[OPLIN 4cast] OPLIN 4cast #408: Cheap attacks

Editor editor at oplin.org
Wed Oct 22 10:30:13 EDT 2014 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4cast #408: Cheap attacks
October 22nd, 2014

Abrams tankAt its latest meeting, the OPLIN Board discussed making a 
substantial financial commitment to protecting OPLIN participants from 
Distributed Denial of Service (DDoS) attacks. DDoS attacks send so much 
traffic to a victim's web server - often a company or organization big 
enough to have made enemies in the hacker community - that the victim's 
Internet connection or web server cannot handle it all, and their 
website becomes inaccessible to legitimate traffic: a "denial of 
service." The "distributed" part of the name refers to the fact that a 
single computer cannot generate enough traffic to overwhelm most 
systems, so the traffic comes from an automated collection of computers 
that have been infected with malware - a "botnet" - that is under the 
control of a bot master. Botnets are also used for ad fraud, spam, and 
testing stolen credit cards. OPLIN staff were mystified as to who would 
go to the trouble and expense of launching a DDoS attack at a /library/, 
but then we learned how cheap and easy it is to rent a botnet these days.

  * DDoS in 2014: The new Distributed Denial of Service attacks and how
    to fight them
    <http://blog.continuum.net/ddos-in-2014-the-new-distributed-denial-of-service-attacks-and-how-to-fight-them>
    (Continuum MSP blog| Steven J. Vaughan-Nichols) "Other DDoS attacks
    go after your Web servers themselves rather than the Internet
    connection by devouring server resources. With these, if you even
    had infinite bandwidth, a site could still be taken down. DDoS
    Botnets used to be made up almost entirely of malware-infected
    Windows PCs. Now, even poorly secured mobile devices
    <http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q4.html>
    are getting into the act. The process is not particularly
    complicated or technical. You can rent a botnet suitable for
    launching a DDoS attack
    <http://www.zdnet.com/blog/networking/ddos-how-to-take-down-wikileaks-mastercard-or-any-other-web-site/422>
    for a few bucks an hour."
  * Renting a zombie farm: Botnets and the hacker economy
    <http://www.symantec.com/connect/blogs/renting-zombie-farm-botnets-and-hacker-economy>
    (Symantec Security Insights Blog | Tim G.) "Similar to Amazon Web
    Services renting cloud capacity to any number of applications, a bot
    master will often lease their bot out to subsequently commit other
    cybercrimes. This means individuals with little or no skill in
    creating a botnet can rent one capable of crippling a major website
    with a DDoS attack for as little as $100-200 USD per day
    <https://www.damballa.com/want-to-rent-an-80-120k-ddos-botnet/>."
  * You don't have to be an evil hacker genius to bring down PlayStation
    <http://www.businessweek.com/articles/2014-08-26/ddos-attacks-are-soaring>
    (Businessweek | Dune Lawrence) "Incapsula's chief business officer
    and a co-founder Marc Gaffan calls DDoS 'the weapon of choice' for
    hackers these days, in part because technology is making it
    increasingly convenient and powerful (sound familiar?). It doesn't
    take much money to inflict a costly headache on a business. An
    attacker can rent a 'botnet'-a network of infected zombie computers
    controlled by cyber criminals-to mount a DDoS campaign for less than
    $10 an hour, according to Verizon's most recent Data Breach
    Investigations Report
    <http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf>
    (PDF)."
  * DDoS attacks can take down your online services
    <http://www.techproessentials.com/ddos-attacks-can-take-down-your-online-services/>
    (TechPro Essentials | Dr. Bill Highleyman) "Botnets are readily
    available for rent on the darknet, private networks where
    connections are made only between trusted peers. Hackers form a
    community of trusted peers and can gain access to botnet rentals.
    The cost for botnets is relatively modest given the damage they can
    inflict. For instance, the following botnet rentals are advertised
    on the darknet: 10,000 PCs - 10 gbps - $500 per month; 100,000 PCs -
    100 gbps - $200 per day."

*/Articles from Ohio Web Library <http://ohioweblibrary.org>:/*

  * Network insecurity.
    <http://web.a.ebscohost.com.proxy.oplin.org/lrc/detail/detail?sid=ba5322c8-6e48-4456-a598-92538113546e%40sessionmgr4002&vid=0&hid=4212&bdata=JnNpdGU9bHJjLWxpdmU%3d#db=lfh&AN=88018388>
    (/New Yorker/, 5/20/2013, p64-70 | John Seabrook)
  * How to hack a bank.
    <http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=03123fc4-2069-4077-84b4-d4d84a700687%40sessionmgr4002&vid=0&hid=4212&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=sch&AN=90644064>
    (/New Scientist/, 10/5/2013, p22 | Jacob Aran)
  * DDoS attacks strike Feedly and Evernote.
    <http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=70b1011c-d8c9-4233-aa61-408e3da5a3be%40sessionmgr4003&vid=0&hid=4212&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=buh&AN=96539729>
    (/eWeek/, 6/12/2014, p3 | Sean Michael Kerner)

------------------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent headlines, topics, 
and trends that could impact public libraries. You can subscribe to it 
in a variety of ways, such as:

  * *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
    subscribing to the following URL:
    http://www.oplin.org/4cast/index.php/?feed=rss2.
  * *Live Bookmark.* If you're using the Firefox web browser, you can go
    to the 4cast website (http://www.oplin.org/4cast/) and click on the
    orange "radio wave" icon on the right side of the address bar. In
    Internet Explorer 7, click on the same icon to view or subscribe to
    the 4cast RSS feed.
  * *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
    OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
    http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


OPLIN 4Cast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20141022/b5c8bf8c/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20141022/b5c8bf8c/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tank.png
Type: image/png
Size: 18130 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20141022/b5c8bf8c/attachment-0003.png>

More information about the OPLIN4cast mailing list