What is a DDoS?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

How easy is it to DDoS?
To see how easy it is to DDoS, I will walk you through each step of the process… Just kidding. But in all honesty, it takes about 10 minutes of googling to figure out how. Now, the thing is anyone can DoS someone which involves sending tens of thousands of tiny packets at a person computer. The problem with a DoS attack is that it only comes from one location and can easily be blocked or may not be even be noticeable if the attacker doesn’t know much about what they are doing. On the other hand, a Distributed Denial of Service attack will come from multiple locations. This makes the attack harder to block due to the IP’s of the attacker/s being from multiple subnets. Most routers will allow you to block a subnet range but if that involves 100’s of subnets (botnet), then you will more than likely end up blocking a person/application/website/etc IP that was assigned to that subnet.

For the full post, see here.

The post DDoS Prevention Guide appeared first on The Citizen Lab.

Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania, in a complex online assault seen rarely since the turn of the millennium.

The attack, dubbed “MiniDuke” by researchers, has infected government computers as recently as this week in an attempt to steal geopolitical intelligence, according to security experts.

MiniDuke is the latest in a string of cyber attacks aimed at governments and other high-profile institutions, following revelations about the suspected Chinese hacking of western defence and media organisations.

Unusually, security researchers said there was no clear indication of who was behind the latest online attack.

The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin.

Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.

For the full article, see here.

The post Hackers attack European governments using ‘MiniDuke’ malware appeared first on The Citizen Lab.

Two decades after computer security began generating billions by selling expertise and software designed to protect unwanted network intrusions, experts say those networks are more vulnerable than ever. Florida-based Internet security firm Cymru said in a report released today, shared exclusively with The Verge, that analysts there uncovered a massive overseas hacking operation that is making off with a terabyte of data per day. Some of the victims include military and academic facilities and a large search engine. The report doesn’t identify who might be behind the attacks, but Cymru director Steve Santorelli conceded that, given the amount of resources behind the attacks, it is obvious the group is state-sponsored. “This is Internet theft on an industrial level,” said Santorelli, a former detective with Scotland Yard.

The United States is under siege. Cymru’s report follows on the heels of similarly damning research issued last week by security firm Mandiant, a document that could be read as an indictment of the entire cyber-security sector. Mandiant detailed how a group of cyber commandos employed by China has electronically raided the computer networks of hundreds of American companies over several years to pilfer precious trade secrets. In a story about the Mandiant findings, The New York Times reported that Washington now believes China also has the ability to use the internet to sabotage water supplies, shut down power stations and hobble our financial system.

For the full article, see here.

The post State-sponsored hackers steal more than a terabyte of data per day, says new report appeared first on The Citizen Lab.

Dire warnings from Washington about a “cyber Pearl Harbor” envision a single surprise strike from a formidable enemy that could destroy power plants nationwide, disable the financial system or cripple the U.S. government.

But those on the front lines say it isn’t all about protecting U.S. government and corporate networks from a single sudden attack. They report fending off many intrusions at once from perhaps dozens of countries, plus well-funded electronic guerrillas and skilled criminals.

Security officers and their consultants say they are overwhelmed. The attacks are not only from China, which Washington has long accused of spying on U.S. companies, many emanate from Russia, Eastern Europe, the Middle East, and Western countries. Perpetrators range from elite military units to organized criminal rings to activist teenagers.

“They outspend us and they outman us in almost every way,” said Dell Inc’s chief security officer, John McClurg. “I don’t recall, in my adult life, a more challenging time.”

For the full article, see here.

The post The near impossible battle against hackers everywhere appeared first on The Citizen Lab.

Read the article, “China cybervictim claims a red herring: analysts”.

The post Senior Researcher Sarah McKune quoted in AFP piece appeared first on The Citizen Lab.

FBI officials quietly approached executives at Coca-Cola Co. (KO) on March 15, 2009, with some startling news.

Hackers had broken into the company’s computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time.

Coca-Cola, the world’s largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. It is just one in a global barrage of corporate computer attacks kept secret from shareholders, regulators, employees — and in some cases even from senior executives.

When hackers last year waged a large-scale attack on BG Group Plc (BG/), raiding troves of sensitive data, the British energy company never made it public. Luxembourg-based steel maker ArcelorMittal (MT) also kept mum when intruders targeted, among others, its executive overseeing China. As did Chesapeake Energy Corp. (CHK), after cyber attackers made off with files from its investment banking firm about natural gas leases that were up for sale.

For the full article, see here.

The post Coke gets hacked and doesn’t tell anyone appeared first on The Citizen Lab.

Despite causing a minor political scandal in Germany last year, the government-created “state trojan” program appears to be going strong.

A UK-based tech news site pointed out on Monday that the Zollkriminalamt (Customs Investigation Bureau) is looking (Google Translate) for two new developers to work on the latest version of the state-sponsored spyware. The trojan reportedly could make VoIP calls, record keystrokes, capture screenshots, and more—all as part of government investigations.

The two-year job requires at least three years of experience in IT and telecom, with “technical knowledge in IT security architectures.” German media reported last year that the malware has been used “over 50 times” as part of criminal investigations.

However, the German government said just last month (Google Translate) that the older version, which was purchased from a German software company, was no longer in use by federal authorities. The job ad appears to be part of the government’s efforts to develop new spyware in-house.

Still, many including Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, have pointed out—covert software stored on government computers can be a target for hacking itself.

For the full article, see here.

The post Wanted: German security developers for new, homegrown spyware appeared first on The Citizen Lab.

The federal government should legalize some computer hacking activities, including allowing researchers to sleuth through networks and personal computers in order to track down the source of a cyber threat or online protests that take down a website, a report for Public Safety Canada argues.

The government-commissioned report argues that the Harper government should consider exemptions for security researchers to clear up the legal dilemmas these researchers face and codify what “ethical hacking” entails, such as permitting researchers to play with copyrighted software in order to determine security concerns.

While Canadian researchers haven’t been taken to court for their work, there are concerns that sleuthing through third-party computers or reverse-engineering software could eventually lead them to run afoul of computer crime laws and copyright rules, even though the research is beneficial to consumers, corporations and governments.

“It’s definitely murky. If you’re actually trying to find out what happened with a real attack in real systems, you get into a whole lot of problems,” said Anil Somayaji, associate director of the Carleton University Computer Security Lab.

For instance, a researcher would have to monitor normal network traffic to detect network anomalies. Creating a program to log details of that traffic could bring a researcher into problems with the law, Somayaji said.

For the full article, see here.

The post Researcher calls on Ottawa to legalize ‘ethical hacking’ appeared first on The Citizen Lab.

This fall, 16 high schools in California started experimental workshops, billed as a kind of “shop class for the 21st century,” that were financed by the federal government. And over the next three years, the $10 million program plans to expand to 1,000 high schools, modeled on the growing phenomenon of “hackerspaces” — community clubhouses where hackers gather to build, invent or take things apart in their spare time.

But the money has stirred some controversy. The financing for the schools program is one of several recent grants that the Defense Advanced Research Projects Agency, or Darpa, has made to build closer ties to hackers.

Unlike the hackers who cripple Web sites and steal data, the people the government is working with are more often computer professionals who indulge their curiosity at their local hackerspace. But the financing has prompted criticism that the military’s money could co-opt these workshops just as they are starting to spread quickly.

There are about 200 hackerspaces in the United States, a sharp jump from the handful that existed five years ago. The workshops, with names like the Hacktory, Jigsaw Renaissance and Hacker Dojo, have incubated successful businesses like Pinterest, the social networking site, and are seen as hotbeds for recruiting engineers and computer scientists.

For the full article, see here.

The post Worries over defense department money for ‘hackerspaces’ appeared first on The Citizen Lab.

Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.

The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil’s Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

“This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems,” Assolini wrote in a blog post published on Monday morning. “This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months.”

Assolini said the mass attack was the result of a “perfect storm” brought on by the inaction of a variety of key players, including ISPs, modem manufacturers, and the Brazilian governmental agency that approves network devices, but failed to test any of the modems for security.

For the full article, see

The post DSL modem hack used to infect millions with banking fraud malware appeared first on The Citizen Lab.