Forwarded from BlackBox (Security) Archiv
Anonymous Tweets U.S. Hit by Major DDoS Attack on June 15
Following a massive cell phone service outage that affected hundreds of thousands of T-Mobile, AT&T, Verizon and Sprint customers on Monday, the hacktivist group Anonymous tweeted that it was a result of a βmajor DDoS attack.β The companies affected and authorities have not confirmed the claim.
DDoS, short for Distributed Denial of Service, is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Attackers target a wide variety of important resources, from banks to news websites, flooding the sites with too much information to operate and causing a major challenge to people wanting to publish or access important information.
Anonymous tweeted out a digital map that appeared to show the various types of attacks happening between America and the rest of the world on Monday.
The U.S. is currently under a major DDoS attack. https://t.co/7pmLpWUzUp pic.twitter.com/W5giIA2Inc
β Anonymous (@YourAnonCentral) June 15, 2020
ππΌ Read more:
https://heavy.com/news/2020/06/anonymous-ddos-attack-cell-service-outage/
#anonymous #usa #ddos #attack
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Following a massive cell phone service outage that affected hundreds of thousands of T-Mobile, AT&T, Verizon and Sprint customers on Monday, the hacktivist group Anonymous tweeted that it was a result of a βmajor DDoS attack.β The companies affected and authorities have not confirmed the claim.
DDoS, short for Distributed Denial of Service, is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Attackers target a wide variety of important resources, from banks to news websites, flooding the sites with too much information to operate and causing a major challenge to people wanting to publish or access important information.
Anonymous tweeted out a digital map that appeared to show the various types of attacks happening between America and the rest of the world on Monday.
The U.S. is currently under a major DDoS attack. https://t.co/7pmLpWUzUp pic.twitter.com/W5giIA2Inc
β Anonymous (@YourAnonCentral) June 15, 2020
ππΌ Read more:
https://heavy.com/news/2020/06/anonymous-ddos-attack-cell-service-outage/
#anonymous #usa #ddos #attack
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Digitalattackmap
Digital Attack Map
A live data visualization of DDoS attacks around the globe
Hidden Algorithm Flaws Expose Websites to DoS Attacks
Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes?
This week, the notorious 8chan went down after its infrastructure provider Cloudflare withdrew services over the forum's radical, violence-promoting content. Cloudflare didn't shut the site down directly, but by removing its protection against distributed denial of service attacks, it could all but guarantee that the forum would crash. But while classic DDoS attacks, which overwhelm a site with junk traffic, have persisted and evolved across the web, researchers are warning about a new spinoff: subtle attacks that target not server capacity, but algorithms.
https://www.wired.com/story/algorithm-dos-attack/
#algorithm #ddos
Why throw a bunch of junk traffic at a service, when all it takes to stall it out is just a few bytes?
This week, the notorious 8chan went down after its infrastructure provider Cloudflare withdrew services over the forum's radical, violence-promoting content. Cloudflare didn't shut the site down directly, but by removing its protection against distributed denial of service attacks, it could all but guarantee that the forum would crash. But while classic DDoS attacks, which overwhelm a site with junk traffic, have persisted and evolved across the web, researchers are warning about a new spinoff: subtle attacks that target not server capacity, but algorithms.
https://www.wired.com/story/algorithm-dos-attack/
#algorithm #ddos
Forwarded from BlackBox (Security) Archiv
Police data - BlueLeaks server confiscated near Zwickau (Germany)
A few weeks ago, the transparency collective Distributed Denial of Secrets published hundreds of thousands of internal data from 200 police stations in the USA. The case now also occupies the public prosecutor's office in Zwickau, which apparently confiscated a server of the collective.
Zwickau police have confiscated a server on which data from US police departments known as BlueLeaks was available for download. This was announced by Emma Best via Twitter, a person associated with the Leaking collective Distributed Denial of Secrets (DDoS). The server is the "primary public download server" and no sources are in danger due to the confiscation.
In another tweet, an excerpt from an e-mail from the provider is attached, in which the provider states the file number and writes that he should only now have informed the persons concerned. He was not allowed to say more about the case. This provider is apparently the company Hetzner, which maintains a data centre near Zwickau. A used IP address of DDoS also refers to Hetzner.
A short-term inquiry by netzpolitik.org on Tuesday evening, on what basis the server was seized and what the operators are accused of, has not yet been answered by the Zwickau public prosecutor's office.
https://twitter.com/NatSecGeek/status/1280519169151205381
More info π©πͺ:
https://netzpolitik.org/2020/polizei-daten-blueleaks-server-bei-zwickau-beschlagnahmt/
#BlueLeaks #DDoS #Zwickau
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A few weeks ago, the transparency collective Distributed Denial of Secrets published hundreds of thousands of internal data from 200 police stations in the USA. The case now also occupies the public prosecutor's office in Zwickau, which apparently confiscated a server of the collective.
Zwickau police have confiscated a server on which data from US police departments known as BlueLeaks was available for download. This was announced by Emma Best via Twitter, a person associated with the Leaking collective Distributed Denial of Secrets (DDoS). The server is the "primary public download server" and no sources are in danger due to the confiscation.
In another tweet, an excerpt from an e-mail from the provider is attached, in which the provider states the file number and writes that he should only now have informed the persons concerned. He was not allowed to say more about the case. This provider is apparently the company Hetzner, which maintains a data centre near Zwickau. A used IP address of DDoS also refers to Hetzner.
A short-term inquiry by netzpolitik.org on Tuesday evening, on what basis the server was seized and what the operators are accused of, has not yet been answered by the Zwickau public prosecutor's office.
https://twitter.com/NatSecGeek/status/1280519169151205381
More info π©πͺ:
https://netzpolitik.org/2020/polizei-daten-blueleaks-server-bei-zwickau-beschlagnahmt/
#BlueLeaks #DDoS #Zwickau
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Tutanota - We are under another DoS attack and working on mitigating this already. We apologize for this inconvenience.
π ππΌ https://twitter.com/TutanotaTeam/status/1295456582956994567
#tutanota #ddos #attack
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
π ππΌ https://twitter.com/TutanotaTeam/status/1295456582956994567
#tutanota #ddos #attack
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
New Zealand stock exchange hit by cyber attack for second day
Trading halted again, one day after overseas DDoS bombardment that forced stock market to shut down
New Zealandβs stock market has been interrupted by an apparent overseas cyber attack for the second day running.
The Wellington-based NZX exchange went offline at 11.24am on Wednesday and although some connectivity was restored for investors, some trading was halted.
The NZX said it had experienced βnetwork connectivity issuesβ and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.
However it then announced that those areas would resume trading with the rest of the market at 3pm on Wednesday.
https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day
#NewZealand #NZ #Stock #Exchange #cyber #attack #DDOS
Trading halted again, one day after overseas DDoS bombardment that forced stock market to shut down
New Zealandβs stock market has been interrupted by an apparent overseas cyber attack for the second day running.
The Wellington-based NZX exchange went offline at 11.24am on Wednesday and although some connectivity was restored for investors, some trading was halted.
The NZX said it had experienced βnetwork connectivity issuesβ and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.
However it then announced that those areas would resume trading with the rest of the market at 3pm on Wednesday.
https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day
#NewZealand #NZ #Stock #Exchange #cyber #attack #DDOS
Forwarded from BlackBox (Security) Archiv
You are not anonymous on Tor - Last February, my Tor onion service came under a huge Tor-based distributed denial-of-service (DDoS) attack
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
π‘ Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
π ππΌ https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
π‘ Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
π ππΌ https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
You are not anonymous on Tor
π ππΌ https://t.me/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
π ππΌ https://t.me/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Powerhouse VPN products can be abused for large-scale DDoS attacks
Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.
Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks.
This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.
The researcher said the root cause of this new DDoS vector is a yet-to-be-identified service that runs on UDP port 20811 on Powerhouse VPN servers.
Phenomite says that attackers can ping this port with a one-byte request, and the service will often respond with packets that are up to 40 times the size of the original packet.
Since these packets are UDP-based, they can also be modified to contain an incorrect return IP address. This means that an attacker can send a single-byte UDP packet to a Powerhouse VPN server, which then amplifies it and sends it to the IP address of a victim of a DDoS attack βin what security researchers call a reflected/amplified DDoS attack.
https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks/
#powerhouse #vpn #abuse #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.
Botnet operators are abusing VPN servers from VPN provider Powerhouse Management as a way to bounce and amplify junk traffic part of DDoS attacks.
This new DDoS vector has been discovered and documented by a security researcher who goes online as Phenomite, who shared his findings with ZDNet last week.
The researcher said the root cause of this new DDoS vector is a yet-to-be-identified service that runs on UDP port 20811 on Powerhouse VPN servers.
Phenomite says that attackers can ping this port with a one-byte request, and the service will often respond with packets that are up to 40 times the size of the original packet.
Since these packets are UDP-based, they can also be modified to contain an incorrect return IP address. This means that an attacker can send a single-byte UDP packet to a Powerhouse VPN server, which then amplifies it and sends it to the IP address of a victim of a DDoS attack βin what security researchers call a reflected/amplified DDoS attack.
https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks/
#powerhouse #vpn #abuse #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNet
Powerhouse VPN products can be abused for large-scale DDoS attacks
Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.
Forwarded from BlackBox (Security) Archiv
Let's Encrypt's performance is currently degraded due to a DDoS attack
Our services' performance is currently degraded due to a Distributed Denial of Service (DDoS) attack, which we are working to mitigate.
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6044830be2838505358d3108
#letsencrypt #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Our services' performance is currently degraded due to a Distributed Denial of Service (DDoS) attack, which we are working to mitigate.
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6044830be2838505358d3108
#letsencrypt #ddos #attacks
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Nine-year-old kids are launching #DDoS attacks against government indoctrination centers
https://www.bitdefender.com/blog/hotforsecurity/nine-year-old-kids-are-launching-ddos-attacks-against-schools/
https://www.bitdefender.com/blog/hotforsecurity/nine-year-old-kids-are-launching-ddos-attacks-against-schools/
Hot for Security
Nine-year-old kids are launching DDoS attacks against schools
Britain's computer crime cops are targeting youngsters as young as nine years
old in an attempt to dissuade them from embarking on a life of cybercrime.
old in an attempt to dissuade them from embarking on a life of cybercrime.
We are experiencing a network-wide DDoS attempt impacting the performance of the Tor network, which includes both onion services and non-onion services traffic. We are currently investigating potential mitigations.
https://status.torproject.org/
#Tor #DDoS
https://status.torproject.org/
#Tor #DDoS
status.torproject.org
Tor Project status
We continuously monitor the status of our services and if there are any interruptions an update will be posted here. If you need to modify this page, follow the documentation (mirror).