Posts Tagged ‘denial of service’

China’s Secret Weapon in South Korea Missile Fight: Hackers

April 21, 2017

China denies it is retaliating over the Thaad missile system, but a U.S. cybersecurity firm says they are

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean.

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. PHOTO: AFP PHOTO / DOD / BEN LISTERMAN
.

April 21, 2017 5:20 a.m. ET

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue.

In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.

No automatic alt text available.

The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.

While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.

One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.

China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” China has said it is itself a major hacking victim but has declined to offer specifics.

Mr. Hultquist said the two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. He declined to offer more specific details.

HACK ATTACKS

Recent cyberattacks attributed to Chinese state-backed groups.

  • Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
  • February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
  • Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
  • 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
  • 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
  • *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
  • **A strategy in which the attacker guesses or observes which websites a targeted group often uses and infects them with malware to infect the group’s network..
  • Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.

South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.

A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.

The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.

Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.

The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.

The two hacking groups with alleged ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.

South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.

Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. She declined to comment on its source.

China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.

The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.

The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.

FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. Trend Micro declined to comment.

Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.

Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”

Write to Jonathan Cheng at jonathan.cheng@wsj.com and Josh Chin at josh.chin@wsj.com

 

.

Thai King’s Office Seeks Changes to Draft Constitution: PM

January 10, 2017

BANGKOK — Thai King Maha Vajiralongkorn’s office has requested changes to a draft constitution regarding royal powers, the prime minister said on Tuesday.

“The request said there are three to four issues that need fixing to ensure his royal powers,” Prime Minister Prayuth Chan-ocha Prayuth told reporters.

Prayuth did not give details but said the changes would be made.

The draft constitution was passed in a referendum in August last year. It paves the way for a return to civilian rule, including a general election that the military government has promised for this year.

(Reporting by Aukkarapon Niyomyat; Editing by Robert Birsel)

Image may contain: 1 person, outdoor

Thai King Maha Vajiralongkorn (Photographed while he was still crown prince)

Related:

Image may contain: sky

Thailand: After changes to the law governing Internet, cyber crime — More extensive online monitoring by the state seems likely

December 26, 2016

Reuters — Thai police have detained nine people suspected of hacking government websites to protest against amendments to a cyber security law that critics say strengthens the authorities’ oversight of the internet.

Parliament passed legislation this month amending a cyber crime law, which rights groups said would likely to lead to more extensive online monitoring by the state.

In response, hackers launched a wave of cyber attacks last week, shutting down dozens of government websites.

The government said the websites were only down temporarily and the attacks caused minimum disruption.

Image may contain: one or more people

Deputy Prime Minister Prawit Wongsuwan told reporters nine people had been arrested in connection with the hacking.

One of those arrested has been charged with breaking the cyber crime law, police said.

“The rest remain in custody and are being processed in accordance with the law,” police spokesman Dejnarong Suthicharnbancha told Reuters.

Thailand’s military government has increased online censorship since it seized power in a 2014 coup, in particular to block perceived insults to the royal family.

Criticism of the monarch, the regent or the heir is a crime known by the French term lese majeste, which carries a jail sentence of up to 15 years.

Since the death of King Bhumibol Adulyadej on Oct. 13 and the ascension of new King Maha Vajiralongkorn on Dec. 1, authorities have shut down hundreds of websites carrying what they consider to be material critical of the monarchy.

How Money and Politics Can Destroy The Human Brain — Malaysian “Cyber Court” Charges Editors with “Intent to Annoy” in Chinese-Style Kangaroo Court After Reporting on 1MDB (We Think 1MDB Is a Really Good Thing — Chinese Courts Also)

November 18, 2016

Amnesty International says hauling of Malaysiakini journalists before specially convened ‘cyber court’ is the latest move to stifle non-government media

Najib says “he was the first to order an investigation” into the corruption of 1MDB

Malaysian Prime Minister Najib Razak said he was the first to order an investigation into 1Malaysia Development Berhad (1MDB).

PETALING JAYA – In an interview with a Japanese weekly, Malaysian Prime Minister Najib Razak said he was the first to order an investigation into 1Malaysia Development Berhad (1MDB).

In an interview published in the Nikkei Asian Review yesterday, he said the Malaysian authorities have led investigations into 1MDB

“It was I who first instructed multiple authorities in Malaysia to conduct investigations,” he stated.

The Malaysian Anti-Corruption Commission, the Auditor-General, the police and the bipartisan Parliamentary Public Accounts Committee have conducted probes.

“I have always made clear that full co-operation should be extended to any investigation, provided it is in accordance with the laws of our country,” said Mr Najib.

“Furthermore, as I have consistently stated, if any wrongdoing is proven, the law will be enforced without exception,” he added.

He noted that the 1MDB issue has been highly politicised by “certain elements within Malaysia” attempting to exploit the issue for their personal “political benefit”.

He also accused certain people of feeding the foreign authorities with “false or incomplete information”.

Read also: Najib’s stepdaughter speaks out against family for 1MDB crisis

“Those outside Malaysia cannot always appreciate these complexities, but it is something they should bear in mind to avoid becoming entangled in what has become a domestic political matter,” he said.

Mr Najib was responding to questions from Japan’s Nikkei Asian Review ahead of his three-day visit to Tokyo yesterday.

The Malaysian investigation into 1MDB concluded that weaknesses existed in the management but none of its executives have been charged on allegations of embezzlement.

However, the authorities in Singapore, Switzerland and the United States are probing entities and people related to 1MDB for possible money laundering and other offences.

In the interview with Nikkei Asian Review, Mr Najib also spoke about the Trans-Pacific Partnership agreement, Malaysia’s ties with China and Malaysia’s bilateral relationship with Japan.

.

– See more at: http://news.asiaone.com/news/malaysia/najib-says-he-initiated-1mdb-probe#sthash.XBJ1Te8e.dpuf

“Malaysian Leader 1” (Left) Hong Kong Chief Executive CY Leung and China’s “Core Leader” Xi Jinping.

Related:

 ********************************

The co-founders of an independent news website that has reported extensively on a corruption scandal involving Malaysia’s prime minister, Najib Razak, have been charged with offences including “intent to annoy”.

Facing up to one year in jail, the editors appeared before a recently set up “special cyber court” in Kuala Lumpur on Friday. Human Rights Watch said the use of the court was part of a strategy aimed at “shutting down the vibrant and diverse online news environment”.

The charges relate to a video posted on the Malaysiakini website of sacked ruling party member Khairuddin Abu Hassan criticising the attorney general at a press conference for being close with cabinet ministers, which he argued would undermine his independence to investigate government corruption.

 
MalaysiaKini.com editor Steven Gan, in 2001. Photo by Reuters

The Najib scandal emerged in July 2015 when media reports said investigators had found that hundreds of millions of dollars from the 1Malaysia Development Berhad (1MDB) state fund was transferred into the prime minister’s bank accounts .

But attorney general Mohamed Apandi Ali closed all domestic investigations in January, clearing Najib and saying US$681 million transferred into his personal bank account was a gift from the royal family in Saudi Arabia.

Malaysiakini’s editor-in-chief, Steven Gan, and co-founder, Premesh Chandran, have faced repeated harassment from Najib’s supporters, including when hundreds of protesters tried to forcibly shut down their offices earlier in November.

Gan told his staff this week that he would challenge the charges and “prove in court that by covering the press conference, we did not commit any crime but were merely doing our job as journalists”.

He added: “We have been investigated many times over the past years but this is the first time we are being charged.”

The charges relate to a 1998 law , written before Malaysiakini was founded, that sought to address complaints relating to “offensive content in the internet”.

 Malaysian pro-democracy activists have vowed to go ahead with a massive rally on Saturday, November 19 to demand Najib’s resignation over the 1MDB scandal. Photo: AP

It bans “content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person”.

Phil Robertson, deputy Asia director at Human Rights Watch, said the charges against Malaysiakini were “a serious violation of the freedom of press and show the increasingly dictatorial side of [Najib] and his government”.

“By using rights-abusing laws, ludicrous arguments and special cyber courts, Malaysia appears to be aiming at shutting down the vibrant and diverse online news environment that has grown up because of the government’s control and censorship of the mainline print and TV media,” he said.

On November 6, officers from the Malaysian Communications and Multimedia Commission raided the portal’s office and seized two computers.

Malaysia’s biggest civil society group, Bersih, has organised a rally in Kuala Lumpur that will again call for Najib to step down. Pro-Najib groups also have plans to demonstrate that day, leading to concerns about potential clashes.

The co-founders of an independent news website that has reported extensively on a corruption scandal involving Malaysia’s prime minister, Najib Razak, have been charged with offences including “intent to annoy”.

Facing up to one year in jail, the editors appeared before a recently set up “special cyber court” in Kuala Lumpur on Friday. Human Rights Watch said the use of the court was part of a strategy aimed at “shutting down the vibrant and diverse online news environment.”

The charges relate to a video posted on the Malaysiakini website of sacked ruling party member Khairuddin Abu Hassan criticising the attorney general at a press conference for being close with cabinet ministers, which he argued would undermine his independence to investigate government corruption.

The Najib scandal emerged in July 2015 when media reports said investigators had found that hundreds of millions of dollars from the 1Malaysia Development Berhad (1MDB) state fund was transferred into the prime minister’s bank accounts.

But attorney general Mohamed Apandi Ali closed all domestic investigations in January, clearing Najib and saying $681m transferred into his personal bank account was a gift from the royal family in Saudi Arabia.

Read the rest:

http://www.scmp.com/news/asia/southeast-asia/article/2047287/malaysian-website-editors-charged-intent-annoy-over-1mdb

https://www.theguardian.com/world/2016/nov/18/malaysian-editors-charged-with-intent-to-annoy-after-reporting-on-1mdb

Photo credit at the top: Fazry Ismail/EPA

People that believe in democracy, freedom and human right are under fire in several places including China, Vietnam, Turkey, and Hong Kong. When news media in these nations finds government corruption, the media is often relentlessly attacked.

Related:

Was Friday’s massive hack mounted through internet-connected household items like baby monitors, DVRs, security cameras, and other gadgets turned into cyber weapons?

October 22, 2016

.
Baby monitors and household items used in Friday’s crippling server hack
.

Investigators say attack could have relied on internet-connected household items to flood servers with traffic

  • Baby monitors and household items used in Friday’s crippling server hack 
  • Early investigations say ‘internet of things’ were weaponized by attackers 
  • Almost 500,000 gadgets could have been could have been used in hack
  • Items infected with Mirai malware flooded Dyn’s servers to overload them 
  • Experts say at least 10 per cent of those items appear to have been sued 

Read more: http://www.dailymail.co.uk/news/article-3862294/Hackers-used-internet-things-attack-Friday.html#ixzz4NpBjCyTK
Follow us: @MailOnline on Twitter | DailyMail on Facebook

.

Hackers that wreaked havoc across the US on Friday by shutting down major websites could have relied on household items to take down servers.

.
Early investigations into the attack that crippled websites across the US and in some parts of the UK on Friday found the ‘internet of things’ could have been used to overload servers at Dyn – the company that was targeted.

The shocking development revealed almost 500,000 items were potentially at risk of being activated without their owners’ knowledge, with everything from baby monitors, DVRs, security cameras, and other gadgets turned into cyber weapons.

Hackers that wreaked havoc across the US on Friday by shutting down major websites could have relied on household items to take down servers. This is a map showing the areas hit by the reported outages 

Hackers that wreaked havoc across the US on Friday by shutting down major websites could have relied on household items to take down servers. This is a map showing the areas hit by the reported outages

.

Read more: http://www.dailymail.co.uk/news/article-3862294/Hackers-used-internet-things-attack-Friday.html#ixzz4NpBX23pc
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Hackers that wreaked havoc across the US on Friday by shutting down major websites could have relied on household items to take down servers. This is a map showing the areas hit by the reported outages

Dyn’s chief strategy officer Kyle York said on Friday: ‘This is not your every day attack’

‘The complexity of the attacks is what is making it so difficult for us,’ Kyle York, the company’s chief strategy officer, said.

.
‘This is not your every day attack.’

Was massive hack that floored Amazon, Twitter and Reddit…

Russian hackers could FAKE voter fraud after the…

Hillary Clinton’s New York campaign headquarters evacuated…

‘We love Wikileaks,’ says Trump while its ‘supporters’ crash…

.
Dyn’s general counsel, Dave Allen, later confirmed that much of the traffic being used to take down servers was coming from internet-connected devices infected with a type of malware known as Mirai.

An online security expert explained how at least 45,000 ‘internet of things’ object were used in the attack on Dyn.

Early investigations suggest the 'internet of things', which includes baby monitors, was used by the hackers to overload servers (stock image)

Early investigations suggest the ‘internet of things’, which includes baby monitors, was used by the hackers to overload servers (stock image)

.

Read more: http://www.dailymail.co.uk/news/article-3862294/Hackers-used-internet-things-attack-Friday.html#ixzz4NpCYtpMG
Follow us: @MailOnline on Twitter | DailyMail on Facebook

.
Dyn’s chief strategy officer Kyle York said on Friday: ‘This is not your every day attack’

.
Dale Drew, chief security officer at Level 3 Communications, said so during a livestream on Friday, before saying the total number of infected items has almost doubled in just one month.
The alarming new information comes after Wikileaks revealed it thought its supporters were behind the hack.

.
The group sent out a tweet on Friday night reading: ‘Stop taking down the US internet… Mr Assange is still alive and WikiLeaks is still publishing.’

.
It then tweeted: ‘The Obama administration should not have attempted to misuse its instruments of state to stop criticism of its ruling party candidate.’

.
The Ecuadorian government switched off Assange’s internet service in its UK embassy Sunday after he released another tranche of emails showing the contents of a speech given by Hillary Clinton to Goldman Sachs.

.
DDoS attacks are a primitive form of hacking using botnets – networks of computers that hackers bring under their control.

.
They do this by getting users to inadvertently download software, typically by following a link in an email or agreeing to download a corrupted file.

.
Even smart home gadgets such as connected cameras and DVRs can be taken over in this way.

.
These botnets are then used to bombard the servers with simple requests for information carried out simultaneously, causing them to become overwhelmed and shut down.

.
WikiLeaks accused John Kerry and the US Government of asking Ecuador to shut down Assange’s internet connection, but the South American country denied it came under any pressure from the US or any other government.

.
Despite WikiLeaks’ claims its supporters were behind the attacks, members of a shadowy collective that calls itself New World Hackers claimed responsibility via Twitter.

.
They said they organized networks of connected ‘zombie’ computers called botnets that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.

.
‘We didn’t do this to attract federal agents, only test power,’ two collective members who identified themselves as ‘Prophet’ and ‘Zain’ told an AP reporter via Twitter direct message exchange.

.
A chart shows Twitter outages over the last 24 hours with a huge peak later in the day
A chart shows Twitter outages over the last 24 hours with a huge peak later in the day

.
A number of major sites including Spotify are to be down in an internet outage. Internet infrastructure provider Dyn said this was due to an ongoing interruption of its network. Pictured is a chart of Spotify outages reported in the last 24 hours on Down Detector

.
A number of major sites including Spotify are to be down in an internet outage. Internet infrastructure provider Dyn said this was due to an ongoing interruption of its network. Pictured is a chart of Spotify outages reported in the last 24 hours on Down Detector

.
WHAT ARE DOMAIN NAME SERVERS USED FOR?

Anonymous in 2010 targeted the DNS provider EveryDNS as retribution for denying service to WikiLeaks

.
Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites.

.
The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks.

.
Though such attacks are not uncommon, Friday’s incident immediately underscored the interconnected vulnerabilities for large portions of the internet, with brand-name companies affected by an attack on a single company.

.
‘The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,’ said Ben Johnson, a former engineer at the National Security Agency and founder of the cyber-security company Carbon Black.

.
The White House slammed the attack on Friday, calling it a malicious disruption.

.
Internet service company Dyn, which controls the ‘address book’ of the internet for dozens of major companies, said that it had suffered its first denial of service (DDoS) attack shortly after 6AM ET (11AM BST), in an attack that mostly affected the east coast of the US.

.
It told CNBC the attack is ‘well planned and executed, coming from tens of millions of IP addresses at same time.’

.
It confirmed a second attack at 1PM ET, which appeared to be centered on UK servers, and later said ‘several’ attacks were underway on servers across the globe, with the west coast being particularly badly hit.

.
WHO WAS HIT BY THE ATTACK?

.
Thousands of sites were hit, including:

Twitter
Reddit
Spotify
Esty
Box
Wix Customer Sites
Squarespace Customer Sites
Zoho
CRM
Iheart.com (iHeartRadio)
Github
The Verge
Cleveland.com
hbonow.com
PayPal
Big cartel
Wired.com
People.com Urbandictionary.com
Basecamp
ActBlue
Zendesk.com
Intercom
Twillo
Pinterest
Grubhub
Okta
Starbucks rewards/gift cards
Storify.com
CNN
Yammer
Playstation Network
Recode Business Insider
Guardian.co.uk
Weebly
Yelp

.
Dyn said Friday evening a third cyber attack ‘has been resolved’.

.
The cyber attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports.

.
The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal.

Read more: http://www.dailymail.co.uk/news/article-3862294/Hackers-used-internet-things-attack-Friday.html#ixzz4NpBOmaNk
Follow us: @MailOnline on Twitter | DailyMail on Facebook

“America the Vulnerable” — Complex wave of cyber attacks hit Twitter, PayPal, NYT, WSJ

October 22, 2016

Reuters and AFP

© Leon Neal, AFP | This file photo taken on September 11, 2013 shows the logo of social networking website ‘Twitter’ displayed on a computer screen in London

Text by NEWS WIRES

Latest update : 2016-10-22

Cyber attacks targeting a little known internet infrastructure company, Dyn, disrupted access to dozens of websites on Friday, preventing some users from accessing PayPal, Twitter and Spotify.

Dyn, whose customers include some of the world’s most widely visited websites, said it did not know who was responsible for the outages that began in the Eastern United States, and then spread to other parts of the country and overseas.

The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, The Wall Street Journal and Yelp.

FBI TO INVESTIGATE CYBER ATTACKS

Dyn said attacks were coming from tens of millions of Internet-connected devices — such as web cams, printers and thermostats — infected with malicious software that turns them into “bots” that can be used in massive distributed denial of service attacks.

The U.S. Department of Homeland Security last week issued a warning about this powerful new approach, noting it was concerned about the potential for new attacks after code for malware used in these attacks was published on the internet.

Dyn said late on Friday that it was fighting the third major wave of attacks, which were being launched from locations spread across the globe, making them harder to fight.

“The complexity of the attacks is what’s making it very challenging for us,” said Dyn’s chief strategy officer, Kyle York.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation said they were investigating.

The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.

Dyn said it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions.

Dyn said early on Friday that the outage was limited to the Eastern United States. Amazon later reported that the issue was affecting users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening.

PayPal Holdings Inc said that the outage prevented some customers in “certain regions” from making payments. It apologized to customers for the inconvenience and said that its networks had not been hacked.

Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also reported a related outage, which it said was resolved early Friday
afternoon.

Dyn is a Manchester, New Hampshire-based provider of services for managing domain name servers (DNS), which act as switchboards connecting internet traffic. Requests to access sites are transmitted through DNS servers that direct them to computers that host websites.

Dyn said it was still trying to determine how the attack led to the outage but that its first priority was restoring service.

Attacking a large DNS provider can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.

(REUTERS)

**********************

The U.S. and Western Europe have had plenty of warnings that tighter cyber security was needed…..

Related

“Thanks for the emails. Did you get my donation?”

Edward Snowden

Julian Assage

Rigged Debates: Wikileaks Emails Confirm Media in Clinton’s Pocket

Those were fun times, weren’t they?  U.S. Secretary of State Hillary Rodham Clinton, right, and Russian Foreign Minister Sergey Lavrov press a red button symbolizing Mrs. Clinton’s  intention to “reset” U.S.-Russian relations during their meeting in Geneva, Switzerland, Friday, March 6, 2009. Only the Clinton State Department Used the word for “overcharge” instead of the word for “reset.” U.S. Secretary of State Hillary Rodham Clinton left her post as U.S. Secretary of State with a Russia in military resurgence. The button meant “Reset to the Soviet Union and the Cold War” to Putin’s Moscow government, we suppose. (AP Photo)

Cyberattack Knocks Out Access to Websites

October 21, 2016

So-called denial-of-service attacks can knock sites offline by flooding them with junk data, blocking the way for legitimate users

Several websites including Twitter and Tumblr were unreachable for many internet users Friday morning following an online attack.
Several websites including Twitter and Tumblr were unreachable for many internet users Friday morning following an online attack.PHOTO: ZUMA PRESS

.

Updated Oct. 21, 2016 10:06 a.m. ET

Several websites including Twitter and Tumblr were unreachable during an extended period for many internet users Friday following an online attack.

Web technology provider Dyn said its domain name system, or DNS, service was subject to a massive distributed denial-of-service attack starting at 7:10 a.m. on Friday.

Denial of service attacks can knock websites offline by flooding them with junk data, blocking the way for legitimate users. Dyn’s DNS services are a key part of the digital supply chain that allow web addresses—Twitter.com, for instance—to take users to the infrastructure that hosts them.

Dyn said its services were back up by around 9:20 a.m. ET. The company didn’t disclose the source of the attack.

Security experts say denial of service attacks have grown more powerful over the past year. A sustained assault on the website of security researcher Brian Krebs last month broke records partly because the network that launched it used hundreds of thousands of connected cameras, digital video recorders and other “smart” devices, according to website defender Akamai Technologies Inc.

Amazon.com Inc. also said it had found the root cause of DNS problems affecting its East Coast cloud customers and resolved the issue, though it didn’t disclose the cause. Amazon had said it was looking into an elevated number of errors related to accessing its cloud services in a main East Coast server hub due to DNS issues. Amazon Web Services runs a broad array of websites.

Amazon said the problems occurred between 7:31 a.m. and 9:10 a.m. Eastern time.

Cloud services provider Heroku Inc. also said it saw “widespread” DNS issues related to a denial of service attacks against one of its DNS providers, but it had resolved the issue.

Write to Drew FitzGerald at andrew.fitzgerald@wsj.com

.

http://www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080

.

To China, Cyberespionage Becomes Even More Important

February 4, 2016

.

At a time when Chinese President Xi Jinping is in the spotlight for inking a landmark deal with the US barring economic espionage, a new report released Wednesday shows that he may be giving his security and intelligence agencies a larger role in helping Beijing hack foreign companies.

By Jack Detsch
Christian Science Monitor

After the US and China inked a landmark agreement not to conduct cyberespionage to steal each other’s trade secrets, American officials wondered if Chinese President Xi Jinping would – or would be able to – keep up his end of the bargain.

US officials have long accused hackers from the powerful Chinese military of carrying out attacks on the US government and private companies, and September’s deal, to many experts, appeared overly optimistic.

As all eyes remain on President Xi, a new report by American cybersecurity firm CrowdStrike finds new evidence the leader is giving more power over the country’s digital operations to the state-run Ministry of State Security (MSS) and the Ministry of Public Security (MPS). “We’re seeing a mission shift,” said Adam Meyers, CrowdStrike’s vice president of intelligence.

Recommended: Watch live: Why China is hacking the world

The report released Wednesday says the move could be part of a broader effort to put more control over the country’s Internet operations under Xi – and a sign that he is trying to put China’s military on a tighter leash.

However, the report found, the shift does not mean China’s economic espionage is stopping – but it could mean Xi may have closer oversight over some of the organizations directing it. “Beneath the surface, however, China has not appeared to change its intentions where cyber is concerned,” the report said.

U.S. Secretary of State John Kerry, left, talks with Chinese President Xi Jinping during their meeting at the Great Hall of the People in Beijing, Wednesday, Jan. 27, 2016. Jacquelyn Martin/Reuters

In the first three weeks after the US and China agreed to halt economic espionage, CrowdStrike in October detected several Chinese attempts to steal intellectual property and trade secrets from American companies in the technology and pharmaceutical sectors – including those by Deep Panda, a hacking group that has been linked with the military.

CrowdStrike has now spotted more evidence that the civilian spy and homeland security agencies, Mr. Meyers said, have targeted foreign healthcare and technology firms to benefit the country’s economic sector. The CrowdStrike report suggests Chinese hackers are likely to continue targeting industries such as agriculture, healthcare, and alternative energy – where China’s growth has lagged.

“Although the majority of MPS’ actions aim to counter internal issues and enforce censorship for Chinese citizens, the global activities carried out by the MPS not only demonstrate the Ministry’s capability and willingness to support [Communist Party] regulations and objectives, but also its intent to carry out operations on foreign soil,” the report added. The agency is also, the report found, developing units within the People’s Public Security University in Beijing – China’s school for elite police training – to train hackers and carry out cyberattacks.

MPS, China’s chief homeland security agency, has indeed begun to play a leading role in enforcing new Internet restrictions and digital antiterrorism campaigns – including by arresting alleged online criminals, the CrowdStrike report said.

Some of those efforts began last August, when MPS announced the arrests of 15,000 people on charges they had “jeopardized Internet security” – part of a broader campaign described by the Chinese government as a plan to clear the Internet of illegal and harmful material.

CrowdStrike also traced massive denial-of-service attacks aimed at the coding website GitHub in April, which had hosted Chinese anticensorship websites, back to China’s Internet backbone, suggesting that high-level government officials may have known of the hack. Now, MPS will step up efforts to assert more control over online messages and content – including by running network security offices at Chinese Internet companies such as Baidu, Alibaba, and Tencent.

The consolidation of power to civilian agencies is especially striking since it comes at a time when the People’s Liberation Army (PLA) plans to lay off 300,000 troops – the largest cuts for the service in almost a decade – and the military revamps under a unified command structure.

For years, US officials and experts have accused PLA hackers, especially Unit 61398, one of the army’s top hacking units, of carrying out attacks on US government and private networks – potentially without coordination from the government. Though China has denied carrying out such espionage campaigns in the past, in 2014, the Department of Justice indicted five members of the PLA on charges of hacking into six US companies in the nuclear power, metals and solar products industries, as well as a labor organization, to steal intellectual property to benefit Chinese companies.

Xi has taken some public steps, however, that appear designed to demonstrate goodwill, especially as China was named the lead suspect in the massive Office of Personnel Management breach that compromised the personal information of nearly 22 million former and current US government employees. Beijing reportedly arrested several hackers in connection with the OPM hack, although public evidence substantiating those arrested were actually the true hackers has not been released.

Yet while Xi might have more leverage to stop hackers with the antiespionage agreement and the reorganization CrowdStrike describes, experts caution that cracking down on Chinese spying on foreign companies may that may not be his main priority.

“I think [Xi]’s serious about the commitment he made to President Obama, and there is a strong private hacker market in China that the Chinese try to control,” said James Lewis, senior fellow at the Center for Strategic and International Studies, a Washington think tank. However, Mr. Lewis said, “priority No. 1 for them is political stability. If you’re a hacker and you’re committing crime, they may not like it, but you’re not priority number one for them.”

And now that he’s taken steps to bring the country’s cyberoperations under his control, Xi may face a difficult balancing act when it comes to his priorities, experts say.

“[China is] worried about Chinese hackers threats to their own companies and to their own data, and then they have to balance that with the external pressures from the United States,” said Adam Segal, a senior fellow for China studies at the Council on Foreign Relations. “A lot of it is not completely under their control – since the hackers are freelancing and probably moving back and forth between the MSS and the MPS and commercial criminal networks. So, for whatever vision they have, at the end, it’s going to take them a while to get there.”

http://www.csmonitor.com/World/Passcode/2016/0204/Report-China-bolsters-state-hacking-powers

Vietnamese accused by Anonymous of hacking attack

November 19, 2015

.

By Tuan Hung, Thanh Nien News

Thursday, November 19, 2015 14:15

Anonymous Guy Fawkes mask takes part in a demonstration in front of the Eiffel tower in Paris. KENZO TRIBOUILLARD, AFP, Getty Images

The hacktivist group Anonymous has claimed that a group of five young Vietnamese hacked its web chat on Wednesday evening.
.
Some Anonymous Twitter accounts publicized the identities of the five Vietnamese hackers, aged 18-23, who are alleged members of a group called New Kings.
.
They said the Vietnamese group broke down the web chat of Anonymous on Wednesday evening. The hackers seemed to be inexperienced and unaware of their action’s consequences, they said.
.
They said they tracked down a website of the group, which posed as that of the so-called Islamic State and challenged Anonymous.
.
In the wake of the Paris attacks, Anonymous earlier this week launched what it called Operation Paris, with the aim of tracking down members of the terrorist group.
.
In Vietnam, several Facebook pages posing as IS after the Paris attack have been detected.
.
On Wednesday, Minister of Public Affairs Tran Dai Quang ordered authorities to strictly punish those who posted entries on social media to incite terrorist acts, extreme thoughts, or insult Islam.
.
He called on the police to take measures to tighten information control and cooperate with international organizations to exchange information related to terrorism.
.
http://www.thanhniennews.com/education-youth/hack-the-hackers-vietnamese-group-allegedly-targeted-anonymous-53892.html
.
Related:
.
.
.
.