This Week in Tech 656: A Camel With Your Name on It

Surprise: young people use social more than the oldsters. Some of them even use Vero. Samsung Galaxy S9 takes top marks for display and camera. Google Fiber didn’t go quite as planned. Feds in your iPhone? It’s more likely than you think. Amazon buys Ring, can now see and hear everything. US vs Microsoft II: The Revenge of the Irish. GitHub gets gotten by the biggest DDoS EVER.

Advertisements

GitHub still recovering from huge DDoS attack that started late last week

Popular coding website GitHub was the target of a huge distributed denial of service (DDoS) attack that started late last week and ran through the better part of the weekend.

Security researchers told The Wall Street Journal that the traffic was originally meant for Baidu, China’s most popular search engine. A GitHub blog post from Friday corroborates that theory, noting that the DDoS attack involved a wide range of attack vectors including every one they’ve seen from previous attacks as well as newer techniques.

The newer methods appear to be redirecting web traffic meant for Baidu and sending it to two specific GitHub pages: a copy of a Chinese version of The New York Times and one run by greatfire.org, a site that helps Chinese web users get around government-based Internet censorship.

GitHub said they believe the intent of the attack is to convince them to remove a specific class of content and that this is the largest attack in the site’s history.

The DDoS attack has evolved and we are working to mitigate

— GitHub Status (@githubstatus) March 30, 2015

As of writing, the Twitter account for the site’s health notes that mitigation tactics are deflecting most attack traffic.

The Cyperspace Administration of China didn’t respond to a request for comment by the WSJ on Sunday. Baidu said that after careful inspection by its security engineers, they ruled out the possibility of security problems or hacker attacks of their products. Security experts that the WSJ spoke to said the attack likely involved Chinese authorities because traffic was redirected at a high level.

via GitHub still recovering from huge DDoS attack that started late last week – TechSpot.

Brace for stronger DDoS attacks, security firm warns

The average size of DDoS attacks is still climbing with the number breaching 20Gbps around four times the level seen a year ago, according to Arbor Networks.

The firm\’s numbers of the first three quarters of 2013 show a rising curve with average attack sizes reaching 3-3.5Gbps, compared to 1.48Gbps for the same period in 2012. For the year as a whole, the average was now 2.64Gbps.

Although no attack in the third quarter reached the extreme scale of March\’s humungous 300Gbps Spamhaus super-DDoS, the firm\’s Atlas system did record one of 191Gbps in August, which suggests that the new traffic ceiling is shifting from 100Gbps to 200Gbps.

Probably more significant was the more than fourfold rise in the number of attacks over the 20Gbps threshold compared to 2012 with three months of the year still left to run, Arbor said.

Volume of attacks increases

Away from the notion of size, other trends are now well established, including that for packets per second (PPS) sizes, which are now on a downward path after major growth in the previous two years; IP fragmentation attacks had risen sharply from around one in ten attacks to more than a quarter.

Arbor also found that almost nine out of ten DDoS attacks lasted for less than an hour although larger ones usually went on for much longer.

Spamhaus hasn\’t been the only significant incident. A major DDoS of unknown size on the China\’s .cn country code top level domain in August briefly disrupted Internet access in the country.

\”While we didn\’t witness a Spamhaus-sized 300Gbps attack this quarter, the largest attack size we did see in ATLAS was still pretty remarkable at 191Gbps,\” said Arbor\’s solutions architect, Darren Anstee.

via Brace for stronger DDoS attacks, security firm warns | PCWorld.

Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn’t be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Also fueling the large-scale assaults are well-financed attackers who are increasingly able to coordinate with fellow crime organizations, Prolexic officials wrote in quarterly global DDoS report published Wednesday.

“These types of attack campaigns appear to be here to stay as a staple on the global threatscape,” they wrote. “Orchestration of such large attack campaigns can only be achieved by having access to significant resources. These resources include manpower, technical skills and an organized chain of command.”

The most prominent target of DDoS attacks over the past six months has been the nation’s largest banks, which at times have become completely unreachable following above average floods of traffic. Most of the assaults were preceded by online posts that showed the writer had foreknowledge of what was about to happen. The posts were penned by self-proclaimed members of Izz ad-Din al-Qassam Brigades, the military wing of the Hamas organization in the Palestinian Territories, and said the attacks were in retaliation for videos posted to YouTube that were insulting to Muslims. The Prolexic report cast doubt on some of that narrative.

Prolexic “believes these attacks go beyond common script kiddies as indicated by the harvesting of hosts, coordination, schedules and specifics of the selected attack targets,” the report stated. “These indicators point to motives beyond ideological causes, and the military precision of the attacks hints at the use of global veteran criminals that consist of for-hire digital mercenary groups.”

Full Story: Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful | Ars Technica.

Brace for more mega-DDoS attacks, security experts warn

Distributed Denial of Service attacks like the one that resulted from an altercation between a Dutch company and Spamhaus last week are on the rise, according to a report by security firm Kaspersky Labs.

The security vendor was responding to the huge DDoS attack that occurred last week, described as the biggest cyber attack in history. The attack affected millions of rank and Internet users, slowing hundreds of processes down.

Spamhaus attacks tracked

According to reports, the DDoS attack occurred when Spamhaus, an organization that blacklists spammers, blacklisted Dutch company Cyberbunker, an open hosting service that allows anyone to set up a website on its servers.

The attack exploited the architecture of the Internet to heard huge amounts of traffic to the Spamhaus website. The attack then went global, affecting the wider Internet.

“Based on the reported scale of the attack, which was evaluated at 300 Gigabits per second, we can confirm that this is one of the largest DDoS operations to date,” said Kaspersky Lab’s Global Research and Analysis team in a statement.

“The data flow generated by such an attack may affect intermediate network nodes when it passes them, thus impeding operations of normal web services that have no relation to Spamhaus or Cyberbunker. Therefore, such DDoS attack may affect regular users as well, with network slowdown or total unavailability of certain web resources being typical symptoms. There may be further disruptions on a larger scale as the attack escalates.”

According to reports, Spamhaus called on Cloudflare to counter the attack after it found its defences were being overwhelmed. Cloudflare’s counters worked, so the hackers began attacking sites affiliated with Spamhaus, as well as sites used by Cloudflare. Before long, the attack had begun to affect service across the Internet.

Expect more attacks

While the worst of this latest high-level DDoS attack may now be over, Kaspersky said that the world could expect to see more of the same. Cyber criminals can now attack much more frequently and on a much wider scale, the statement said.

“In general, attacks of this type are growing in terms of quantity as well as scale. Among the reasons for this growth is the development of the Internet itself (network capacity and computing power) and past failures in investigating and prosecuting individuals behind past attacks.”

Kaspersky said that there are two major motives behind launching such high-level attacks. Firstly, the statement said, cyber criminals conduct DDoS attacks to disrupt organizations in order to extort money from them. Secondly, hackers use DDoS attacks as a weapon to disrupt organizations out of ideological or political interests.

Going by the reports of the recent Internet-wide attack, it would appear that the attackers were making a political point, rather than attempting to extort money.

via Brace for more mega-DDoS attacks, security experts warn | PCWorld.