Spamhaus hit with largest DDoS Ever Recorded – More than 300 Gps

Akamai Spamhaus DDOS Stats
Current Global Attacks according to Akamai.com

Internet Spam fighting organization Spamhaus with the help of CloudFlare has recovered from the largest Distibuted Denial of Service attack ever reported. The attacks that started at 10Gbs on the 18th rapidly increased in the last week until they hit an unprecedented volume of 300 Gps!

Spamhaus tracks internet spammers and works with law enforcement to help shut them down. Apparently some bad guys didn’t like this and attacked their website with a 10 Gbs DDoS stream of traffic knocking them offline. Spamhaus turned to the popular website security company Cloudflare for help.

Cloudflare was able to deflect the attacks which according to Cloudflare’s blog ramped up to 120 Gbs on the 21st. Then the attackers stopped the attack and then tried something they had not seen before. The attackers turned their DDoS against the upstream providers for Cloudflare with attacks ranging up to 300 Gps, forcing Cloudflare to temporarily drop peering for London:

Cloudflare Spamhaus Twitter Post

The attacks effected worldwide website traffic according to an article today on Foxnews. “If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why,” said Matthew Prince, CEO of CloudFlare.

Spamhaus is up and running today. But a quick look at Akamai.com shows that global attacks are still elevated (See image at top of post).

Advertisements

Numerous Israeli Websites Down – Anonymous Claims Responsibility

This morning I was on a forum that was discussing IDF Special Forces and one person mentioned that they just ordered a IDF Special Forces t-shirt that they thought was very cool and to check it out. The only problem was the link did not seem to be working. The site seemed to be down. I went to another website that sold IDF t-shirts, again, they appeared to be having website problems. Lastly I went to a real IDF backed site and the website was very sluggish.

Finally, it dawned on me that this could be the work of pro-Gaza Islamic supporters.

Sure enough it looks like Anonymous has stepped into the online social media battle that is being waged between the IDF and Gaza militants. As rockets fall on Israel and Israel retaliated, a war of words was being fought on Twitter and Facebook. As was mentioned yesterday, I figured it would only be a matter of time before political hacktivists would get involved and target websites.

Well, it didn’t take long at all as the hacker group “Anonymous” kicked off “#OPIsrael”.

Anonymous claimed in a tweet to have taken down 40+ Israeli government and military websites in three hours. Not so, claimed the security company Radware in a NY Times Report:

“Radware, a computer security company, said that in all but a few cases they were unsuccessful. But they did take down a blog page belonging to the I.D.F. and replaced the home page of what they said was a private Israeli surveillance and security company with an image of Gaza in flames and the following message: “Stop bombing Gaza! Millions of Israelis & Palestinians are lying awake, exposed and terrified.”

According to the article Anonymous recruited hackers through Twitter, IRC Chat and a Pastebin post to run Denial of Service programs, like the Low Orbit Ion Cannon (LOIC) to attack Israeli backed sites. Apparently the attack is still ongoing as several Israeli government and military themed sites that I tried to visit today were down or seriously sluggish.

Many times Denial of Service attacks are not hi-tech, they simply flood websites with tons of simultaneous requests from thousands of computers and bog the servers down. Called Distributed Denial of Service Attacks, they can be very effective if target websites do not have ways to deflect or absorb the large volume of requests.

I am sure the Israeli Cyber teams will respond with attacks on Anonymous sites and group members. But unfortunately it looks like the the possibility of a ground military operation could be forthcoming as Israel’s Defense Minister Ehud Barak has called for up to 30,000 reservists to be activated. With most of those being from the Engineering Corp, that would prepare paths for armored vehicles to enter into Gaza.

We will have to watch this closely as a military operation into Gaza could cause increased conflict in the area, with one Israeli media outlet even hinting that the escalation could lead to war with Iran.

40 South Korean Websites under Cyber Attack

According to the AFP, numerous S. Korean websites came under a Distributed Denial of Service (DDoS) attack today:

AhnLab said sites included those of the presidential Blue House, the US forces, the military Joint Chiefs of Staff, the ministries of foreign affairs, defence and unification, the spy agency, parliament and the tax office.

AhnLab said its own website had also come under attack along with those of seven major banks in the incident that began at 10 am (0100 GMT).

According to the article, some of the sites were back up within an hour of the attack. The attack was similar to an attack in 2009 that shut down 25 sites including one in the US. The South Korean intelligence blamed N. Korea for that attack.

More information will be released as it becomes available.

Cloud Computing: HP Top Security Threats Webinar

The Cloud Security Alliance in cooperation with HP have released the “Top Threats to Cloud Computing”. The top threats are:

  • Abuse and Nefarious Use of Cloud Computing
  • Insecure Interfaces and APIs
  • Malicious Insiders
  • Shared Technology Issues
  • Data Loss or Leakage
  • Account or Service Hijacking
  • Unknown Risk Profile

The first point mentioned, “Abuse and Nefarious Use of Cloud Computing” covers credit card fraud, spammers, credential cracking, DDoS and Botnets. For the full report see the Cloud Security Association website. Or sign up for HP’s live webcast, “Seven Deadly Sins of Cloud Computing” scheduled for 3/23.