The possible vendetta behind US Internet attacks

Hackers launched a so-called distributed denial-of-service (DDoS) attack using ‘tens of millions’ of malware-infected devices connected to the internet. Photo: iStock

Hackers launched a so-called distributed denial-of-service (DDoS) attack using ‘tens of millions’ of malware-infected devices connected to the internet. Photo: iStock

London/New York: Millions of internet users lost access to some of the world’s most popular websites on Friday, as hackers hammered servers along the US East Coast with phony traffic until they crashed, then moved westward.

A global attack on one provider of Domain Name System services, Dyn Inc., took down sites including Twitter, Spotify, Reddit, CNN, Etsy and The New York Times for long stretches of time — from New York to Los Angeles.

Kyle York, chief strategy officer of Dyn, said the hackers launched a so-called distributed denial-of-service (DDoS) attack using “tens of millions” of malware-infected devices connected to the internet. Speaking during a conference call on Friday afternoon, York said Dyn was “actively” dealing with a “third wave” of the attack.

By Friday evening, Dyn said it had stopped the hacks. “As you can imagine it has been a crazy day,” Dyn spokesman Adam Coughlin wrote in an e-mail. “At this moment (knock on wood) service has been restored.”

Security professionals have been anticipating a rise in attacks coming from malware that targets the “Internet of Things,” a new breed of small gadgets that are connected to the internet. That was after a hacker released software code that powers such malware, called Mirai, several weeks ago.

Gillian M. Christensen, a spokeswoman for the Department of Homeland Security, said the agency and the FBI are aware of the incidents and “investigating all potential causes.”

Internet havoc

Dyn first reported site outages relating to the DDoS attack at around 7:10am New York time. The company restored service two hours later but was offline again at around noon, as another attack appeared to be underway, this time affecting the West Coast as well.

While DDoS attacks don’t steal anything, they create havoc across the internet — and are on the rise in volume and power.

Earlier in the day, Brian Krebs, a well-known journalist covering computer security, wrote that the timing of the attacks corresponded with the release of research conducted by Dyn’s director of internet analysis. Dyn highlighted potential connections between firms that offer to protect against DDoS attacks, and the hackers who conduct them. Krebs’s own website faced an “extremely large and unusual” DDoS attack after he published a story based on the same research, he said.

“We can’t confirm or even speculate on anyone’s motivation or relation to that research,” said Dave Allen, Dyn’s general counsel.

Common warfare

With attacks on the internet’s Domain Name System, hackers compromise the underlying technology that governs how the web functions, making the hack far more powerful and widespread.

The DNS translates website names into the Internet Protocol addresses that computers use to look up and access sites. But it has a design flaw: Sending a routine data request to a DNS server from one computer, the hacker can trick the system into sending a monster file of IP addresses back to the intended target. Multiply that by tens of thousands of computers under the hackers’ control, and the wall of data that flooded back is enormous. A small server may be capable of handling hundreds of simultaneous requests, but thousands every minute cause overload and ultimately shut down, taking the websites it hosts offline with it.

The practice often is employed by groups of hackers. In 2012, a DDoS attack forced offline the websites of Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., Wells Fargo & Co., U.S. Bancorp and PNC Financial Services Group Inc.

A DDoS can be achieved in a number of ways, but commonly involves a distributed network of so-called “zombie” machines, referred to as botnets. A botnet is formed with computers and other connected devices in homes or offices infected with malicious code which, upon the request of a hacker, can flood a web server with data. One or two machines wouldn’t be an issue, but if tens or hundreds of thousands fire such data simultaneously, it can cripple even the most sophisticated web servers.

In the case of the Dyn incident, the computers targeted were DNS servers. Without a DNS server, large numbers of websites are inaccessible by users across a country or even the world. In other words, taking away the DNS servers is like taking away all the road signs on a country’s highway system.

Single company targeted

So-called “authoritative” DNS providers like Dyn are notoriously hard to secure. Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, likens “authoritative” DNS providers to hospitals, which must admit anyone who shows up at the emergency room. Dyn must consider traffic going to a website as initially legitimate. In the event of a DDoS, Dyn must work quickly to sort out the bad traffic from the good, which takes time and resources, and creates outages that ripple across the internet, as was the case Friday.

Dave Palmer, director of technology at UK cybersecurity company Darktrace, said the most recent DDoS attacks have been linked to Internet of Things devices, in particular web cams.

“The joke about the Internet of Things was that you were going to get people hijacking people’s connected fridges to conduct these attacks, but in these recent cases the culprit seems to be webcams,” Palmer said. “We will probably see, when this is investigated, that it is a botnet of the Internet of Things.”

To avoid massive outages, companies ramp up their capacity to try to absorb the deluge of traffic and reroute it, often with the help of a major telecommunications carrier or cloud-services provider like Akamai Technologies Inc. and CloudFlare Inc. But the only way to really prevent denial-of-service attacks may be to increase the overall security level of consumers around the world, Palmer said, a task that is getting harder as more and more devices are connected to the Internet.

“This is exactly what happens when tens of thousands or hundreds of thousands of devices are left unprotected,” Palmer said. Bloomberg

[“Source-Gadgets”]

ISIS-Inspired Attacks Aid Jihadists At Low Cost

ISIS-Inspired Attacks Aid Jihadists At Low Cost

The strategy of inspiring attacks contrasts with many ISIS operations in Iraq, Syria.

BAGHDAD:  ISIS has claimed several high-profile attacks in the West that it appears to have inspired rather than planned, sowing fear and boosting its profile at low cost.

Such attacks require far less effort than planning and financing an operation in Europe or the United States and dispatching ISIS terrorists to carry it out, and also leave fewer signs for authorities trying to foil them.

And they allow ISIS to portray itself as being on the offensive against its foes, even as the group has suffered a string of defeats inside the cross-border “caliphate” it proclaimed in Iraq and Syria two years ago.

“They help to create a climate of fear and reinforce the idea that ISIS remains a potent force despite territorial losses,” said Aymenn al-Tamimi, a jihadism expert and research fellow at the Middle East Forum.

But “the way ISIS has claimed the attacks suggests (a) lack of direct operational involvement”.

Encouraging attacks in Western countries is a deliberate part of ISIS strategy, something indicated by “the fact that they are willing to claim most of them”, said Will McCants, also an expert on jihadists and a senior fellow at the Brookings Institution.

The strategy of inspiring attacks contrasts with many ISIS operations in Iraq, Syria and elsewhere in the Middle East that the group directly plans and for which it trains and arms militants.

x

The language used in claims for attacks in Germany on Monday and France last week pointed to an inspirational rather than operational role for ISIS.

The jihadist-linked Amaq agency said the axe-wielding teenager who attacked passengers on a train in southern Germany “carried out this operation responding to calls to target countries of the coalition fighting” ISIS.

And it used much the same language after a man in a truck ploughed through a crowd of Bastille Day revellers in the city of Nice on the French Riviera.

Both attackers were described as ISIS terrorists, but the term does not necessarily mean they had any direct ties to or training from the jihadist group.

Call for impromptu attacks

In 2014, IS spokesman Abu Mohammed al-Adnani called for attacks on citizens of Western countries and gave instructions on how they could be carried out without military equipment, using rocks or knives, or by running people over in vehicles.

The group has since released a constant stream of propaganda pictures, videos, articles and radio broadcasts lauding its activities and calling for Muslims to join it.

Such propaganda provides a framework for attacks by individuals who are psychologically troubled or otherwise prone to acts of violence, regardless of whether or not they have longstanding ties to Islamic extremism.

A French prosecutor said Mohamed Lahouaiej Bouhlel, who carried out the Nice attack, had an “unbridled sex life,” drank alcohol and ate pork — actions prohibited under Islam.

But the Tunisian-born man was said to have recently shown an interest in radicalism, which apparently inspired his rampage that killed 84 people, the third major attack in France in 18 months.

German Interior Minister Thomas de Maiziere said the train attack carried out by a 17-year-old, which injured five people, was “perhaps a case that lies somewhere between a crazed rampage and terrorism”.

And gay men reported that Omar Mateen, who killed dozens at a Florida nightclub last month and pledged allegiance to ISIS’s leader, had used gay dating apps and frequented the club he targeted — again not the standard profile of an Islamic hardliner.

“Most of the individuals behind these recent attacks seem to be from troubled backgrounds and suffer psychological problems,” Tamimi said.

But “from the IS perspective, it doesn’t matter all that much if they previously did not lead religious lives”.

The fact that material widely available online provides ready inspiration and justification for attacks poses a challenge for law enforcement.

Such attacks are “harder to prevent because they are more unpredictable”, said Tamimi.

“Not only are inspired attacks harder to stop because of the lack of operational connections,” McCants said.

“They also create more paranoia than directed attacks” as “the attacker could be anyone”.

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

[“source-ndtv”]

ISIS-Inspired Attacks Aid Jihadists At Low Cost

ISIS-Inspired Attacks Aid Jihadists At Low Cost

The strategy of inspiring attacks contrasts with many ISIS operations in Iraq, Syria.

BAGHDAD:  ISIS has claimed several high-profile attacks in the West that it appears to have inspired rather than planned, sowing fear and boosting its profile at low cost.

Such attacks require far less effort than planning and financing an operation in Europe or the United States and dispatching ISIS terrorists to carry it out, and also leave fewer signs for authorities trying to foil them.

And they allow ISIS to portray itself as being on the offensive against its foes, even as the group has suffered a string of defeats inside the cross-border “caliphate” it proclaimed in Iraq and Syria two years ago.

“They help to create a climate of fear and reinforce the idea that ISIS remains a potent force despite territorial losses,” said Aymenn al-Tamimi, a jihadism expert and research fellow at the Middle East Forum.

But “the way ISIS has claimed the attacks suggests (a) lack of direct operational involvement”.

Encouraging attacks in Western countries is a deliberate part of ISIS strategy, something indicated by “the fact that they are willing to claim most of them”, said Will McCants, also an expert on jihadists and a senior fellow at the Brookings Institution.

The strategy of inspiring attacks contrasts with many ISIS operations in Iraq, Syria and elsewhere in the Middle East that the group directly plans and for which it trains and arms militants.

The language used in claims for attacks in Germany on Monday and France last week pointed to an inspirational rather than operational role for ISIS.

The jihadist-linked Amaq agency said the axe-wielding teenager who attacked passengers on a train in southern Germany “carried out this operation responding to calls to target countries of the coalition fighting” ISIS.

And it used much the same language after a man in a truck ploughed through a crowd of Bastille Day revellers in the city of Nice on the French Riviera.

Both attackers were described as ISIS terrorists, but the term does not necessarily mean they had any direct ties to or training from the jihadist group.

Call for impromptu attacks

In 2014, IS spokesman Abu Mohammed al-Adnani called for attacks on citizens of Western countries and gave instructions on how they could be carried out without military equipment, using rocks or knives, or by running people over in vehicles.

The group has since released a constant stream of propaganda pictures, videos, articles and radio broadcasts lauding its activities and calling for Muslims to join it.

Such propaganda provides a framework for attacks by individuals who are psychologically troubled or otherwise prone to acts of violence, regardless of whether or not they have longstanding ties to Islamic extremism.

A French prosecutor said Mohamed Lahouaiej Bouhlel, who carried out the Nice attack, had an “unbridled sex life,” drank alcohol and ate pork — actions prohibited under Islam.

But the Tunisian-born man was said to have recently shown an interest in radicalism, which apparently inspired his rampage that killed 84 people, the third major attack in France in 18 months.

German Interior Minister Thomas de Maiziere said the train attack carried out by a 17-year-old, which injured five people, was “perhaps a case that lies somewhere between a crazed rampage and terrorism”.

And gay men reported that Omar Mateen, who killed dozens at a Florida nightclub last month and pledged allegiance to ISIS’s leader, had used gay dating apps and frequented the club he targeted — again not the standard profile of an Islamic hardliner.

“Most of the individuals behind these recent attacks seem to be from troubled backgrounds and suffer psychological problems,” Tamimi said.

But “from the IS perspective, it doesn’t matter all that much if they previously did not lead religious lives”.

The fact that material widely available online provides ready inspiration and justification for attacks poses a challenge for law enforcement.

Such attacks are “harder to prevent because they are more unpredictable”, said Tamimi.

“Not only are inspired attacks harder to stop because of the lack of operational connections,” McCants said.

“They also create more paranoia than directed attacks” as “the attacker could be anyone”.

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

[“source-ndtv”]

Bin weighted down’s ‘thought’ For 9/11 attacks discovered through Qaida magazine

Bin Laden's 'Inspiration' For 9/11 Attacks Revealed By Qaida Magazine
Osama turned into seemingly less inquisitive about the motive than in how the disaster may bedeveloped into a deadly new method.
JERUSALEM:
HIGHLIGHTS
An EgyptAir crash in 1999 gave Osama Bin laden the idea for September 11
In 1999, pilot intentionally crashed EgyptAir flight, killing 216 on board
This revelation changed into made inside the Al-Qaeda mouthpiece, Al Masrah
Osama bin laden were given suggestion for the lethal Sept. 11 attacks from a 1999 aircraft crashwherein an Egyptian airline pilot deliberately downed his plane within the Atlantic Ocean, the al Qaeda has claimed.

In an article titled ‘Sep 11 attacks – the tale untold’ published in its weekly mag al-Masrah, the phobiaorganization said the muse for the Sept. 11 assaults changed into the tale of Gamil al-Batouti, the Egyptian co-pilot, who deliberately crashed EgyptAir flight from los angeles to Cairo, killing 217 humans,such as a hundred americans.

in line with al-Masrah, when the then al Qaeda leader Osama heard about the Egyptian plane crash, herequested, “Why failed to he crash it into a close-by building?”, pronouncing the idea of concentrated on buildings, the Jerusalem submit stated.

Al-Batouti had intentionally downed the plane. no matter speculation over terrorism, his circle of relativesand buddies stated he had no strong ideals and reviews said that it is able to have been suicide or revenge against EgyptAir following disciplinary motion.

Osama became reputedly much less interested by the purpose than in how the disaster can beadvanced into a lethal new strategy.

whilst Osama met with Khalid Sheikh Mohammed, who became recognized as “the principal architect of the 11th of September attacksvia the Sep 11 commission report, the latter offered him with a furtherconcept — crashing American airplanes, the document said.

earlier than supplying his concept to Osama, Sheikh Mohammed commenced running on a plan to crash 12 American airplanes immediately. And so, the very last plan applied by way of al-Qaeda become aaggregate of Sheikh Mohammed’s and Osama’s thoughts — crashing

American airplanes into the buildings of the arena trade center, it said.

Al-Masra is launched by Ansar al-Sharia, which is an alias for al-Qaeda within the Arabian Peninsula (AQAP).

Pakistan, Indonesia Lead in Malware attacks: Microsoft

Pakistan, Indonesia Lead in Malware Attacks: Microsoft

Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal entice the best prices of attemptedmalware attacks, in line with Microsoft Corp.

nations that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a brand new examine, based on sensors in structures jogging Microsoft anti-malware software.

“We take a look at north of 10 million assaults on identities every day,” stated Microsoft manager Alex Weinert, although assaults do no longer always be successful.

about half of all assaults originate in Asia and one-5th in Latin the usa.

hundreds of thousands arise each year whilst the attacker has legitimate credentials, Microsoft said,which means the attacker knows a consumer‘s login and password. A generation known as devicestudying can often locate those attacks by using searching out information points which includewhether or not the place of the person is acquainted.

On common, 240 days elapse between a security breach in a laptop system and detection of that breach,said Tim Rains, director of security at Microsoft. The observe, Microsoft security Intelligence file, comes out Thursday.

© Thomson Reuters 2016

download the devices 360 app for Android and iOS to live updated with the state-of-the-art tech news, product opinions, and distinctive deals on the popular mobiles.

Tags: Apps, Indonesia, net, Malware, Microsoft, Pakistan

This chart shows how attacks on freedom of speech in India have soared this year

This chart shows how attacks on freedom of speech in India have soared this yearFrom sedition cases against Jawaharlal Nehru University students for allegedly chanting anti-national slogans to attacks on journalists in Chhattisgarh, India has been having a bad year for freedom of speech.

Eleven cases of sedition have been filed against 19 people in merely the first three months of 2016. No cases under this category were filed in the same quarter in the last two years, according to a report compiled by the media watchdog The Hoot.

The report, released this week, points out that the sedition charges against six students of Delhi’s JNU were only the first of a series of cases filed against people across the country – ranging from Congress Vice President Rahul Gandhi to Asaduddin Owaisi, the member of parliament from Hyderabad.

Defamation cases involving politicians also jumped: 27 cases were filed in the first quarter of the year compared to just two cases filed in the corresponding period last year, according to The Hoot.

Media targeted

During the same period, reporters around the country have been under attack in several places. In the first three months of this year, 14 attacks on media personnel have been reported, often resulting in their equipment being damaged. In February, Karun Mishra, the Bureau Chief of the Jansandesh Times, was shot dead in Sultanpur.

Last month, two journalists were arrested in Chhattisgarh. This comes in the wake of reports that as many as nine journalists covering the JNU agitation were contacted for questioning by the Delhi Police. Some of these reporters said that that police personnel even came knocking on their doors.

The Editors’ Guild even issued a statement last week claiming that “not a single journalist” is working without fear or pressure in Bastar, the district in Chhattisgarh most affected by Maoist violence. “There is pressure from Maoists as well on the journalists working in the area,” said the body, which has more than 200 editors as its members.

“There is a general perception that every single journalist is under the government scanner and all their activities are under surveillance. They hesitate to discuss anything over the phone because, as they say, ‘The police is listening to every word we speak.’”

Reports suggest that journalists in Bastar are being followed or their phones have been tapped by authorities to track their movements while others claim that vigilante groups on the ground are getting a free-run in harassing and filing false cases against those reporters who dare to speak out about the violence in the red-corridor region.

Increasing intolerance

Cases of censorship have also risen this year compared to the corresponding period in the last two years. While only two such instances were reported in the first quarter of 2015, the tally was 17 this year. These cases range from Urdu writers being asked to declare that their writings would not criticise the government or the country to comedian Kiku Sharda being arrested, bailed out and then re-arrested for mimicking godman Gurmeet Ram Rahim in Haryana.

While threats to freedom of speech are not new, the intention may be different this time. As social scientist Pratap Bhanu Mehta wrote in theIndian Express in February, when the government swooped down on JNU student leaders:

The government does not want to just crush dissent; it wants to crush thinking, as its repeated assaults on universities demonstrate… Nothing that the students did poses nearly as much threat to India, as the subversion of freedom and judgement this government represents. The honourable ministers should realise that if this is a debate about nationalism, it is they, rather than JNU, who should be in the dock. They have threatened democracy; that is the most anti-national of all acts.

We welcome your comments at [email protected]

[“source-Scroll”]

US Cyber-Security Experts Test Skills in Exercise Meant to Stop Attacks

US Cyber-Security Experts Test Skills in Exercise Meant to Stop Attacks

The moment a US official pressed a computer key Tuesday, dozens of security experts who gathered in an underground control room girded themselves for a cyber-attack – a drill meant to thwart the kinds of intrusions that have recently crippled health networks and retail giants.

The weeklong event run by the Homeland Security Department and hosted by the US Secret Service is now a decade old. But officials say this week’s exercises are becoming more important as both the government and private sector have reeled from breaches of personal data.

More than 1,000 US cyber-security professionals are participating in – and testing how well they respond to – a mock attack, said Gregory Touhill, a Homeland Security Department deputy assistant secretary for cyber-security protection. They’ll be working together for three days in Washington and across the nation.

“Retail and health care have been in the headlines – and, frankly, in the crosshairs for a lot of criminals,” Touhill said. Household names like Target Corp., The Home Depot, UCLA Health Systems and AnthemInc. have all faced recent cyber-attacks that compromised millions of their customers’ data.

(Also see:  Anthem Hit by Massive Cyber-Security breach)

US officials wouldn’t detail the attack scenarios unfolding this week because they said it would tip off the drill’s participants. But they said their event has one, overarching scenario, with roughly 1,000 smaller events – spurred by a phone call, an email or a news article – that could be indicators of an looming cyber-attack.

Suzanne Spaulding, a top Homeland Security cyber official, said the “challenge is here and now.” She pointed to a “nightmare” scenario last December, in which hackers attacked the Ukrainian electrical grid and cut power to about a quarter-million people.

During previous US-led tests, officials found what they called areas for improvement. Touhill said at least two areas from a previous test are still being addressed, including ensuring people have and follow protocols, and security personnel share information effectively.

Secret Service Director Joseph Clancy described the event Tuesday as a way to stay one step ahead of criminals who’ve taken advantage of new and changing technology, and who have changed their own tactics.

In addition to eight participating state governments – Wyoming, Missouri, Mississippi, Georgia, Maine, Nevada, Oklahoma and Oregon – officials from five countries are also observing the exercises. The Homeland Security Department wouldn’t reveal the countries involved.

Other participants include health companies, Internet service providers, telephone companies and retail organizations. The aim is to test human response and coordination, not necessarily the participants’ technical skills.

“We’re looking to find the failure points, to raise the bar in every scenario,” Touhill said.

Recent attacks have also hammered the financial sector, in which a 2014 data breach at JPMorgan Chase affected more than 76 million households and 7 million small businesses. The bank said hackers may have stolen names, addresses, phone numbers and email addresses.

Meanwhile, US officials told Congress last year the Office of Personnel Management didn’t take basic steps to secure their computer networks. That allowed to Chinese-linked hackers to steal private information about nearly every federal employee, as well as detailed personal histories of millions who had security clearances.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Cyber attack, Cyber security, Homeland Security Department, Internet
[“source-Gadgets”]