"This week, WTF?" -- sources

Reddit's had a bumpy week. In the wake of the Boston Marathon bombing, the site's amateur sleuths attempted to crowdsource a suspect, which landed an innocent high-school runner on the front page of the New York Post.

Now, on top of everything else, the site is under attack.

A banner at the top of the Reddit front page announces: "Site availability is being impacted by a malicious DDoS attack. Please stay tuned."

It sounds like the attack has been going on for some time, too: Reddit's status Twitter first reported the attack at 5:25 a.m. The most recent update comes from a half an hour ago: "We've mitigated part of the DDoS at this time. However, certain site functions are disabled." We've reached out to Reddit for more information and will update if we hear anything.

It's not clear who's attacking the site. And in the absence of reliable information, why not speculate wildly?

Tinfoil Hat:Would the government DDOS reddit in order to control the message?

— Jerry Gamblin (@JGamblin) April 19, 2013

No doubt conspiracy theories are already breeding in conspiracy-theory-themed subreddits.

(Update, 4:44 p.m.) Looks like everything's back to normal. On Reddit, anyway.

But, you know, Bitcoin market. (Photo: Common American Journal)

Bitcoin day traders are at loose ends again today, as the major exchange Mt. Gox just announced they've shut down trading, in order to "allow the market to cooldown following the drop in price."

The press release is, we are very sorry to report, not terribly reassuring:

"First of all we would like to reassure you but no we were not last night victim of a DDoS but instead victim of our own success!"

Oh really?

"Indeed the rather astonishing amount of new account opened in the last few days added to the existing one plus the number of trade made a huge impact on the overall system that started to lag. As expected in such situation people started to panic, started to sell Bitcoin in mass (Panic Sale) resulting in an increase of trade that ultimately froze the trade engine!"

Aren't you reassured by all those exclamation marks?!

The post goes on to boast that the number of trades executed has tripled in the last 24 hours, and there are around 20,000 new accounts created every day. Mt. Gox also promises that its working to improve the site to meet the demand. Also: "please note that we may have to close the exchange for two hours in the next 12 to 24hrs to add several new servers to our system."

Yeah, that sounds like a stable replacement for old-fashioned currency. Sure.

(Photo: Metanoodle)

Notice that your Internet's been a little slow lately? A cyber fight between an anti-spam group and a Dutch Internet company has spiraled so far out of control that it's threatening the infrastructure of the Internet and clogging connectivity for everyday web users, including those--gasp--trying to access Netflix.

The New York Times reports that when the international spam tracking group Spamhaus added hosting company CyberBunker to its blacklist for allegedly disseminating tons of spam, CyberBunker retaliated by launching the largest DDoS attack in the history of the web (that the public knows about, that is). The scale of the attack is so massive that it's "causing widespread congestion and jamming crucial infrastructure around the world." So that's why that episode of Arrested Development wouldn't load.

CyberBunker is a Dutch hosting company that operates out of a former NATO bunker, and hosts any website "except child porn and anything related to terrorism," including BitTorrent site The Pirate Bay. Spamhaus claims that CyberBunker also allows massive spam networks to operate; this accusation set off the cyberattacks, which the Times warns could escalate to the point where people are unable to use normal web services like email and online banking.

When Spamhaus contacted security firm Cloudflare for help, they too became the target of attacks by the massive botnets reportedly controlled by CyberBunker. Writes The Times:

“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of Cloudflare. “It’s so easy to cause so much damage.”

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second.

“It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.”

An Internet activist speaking on behalf of CyberBunker said the attacks are due to Spamhaus abusing their power, using spam as a cover to take down websites they simply don't agree with. "Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," he told The Times. "They worked themselves into that position by pretending to fight spam."

To be fair, if you're trying to prove you don't support big spam operations, it's probably not the best idea to spam the entire Internet using your powerful botnet army.

(Screenshot: Amazon)

Amazon.com's homepage appears to be temporarily down, showing a "service unavailable" message to users. Links within Amazon are still functional, but the homepage is inaccessible.

As TechCrunch notes, the site is serving a 503 error, indicating that "the server powering the site is down due to maintenance or overloading," which can mean the server is being DDOS'd. Amazon Web Services' dashboard says all hosting services appear to be operating normally.

The hacker group Nazi Gods is claiming responsibility for the attack. "This is what happens amazon when you support censorshiphttp://amazon.com  #TangoFuckingDown," tweeted @NaziGods this afternoon, adding, "I may release a pastebin later explaining how and why we took out amazon."

In response to a user who asked if they DDOS'd Amazon, @NaziGods responded "we used a 7kbotnet running hoic 100 threads each. 80servers in botnet and a 16gbps booter." That means 700,000 separate web request getters running are running at once. This method would send scores of requests over and over again to the server, causing it to overload and temporarily knock the site offline. The hackers claim only the homepage is down because it is hosted on a different server than the rest of the site.

Betabeat has been unable to independently verify if the site is down due to the work of hackers like NaziGods or due to something else entirely. We've reached out to Amazon and will update when we know more.

Update 3:33 pm EST

The Amazon.com homepage appears to be back up.

Update 5:36 pm EST

Amazon has provided Betabeat with the following statement:

 “The gateway page of Amazon.com was offline to some customers for approximately 49 minutes.  Other pages of the site were accessible and AWS was not impacted.”

This is a developing story and we will update as we learn more.

Once more into the breach, eh?

The loosely organized Internet philosophizers of Anonymous have decided to take a brief break from hassling Steubenville, the Westboro Baptist Church and Hunter Moore for a bit of good, old-fashioned soapboxery. The Daily Dot reports that the group has just launched a petition on WhiteHouse.gov titled "Make, distributed denial-of-service (DDoS), a legal form of protesting."

In short, they want DDoS attacks considered free speech, and they want anyone arrested for DDoS attacks released immediately. A provocative idea!

The petition contends:

Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any "occupy" protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.

They make a pretty decent case, once you get past the fact that this sounds a little like a 17-year-old would-be master debater arguing through his bangs with his Republican grandma about weed. DDoS attacks are a pain in the ass, but nothing's stolen--just disrupted. Those inflatable rats the labor unions like to park outside New York businesses are pretty distracting, but there's nothing illegal about them.

Then again, it's not like Occupy didn't have its fair share of tangles with the law. And not to be pedantic, but the Supreme Court probably has more power to designate something free speech than the White House.

So far, the group is at 427 signatures, out of the 25,000 that would require the president to take a look and issue a response. Maybe there's some way to hack the petition platform?

Wells Fargo's logo. (flickr/Neubie)

Earlier this week the Izz ad-Din al-Qassam Cyber Fighters announced new distributed denial of service (DDos) attacks on U.S. banks, part of what they've referred to as Phase 2 of their "Operation Ababil." It appears that they have been true to their word.

As of 1:30 p.m. on Friday afternoon, virtually all of the most recent site outage reports on SiteDown.co, one of the largest website outage notification services, were for either Wells Fargo or Bank of America. Comments from Wells Fargo customers ranged from the questioning--"What idiots do you hire to manage to your website?" to the timely: "Did the mayans shut down wells fargo as well no world no monies (sic)."

The al-Qassam Cyber Fighters have repeatedly denied they are working for Iran, even though many security experts say the size of their attacks indicates state sponsorship. In various posts, usually published on Pastebin, the cyber attackers insist their efforts against American banks continue because Google will not remove the anti-Islam video Innocence of Muslims from the Internet in any country where they are not legally required to do so.

The actual impact on banks by the continued denial of service (four days of outages for Wells Fargo this week) is still unclear. A report by Bank Info Security about the first wave of attacks from the al-Qassam Cyber Fighters in October indicated that in addition to inconvenience and customer loss, there is a danger that DDoS outages could be distractions for real hack attacks, in which customer funds are covertly transferred away, possibly to support future cyber espionage.

Whatever is really going on with the Cyber Fighters, it is clear that some banks are still unprepared for their onslaught, and customers are angry. An anonymous user on SiteDown.com likely spoke for many, writing, "Unable to log on to Bill Pay; 4th day and counting; Wells: you need significant help here; do something quick!"

"#TangoDown #UGNazi #OpAntiGov http://cia.gov," he tweeted, following that message up with several retweets that credit UGNazi for the attack. The move is part of #OpAntiGov, a longstanding UG Nazi operation.

"Our goal is to show the government of the world we will not be censored by filthy government officials and money hungry companies," the group said of #OpAntiGov back in May. "The world government and multi-billion dollar companies have been trying to stop the movement of freedom since the day freedom was even invented."

This isn't the first time CIA.gov has experienced outages. Back in February, Anonymous appeared to take credit for launching a DDOS attack on the site. The hacktivist collective eventually clarified that they were just "reporting" the downtime.

(h/t Sam Biddle)

Wells Fargo, hit by al-Qassam Cyber Fighters DDoS attacks.

Denial of service elves Izz ad-Din al-Qassam Cyber Fighters issued a new statement Tuesday and apparently renewed DDoS attacks on American bank websites.

In a brief Pastebin post the hackers--who claim they are mainly motivated by outrage over the anti-Muslim video, Innocence of Muslims--acknowledged the horrific school shootings that took place in Newtown Connecticut on December 14th, but re-committed to their efforts against U.S. financial institutions:

Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events. The past week’s attacks, showed our ability in doing wideness attacks so efficiently and of course this is not all of the Izz ad-Din al-Qassam’s ability. The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals.

Based on reports made to Sitedown.co of website outages, the al-Qassam Cyber Fighters have been true to their word. By 5:45 p.m. ET on Tuesday over 400 users had reported an outage at WellsFargo.com since 9:15 a.m. Other banks reporting outages Tuesday included Bank of America and Chase, but Wells Fargo seemed hardest hit.

The cyber-attackers also promised that this week's attacks "will be as wide as previous week" and that customers of the "5 major US banks" should prepare for more "sorrow" and "inaccessibility."

Not all clouds are security threats. (flickr.com/kky)

Researchers at North Carolina State University and the University of Oregon have discovered a way to turn cloud computing into hacker heaven.

Disguising data transfers with URL-truncating services like TinyURL or Bit.ly, researchers found that cloud-based processing power intended to shift computing tasks from laptops, tablets and mobile devices could be converted to crack encoded passwords or used for a large scale denial-of-service attack.

WhiteHat Security's Jeremiah Grossman told Dark Reading that cloud browser providers need to "ensure adequate security controls are in place to prevent their end users from abusing the system."

N.C. State researcher William Enck said one key is awareness:

NC State's Enck says there are ways for cloud-based browsing providers to better monitor their traffic -- namely, by associating accounts with the users so they can detect possible abuse or rogue traffic. Just like blacklisting offending IP addresses in a DDoS attack, for example, he says, this would allow cloud browser providers to quash abuse. "It's similar: You can say, 'Here are the clients from where [the traffic] is coming from and the IP addresses.'"

Dark Reading notes that users of the Silk browser on Amazon's Kindle Fire have to register with the service, and each tablet has a unique key that identifies that user and device to the browsing service. The university researchers who discovered these vulnerabilities believe Amazon's strategy is a sound way to keep cloud users honest. They also recommend using CAPTCHAs so potentially malicious cloud users can't write scripts that will automatically create multiple accounts they could later use in large-scale hacks or cyber-attacks.

We're not really looking forward to the day we can say hackers have maliciously used the cloud to "make it rain."

Mr. Lockhart (www.frbatlanta.org)

Back in late September, you probably went a couple of weeks unable to access your bank account, thanks to a massive wave of cyberattacks against Bank of America, JPMorgan Chase, and others. Well, Dennis Lockhart, the president of the Atlanta Federal Reserve, certainly hasn't forgotten about it.

He recently delivered a speech in Berlin, much of which is about as dry as white toast. Mr. Lockhart, whom we're sure is positively scintillating when you get him a subject like Real Housewives, focused his remarks on "potential sources of financial instability," namely the payments system and public pensions. It's appropriately wonky.

But it's when he turns his attention to cyberattacks that Mr. Lockhart catches our attention. He's warns that, "A real financial stability concern, however, is the potential for malicious disruptions to the payments system in the form of broadly targeted cyberattacks." Oh, great!

Let's harken back to those bank attacks:

The recent attacks involved unprecedented volumes of traffic—up to 20 times more than in previous attacks. Banks and other participants in the payments system will need to reevaluate defense strategies.... What was previously classified as an unlikely but very damaging event affecting one or a few institutions should now probably be thought of as a persistent threat with potential systemic implications.

"Potential systemic implications"? Do we need to start stocking up on canned goods and gold bars, here? The good news is that Mr. Lockhart is pretty sure that, on the grand scale of things that could go wrong with the financial system, DDOS attacks aren't the absolute worst:

But I feel the need to be measured about the potential for severe financial instability from this source. In my judgment, cyberattacks on payments systems are not likely to have as deep or long lasting an impact on financial system stability as fiscal crises or bank runs, for example. Nonetheless, there is real justification for a call to action.

But we've got to say that "not as bad as a bank run" isn't the most reassuring thing we've ever heard. Perhaps Mr. Lockhart has been talking to antivirus mogul Eugene Kaspersky.