Scam of the day – October 22, 2016 – Massive DDoS attack hits Eastern United States

For a few hours yesterday many Internet users on the East Coast of the United States were unable to access some of the most popular destinations on the Internet including Amazon, Twitter, Spotify, Netflix and PayPal as a result of a massive Distributed Denial of Service (DDoS) attack on Dyn a prominent Domain Name System (DNS) provider that hosts the attacked companies’ websites.  Domain Name System providers permit you to type in a simple web address such as anycompany.com which then gets translated into the long, complicated numeric Internet address of the company and connects you to their website.  A DDoS occurs when the DNS provider gets flooded with an overwhelming amount of traffic which causes the website to shut down.  Often the traffic comes from an army of botnet computers which are computers of unsuspecting people that become infected and can be remotely used to send the huge amounts of communications necessary to cause a DDoS.  This problem has become magnified as the cybercriminals infiltrate and incorporate into their botnet not just computers, but also the myriad of devices that make up the burgeoning Internet of Things.  Anything that  is connected to the Internet can be hacked and used to become a part of a botnet.  Too often, many of these devices that make up the Internet of Things are poorly protected with weak passwords and are easily hacked.

While this particular DDoS was remedied after a few hours, the threat of DDoS attacks continues to increase.  Banks and other financial institutions have found themselves particularly targeted in the last year by DDoS attacks.  The potential for major disruption of the Internet by DDoS attacks is significant.

TIPS

While there is nothing that we as consumers can do to stop DDoS other than to maintain the security of our own computers and devices connected to the Internet to keep them from becoming a part of a botnet, there are a number of steps that companies should be taking to protect themselves from future DDoS attacks in addition to the regular Firewalls and routers configured as best they can be to reject malicious traffic including the use of load balancers to spread traffic across multiple servers within a network to create additional capacity to handle the traffic as well as cloud based programs to identify and divert malicious traffic.

Already we have seen the threats of DDoS attacks used to extort money from companies and the threat that DDoS attacks pose is increased because cybercriminals are now selling the malware necessary to carry out such attacks on the Dark Web which is that part of the Internet where cybercriminals do business.  In addition, cybercriminals can also rent the use of botnets on the Dark Web as well to assist them in carrying out their crimes.

Scam of the day – June 14, 2016 – Hacking group attacks London Stock Exchange.

In May 6th’s Scam of the day I told you about the international hacking collective Anonymous announcing on YouTube a month-long campaign they were launching against banks around the world. Anonymous calls this campaign Operation Icarus.   Previously Anonymous had managed to take down the website of the Bank of Greece for a short period of time.  The Bank of Greece indicated, however, that no personal information was accessed and no data was lost.  Now Anonymous managed to take down the website of the London Stock Exchange although again, it does not appear that any personal information was stolen.  The website was taken down through the use of a Distributed Denial of Service (DDoS) attack by which a website is flooded with communications often through a botnet of hacked computers that results in an overload of the website causing it to shut down.  Although this type of attack is inconvenient, it does not carry with it a significant threat to the workings of the targeted company, in this case, the London Stock Exchange, which continued trading and did not lose any sensitive information.

Here is a link to the video announcement of Anonymous of its campaign against the banks of the world.  https://www.youtube.com/watch?v=GpGWaa3uCNo

The world banking system is an increasing target of hackers and cybercriminals.   The recent cyber bank robbery of the Bangladesh Central Bank in which hackers succeeded in stealing approximately 81 million dollars is just the tip of the iceberg.  I reported to you in February of 2015 about the exploits of the Russian cybergang Carbanak that stole as much as a billion dollars from up to a hundred banks worldwide.  The full extent of the vulnerability of banks to cybercrime is still unknown because it is believed that many banks that have been victimized by cybercriminals don’t report the thefts to regulatory authorities due to vague standards mandating the reporting of such security breaches.

More recently, the FBI warned banks to be on the lookout for attacks by cybercriminals and to particularly be vigilant in regard to international transfer requests.

TIPS

The vulnerabilities in the interconnected world banking system as well as vulnerabilities in the security of individual banks have been and are being exposed by hackers such as those in Carbanak and those responsible for the hacking of the Central Bank of Bangladesh.  Greater attention to cybersecurity by banks around the world is critical.  In addition, regulators both in the United States and around the world need to establish new standards by which all banks must operate to safeguard their accounts.  As for we, the depositors in these institutions, the best we can do is monitor our own accounts regularly for fraudulent activity and make sure that we are not the weakest link when it comes to protecting our username and password when doing online banking.  We should also use dual factor authentication when doing online banking as an additional security measure.

Scam of the day – December 22, 2015 – Hackers threaten to attack Xbox Live and PlayStation Network on Christmas

Many gamers may remember that it was last Christmas that the hacking group, Lizard Squad tooK both Xbox Live and Playstation Network offline rendering them useless.  Now, a different hacking group is threatening to do the same thing three days from now on Christmas and keep the networks inoperable for a week.  Last year these two online gaming networks were brought to a halt by an attack called a Distributed Denial of Service (DDOS) whereby hackers are able to mobilize a network of zombie computers called a botnet into flooding the system and overwhelming it with phony access requests.  Even people playing a physical copy on their own machines were affected because newer versions of the consoles used to play video games require online authentication in an effort to thwart pirated video game copies.

Phantom Squad, the group threatening the attack this Christmas has apparently already attacked Microsoft’s Xbox Live last week temporarily taking it offline.  The motive behind the threatened attack  apparently is a response to both Microsoft and Sony, the maker of the Playstation Network not taking the steps necessary to provide greater security to users of their networks.

 

TIPS

Although the danger to individual players is non-existent, it certainly is a major inconvenience to video game players around the world.  DDOS attacks are relatively simple to achieve and the fact that companies are still vulnerable to such attacks reminds us that companies have much work to do to improve the reliability and security of their systems.  The world is connected through the Internet, a system that was naively developed without security being a major concern.  Government and private industry must take all necessary steps to reinvent the Internet with greater security before the effects of hacking become more than just the inconvenience of not being able to play a video game and become attacks on major systems such as the energy grid that have greater effects on our way of life.

Scam of the day – December 27, 2014 – PlayStation Network and Xbox Live hacked again

Apparently making good on their threat from earlier this month, the hacking group Lizard Squad brought down the online gaming networks for Xbox Live and PlayStation Network on Christmas day with the effects continuing through Friday.   The two online gaming networks were brought to a halt by an attack called a Distributed Denial of Service (DDOS) whereby hackers are able to mobilize a network of zombie computers called a botnet into flooding the system and overwhelming it with phony access requests.  As many as 146 million people may have been affected by this outage with even people playing a physical copy on their own machines affected because newer versions of the consoles used to play video games require online authentication in an effort to thwart pirated video game copies.

Kim Dotcom, the creator of the sharing site Megaupload may have induced Lizard Squad to stop the attack when he offered free lifetime vouchers for his MegaPrivacy website that provides encrypted cloud storage on the condition that Lizard Squad stop the attack on Xbox Live and the PlayStation Network and pledge not to do attack them again.

Lizard Squad came to public awareness in August when the group claimed responsibility for hacking the PlayStation Network.  In September the group claimed to have brought down a number of online video game networks including the popular Gran Theft Auto Online and Call of Duty.  Earlier this month it used another DDOS attack to temporarily bring down the PlayStation Network and Xbox Live.  At that time it threatened a further strike of some kind on Christmas on which it has apparently followed through.

TIPS

Although the danger to individual players is non-existent, it certainly is a major inconvenience to video game players around the world.  DDOS attacks are relatively simple to achieve and the fact that companies are still vulnerable to such attacks reminds us that companies have much work to do to improve the reliability and security of their systems.  The world is connected through the Internet, a system that was naively developed without security being a major concern.  Government and private industry must take all necessary steps to reinvent the Internet with greater security before the effects of hacking become more than just the inconvenience of not being able to play a video game and become attacks on major systems such as the energy grid that have greater effects on our way of life.