DNS provider Dyn hit by DDoS attack that takes out major sites
“Twitter, GitHub, Etsy, Spotify, The New York Times and the Boston Globe were knocked offline
Some of the biggest names on the internet – including Twitter, GitHub, Etsy, Shopify, the New York Times and the Boston Globe, among many others – were temporarily knocked offline by a DDoS attack that targeted DNS provider Dyn early Friday morning.
DNS is the mechanism by which computers turn human-readable web addresses like www.networkworld.com into a numerical format that can be used to retrieve the actual web page. Dyn is a managed DNS provider – essentially, a phone book that computers use to correlate IP addresses to web page names.
Overloading the company’s services with a denial-of-service attack means that a lot of queries simply fail to resolve, so users get 404s and other errors instead of Twitter or Shopify. Dyn has posted a statement saying that the majority of the ill effects were felt in the Eastern U.S., and that the main impact is to its managed DNS customers in the area.
Network World’s own website was temporarily offline earlier this morning. There’s no word as yet about the perpetrators or motive for the DDoS attack.
Commenters on Reddit and HackerNews report being able to access some of the affected sites from the UK and Ireland, whether via VPN or otherwise. Other users on the western side of the Atlantic in Brazil reported outages similar to those on the U.S. east coast.”
….Continue reading @ Computerworld
– The Obama adminstration has had years to address the problem of digital attacks on the national digital infrastructure. The Pentagon, NSA and White House have been attacked on his watch. Yet nothing has been done to harden the nation. More incompetence and ineptitude as the threat continues, yet our government does little to prevent them. Instead VP Joe Biden seven days ago, threatened Russia with a Cyber attack. Coincidence? /CJ
Department of Homeland Security launches urgent investigation as massive ongoing series of cyber attacks take down thousands of sites
– Daily Mail UK
“A massive co-ordinated series of cyber attacks has forced hundreds of major websites from Amazon to Twitter offline across the globe.
The Department of Homeland Security launched an urgent investigation into the crash, amid claims it could be a precursor to an attempt to disrupt the US Presidential election.
Internet service company Dyn, which controls the ‘address book’ of the internet for dozens of major companies, said that it had suffered its first denial of service (DDoS) attack shortly after 6AM ET (11AM BST), in an attack that mostly affected the east coast of the US.
It confirmed a second attack at 1PM ET, which appeared to be centred on UK servers, and later said ‘several’ attacks were underway on servers across the globe, with the west coast being particularly badly hit.
The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal.”
….Continue reading @ Daily Mail UK
What We Know About Friday’s Massive East Coast Internet Outage
“FRIDAY MORNING IS prime time for some casual news reading, tweeting, and general Internet browsing, but you may have had some trouble accessing your usual sites and services this morning and throughout the day, from Spotify and Reddit to the New York Times and even good ol’ WIRED.com. For that, you can thank a distributed denial of service attack (DDoS) that took down a big chunk of the Internet for most of the Eastern seaboard.
This morning’s attack started around 7 am ET and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. Dyn reported a third wave of attacks a little after 4pm ET. In all cases, traffic to Dyn’s Internet directory servers throughout the US—primarily on the East Coast but later on the opposite end of the country as well—was stopped by a flood of malicious requests disrupting the system. Still ongoing, the situation is a definite reminder of the fragility of the web, and the power of the forces that aim to disrupt it.”
….Continue reading @ Wired
Obama Tells CIA To Prepare For Cyber War With Russia
In what is looking more and more like a season finale of the HBO series “House of Cards” with each passing day, the Obama administration is now literally threatening a cyber war with Russia over allegations it was behind the hacking of Clinton’s emails. According to an exclusive NBC report, the Obama administration “is contemplating an unprecedented cyber covert action” (though it’s unclear how exactly it’s covert if Biden is announcing it to the world via an interview with Chuck Todd) against Russia, in “retaliation for alleged” interference in the American presidential election, and has asked the CIA to draft plans for a “wide-ranging “clandestine” cyber operation designed to harass and “embarrass” the Kremlin leadership.”
So now the Obama administration is overtly leveraging the full power of the United States to intimidate foreign governments, and most likely Julian Assange, in order to maintain control of the Executive Branch of the government. Does anyone within the mainstream media see any problems with this? Certainly Chuck Todd and NBC do not. And notice that even the NBC article refers to “alleged” Russian interference because not a shred of evidence has been presented to prove that senior Russian officials were actually behind the hacking of Hillary’s emails…but who needs facts when you have a complicit media eager to advance whatever propaganda is necessary to maintain power?
Vice President Joe Biden told “Meet the Press” Chuck Todd on Friday that “we’re sending a message” to Putin and that “it will be at the time of our choosing, and under the circumstances that will have the greatest impact.”
When asked if the American public will know a message was sent, the vice president replied, “Hope not.”
…Continue reading @ Zerohedge.com
Hillary Clinton Video Warning to the State Dept on Cyber Security
– Hillarious Hillary warns State Department employees to be vigilant in protecting government information against cyber thieves. You can’t make this stuff up. /CJ
From the Archives:
NSA website recovers from outage amid intrigue
– Politico | Aug 2016
“The National Security Agency’s website was offline for almost a full day until Tuesday evening, in an unexplained outage that began shortly after hackers claimed to have stolen a collection of the agency’s prized cyber weapons.
It’s unknown if the two events are connected.
POLITICO first noticed that the agency’s website wasn’t working at 10:54 p.m. Monday. It came back online around 5 p.m. Tuesday.
The outage began a few hours after a mysterious group called the Shadow Brokers claimed to have stolen cyber weapons from the Equation Group, a sophisticated hacking group suspected of being linked to the NSA. Some cybersecurity experts, as well as fugitive NSA whistleblower Edward Snowden, suggested that the alleged thefts may be connected to the uproar over suspected Russian cyber spying on the Democratic Party — but no information has surfaced to link the two, or to connect the alleged thefts with the NSA website outage.
During the outage, the NSA homepage itself was accessible, but all links on the page led to “Service Unavailable” error pages, except for blog posts listed under the “What’s New” section. (Those may be hosted on another server.)
An NSA spokesman declined to comment on the record about the outage, as did a spokesman for the Office of the Director of National Intelligence. A spokesman for the Department of Defense, which also oversees the NSA, said he would look into the issue, but did not follow up with any information.
The White House referred POLITICO to the NSA.
An unnamed source told FedScoop that the outage was due to an ongoing “internal review.”
The Shadow Brokers’ claims to have stolen the Equation Group’s hacking tools had stirred much intrigue earlier Monday, especially when the Shadow Brokers said they were willing to sell them. The security firm Kaspersky has linked the Equation Group to digital intrusion techniques widely associated with the NSA.
Regardless of how the Shadow Brokers obtained the files — if in fact they’re real — the thieves have been holding onto their merchandise for a while, as POLITICO’s Morning Cybersecurity noted Tuesday. One of the leaked tools exploits a vulnerability from 2006.
Capital Alpha Security CEO Matt Tait hypothesized that the hackers acquired the files a long time ago and saved them for a future purpose. If so, he said, their recent unveiling — along with Monday’s release of a fresh batch of stolen Democratic documents — may be designed to hit back at the NSA for some behind-the-scenes action the agency took in response to the DNC hack.
Snowden also speculated about a connection, calling it “unprecedented” for anyone to publicize this kind of attack on the agency.
“Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack,” Snowden wroteTuesday on Twitter. He added that “circumstantial evidence and conventional wisdom indicates Russian responsibility,” and said it may be an attempt to warn the NSA that the dispute “could get messy fast.”
…Continue reading @ Politico.com
Secret Code Found in Juniper’s Firewalls Shows Risk of Govt Internet Back Doors
– Wired | Dec 2015
“ENCRYPTION BACKDOORS HAVE been a hot topic in the last few years—and the controversial issue got even hotter after the terrorist attacks in Paris and San Bernardino, when it dominated media headlines. It even came up during this week’s Republican presidential candidate debate. But despite all the attention focused on backdoors lately, no one noticed that someone had quietly installed backdoors three years ago in a core piece of networking equipment used to protect corporate and government systems around the world.
The first backdoor Juniper found would give an attacker administrative-level or root privileges over the firewalls—essentially the highest-level of access on a system—when accessing the firewalls remotely via SSH or telnet channels. “Exploitation of this vulnerability can lead to complete compromise of the affected system,” Juniper noted.
The second backdoor would effectively allow an attacker who has already intercepted VPN traffic passing through the Juniper firewalls to decrypt the traffic without knowing the decryption keys. Juniper said that it had no evidence that this vulnerability had been exploited, but also noted that, “There is no way to detect that this vulnerability was exploited.”
– This is very bad folks, very bad./CJ
Read more of the amazingly technical and detailed article by Kim Zetter @ Wired