The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: ddos attack

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison
July 04, 2019Wang Wei
A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson, a.k.a. "DerpTroll," pledged guilty back in November 2018 after he admitted to being a part of DerpTrolling , a hacker group that was behind DDoS attacks against several major online gaming platforms including Electronic Arts' Origin service, Sony PlayStation network, and Valve Software's Steam during Christmas. "Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted "scalps" (screenshots or other photos showing that victims' servers had been taken down) after the attack," the DoJ says. According to a U.S. Department of Justice press release published Wednesday, Thompson's actions caused the victim companies at least $95,000 in damages. T

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests

Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
June 13, 2019Mohit Kumar
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters. Since last week, millions of people in Hong Kong are fighting their political leaders over the proposed amendments to an extradition law that would allow a person arrested in Hong Kong to face trial elsewhere, including in mainland China. Many people see it as a fundamental threat to the territory's civic freedoms and the rule of law. Many people in Hong Kong are currently using Telegram's encrypted messaging service to communicate without being spied on, organize the protest, and alert each other about activities on the ground. According to Telegram, th

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices
March 19, 2019Swati Khandelwal
Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet , this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks . Although the original creators of Mirai botnet have already been arrested and jailed , variants of the infamous IoT malware, including Satori and Okiru , keep emerging due to the availability of its source code on the Internet since 2016. First emerged in 2016, Mirai is well known IoT botnet malware that has the ability to infect routers, and security cameras, DVRs, and other smart devices—which typically use default credentials and run outdated versions of Linux—and enslaves the compromised devices to form a botnet, which is then used to conduct DDoS attacks . New Mirai Variant Targets Enterprise IoT Devices Now, Palo Alto Network Unit 42 researchers have spotted the newest variant of Mirai that'

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks
January 17, 2019Swati Khandelwal
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week , all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian citizens by hacking into their computers. The suspects carried out their attacks by scanning vulnerable computers on the Internet and infecting them with a custom Trojan malware to take full remote control of the systems. The group then apparently enabled key-logging on the infected computers in an attempt to capture banking credentials of victims when the owners of those infected computers fill in that information on any banking site or their digital currency wallet. Once getting a hold on the victims banking and financial data, the attackers logged into their online banking accounts

DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years

DDoSing Hospital Networks Landed This Hacktivist in Jail for Over 10 Years
January 11, 2019Mohit Kumar
A simple DDoS attack could land you in jail for 10 years or even more. A Massachusetts man has been sentenced to over 10 years in prison for launching DDoS attacks against the computer network of two healthcare organizations in 2014 to protest the treatment of a teenager at the centers. Beyond serving 121 months in prison, Martin Gottesfeld , 34, was also ordered by U.S. District Judge Nathaniel Gorton to pay nearly $443,000 in restitution for damages he caused to the targeted facilities. Gottesfeld carried out the DDoS attacks on behalf of the Anonymous hacker collective against Boston Children's Hospital (BCH) and Wayside Youth & Family Support Network—a nonprofit home treatment facility that provides a range of mental health counselings to children, young adults, and families in Massachusetts. In April 2014, the hacker used a botnet of over 40,000 network routers that he infected with customized malicious software to carry out the DDoS attacks that not only knocke

FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged

FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged
December 21, 2018Swati Khandelwal
The FBI just saved the Christmas. The U.S. Justice Department announced earlier today that the FBI has seized domains of 15 "DDoS-for-hire" websites and charged three individuals running some of these services. DDoS-for-hire , or "Booter" or "Stresser," services rent out access to a network of infected devices, which then can be used by anyone, even the least tech-savvy individual, to launch distributed denial-of-service (DDoS) attacks against any website and disrupt its access. In recent years, multiple hacking groups ruined Christmas Day for millions of gamers by taking down PlayStation, Xbox networks and other gaming servers using massive DDoS attacks. "Booter services such as those named in this action allegedly cause attacks on a wide array of victims in the United States and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms," the DoJ said. &qu

Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty

Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty
November 09, 2018Wang Wei
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson , a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service, the Sony PlayStation network , and Valve Software's Steam, between December 2013 and January 2014, by flooding them with enough internet traffic. Thompson then typically used the Twitter account the @DerpTrolling handle to announce his attacks, subsequently posting screenshots or other photos of the server being unavailable after launching DDoS attacks. The attacks usually took down game servers and related computers of the victim companies for at least a few hours at a time, causing at least $95,000 in damages to the gaming companies around the world. "Denial-of

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability
September 25, 2018Swati Khandelwal
The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain. The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2. In other words, Bitcoin miners could have brought down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and over-utilizing the bandwidth. The vulnerability had been around since March last year, but the team says nobody noticed the bug or nobody was willing to incur the expense of exploiting it. According to the bitcoin core developers

19-Year-Old Hacker Arrested Over Making Hoax School and Flight Bomb Threats

19-Year-Old Hacker Arrested Over Making Hoax School and Flight Bomb Threats
September 06, 2018Mohit Kumar
British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged guilty to three counts of making bomb threats to schools and airlines in Luton Magistrates' Court on Monday. Duke-Cohan spammed out more than 24,000 emails to schools across the UK and in the US as well, claiming that pipe bombs had been planted on the premises, which would blow up the building if $5,000 extortion money was not made within 3 hours. He Got Arrested Third-Time For Making Hoax Bomb Threats This is not the first time Duke-Cohan has been arrested for spreading fake bomb threats. He first created panic in March this year when he emailed thousands of schools in the UK warnin

FBI seizes control of a massive botnet that infected over 500,000 routers

FBI seizes control of a massive botnet that infected over 500,000 routers
May 24, 2018Swati Khandelwal
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices  in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday. Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices. Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communic

Researchers unearth a huge botnet army of 500,000 hacked routers

Researchers unearth a huge botnet army of 500,000 hacked routers
May 23, 2018Swati Khandelwal
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter , that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations. The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well. VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factori

Police Shut Down World's Biggest 'DDoS-for-Hire' Service–Admins Arrested

Police Shut Down World's Biggest 'DDoS-for-Hire' Service–Admins Arrested
April 25, 2018Mohit Kumar
In a major hit against international cybercriminals, the Dutch police have taken down the world's biggest DDoS-for-hire service that helped cyber criminals launch over 4 million attacks and arrested its administrators. An operation led by the UK's National Crime Agency (NCA) and the Dutch Police, dubbed " Power Off, " with the support of Europol and a dozen other law enforcement agencies, resulted in the arrest of 6 members of the group behind the " webstresser.org " website in Scotland, Croatia, Canada and Serbia on Tuesday. With over 136,000 registered users, Webstresser website lets its customers rent the service for about £10 to launch Distributed Denial of Service (DDoS) attacks against their targets with little or no technical knowledge. "With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters," Europol said. The service was also

Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days

Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days
March 09, 2018Swati Khandelwal
Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed. Chinese Qihoo 360's Netlab, whose global DDoS monitoring service ' DDosMon ' initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some new statistics about the victims and sources of these attacks. The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub ( 1.35 Tbps attack ), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, and Pinterest. Overall, the victims are mainly based in the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, and the Netherlands.

'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All

'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All
March 08, 2018Swati Khandelwal
Security researchers have discovered a "kill switch" that could help companies protect their websites under massive DDoS attack launched using vulnerable Memcached servers. Massive Memcached reflection DDoS attacks with an unprecedented amplification factor of 50,000 recently resulted in some of the largest DDoS attacks in history . To make matter even worse, someone released proof-of-concept (PoC) exploit code for Memcached amplification attack yesterday, making it easier for even script kiddies to launch massive cyber attacks. Despite multiple warnings, more than 12,000 vulnerable Memcached servers with UDP support enabled are still accessible on the Internet, which could fuel more cyber attacks soon. However, the good news is that researchers from Corero Network Security found a technique using which DDoS victims can send back a simple command, i.e., "shutdown\r\n", or "flush_all\r\n", in a loop to the attacking Memcached servers in order

Memcached DDoS Exploit Code and List of 17,000 Vulnerable Servers Released

Memcached DDoS Exploit Code and List of 17,000 Vulnerable Servers Released
March 07, 2018Swati Khandelwal
Two separate proofs-of-concept (PoC) exploit code for Memcached amplification attack have been released online that could allow even script-kiddies to launch massive DDoS attacks using UDP reflections easily. The first DDoS tool is written in C programming language and works with a pre-compiled list of vulnerable Memcached servers. Bonus—its description already includes a list of nearly 17,000 potential vulnerable Memcached servers left exposed on the Internet. Whereas, the second Memcached DDoS attack tool is written in Python that uses Shodan search engine API to obtain a fresh list of vulnerable Memcached servers and then sends spoofed source UDP packets to each server. Last week we saw two record-breaking DDoS attacks— 1.35 Tbps hit Github and 1.7 Tbps attack against an unnamed US-based company—which were carried out using a technique called amplification/reflection attack. For those unaware, Memcached-based amplification/reflection attack amplifies bandwidth of th

1.7 Tbps DDoS Attack — ​Memcached UDP Reflections Set New Record

1.7 Tbps DDoS Attack — ​Memcached UDP Reflections Set New Record
March 06, 2018Mohit Kumar
The bar has been raised. As more amplified attacks were expected following the record-breaking 1.35 Tbps Github DDoS attack , someone has just set a new record after only four days — 1.7 Tbps DDoS attack. Network security and monitoring company Arbor Networks claims that its ATLAS global traffic and DDoS threat data system have recorded a 1.7Tbps reflection/amplification attack against one of its unnamed US-based customer's website. Similar to the last week's DDoS attack on GitHub, the massive bandwidth of the latest attack was amplified by a factor of 51,000 using thousands of misconfigured Memcached servers exposed on the Internet. Memcached, a popular open source distributed memory caching system, came into news earlier last week when researchers detailed how attackers could abuse it to launch amplification DDoS attack by sending a forged request to the targeted Memcached server on port 11211 using a spoofed IP address that matches the victim's IP. A few b

Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website

Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website
March 02, 2018Mohit Kumar
On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack. Earlier this week we published a report detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength. Dubbed Memcrashed , the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim's IP. A few bytes of the request sent to the vulnerable server trigger tens of thousands of times bigger response against the targeted IP address. "This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016

Memcached Servers Abused for Massive Amplification DDoS Attacks

Memcached Servers Abused for Massive Amplification DDoS Attacks
February 28, 2018Swati Khandelwal
Cybercriminals have figured out a way to abuse widely-used Memcached servers to launch over 51,000 times powerful DDoS attacks than their original strength, which could result in knocking down of major websites and Internet infrastructure. In recent days, security researchers at Cloudflare , Arbor Networks , and Chinese security firm Qihoo 360 noticed that hackers are now abusing "Memcached" to amplify their DDoS attacks by an unprecedented factor of 51,200. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory and has been designed to work with a large number of open connections. Memcached server runs over TCP or UDP port 11211. The Memcached application has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. It's widely used by thousands of websites, including Facebook, Flickr,

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites
February 05, 2018Mohit Kumar
A simple yet serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine—without hitting with a massive amount of bandwidth, as required in network-level DDoS attacks to achieve the same. Since the company has denied patching the issue, the vulnerability ( CVE-2018-6389 ) remains unpatched and affects almost all versions of WordPress released in last nine years, including the latest stable release of WordPress (Version 4.9.2). Discovered by Israeli security researcher Barak Tawily , the vulnerability resides in the way " load-scripts.php ," a built-in script in WordPress CMS, processes user-defined requests. For those unaware, load-scripts.php file has only been designed for admin users to help a website improve performance and load page faster by combining (on the server end) multiple JavaScript files into a single request. Howe

New Mirai Okiru Botnet targets devices running widely-used ARC Processors

New Mirai Okiru Botnet targets devices running widely-used ARC Processors
January 15, 2018Mohit Kumar
The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018. Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet. Security researchers have spotted a new variant of infamous Mirai IoT malware designed to hijack insecure devices that run on ARC embedded processors. Until now, Mirai and its variants have been targeting CPU architectures— including x86, ARM, Sparc, MIPS, PowerPC and Motorola 6800 —deployed in millions of Internet of Things (IoT) devices. Dubbed Okiru , the new Mirai variant, first spotted by @unixfreaxjp from MalwareMustDie team and notified by independent researcher Odisseus , is a new piece of ELF malware that targets ARC-based embedded devices running Linux operating system. " This is the FIRST TIME ever in the history of computer eng
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.