Mirai Source Code Boosts Popularity of DDoS-as-a-Service Criminal Activity

As one would come to expect from the recent Mirai botnet attacks, DDoS-as-a-service is becoming quite the booming industry. Seemingly everyone in the world holds a grudge against online companies and would like nothing more than to take them down. Now that the Mirai source code was put online several months ago, the number of DDoS attacks will only increase.

DDoS-as-a-business Turns Into A Profitable Business Model

In the world of cybercrime, there are always people willing to do the dirty work for you. Even those who have no idea where to begin when it comes to compiling the Mirai botnet source code, there are those who will offer DDoS attacks as a service in exchange for payment. Even though there are plenty of people who can turn this source code into a valuable tool for their own needs, there are always people willing to pay for such a service.

Just because the Mirai source code is freely available does not mean that aspiring criminals will have an easy time setting up their first botnet. The code is nothing more than a brief guide as to how things will unfold, assuming people put in enough effort to make it work. That doesn’t mean, however, that there is no steep learning curve attached to this process.

Setting up the Mirai source code requires a minimum of four different servers and a certain level of expertise. Now that the solution has been open sourced, criminals have started developing new tools and features for the community. Unfortunately for aspiring internet criminals, this makes setting up the source code even more difficult.

But there is a silver lining for those who are not willing to invest a lot of time into researching the source code and its intricate working. Botnet-as-a-service is a booming business, even though hackers are charging steep prices for this service. Some will even go as far as offering technical support to set up the source code.

To put this into perspective, HackForums contained one particular listing which charged over US$700 for setting up Mirai on behalf of someone else. This included six hours of work to set up servers and conduct quality checks. This is not the biggest investment for a potentially successful criminal operation, although it may put off a lot of people.

DDoS service providers are posing a very significant threat to online companies and users alike. Everyone and everything in the world can be knocked offline if the attack is powerful enough. By offering this business as a service, it is not unlikely that DDoS attacks will become far more widespread than ever before. Mirai’s source code is a significant threat, and it looks like things are only getting worse over time.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Source: http://themerkle.com/mirai-source-code-boosts-popularity-of-ddos-as-a-service-criminal-activity/

Attackers Clobbering Victims with One-Two Punch of Ransomware and DDoS.

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware weren’t bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that they’re encrypted and held hostage, according to warnings from several security research organizations in the last week.

This one-two punch is a natural “Gimme” for profit-minded attackers and one which security pundits expect will be standard issue for most ransomware kits in the near future.

Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas,” says Stu Sjouwerman, CEO of KnowBe4, which today issued an alert that a new variant of Cerber ransomware has added DDoS capabilities to its payloads. “Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.”

 

The new trend was first detailed by researchers with Invincea last week, which found attackers using weaponized Office documents to deliver the threat via a Visual Basic exploit that allows them to conduct a file-less attack. That delivers malware with the underlying binary, giving the bad guys “two attacks for the price of one,” says Ikenna Dike of Invincea.

“First, it is a typical ransomware binary that encrypts the user’s file system and files while displaying a ransom note. Second, the binary could also be used to carry out a DDoS attack,” Dike said in a post. “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.”

Seen by many as a perfect example of the mercenary nature of cybercrime, ransomware’s evolution has been driven entirely by black market ROI. According to the FBI, by the end of the year the ransomware market is expected to net the crooks at least $1 billion.

“Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation,” explained FireEye researchers in an update last week on ransomware activity.

FireEye’s data shows that there was a noticeable spike in ransomware in March this year and that overall figures are on track for ransomware to exceed 2015 levels. This latest trend of DDoS bundling once again shows the lengths to which the criminals will squeeze every last bit of profitability and efficiency from ransomware attacks. It also offers fair warning to enterprises that even with backups, ransomware can pose threats to their endpoints and networks at large.

Even if data is restored on systems plagued by ransomware, there’s no guarantee that a system wouldn’t be used to continue to remain a part of the botnet or be used as a foothold for further attacks if the threat isn’t properly contained.

Source:  http://www.darkreading.com/endpoint/attackers-clobbering-victims-with-one-two-punch-of-ransomware-and-ddos/d/d-id/1325659

‘Anonymous’ Declares War On Corrupt Mainstream Media

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.

 

Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.

 

https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016

 

 

When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:

 

ALL OF THE MEDIA WHO REPORTS ON OUR ATTACKS #OPSILENCE IS GSH OP NOT ANONOP WE ARE NOT AND I REPEAT NOT ANONYMOUS

— s1ege (@s1ege_) June 1, 2016

 

 

It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.

 

But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.

 

Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.

 

I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?

 

For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.

 

Source:  http://macedoniaonline.eu/content/view/29562/61/

HACKERS TARGET CZECH REPUBLIC GOV’T SITES OVER PLANS TO BLOCK GAMBLING DOMAINS

Hackers have attacked Czech Republic government websites to protest the country’s decision to block the domains of unauthorized online gambling operators.

Last week, the Czech senate overwhelmingly approved the country’s new gambling legislation, which would open up the market to international online operators for the first time, while imposing blocks on the domains of sites not holding a Czech license.

On Tuesday, Novinky.cz reported that the Senate’s official website Senat.cz had been knocked offline Monday night following a distributed denial of service (DDoS) attack by someone claiming to be associated with the Anonymous hackers collective.

An English-language statement accompanying the attack claimed that the Senate’s website had been targeted “because you passed a law to prevent free access to the Internet.” The statement warned that this wasn’t the last time the government would hear from the hackers on this issue.

The Czech News Agency reported that the attack also affected websites belonging to the Interior Ministry and its affiliated police and firefighters’ organizations, as well as the Social Democratic Party (CSSD), which holds a majority in the Czech parliament.

A CSSD spokesman dismissed the disruption as “no massive, dangerous or successful attack,” while claiming that the average visitor to the party’s website wouldn’t have noticed anything was amiss.

The Interior Ministry brushed off the “unsuccessful attempts” at public disruption, saying they’d managed to restore their website’s functionality within a few hours. The ministry said its information systems weren’t affected and steps were being taken to ensure defenses were in place against future attacks.

The Canadian province of Quebec may wish to take similar precautions. Last month, the province approved the Ministry of Finance’s proposal to block unauthorized gambling sites in a bid to bolster the bottom line of EspaceJeux, the online gambling site of provincial gaming monopoly Loto-Quebec.

Loto-Quebec’s plans, which have no precedent in Canada, have been condemned by free-speech advocates, who wonder what other types of websites might be next on the province’s blacklist.

 

Source:  http://calvinayre.com/2016/06/01/business/hackers-target-czech-republic-plans-gambling-domains/

Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks

The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions.

According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank.

The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.”

A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised.

In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus.

According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack.

However, the latest attack may not be a complete surprise.

In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign.

The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.”

By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website.

In light of that event, a separate video was posted to YouTube on May 2.

The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.”

The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.”

Source:

http://www.techworm.net/2016/06/anonymous-ddos-shutdown-london-stock-exchange-two-hours.html

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/

 

Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

Anonymous vigilantes expose cheating firms who inflate their value on the stock market

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.

  

Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.

Source:  http://www.ibtimes.co.uk/anonymous-vigilantes-expose-cheating-firms-who-inflate-their-value-stock-market-1562458

Chinese hackers prowling Taiwan’s systems: Chang

China’s attempts to hack Taiwanese databases did not halt regardless of the state of cross-strait relations in the past eight years, as Beijing epitomizes Sun Tzu’s (孫子) maxim in the Art of War (孫子兵法): “Know your enemy,” Premier Simon Chang (張善政) said in an exclusive report published by the Liberty Times (the Taipei Times’ sister paper).

Taiwan’s information security systems found traces of Chinese hackers every time a cross-strait negotiation event occurred over the past eight years, primarily in the systems of the Ministry of Economic Affairs, Premier Simon Chang (張善政) said.

“Chinese cyberattacks have not been deterred by the calming of cross-strait relations as Beijing wishes to know what we are doing and our modes of thought, especially during negotiations,” he said.

The information obtained might not be used during the actual negotiation, but officials might be completely unaware that their limits or strategies are already known by China, Chang added.

While saying that Chinese probably do not have access to Taiwan’s policies and decisions on the draft cross-strait service trade accords and the draft cross-strait goods trade accords, Chang said that there is no way of being absolutely certain.

The policies of the incoming government might discourage Chinese from hacking if it has no plans to negotiate or interact with China, but the attacks could come in a different form, Chang said.

Chang said that cyberattacks came in two ways — one in which Web sites crash or get a denial of service or distributed denial of service (DDOS) message, and the other in which backdoors are opened into Web sites that allow hackers to steal sensitive information.

An index on Chinese hacking activity would depend on whether Taiwan’s Web sites are attacked openly — such as the Presidential Office’s Web site displaying the People’s Republic of China (PRC) national flag — which might indicate that more subtle hacking is also in progress, Chang said.

China’s efforts at bypassing Taiwan’s firewalls are mostly custom-designed and are extremely hard to detect, Chang said, adding that over the years, Taiwan has uncovered many different methods that are being noticed by other nations.

Chang said that after his dealings with information security, he does not harbor impractical illusions toward China and is of the mind that it is, for the most part, unfriendly toward Taiwan.

Chang said he counts the abolition of regulations on the establishment of the information security center as one of the greatest regrets during his term as premier, adding that the incoming government should seek to retain these regulations and staff.

He said that the staff at the center were the most experienced in dealing with Chinese hackers and they would be of invaluable service to the nation.

When asked whether Taiwan should be on alert in terms of corporations and the Chinese market, Chang said Taiwanese companies are even more concerned than the government over their goods or technologies slipping out of their fingers, adding that all the government had to do was hear what the companies and corporations are saying.

Chang also said that it is highly likely that Taiwanese Web sites would be targeted over the recent World Health Assembly issue, as China might be “afraid that we would say things we should not.”

 

Source:  http://www.taipeitimes.com/News/taiwan/archives/2016/05/15/2003646307

Student shuts down 444 school websites to ‘remind teachers they are incompetent’

TOKYO —

On May 11, police filed obstruction of business charges against a 16-year-old student, alleging that he launched a denial-of-service (DoS) attack against the Osaka Board of Educations server which holds the webpages of 444 elementary, junior high, and high schools in the area.

Although in high school now, at the time of the attacks last November, the student was in junior high school. According to police, he said his own school environment is what motivated his actions.

“I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,” the boy said.

Police seized the student’s computer and some books about hacking. It is believed that he downloaded a tool which sent large volumes of data to the Board of Education servers, rendering access impossible for periods of about an hour. He would then confirm the take-down by monitoring the websites with his smartphone.

He also told police that he had wanted to join the hacking group Anonymous and that he didn’t know schools other than his own would be affected in the attack. Both statements are ironic in that, as a minor, his identity remains anonymous and apparently he turned out to be a little incompetent himself when it came to hacking.

This incident would mark the first time in the history of Japan that a cyberattack was launched against a local government, and punishments for such a crime include a maximum three-year-prison sentence or 500,000 yen fine.

However, considering the student is a minor and the number of people actually affected (i.e. people who wanted to access a school website during those times) was likely in the high single digits at most, he ought to get off lightly.

Source: Sankei West News

 

Source:  http://www.japantoday.com/category/crime/view/junior-high-student-shuts-down-444-school-websites-to-remind-teachers-they-are-incompetent

DDoS attacks Explained

DDoS is short for Distributed Denial of Service.

DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

How DDoS Attacks Work

According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

The Difference Between DoS and DDos Attacks

A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.

Types of DDoS Attacks

There are many types of DDoS attacks. Common attacks include the following:

  • Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
  • Bandwidth attacks: This DDos attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.
  • Application attacks: Application-layer data messages can deplete resources in the application layer, leaving the target’s system services unavailable

Source:  http://trickytamilan.blogspot.ca/2016/05/ddos-explained-fully.html