Scant Brain Power Behind Massive DDoS Attack

It may be the most disturbing thing about last week’s historic denial of service attack on a Dutch anti-spam organization — the fact that the technology involved wasn’t that complicated. That’s one of the findings of security professionals studying the attack methods used on Spamhaus, along with the knowledge that the hackers used the Internet‘s own structure to extend their assaults on the group.

One of the largest denial of service attacks in the history of the Internet didn’t take rocket science to execute. The offensive was conducted over several days last week after the anti-spam group Spamhaus placed a Dutch hosting service, located in a former NATO bunker, on a blacklist reserved for spammers.

A group calling itself STOPhaus is claiming responsibility for the series of attacks which, at their height, reached bandwidths of 300 Gbps. A 10 Gbps attack will bring most websites down.

To reach those bandwidth levels, the attackers exploited the Internet’s architecture and the Domain Naming System to expand the scope of their assaults. They essentially used open servers used to resolve DNS addresses on the Internet like megaphones to amplify their attacks.

The technique was used earlier this year in a series of attacks on U.S. financial websites.

Perl Used By Swine?

Despite the magnitude of the onslaughts, security experts said they can be launched with a relatively low level of technical knowledge. “The technique isn’t particularly difficult,” said Matthew Prince, co-founder and CEO of Cloudflare. Prince’s company came to Spamhaus’s aid when the attacks threatened to overwhelm its website.

“The amount of code you’d need to write to launch this attack can almost be done in a line of Perl,” Prince told TechNewsWorld. The most difficult part of the campaign is finding open resolvers to use in your attack because it requires scanning billions of IP addresses.

“It takes a lot of reconnaissance, but not a whole lot of technology itself,” Henry Stern, a threat researcher with Cisco told TechNewsWorld. That reconnaisance may have gotten easier. A group calling itself the Open DNS Resolver Project has published a list of 27 million open or semi-open resolvers on the Net. The group’s intentions are good ones; it wants server operators to check their IP addresses at the site and restrict access to any of their servers they find on the list.

Blowfish12@2013 Author: Sudharsun. P. R.


Fact of the Day: 4.1.2013

The first known cell phone virus, Cabir.A, appeared in 2004.

Blowfish12@2013 Author: Sudharsun. P. R. Courtesy: Wikipedia

[virus] Fake Android app can launch DDoS attacks from your phone

Researchers at Doctor Web found a new trojan app in the Google Play store that can launch distributed denial of service attacks when opened. Android.DDoS.1.origin, as it’s called, is Russian and disguises itself as the Google Play icon once downloaded. … Continue reading

Rate this:

Iran nuclear facilities ‘Thunderstruck’ by AC/DC malware


In 2010, Iran‘s nuclear facilities were infiltrated by Stuxnet, the centrifuge-wrecking malware allegedly cooked up by the US government. Now they seem to have been hit again by a bizarre attack forcing nuclear plant workstations to pump the song Thunderstruckby heavy metal band AC/DC through the speakers at full volume.

News of the attack comes from Mikko Hypponen, chief research officer at Finnish computer security firm F-Secure, who says he recently received a series emailsfrom a scientist working at the Atomic Energy Organization of Iran (AEOI):

“I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.”

The Iranian scientist goes on to say that they believe the attackers used Metasploit, a common hacking tool which provides a variety of ways to penetrate supposedly secure networks. “There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out,” says the scientist. “I believe it was playing ‘Thunderstruck’ by AC/DC.”

While the US military has used heavy metal music as a weapon in the past it seems unlikely that a Stuxnet-like stealth attack would announce its presence with a few blasting power chords, suggesting the hit is more likely the work of a thrill-seeking hacker. Hypponen says he has been unable to verify any details of the attack, but has confirmed that the emails were sent and received from within the AEOI.

Blowfish12@2012 Author: Sudharsun. P. R.