<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<small>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style> </small>
<table class="backgroundTable" cellpadding="0" cellspacing="0"
bgcolor="#ffffff" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.09020901.04050008@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" border="0"
align="middle"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;" cellpadding="20"
cellspacing="0" bgcolor="#ffffff">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff" valign="top">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4cast #408: Cheap
attacks</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">October 22nd, 2014</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
src="cid:part4.01000803.04050201@oplin.org"
alt="Abrams tank" align="left" height="65"
width="130">At its latest meeting, the OPLIN
Board discussed making a substantial financial
commitment to protecting OPLIN participants from
Distributed Denial of Service (DDoS) attacks. DDoS
attacks send so much traffic to a victim's web
server - often a company or organization big
enough to have made enemies in the hacker
community - that the victim's Internet connection
or web server cannot handle it all, and their
website becomes inaccessible to legitimate
traffic: a "denial of service." The "distributed"
part of the name refers to the fact that a single
computer cannot generate enough traffic to
overwhelm most systems, so the traffic comes from
an automated collection of computers that have
been infected with malware - a "botnet" - that is
under the control of a bot master. Botnets are
also used for ad fraud, spam, and testing stolen
credit cards. OPLIN staff were mystified as to who
would go to the trouble and expense of launching a
DDoS attack at a <em>library</em>, but then we
learned how cheap and easy it is to rent a botnet
these days.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://blog.continuum.net/ddos-in-2014-the-new-distributed-denial-of-service-attacks-and-how-to-fight-them">DDoS
in 2014: The new Distributed Denial of Service
attacks and how to fight them</a> (Continuum
MSP blog| Steven J. Vaughan-Nichols) "Other DDoS
attacks go after your Web servers themselves
rather than the Internet connection by devouring
server resources. With these, if you even had
infinite bandwidth, a site could still be taken
down. DDoS Botnets used to be made up almost
entirely of malware-infected Windows PCs. Now, <a
href="http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q4.html">even
poorly secured mobile devices</a> are getting
into the act. The process is not particularly
complicated or technical. You can <a
href="http://www.zdnet.com/blog/networking/ddos-how-to-take-down-wikileaks-mastercard-or-any-other-web-site/422">rent
a botnet suitable for launching a DDoS attack</a>
for a few bucks an hour."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.symantec.com/connect/blogs/renting-zombie-farm-botnets-and-hacker-economy">Renting
a zombie farm: Botnets and the hacker economy</a>
(Symantec Security Insights Blog | Tim G.)
"Similar to Amazon Web Services renting cloud
capacity to any number of applications, a bot
master will often lease their bot out to
subsequently commit other cybercrimes. This
means individuals with little or no skill in
creating a botnet can rent one capable of
crippling a major website with a DDoS attack <a
href="https://www.damballa.com/want-to-rent-an-80-120k-ddos-botnet/">for
as little as $100-200 USD per day</a>."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.businessweek.com/articles/2014-08-26/ddos-attacks-are-soaring">You
don't have to be an evil hacker genius to
bring down PlayStation</a> (Businessweek |
Dune Lawrence) "Incapsula's chief business
officer and a co-founder Marc Gaffan calls DDoS
'the weapon of choice' for hackers these days,
in part because technology is making it
increasingly convenient and powerful (sound
familiar?). It doesn't take much money to
inflict a costly headache on a business. An
attacker can rent a 'botnet'-a network of
infected zombie computers controlled by cyber
criminals-to mount a DDoS campaign for less than
$10 an hour, according to Verizon's most recent
<a
href="http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf">Data
Breach Investigations Report</a> (PDF)."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services/">DDoS
attacks can take down your online services</a>
(TechPro Essentials | Dr. Bill Highleyman)
"Botnets are readily available for rent on the
darknet, private networks where connections are
made only between trusted peers. Hackers form a
community of trusted peers and can gain access
to botnet rentals. The cost for botnets is
relatively modest given the damage they can
inflict. For instance, the following botnet
rentals are advertised on the darknet: 10,000
PCs - 10 gbps - $500 per month; 100,000 PCs -
100 gbps - $200 per day."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Articles
from <a href="http://ohioweblibrary.org">Ohio
Web Library</a>:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">
<ul>
<li><a
href="http://web.a.ebscohost.com.proxy.oplin.org/lrc/detail/detail?sid=ba5322c8-6e48-4456-a598-92538113546e%40sessionmgr4002&vid=0&hid=4212&bdata=JnNpdGU9bHJjLWxpdmU%3d#db=lfh&AN=88018388">Network
insecurity.</a> (<em>New Yorker</em>,
5/20/2013, p64-70 | John Seabrook)</li>
<li><a
href="http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=03123fc4-2069-4077-84b4-d4d84a700687%40sessionmgr4002&vid=0&hid=4212&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=sch&AN=90644064">How
to hack a bank.</a> (<em>New Scientist</em>,
10/5/2013, p22 | Jacob Aran)</li>
<li><a
href="http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=70b1011c-d8c9-4233-aa61-408e3da5a3be%40sessionmgr4003&vid=0&hid=4212&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=buh&AN=96539729">DDoS
attacks strike Feedly and Evernote.</a> (<em>eWeek</em>,
6/12/2014, p3 | Sean Michael Kerner)</li>
</ul>
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >=""
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
valign="top" width="760"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 100%;
font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg"
valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<small>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</small>
</body>
</html>