline this week. Early indications are that miscreants blasted the nation's rudimentary net infrastructure using the same method that rendered hundreds of the world's most popular websites inaccessible at the end of October. Once again the Mirai IoT botnet has been …
John Leyden, 04 Nov 2016

Barracuda: Outage caused by 'large number of inbound connections'

Outage-hit security firm Barracuda appears to have been struck down by a DDoS – though the firm says it's still investigating and refuses to confirm or deny it. This morning the company's status page said in an update posted at 0044 GMT: "Barracuda Networks is still continuing to see a large number of inbound connections from …
Gareth Corfield, 03 Nov 2016
casino_security_648

Bookmakers William Hill under siege from DDoS internet flood

William Hill is currently on the receiving end of a Distributed Denial of Service attack. Many of the bookie's sites went down on Tuesday and have remained unable to provide much better than intermittent service into Wednesday due to an ongoing cyberattack. We apologise as our site is still down. We appreciate this isn't …

Teen UK hacker pleads guilty after earning $385k from DDoS tool

A 19 year-old Hertfordshire man has pled guilty to running the Titanium Stresser booter service that offered distributed denial of service (DDoS)-as-a-service. Such services are often marketed as innocuous and legitimate stress testing tools, but are instead often used for cheap and effective attacks of websites. Prosecutors …
Darren Pauli, 02 Nov 2016
Robot looks into magnifying glass, human eye displayed. Photo by Shutterstock

Freeze ...SCADA! Flaw lets hackers peel away Human Machine Interface

Security researchers have discovered another serious vulnerability in industrial control kit from Schneider Electric. System crashing flaws in the physical HMI (Human Machine Interface) hardware, dubbed PanelShock by security researchers, follow days after the earlier disclosure of security vulnerabilities in Schneider …
John Leyden, 01 Nov 2016
Road Closed sign

Post-Mirai, HackForums kills off white hat DDoS rental service

The success of the Mirai botnet was apparently a shiver looking for a spine to run up: HackForums has killed off its “server stress test” DDoS-for-hire section. Site admin Jesse LaBrocca posted the decision last Friday (here for registered members of the site), saying “recent events” forced the decision. Brian Krebs quotes …
Horses stampede, image via Shutterstock

Melbourne Cup is 'top op for hacked camera DDoS extortionists'

"The race that stops a nation" could also stop betting agencies if the regular barrage of timely distributed denial of service attack (DDoS) extortionists utilise insecure embedded devices, Akamai says. The Melbourne Cup, scheduled for 3pm (AEDT) on Tuesday, is the richest two mile handicap race in the world with prize money …
Darren Pauli, 31 Oct 2016
botnet

A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet

Miscreants have put together a new strain of malware designed to turn insecure IoT devices into a DDoS attack platform. The new nasty, Linux/IRCTelnet discovered by security researchers at MalwareMustDie.org, like the infamous Mirai botnet before it relies on default hard-coded credentials to spread across vulnerable devices. …
John Leyden, 31 Oct 2016
DDoS

Trick not treat: 123 Reg down on Halloween, DNS borked by DDoS

Customers of 123 Reg suffered more tricks than treats this morning when a DDoS attack hobbled the registrar's services. Users were confronted by DNS lookup failures until early this afternoon, when 123 Reg said it managed to get the attack "contained" and services restored. Inevitably, the delay provoked customer gripes. .@ …
Image by Heiti Paves http://www.shutterstock.com/gallery-650047p1.html

Boffin's anti-worm bot could silence epic Mirai DDoS attack army

A GitHub user going by Leo Linsky has forked a repo created by researcher Jerry Gamblin to create an anti-worm "nematode" that could help to patch vulnerable devices used in the massive Mirai distributed denial of service attack. The nematode, a concept detailed by security man Dave Aitel [PDF], would fight back against the …
Darren Pauli, 31 Oct 2016

Researchers expose Mirai vuln that could be used to hack back against botnet

Security researchers have discovered flaws in the Mirai botnet that might be used to mitigate against future attacks from the zombie network. Scott Tenaglia, a researcher at endpoint security firm Invincea, found a weakness in the HTTP flood attack that Mirai is capable of mounting. Specifically a stack buffer overflow …
John Leyden, 28 Oct 2016

Divide the internet into compartments to save us from the IoT fail whale

The best way of protecting us from Internet of Things botnets is to compartmentalise the entire internet, Intel’s chief architect for IoT security solutions has said. Sven Schrecker, speaking exclusively to The Register at IoT Solutions World Congress in Barcelona, also branded the potential impact of IoT botnets as ‘“ …
Gareth Corfield, 27 Oct 2016
DDOS

Internet of S**t things claims another scalp: DNS DDoS smashes StarHub

StarHub in Singapore is the latest large network to get hammered with attacks on its DNS infrastructure – apparently by compromised kit owned by its customers. In keeping with an emerging openness about what's sending networks dark, it posted its troubles to Facebook. Yesterday Singapore time, the company said it saw a spike …

BlackBerry design boss tells El Reg: 'We're not getting out of phones'

Analysis The more BlackBerry explains its phone strategy, the more people insist there will never be another BlackBerry. Which must be annoying. Headlines a month ago that the company had “hung up on its handset business” were only half right. Executives reaffirmed to us this week that they expect to see more BlackBerry phones rather …
Andrew Orlowski, 26 Oct 2016
James Clapper

'Non-state actors*' likely to blame for Dyn mega-attack – US intel chief

A senior US intelligence chief has said that "non-state actors" – bored kids or crooks* – are likely behind the high-profile attack on DNS provider Dyn last week. A massive DDoS attack against Dyn resulted in multiple high-profile websites – including Twitter, Amazon and Netflix – to be unavailable last Friday. US director of …
John Leyden, 26 Oct 2016
Suitcase full of money

Akamai rides on the botnet's back to US$584 million quarter

Cloud computing security has driven a 6 per cent year-on-year revenue growth for Akamai, up from $US551 million last year to $584 million for Q3 2016. The company's third quarter financial report shows its performance and security business unit turned in $345 million in revenue, 19 per cent higher than for the same quarter in …