Recently, a massive distributed denial of service attack that was intended to take anti-spam organization Spamhaus offline has been reported on. The attack was described as “internet-threatening,” elaborating further that the attack, peaking at more than 300 gigabits per second, “is the kind of scale that threatens the core routers that join the Internet’s disparate networks.”
Some called into question these assessments.
 |
| CyberBunker. Courtesy of Ars Technica |
Recently, anti-spam organization Spamhaus became the victim of a large denial of service attack, intended to knock it offline and put an end to its spam-blocking service. By using the services of CloudFlare, a company that provides protection and acceleration of any website, Spamhaus was able to weather the storm and stay online with a minimum of service disruptions.
Since then, the attacks have grown to more than 300 Gb/s of flood traffic: a scale that##Q##s threatening to clog up the Internet##Q##s core infrastructure and make access to the rest of the Internet slow or impossible.
It now seems that the attack is being orchestrated by a Dutch hosting company called CyberBunker. CyberBunker specializes in “anything goes” hosting, using servers in a former nuclear bunker (hence the name). As long as it##Q##s not “child porn and anything related to terrorism,” CyberBunker will host it. This includes sending spam.
Spamhaus blacklisted CyberBunker earlier in the month. A CyberBunker spokesman, Sven Olaf Kamphuis, told The New York Times that CyberBunker was fighting back against Spamhaus because the anti-spam organization was “abusing [its] influence.”
Spamhaus DDoS Grows to Internet-threatening Size | DFI News.
Gangs are not using the Internet to recruit new members or commit complex cyber crimes, according to a new study funded by Google Ideas.
“What they are doing online is typically what they are doing on the street,” said David Pyrooz, an assistant professor at Sam Houston State Univ., College of Criminal Justice and coauthor of the study. “For the most part, gang members are using the Internet for self-promotion and braggadocio, but that also involves some forms of criminal and deviant behaviors. “
“Criminal and Routine Activities in Online Settings: Gangs, Offenders, and the Internet,” coauthored by Scott Decker, director of the School of Criminology and Criminal Justice, and doctoral student Richard Moule of Arizona State Univ., was recently published online by Justice Quarterly. It investigates the use of the Internet and social networking sites by gang members and other young adults for online crime and deviance.
The study was based on interviews the authors conducted with 585 young adults from five cities, including Cleveland, Ohio; Fresno, Calif.; Los Angeles, Calif.; Phoenix, Ariz.; and St. Louis, Mo.. It was funded by Google Ideas, a think/do tank that explores the role that technology can play in tackling human challenges, such as violent extremism, illicit networks and fragile states.
The study found that much of the online activities of gang members are typical of their age group; they spend time on the Internet, use social networking sites like Facebook and watch YouTube videos. Much like what studies find in offline or street settings, their rate of committing crimes or deviant acts online is 70 percent greater than those not in gangs. Gang members illegally download media, sell drugs, coordinate assaults, search social network sites to steal and rob, and upload deviant videos at a higher rate than former or non-gang members, the study found.
However, gang members are not engaging in intricate cyber crimes, such phishing schemes, identity theft or hacking into commercial enterprises.
“We observe that neither gang members nor their peers have the technological competency to engage in complex forms of cyber crime,” the study found. “In short, while the Internet has reached inner city populations, access alone is not translating into sophisticated technological know-how.”
Gangs do not use the Internet for purposes instrumental to the group, such as recruiting new members, drug distribution, meetings or other organizational activities. Gang members recognized that law enforcement monitored their online behaviors, so they limited their discussion of gang activities on the Internet or social media sites. Only 20 percent of gang members surveyed said that their gang had a web site or social media page, and one-third of those were password protected.
Gang members recognized the importance of the Internet, but sites were used mainly as status symbols. Instead of exploiting the Internet for criminal opportunities, YouTube, Facebook, or other social media is used much like an “electronic graffiti wall,” according the study.
One-quarter of gang member said they used the Internet to search out information on other gangs and more than half watch gang-related videos online, such as fights or videos.
“Many respondents were simply interested in gang related fights and threats in general, finding them as entertaining as a boxing or UFC match,” Pyrooz said, referring to gang-related videos on YouTube.
Law enforcement should continue to monitor and address gangs and crime online by working closely with different web sites and ISPs, as well as investigating other forms of telecommunication like cell phone and emails. In addition, they can request service providers remove images that glorify gangs or violence, or use Twitter for citizens to report crime in the community.
“Technology is part of the problem, but it is just as likely part of the solution.” said Pyrooz, with regard to documenting the “digital trail” left behind, as well as prosocial opportunities.
Study Explores Gang Activity on the Internet | DFI News.
The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.
A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.
It is having an impact on popular services like Netflix – and experts worry it could escalate to affect banking and email systems.
Five national cyber-police-forces are investigating the attacks.
Spamhaus, a group based in both London and Geneva, is a non-profit organisation which aims to help email providers filter out spam and other unwanted content.
To do this, the group maintains a number of blocklists – a database of servers known to be being used for malicious purposes.
Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host which states it will host anything with the exception of child pornography or terrorism-related material.
Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide “what goes and does not go on the internet”.
Spamhaus has alleged that Cyberbunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, is behind the attack.
Cyberbunker has not responded to the BBC##Q##s request for comment.
##Q##Immense job##Q##
Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.
“We##Q##ve been under this cyber-attack for well over a week.
Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web##Q##s domain name system.
He wrote: “It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless.”
Read Prof Woodward##Q##s full article
“But we##Q##re up – they haven##Q##t been able to knock us down. Our engineers are doing an immense job in keeping it up – this sort of attack would take down pretty much anything else.”
Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.
He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.
The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.
In this case, Spamhaus##Q##s Domain Name System (DNS) servers were targeted – the infrastructure that joins domain names, such as bbc.co.uk, the website##Q##s numerical internet protocol address.
Mr Linford said the attack##Q##s power would be strong enough to take down government internet infrastructure.
“If you aimed this at Downing Street they would be down instantly,” he said. “They would be completely off the internet.”
He added: “These attacks are peaking at 300 gb/s (gigabits per second).
“Normally when there are attacks against major banks, we##Q##re talking about 50 gb/s.”
Clogged-up motorway
The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.
“If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps,” he told the BBC.
“With this attack, there##Q##s so much traffic it##Q##s clogging up the motorway itself.”
Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.
“The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 gb/s. Obviously the jump from 100 to 300 is pretty massive,” said Dan Holden, the company##Q##s director of security research.
“There##Q##s certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like.”
Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.
The group is supported by many of the world##Q##s largest internet companies who rely on it to filter unwanted material.
Mr Linford told the BBC that several companies, such as Google, had made their resources available to help “absorb all of this traffic”.
The attacks typically happened in intermittent bursts of high activity.
“They are targeting every part of the internet infrastructure that they feel can be brought down,” Mr Linford said.
“Spamhaus has more than 80 servers around the world. We##Q##ve built the biggest DNS server around.”
BBC News – Global internet slows after ##Q##biggest attack in history##Q##.
Cyber-security experts from industry are to operate alongside the intelligence agencies for the first time in an attempt to combat the growing online threat to British firms.
The government is creating a so-called fusion cell where analysts fromMI5 and GCHQ, the domestic eavesdropping agency, will work with private sector counterparts.
The cell is part of the Cyber Security Information Sharing Partnership (Cisp), launched on Wednesday, to provide industry with a forum to share details of techniques used by hackers as well as methods of countering them.
At any one time there will be about 12 to 15 analysts working at the cell, based at an undisclosed location in London.
“What the fusion cell will be doing is pulling together a single, richer intelligence picture of what is going on in cyberspace and the threats attacking the UK,” a senior official said.
“What we are trying to do is get that better intelligence picture and push it out to industry in a way that they can take action on, so it is very action-orientated.”
Although the industry representatives will not have direct access to classified intelligence material, they will face security vetting.
The Cisp initiative grew out of talks in 2011 between industry and David Cameron. It led to a pilot project last year involving 80 leading companies, codenamed Programme Auburn. It will be expanded to cover 160 firms from the finance, defence, energy, telecoms and pharmaceutical sectors.
With companies reluctant to discuss cyber-attacks or breaches of security in public, officials acknowledge that confidentiality is crucial, so companies involved will not be named.
“Everything about information-sharing has to be based on trust,” another official said. “Most companies still remain cautious about talking about the cyber threats they face in public.”
The firms will have access to a secure web portal, described as a “Facebook for cyber-security threats”, run on social network lines, where they can choose who they share information with.
It is expected that other firms will be invited to join as the scheme develops, although officials stressed that future expansion would be at a pace consistent with maintaining trust and confidentiality.
Launching the scheme, the Cabinet Office minister, Francis Maude, said the government was determined to make Britain one of the safest places to do business in cyberspace.
“We know that cyber-attacks are happening on an industrial scale and businesses are by far the biggest victims of cybercrime in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into billions of pounds annually,” he said.
“This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace.”
MI5 and industry join forces to fight cybercrime | Technology | guardian.co.uk.
When smartphone users upload files to cloud-based services, remnants of those files often remain on their handheld device, even if the data is meant to be stored only in the cloud, researchers have found.
The consequence is that hackers could potentially access files stored in the cloud, or get access to cloud accounts, using leftover data stored on your Android device, iPhone or other smartphone.
“That smartphones can essentially remember deleted information poses a huge risk to organizations that issue smartphones to employees and to organizations that don##Q##t explicitly disable the use of personal devices for work-related computing,” says Pravin Kothari, founder and CEO of CipherCloud, a maker of cloud encryption software.
The tracing of leftover data on smartphones is not for the layperson, Kothari says, but could be looked at as the modern-day equivalent of Dumpster-diving for personal information.
Smartphone File Traces Sent to the Cloud | DFI News.