How massive DDoS attacks are undermining the Internet

NBC News reports: Andrew Komarov of InfoArmor told NBC News he didn’t see any sign of Russian involvement at all, whether state or private [in the “denial of service,” or DDoS, attacks that caused massive internet outages across the U.S. on Friday]. He noted that the botnet used in the attack, “Mirai,” was developed by an English speaker and that he had found no link between “Mirai” and the Russians, who have their own much more sophisticated methods.

He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks.

Said Komarov, “We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS’ers in the underground, happened several weeks ago.”

Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S.

Flashpoint, a private cybersecurity and intelligence firm, noted that the Krebs site was attacked in September by a Mirai botnet, and the Krebs site was among those attacked Friday. The hacker who attacked Krebs in September released the source code on the web earlier this month, and hackers have copied the code to create their own botnets.

Flashpoint said it had concluded that the Friday attacks were not mounted by hacktivists, a political group or a state actor. [Continue reading…]

TechCrunch reports: In the past few weeks, hackers have upped the DDoS stakes in a big way. Starting with the attack on and increasing in severity from there, hundreds of thousands of devices have been used to perpetrate these actions. A number that dwarfs previous attacks by orders of magnitude.

While it isn’t yet confirmed, evidence points to the attack that we saw on Friday morning following this same playbook, but being perpetrated on a much larger scale, relying on Internet of Things (IoT) devices rather than computers and servers to carry out an attack.

In fact, in all likelihood an army of surveillance cameras attacked Dyn. Why surveillance cameras? Because many of the security cameras used in homes and business around the world typically run the same or similar firmware produced by just a few companies.

This firmware is now known to contain a vulnerability that can easily be exploited, allowing the devices to have their sights trained on targets like Dyn. What’s more, many still operate with default credentials — making them a simple, but powerful target for hackers.

Why is this significant? The ability to enslave these video cameras has made it easier and far cheaper to create botnets at a scale that the world has never seen before. If someone wants to launch a DDoS attack, they no longer have to purchase a botnet—they can create their own using a program that was dumped on the internet just a few weeks ago. [Continue reading…]

The New York Times reports: Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.

Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.

In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.

The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop.

The most frequent targets were businesses that provide internet infrastructure services like Dyn. [Continue reading…]

Brian Krebs reports: The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.

That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against came just hours after I published the story on which Madory and I collaborated.

The record-sized attack that hit my site last month was quickly superseded by a DDoS against OVH, a French hosting firm that reported being targeted by a DDoS that was roughly twice the size of the assault on KrebsOnSecurity. As I noted in The Democratization of Censorship — the first story published after bringing my site back up under the protection of Google’s Project Shield — DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently. [Continue reading…]


Senior administration official says Obama is ‘giving the Russians time to finish the job in Aleppo’

Josh Rogin writes: At last Friday’s National Security Council meeting on the Middle East, top Obama administration officials tabled any decisions on whether to increase the U.S. response to the ongoing Syrian and Russian aerial bombardment of civilians in Aleppo, The Post reported earlier this week. The administration prioritized discussing the new Iraqi-led offensive against the Islamic State in Mosul and the future offensive in Raqqa, for which planning is already underway.

But despite what Secretary of State John F. Kerry has called ongoing Syrian and Russian war crimes in Aleppo, there was no action on any of the several options discussed at lower-level administration meetings, including but not limited to limited strikes against the Assad regime’s air force or an increase in the quantity or quality of arms provided to the moderate Syrian rebels in the area.

One senior administration official pointed toward the slow pace of the bureaucracy in responding to the Aleppo crisis as evidence the White House has decided that Aleppo can’t be saved and therefore the United States should not try.

“They are giving the Russians time to finish the job in Aleppo, in part to tie the hands of the next president,” the official told me. [Continue reading…]


Inquiry finds Syrian government forces responsible for third gas attack

Reuters reports: An international inquiry found Syrian government forces responsible for a third toxic gas attack, according to a confidential report submitted to the U.N. Security Council on Friday, setting the stage for a showdown between Russia and western council members over how to respond.

The fourth report from the 13-month-long inquiry by the United Nations and the Organization for the Prohibition of Chemical Weapons (OPCW), the global chemical weapons watchdog, blamed Syrian government forces for a toxic gas attack in Qmenas in Idlib governorate on March 16, 2015, according to a text of the report seen by Reuters.

The third report by the inquiry in August blamed the Syrian government for two chlorine attacks – in Talmenes on April 21, 2014 and Sarmin on March 16, 2015 – and said Islamic State militants had used sulfur mustard gas.

The results set the stage for a Security Council showdown between the five veto-wielding powers, likely pitting Russia and China against the United States, Britain and France over how those responsible should be held accountable. [Continue reading…]


The siege starts without warning

Miljenko Jergovic writes: I woke one morning 24 years ago to find a war all around me. The night before I had been at a concert for the Partybreakers, a punk band from Belgrade. I’d had too much beer and I had a headache. Bursts of gunfire were audible, along with the explosions of the mortar shells that would rain down on Sarajevo for the next three and a half years.

I don’t know what it was like when the war first came to Aleppo, Syria. Only the people still living there do — thousands of men, women and children who have now been under siege for years. From the perspective of an ordinary citizen, let’s say a 25 year old with literary and musical interests, the siege starts without warning and comes out of nowhere.

Yes, the papers and the TV have been reporting for months about how the situation in the country is growing more complicated, how conflict is brewing among political opponents, and how in the provinces there has already been fighting. But as long as a city continues to live its normal, placid life, which is the sort of life it lives up until the very last instant and the final quiet evening, war seems impossible. You look at your dog and your books, the spider in the corner of your room spinning a web that tomorrow will catch its first little fly, and you can’t imagine that the next morning all this, including the dog and the spider, will be caught up in war.

At the beginning of Bosnia’s war, Sarajevo had some 400,000 inhabitants. Aleppo, before its war, was five times larger. Sarajevo was founded about five centuries ago. Aleppo is one of the oldest cities on earth, in the part of the world that brings together Europe and the East, where the Abrahamic religions — Judaism, Christianity and Islam — were born and grew up. It was there at the emergence of our civilization. Not so long ago, just 150 years back, the two cities were under the same monarch. Sarajevo was the last great city at the western boundary of the Ottoman Empire, while Aleppo was the greatest city on its eastern side.

But none of that is important to an ordinary citizen who is just trying to get through another day of a siege. When the war began, that person probably believed that reason would never allow the bombing and destruction of such a place as Aleppo. We in Sarajevo had the same illusion. [Continue reading…]


ISIS executes hundreds of Mosul area residents

CNN reports: ISIS executed 284 men and boys as coalition forces closed in on Mosul, an Iraqi intelligence source told CNN.

Those killed on Thursday and Friday had been rounded up near and in the city for use as human shields against attacks that are forcing ISIS out of the southern sections of Mosul, the source explained.

ISIS used a bulldozer to dump the corpses in a mass grave at the scene of the executions — Mosul’s defunct College of Agriculture in the north of the city, the intelligence source said.

The victims were all shot and some were children, said the source, who wanted anonymity because he is not authorized to speak to the media. CNN could not independently confirm the claim. [Continue reading…]

BBC News reports: Hundreds of people in Iraq are being treated for the effects of toxic gases after a sulphur plant was set alight in fighting with so-called Islamic State.

The US military says IS fighters set the plant on fire earlier this week, as they fled an advance by pro-government forces on their Mosul stronghold.

On Saturday, US soldiers at a base near Mosul donned protective masks as wind blew smoke towards them.

Reuters said another 1,000 people were being treated for breathing problems. [Continue reading…]


Bunkers and booby-traps as ISIS makes a stand in Libya

Reuters reports: Sheltering in tunnels, improvised bunkers and rooms fortified by sand-filled fridges, Islamic State is holding out in the Libyan city of Sirte, defending itself with snipers, booby-traps and car bombs against pro-government forces.

After a six-month campaign of often fierce street fighting, Islamic State militants are surrounded in a district less than one-kilometer square, after hundreds of U.S. air strikes that began in August in support of Libyan forces.

The battle for Sirte, taken by Islamic State more than a year ago, may be over soon. But how the militants managed to survive may give insight into the kind of tactics they could use to defend other cities. [Continue reading…]


David Duke applauds his hero, Julian Assange


Trump can’t just be defeated — he must be humiliated

Dana Millbank writes: The need to deal Trump a humiliating defeat has a sociological basis in the “degradation ceremony,” in which the perpetrator (Trump) is held by denouncers (officeholders and others in positions of influence) to be morally unacceptable, and witnesses (the public) agree that the perpetrator is no longer held in good standing.

Psychologist Wynn Schwartz, who teaches at Harvard Medical School, explained to me that what’s needed to have a successful degradation of Trump is an epic defeat. “If it is lopsided enough,” he said, “you don’t have critical masses of people who feel disenfranchised” or “who feel justified in saying that it was stolen.”

But if Clinton’s victory is narrow, the degradation ceremony fails, because a large chunk of the population feels swindled and remains loyal to Trump. “The margin matters a lot,” Schwartz said.

Trump’s recent actions — talking about a “rigged” election while laying the foundation for a Trump TV network — suggest that he will attempt to defy the degradation ceremony that a loss typically confers. Hence the importance of a landslide.

Arizona would offer an ideal rebuke. Carolyn Goldwater Ross, granddaughter of the conservative icon, introduced Obama on Thursday by saying, “I come from a long line of Republicans and I’ve stayed independent. . . . But this time it’s different.” She submitted that Trump violates her grandfather’s “basic values.”

Apparently, many Arizonans agree. Maricopa County Sheriff Joe Arpaio, the anti-immigrant icon and Trump backer, is trailing his Democratic opponent by 15 points in polling by the Republic. The newspaper endorsed Clinton, its first embrace of a Democrat for president in its 126-year history. Arizona’s junior Republican senator, Jeff Flake, is an outspoken Trump critic, its senior Republican senator, John McCain, has been attacked by Trump, and former Republican attorney general Grant Woods has endorsed Clinton. [Continue reading…]


How Russia pulled off the biggest election hack in U.S. history


Thomas Rid writes: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.”

The blogger was referring to a cache of more than eleven million computer files that had been stolen from Mossack Fonseca, a Panamanian law firm. The leak was the largest in history, involving 2.6 terabytes of data, enough to fill more than five hundred DVDs. On April 3, four days before the St. Petersburg forum, a group of international news outlets published the first in a series of stories based on the leak, which had taken them more than a year to investigate. The series revealed corruption on a massive scale: Mossack Fonseca’s legal maneuverings had been used to hide billions of dollars. A central theme of the group’s reporting was the matryoshka doll of secret shell companies and proxies, worth a reported $2 billion, that belonged to Putin’s inner circle and were presumed to shelter some of the Russian president’s vast personal wealth.

When Putin heard the blogger’s question, his face lit up with a familiar smirk. He nodded slowly and confidently before reciting a litany of humiliations that the United States had inflicted on Russia. Putin reminded his audience about the sidelining of Russia during the 1998 war in Kosovo and what he saw as American meddling in Ukraine more recently. Returning to the Panama Papers, Putin cited WikiLeaks to insist that “officials and state agencies in the United States are behind all this.” The Americans’ aim, he said, was to weaken Russia from within: “to spread distrust for the ruling authorities and the bodies of power within society.”

Though a narrow interpretation of Putin’s accusation was defensible—as WikiLeaks had pointed out, one of the members of the Panama Papers consortium had received financial support from USAID, a federal agency—his swaggering assurance about America’s activities has a more plausible explanation: Putin’s own government had been preparing a vast, covert, and unprecedented campaign of political sabotage against the United States and its allies for more than a year.

The Russian campaign burst into public view only this past June, when The Washington Post reported that “Russian government hackers” had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: “As you see the U. S. presidential elections are becoming a farce,” they wrote from Russia.

The attacks against political organizations and individuals absorbed much of the media’s attention this year. But in many ways, the DNC hack was merely a prelude to what many security researchers see as a still more audacious feat: the hacking of America’s most secretive intelligence agency, the NSA.

Russian spies did not, of course, wait until the summer of 2015 to start hacking the United States. This past fall, in fact, marked the twentieth anniversary of the world’s first major campaign of state-on-state digital espionage. In 1996, five years after the end of the USSR, the Pentagon began to detect high-volume network breaches from Russia. The campaign was an intelligence-gathering operation: Whenever the intruders from Moscow found their way into a U. S. government computer, they binged, stealing copies of every file they could.

By 1998, when the FBI code-named the hacking campaign Moonlight Maze, the Russians were commandeering foreign computers and using them as staging hubs. At a time when a 56 kbps dial-up connection was more than sufficient to get the best of and AltaVista, Russian operators extracted several gigabytes of data from a U. S. Navy computer in a single session. With the unwitting help of proxy machines—including a Navy supercomputer in Virginia Beach, a server at a London nonprofit, and a computer lab at a public library in Colorado—that accomplishment was repeated hundreds of times over. Eventually, the Russians stole the equivalent, as an Air Intelligence Agency estimate later had it, of “a stack of printed copier paper three times the height of the Washington Monument.” [Continue reading…]


Trump sides with Putin over U.S. intelligence

Politico reports: Donald Trump angrily insisted on Wednesday night that he is not Vladimir Putin’s “puppet.”

But at a minimum, in recent months he has often sounded like the Russian president’s lawyer—defending Putin against a variety of specific charges, from political killings to the 2014 downing of a passenger jet over Ukraine, despite the weight of intelligence, legal findings and expert opinion.

Wednesday, for instance, Trump dismissed Hillary Clinton’s assertion that Russia was behind the recent hacking of Democratic Party and Clinton campaign emails.

“She has no idea whether it’s Russia or China or anybody else,” Trump retorted. “Our country has no idea.”

As Clinton tried to explain that the Russian role is the finding of 17 military and civilian intelligence agencies, Trump cut her off: “I doubt it.”

On Oct. 7, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement saying that the U.S. intelligence community “is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.” That finding has also been relayed directly to Trump in the classified national security briefings he receives as a major party nominee. [Continue reading…]


How hackers broke into John Podesta and Colin Powell’s Gmail accounts

Motherboard reports: On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google.

The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government. At the time, however, Podesta didn’t know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account.

Months later, on October 9, WikiLeaks began publishing thousands of Podesta’s hacked emails. Almost everyone immediately pointed the finger at Russia, who is suspected of being behind a long and sophisticated hacking campaign that has the apparent goal of influencing the upcoming US elections. But there was no public evidence proving the same group that targeted the Democratic National Committee was behind the hack on Podesta — until now.

The data linking a group of Russian hackers — known as Fancy Bear, APT28, or Sofacy — to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell’s emails; and the Podesta leak, which was publicized on WikiLeaks.

All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that’s tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. [Continue reading…]


Wikileaks emails provide Left fodder for challenging Clinton policy and appointments

Politico reports: Donald Trump is pointing to a stream of hacked emails as proof that Hillary Clinton would be a compromised president, but a surprising number of progressives are drawing similar conclusions — albeit for a totally different reasons.

Some of the left’s most influential voices and groups are taking offense at the way they and their causes were discussed behind their backs by Clinton and some of her closest advisers in the emails, which swipe liberal heroes and causes as “puritanical,” “pompous”, “naive”, “radical” and “dumb,” calling some “freaks,” who need to “get a life.”

There are more than personal feelings and relationships at stake, though.

If polls hold and Clinton wins the presidency, she will need the support of the professional left to offset what’s expected to be vociferous Republican opposition to her legislative proposals and appointments.

But among progressive operatives, goodwill for Clinton — and confidence in key advisers featured in the emails including John Podesta, Neera Tanden and Jake Sullivan — is eroding as WikiLeaks continues to release a daily stream of thousands of emails hacked from Podesta’s Gmail account that is expected to continue until Election Day.

Liberal groups and activists are assembling opposition research-style dossiers of the most dismissive comments in the WikiLeaks emails about icons of their movement like Clinton’s Democratic primary rival Bernie Sanders, and their stances on trade, Wall Street reform, energy and climate change. And some liberal activists are vowing to use the email fodder to oppose Clinton policy proposals or appointments deemed insufficiently progressive. [Continue reading…]