Cyberbunker

Suspect arrested for ‘biggest cyberattack in history’

June 7th, 2013

A Dutch national suspected as the mastermind behind the largest DDoS attack ever recorded has been arrested in Spain.

The Associated Press reports that 35 year-old Sven Kamphuis, identified by The New York Times, was arrested Thursday in a city 22 miles north of Barcelona.

Originally from the Dutch city of Alkmaar, the hacking suspect operated from a mobile bunker — a van “equipped with various antennas to scan frequencies” and able to break into networks anywhere in the country. An Interior Ministry statement said that Kamphuis was able to use his “mobile computing office” to coordinate cyberattacks and speak with media before being arrested by Spanish police on the basis of a European arrest warrant issued by the Dutch. German, Dutch, British and U.S. forces all took part in the investigation.

Kamphuis runs Internet service provider CB3ROB and web hosting firm CyberBunker, which has hosted websites including the Pirate Bay and WikiLeaks in the past. The Interior Ministry’s statement says that the accused called himself a spokesperson and diplomat belonging to the “Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker.”

The alleged hacker is accused of launching an attack against anti-spam watchdog group Spamhaus. A 300Gbps distributed denial-of-service sent the non-profit into disarray, taking down the agency’s website and forcing Spamhaus to turn to Cloudflare for assistance. According to the cloud services provider, the majority of the attack was traffic sent using a technique called DNS (domain name system) reflection. Usually, DNS resolves wait for a user request, but if the source address is forged, then requests may be “bounced” off different servers, amplifying the amount of traffic a domain name has to cope with and exploiting vulnerabilities in the Internet’s DNS infrastructure. Most cyberattacks tend to peak at 100 billion bits a second, which a third of what Spamhaus and Cloudflare is had to cope with.

The attack on DNS infrastructure resulted in lower speeds for Internet users worldwide.

The attack against Spamhaus — which is known for blocking fake good advertising and preventing it from reaching our email addresses — was one in a list of major DDoS campaigns thought to be masterminded by the Dutch national.

Kamphuis has denied any role in the attack, calling himself simply a “spokesperson” for one of the loose groups established to take down Spamhaus. However, according to the NYT, the alleged hacker used his Facebook page to proactively look for supporters to attack the agency, saying “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet.”

The hacking suspect is likely to be extradited from Spain to attend court in the Netherlands.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

The Hacker Dutchman – Arrested in Spamhaus DDoS

April 29th, 2013

A 35-year-old Dutchman thought to be responsible for launching what’s been called “the largest publicly announced online attack in the history of the Internet” was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as “SK,” was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.

According to a press release issued by the Public Prosecutor Service in The Netherlands, the National Prosecutor in Barcelona ordered SK’s arrest and the seizure of computers and mobile phones from the accused’s residence there. The arrest is being billed as a collaboration of a unit called Eurojust, the European Union’s Judicial Cooperation Unit.

The dispute began late last year, when Spamhaus added to its blacklist several Internet address ranges in the Netherlands. Those addresses belong to a Dutch company called “Cyberbunker,” so named because the organization is housed in a five-story NATO bunker, and has advertised its services as a bulletproof hosting provider.

“A year ago, we started seeing pharma and botnet controllers at Cyberbunker’s address ranges, so we started to list them,” said a Spamhaus member who asked to remain anonymous. “”We got a rude reply back, and he made claims about being his own independent country in the Republic of Cyberbunker, and said he was not bound by any laws and whatnot. He also would sign his emails ‘Prince of Cyberbunker Republic.” On Facebook, he even claimed that he had diplomatic immunity.”

Cyberbunker’s IP ranges. Its WHOIS records put the organization in Antarctica.

Spamhaus took its complaint to the upstream Internet providers that connected Cyberbunker to the larger Internet. According to Spamhaus, those providers one by one severed their connections with Cyberbunker’s Internet addresses. Just hours after the last ISP dropped Cyberbunker, Spamhaus found itself the target of an enormous amount of attack traffic designed to knock its operations offline.

It is not clear who SK is, but according to multiple sources, the man identified as SK is likely one Sven Olaf Kamphuis. The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Kamphuis also reportedly told The Times that Cyberbunker was retaliating against Spamhaus for “abusing their influence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

A look at the Biggest Cyberattack in History

March 28th, 2013

 

A recent cyber attack has captured everybody’s attention, primarily targeting a single company, now being described by experts as one of the biggest Distributed Denial of Service (DDoS) attacks in the history of Internet. The privacy violation which began affecting every element related to Internet’s physical infrastructure, also due to which the Internet speed may slow down all over in Europe for a while.

It all started when the attacks targeted an anti-spam company Spamhaus, based in Europe. This company work by refraining the main source of the email spam and later sell those blacklists to the Internet Service Providers. The cyber attack began to hit as the waves of typical DDoS assaults when Spamhaus blacklisted a dodgy Dutch web hosting company, Cyberbunker. But it did not took the responsibility of the cyber attack directly against Spamhaus.

Commonly, in such attacks, computer hackers send fake traffic at a specific server for the purpose of overburdening it. The computer systems involved in the DDoS operated cyber attacks have already been infected with malware before computer hackers get control of the machine without the owner’s prior knowledge. Spamhaus entered into a contract with CloudFlare,  a data security firm which mitigates the cyber attacks soon after they proceeded. Now, it’s CloudFlare’s  responsibility to defend Spamhaus by dispersing the attacks across multiple data centers. It is a technique that keep a website online even after hitted by the maximum amount of traffic a usual DDoS can generate.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations. When computer hackers failed to knock down Spamhaus while CloudFlare was protecting it, they chose to target CloudFlare’s network providers by exploiting a known fault in the key piece of Internet Infrastructure, i.e., DNS. “The interesting thing is they stopped going after us directly and they started going after all of the steps upstream from us,” said Prince. “Going after our immediate transit providers, then going after their transit providers.”

Basically, DNS alters a URL into the desired website’s IP address and eventually helps in delivering desired Internet content to user’s computer. Also, there’s a vital element of the DNS system, known as DNS resolvers. “The attack works by the attacker spoofing the victim’s IP address, sending a request to an open resolver and that resolver reflecting back a much larger response [to the victim], which then amplifies the attack,” said Prince.

Prince said that these attacks have been “certainly the largest attacks we’ve seen.” he added. According to a leading data security research group, “it is one of the largest DDoS operations to date. “Due to Internet reliability on DNS, Internet speeds world over can be affected by such large-scale DNS amplified DDoS operations.

“Anyone that’s running a network needs to go to openresolverproject.org, type in the IP addresses of their network and see if they’re running an open resolver on their network,” said Prince. “Because if they are, they’re being used by criminals in order to launch attacks online. And it’s incumbent on anyone running a network to make sure they are not wittingly aiding in the destruction of the Internet.”

Because of the past few continued cyber attacks, the data security industry is likely motivated. Though it has been talking about it, but they have taken the issue apparently insufficient to act upon. Prince however advises that these DNS-amplified DDoS operations won’t be leaving away any time soon. “The good news about an attack like this is that it’s really woken up a lot of the networking industry and these things that have been talked about for quite some time are now being implemented,” said Prince.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.