The second annual Imperva Hacker Intelligence Initiative report, this one entitled [Monitoring Hacker Forums](http://www.imperva.com/docs/HII_Monitoring_Hacker_Forums_2012.pdf), is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack. ![dweb-hackers](/attachments/small/0/dweb-hackers.jpg "align-right") The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and …

Member Avatar
Member Avatar
+0 forum 2

Although the term 'reflection DoS' is nothing new, I recall reading something about it three years ago when a high profile security researcher [used it to describe](http://www.understandingcomputers.ca/articles/grc/drdos_copy.html) how malicious SYN packets were being reflected off bystanding TCP servers and the SYN/ACK responses used to flood his bandwidth. More recently, Garrett Gross from security vendor AlienVault [recently wrote about](https://www.alienvault.com/blogs/security-essentials/emerging-threat-reflection-using-sql-servers) the relatively new method of amplification Denial of Service (DoS), also known as a reflection attack, using SQL servers. This was actually first reported at the back end of last year when servers belonging to the City of Columbia, Missouri were hit …

Member Avatar
Member Avatar
+1 forum 2

A group describing itself as "DDoS kings" who "just want to watch the world burn" has claimed responsibility for taking the Microsoft Xbox Live network down for an hour or two earlier today. The [Lizard Squad](https://twitter.com/LizardPatrol), posting from a Twitter account called LizardPatrol, published a message warning that "Microsoft will receive a wonderful Christmas present from us" and say that taking Xbox Live offline was "a small dose of what's to come on Christmas." ![0992b2b58f5ba1e2f918a1f8b4d51f95](/attachments/large/0/0992b2b58f5ba1e2f918a1f8b4d51f95.jpg "0992b2b58f5ba1e2f918a1f8b4d51f95") The downtime impacted upon users of both the Xbox 360 and Xbox One, returning an 80151909 error when trying to connect to Xbox Live. …

Member Avatar
+1 forum 0

Not exactly the most surprising news ever, that Anonymous is [planning an all out DDoS war on World Cup corporate sponsors](http://www.independent.co.uk/news/world/americas/world-cup-2014-hacktivist-group-anonymous-plan-cyberattack-on-world-cup-sponsors-9467786.html) during the football tournament. Personally, I wish them luck. Cannot stand football, in fact hate it with a passion and the world cup period is a nightmare every four years with no escape wherever you go and whatever you do. Media coverage is ridiculous in the UK, anyone would think that football is some kind of religion. I also have no love for the large corporates which sponsor such events, being an anarchist at heart. Your mileage may well …

Member Avatar
Member Avatar
+0 forum 1

The Distributed Denial of Service (DDoS) attack is becoming the crowbar of the online criminal. In the past we have got rather used to DDoS attacks being one of the favoured approaches of hacktivists, with perhaps the Low Orbit Ion Cannon (LOIC) and later the High Orbit Ion Cannon (HOIC) as used by Anonymous to take down sites being the best known examples. However, recent evidence suggests that taking down a site is increasingly no longer the be all and end all of a DDoS attack, instead it's just a means to a much more profitable end. A couple of …

Member Avatar
Member Avatar
+1 forum 3

According to [BitcoinWatch](http://bitcoinwatch.com/) the current market capitalization of the virtual currency stands at an incredible $10.4 billion. A single Bitcoin is now worth more than $800. In the ongoing aftermath of [the Silk Road takedown](http://www.daniweb.com/hardware-and-software/networking/news/466982/silk-road-2-goes-live-did-the-fbi-arrest-the-wrong-dread-pirate-roberts) many people wrongly assume Bitcoin is some kind of criminal currency, used to trade in anything and everything illegal online. However, be in no doubt that cyber-criminals are, indeed, attracted to Bitcoin: they are targeting it in virtual bank robberies. ![5b4b2c065952977ce6e1c623f7639471](/attachments/small/0/5b4b2c065952977ce6e1c623f7639471.jpg "align-right") Last month reports surfaced of an Australian Bitcoin 'bank' called inputs.io being hacked and the owner relieved of some 4,100 Bitcoins worth $1.3 …

Member Avatar
+0 forum 0

A couple of years ago, a 17 year old was arrested for his part in a denial of service attack against gamers playing the online multiplayer version of Call of Duty: Black Ops. The teenager was accused of selling cheat software called 'Phenom Booter' which prevented others from playing (it's a shell booter) while at the same time enabling the player to boost their scores. As someone who is a bit of a Black Ops obsessive (currently fast approaching 9th Prestige level on Black Ops 2) any kind of cheating really gets my goat. But one that involves preventing me, …

Member Avatar
Member Avatar
+1 forum 4

The media, online and off, has been full of scare stories about the 'biggest Internet attack ever' and how a distributed denial of service (DDoS) campaign aimed against anti-spam outfit Spamhaus peaked at an attack volume of 300 Gbps (the highest ever recorded by those who record such things) was 'slowing down the global Internet'. DaniWeb didn't join the rush to shout 'the sky is falling' as, frankly, we didn't believe it as there was precious little evidence to be found that the DDoS attack was impacting anyone other than Spamhaus along with it's anti-DDoS protection service CloudFlare and their …

Member Avatar
Member Avatar
+4 forum 3

You might not have heard about Dirt Jumper yet, but the bad guys have. In fact, the high-risk and highly-effective DDoS toolkit is probably the most aggressive of the malware tools being employed by DDoS attackers at the moment, and the situation is set to get much worse very quickly as versions of Dirt Jumper are now appearing for sale at underground Web marketplaces for as little as $150 a time. [ATTACH=RIGHT]23362[/ATTACH]Prolexic Technologies, which specialises in Distributed Denial of Service (DDoS) mitigation services, has today issued an in-depth threat advisory for Dirt Jumper together with a custom-developed scanning tool that …

Member Avatar
Member Avatar
+1 forum 1

The news wires have been buzzing over the weekend after it emerged that the Raspberry Pi website had been hit by a 'million zombie' Distributed Denial of Service (DDoS) attack during the week. Although the outage was relatively brief, with the Raspberry Pi Foundation admitting the attack with a Twitter message that stated "We're being DDoS'd at the moment—very sorry if you can't see the website" and continued "If it goes on, we'll try to get some more capacity in tomorrow". The attack meant that parts of the site were offline for e a few hours while others were very …

Member Avatar
Member Avatar
+1 forum 1

Anonymous hacktivists took aim at the websites of the UK Justice Department, the Department of Work and Pensions, the Home Office and even the Prime Minister's own Number 10 site. All of them were successfully targeted overnight and went down for a period of time. The attacks were part of the Anonymous response to the UK government's handling of the Julian Assange extradition situation. WikiLeaks founder Assange has been granted political asylum in the Ecuadorian embassy in London, and police have gathered to arrest him should he leave the building. The UK government has threatened to enter the embassy, under …

Member Avatar
Member Avatar
+0 forum 1

According to new independent research commissioned by Corero Network Security, and conducted by the Ponemon Institute, two thirds of banks in the United States have suffered a Distributed Denial of Service (DDoS) attack during the last 12 months. The 64% statistic refers to the number of IT and IT security practitioners who reported that the banks at which they work were subject to at least one DDoS attack during 2012. ![dweb-banks](/attachments/small/0/dweb-banks.jpg "align-right") The [research](http://www.corero.com/resources/files/analyst-reports/CNS_Report_Ponemon_Jan13.pdf) questioned 650 IT and IT security professionals working at a total of 351 banks, including some of the biggest in the world, and the sadly not …

Member Avatar
Member Avatar
+3 forum 1

Over the last few hours of the day GoDaddy's (and GoDaddy managed) websites have been [on the fritz](http://blogs.wsj.com/digits/2012/09/10/godaddy-has-glitches-anonymous-claims-responsibility/) as webmasters and visitors alike are unable to access millions of websites held within GoDaddy's datacenters in an apparent Denial of Service [(DDOS)](http://en.wikipedia.org/wiki/Denial-of-service_attack) attack. GoDaddy is currently scrambling to restore service to their customers at this very moment. The individual claiming responsibility for the attack claims to be a member of the internet group [Anonymous](http://en.wikipedia.org/wiki/Anonymous_(group)), though he acted alone and not with the collective organization. Anonymous is infamous for a variety of attacks on various websites & services, including the recent leaking …

Member Avatar
Member Avatar
+0 forum 2

The Serious Organised Crime Agency (SOCA) website remains offline after being hit by a Distributed Denial of Service (DDoS) attack for the second time in the space of a year. Last June it was the hacktivist group LulzSec which claimed responsibility; this time nobody has yet come forward to admit they did it and explain why. However, it seems likely that hacking collective Anonymous could be behind the strike in protest over the [decision of the UK's High Court](http://www.bbc.co.uk/news/technology-17894176) to order all Internet Service Providers to block access to The Pirate Bay. ![dweb-scoa](/attachments/small/0/dweb-scoa.jpg "align-left") The SOCA website has been unavailable …

Member Avatar
Member Avatar
+1 forum 3

Following the arrest of 25 suspected members of the Anonymous hacking collective in Europe and South America, the INTERPOL website went offline. Coincidence? I don't think so. After all, Anonymous has already proven it isn't scared, or indeed incapable. of taking down law enforcement sites. Earlier in the month it managed to [URL="http://www.youtube.com/watch?v=pPZc-CqXG3U"]take the CIA website offline[/URL] and even managed to [URL="http://www.itpro.co.uk/638788/do-british-police-get-cyber-security"]listen in to a private conference call between FBI agents and Scotland Yard detectives[/URL] who were discussing how to deal with Anonymous hacking attacks amongst other things. The fact that the INTERPOL site went down within hours of INTERPOL …

Member Avatar
Member Avatar
+3 forum 1

[ATTACH=RIGHT]21767[/ATTACH]An unnamed Asian company operating within what has been described as a 'high risk e-commerce industry' has been targeted by a botnet which launched a DDoS attack of unprecedented magnitude. According to Distributed Denial of Service mitigation experts Prolexic, which claims to have successfully combated the attack, the volume of this particular attack was nothing short of extraordinary. How so? Well, consider that most high-end border routers employed by your average ISP are capable of forwarding around 70,000 packets per second typically. Now consider that the volume of this DDoS attack using TCP SYN Floods and ICMP Floods reached 25 …

Member Avatar
Member Avatar
+0 forum 4

Fatal System Error, subtitled 'The Hunt for the New Crime Lords Who Are Bringing Down the Internet' is that rarest of finds: an IT security book that is not only informative and fascinating, but truly gripping from start to finish. This newly published made for Kindle edition is the cheapest option aa well, saving $11.26 off of the $25.95 print edition cover price. [attach]17844[/attach]Joseph Menn, a reporter for the Financial Times, is surely a closet novelist such are the twists and turns that he weaves into what by rights ought to be a pretty dry expose of the emerging cybercrime …

Member Avatar
Member Avatar
+0 forum 3

Botnets are, without any shadow of a doubt, one of the [URL="http://www.itpro.co.uk/blogs/daveyw/2009/09/30/death-taxes-and-botnets/"]biggest scourges[/URL] of IT security today. From sending spam to [URL="http://www.daniweb.com/news/story238033.html"]launching DDoS attacks[/URL] and distributing malware, botnets can be found [URL="http://www.daniweb.com/blogs/showentry.php?entryid=1021"]at the centre[/URL] of most of the security problems facing computer users right now. So wouldn't it be fun if you could take down, knock over and destroy a botnet? The good news is that it seems you can, with a little determination and a lot of inside knowledge. Researchers at the FireEye Malware Intelligence Lab have been working hard at gathering the necessary knowledge with regards to one …

Member Avatar
+2 forum 0

According to the latest McAfee Labs [URL="http://www.mcafee.com/us/local_content/reports/7315rpt_threat_1009.pdf"]Third Quarter Threats Report 2009[/URL] instances of Distributed Denial of Service attacks are growing in popularity. In the last quarter the McAfee Labs observed many new attacks demanding ransom money including those aimed at sports betting companies which were taken out of action during key sporting events to cause losses in the millions. Such attacks have not only been used to make money, but also silence political opinion. But perhaps the growth of DDoS as a service, whereby cybercriminals offer botnets capable of launching such attacks to the highest bidder is the biggest worry. …

Member Avatar
+0 forum 0

According to the fourth [URL="http://www.arbornetworks.com/report"]Worldwide Infrastructure Security Report[/URL] from Arbor Networks, published today, malicious attacks on networks are continuing to rise at an alarming rate. While that is no great surprise, the fact that during 2008 Distributed Denial of Service attacks have peaked at 40 Gbps most certainly is. Arbor's fourth annual Worldwide Infrastructure Security Report includes responses from nearly 70 IP network operators in North America, South America, Europe and Asia. It has revealed that during the last couple of years the largest sustained DDoS attacks were 24 Gbps and 17 Gbps, and according to Arbor Networks this represents …

Member Avatar
+0 forum 0

The End.