Lizard Squad disrupt National Crime Agency website

The website of National Crime Agency (NCA), a national law enforcement agency in the United Kingdom which replaced the Serious Organised Crime Agency, was temporarily down on Tuesday morning by attackers.

According to a news report published in The Guardian, the attackers did this as a revenge for arrests made last week. Four days ago before the attack, six teenagers were released on bail on suspicion of using hacking group Lizard Squad’s cyber-attack tool to target websites and services.

They arrests were in an operation codenamed Vivarium, coordinated by the NCA and involving 
officers from several police forces.

Those who were arrested: an 18-year-old from Huddersfield; an 18-year-old from Manchester; a 16-year-old from Northampton; and a 15-year-old from Stockport, were arrested last week, while two other suspects, both 17, were arrested earlier this year, one from Cardiff and another from Northolt, north-west London.

However, all of them have been bailed, while a further two 18-year-olds – one from Manchester and one from Milton Keynes – were interviewed under caution.

“The six suspects are accused of using Lizard Stresser, a tool that bombards websites and services with bogus traffic, to attack a national newspaper, a school, gaming companies and a number of online retailers,” the report reads.

The NCA spokesperson told The Guardian that the NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability.

“At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly. The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate,” he added.

DDOS, APT attacks on Corporate and Banks

With spate of Distributed denial of service attacks and APT attacks on Banks and corporates, Anti DDOS mitigation vendors and ISP are joining together to fight the menace of DDOS attacks.

A few vendors work with ISP to mitigate the threat, working on putting up monitoring agents on every ISP(hardware box) which is connected to mitigation cloud.
A Bank official told on conditions of anonymity "ISP quickly responds to DDOS attack and mitigates for the customer. But comes to them with a Fat Proposal. Customers need to pay a standard amount ever year to get a protection.  In addition to this amount, they have to pay extra money every time they get hit.  The billing can run into lakhs for banks/corporate who take DDOS mitigation."
Another bank official confided that they have asked for a standard quote per year(ISPs are yet to respond).

Smaller vendors cannot tackle DDOS attacks. It has to be anti ddos companies with ISP which can handle this.

Some corporate and Banks are going in for a solution - They place their main websites and Mobile portal behind a Cloud Based WAF/Anti DDOS mitigation service. At the corporate end, they have a firewall and IPS making sure that no direct connection from the Internet is possible to their ISP Pipe. Does this solve the problem is yet to be seen.

"Advanced Persistent threat are followed by DDOS attacks, this is done to to erase any tracks of compromise on firewall, router, Intrusion Prevention Systems" says J Prasanna, Director, Cyber Security & Privacy Foundation Pte Ltd, a singapore based Cyber security certification organization.

The corporate/Banks are seeing only the DDOS and putting DDOS mitigation in place. It has to be checked to see if there is any compromise on data, criminal compromise from banks/corporate. The criminals could have gained access to the data or network and remain stealth for a long time", says Mr. Sreeram, Director, AVS Labs Pte Ltd, Singapore(organization which does consulting and services on cyber security).

The main problem for organizations is there are many vulnerabilities on systems which are undetected for a long period of time. The vulnerabilities could remain on the application software code written by software programmers or it could be in operating system, networks and other critical system level application. The black hat hackers(APT attackers) could exploits these vulnerabilities generally called 0-day vulnerability which could be used to enter into the systems.

Most of these organization need a "0-Day Vulnerability Assessment & Penetration Testing" and "APT Analysis" to find any Security breach". Normally not every one can do this because you need the best talents on board like "bounty hunters" who do vulnerability finding for fortune 500 companies. But that is no it - " Most bug bounty hunters cant find beyond web vulnerabilities", These auditors/assessors need the 0 day exploits and also knowledge of how APT attacks work. Most organization which perform regular Vulnerability Assessment and Penetration testing and even who do ISO 270001 certification implementation don't have capability to handle Zero-day or APT assessments.

Is a corporate with ISO 270001 standard implementation safe? A quite survey taken for 25 organizations show that almost all had standards implemented and they all experienced data theft. Some of corporate CISOs don't want to accept APT attacks, most of this information of compromise never reaches the management.

All the attacks happened at technical level, because of poor technical controls or products like antivirus/firewall/intrusion prevention not doing what they said they will do.

Do we still trust the ISO270001 implemented in corporate or the products they are using inside to save our data!

Anonymous hackers taken down Canadian government websites

Anonymous hacking group hacked the several Canadian government websites and servers on Wednesday, in retaliation for a new anti-terrorism law passed by Canada’s politicians.

The sites which were affected by this cyber attack includes general website for government services,, Canada’s spy agency, the Canadian Security Intelligence Service (CSIS).

According to the cabinet minister, Tony Clement, who is responsible for the Treasury Board, the attack has affected the email and the internet access. He confirmed this on his Twitter account.

 A video  has been posted on YouTube by Anonymous citing that the anti-terrorism law violated human rights and targeted people who disagree with the government.

The new Bill C-51, or the Anti-terrorism Act, 2015, would give new powers to CSIS and federal agencies to increase surveillance and share information about individuals.

Talking to the reporters of the guardian, the public safety minister, Steven Blaney, denounced the cyber attacks, “there were many other democratic ways for Canadians to express their views, and  the government was implementing efforts to improve its cyber security.”

Distributed Denial of Service(DDOS) attacks

A well-known Indian security news portal was targeted on May 21st morning by a DDOS attack. 2 hours before the attack the company tweeted "NSA planned to hijack Google App Store and plant malware on all Android Apps" and provided a news link. Whether the DDoS attack and this tweet are connected is an interesting speculation.

But the larger and more critical question is the vulnerability of digital assets. One would naturally assume that they had a robust defensive strategy in place. But, the DDoS attack which has brought down the portal suggests otherwise.

There has been series of hack and DDOS attacks on major corporate, Telecommunication and net banking portals.

“Today the digital assets of a knowledge or service based company has more value than its tangible physical assets. It’s imperative that they think beyond ready made security tools from the market and move towards employing security professionals who can provide customized security audit. “ says J.Prasanna of Cyber Security and Privacy Foundation.

"Even going to the police will be of not much help since these attacks are sophisticated and originate from different geographies. Very few have the forensics capability to make a credible case in a court." says SreeRam, the Police KravMaga instructor who is also part of a singapore based security company.

Both agree that … “with India's increasing clout in world trade and balance of power tilting gradually towards Asia, asymmetric warfare tactics like cyber terrorism will be relied more frequently to dent the credibility of the nation. As on date, India does not seem to have the aggressive posture as a deterrent.”

CVE-2014-0050: Apache Tomcat vulnerable to Denial of service attack

If you are a developer, you should always be careful when writing loops especially an endless loops [ for(;;) or while(true) ] which are coded to be stopped by an 'if' statement.

Security researchers from TrustWave have explained how an endless 'for' loop resulted in a denial of service vulnerability that could allow attackers to launch DOS attacks against websites hosted on Apache Tomcat servers.

The vulnerability(CVE-2014-0050) is located in Apache Commons FileUpload file.  The 'for' loop in the file is coded in such a way that it will be stopped by raising an exception or by returning a value. 

An attacker can send a malformed 'Content-type' header for a multipart request which could result in an infinite loop.

Multipart is often used in HTTP request for uploading files.  Values in the multipart requests are separated by a magic line called "boundary".  Boundary is a random string which will be defined in the 'content-type' header.

By sending a boundary value longer than 4091 characters and 'body' longer than 4096 characters, the 'for' loop won't be stopped by both 'if' statement.

TrustWave researchers managed to send four times a request containing more than 4091 characters in the boundary field that forces vulnerable tomcat server into an infinite loop.  As a result, the tomcat server will end up in consuming all available CPU resources until it is stopped.

Anonymous hacktivists launch DDOS attack against GCHQ website

It seems like Anonymous hackers have launched a Distributed denial of service(ddos) attack against GCHQ website.

The attack just came after Edward Snowden leaked a document which revealed that British Spy Agency (GCHQ) carried out ddos attacks to disrupt the anonymous hacktivists' communication channel.

Some anonymous hacktivists also claimed to have successfully disrupted the website of GCHQ.  Netcraft confirmed that today has experienced 'noticeable performance issues'.  Netcraft says the attack could be originated from Romania.

"Curiously, a much larger amount of downtime has been observed from Netcraft's Romanian performance monitor since the leaked slides were made public."Netcraft post reads.

"That could indicate much more extreme DDoS mitigation techniques are being applied to these requests, and this in turn suggests that if an attack is occurring, perhaps Romania is one of the countries from which the attacks are being launched."

400Gbps NTP-based DDOS attack hits CloudFlare - largest DDOS attack in History

Until a week ago, it was believed that Distributed denial-of-service(DDOS) attack against Spamhaus is the largest one in the history.  Now, an even bigger DDOS attack has been recorded by the Content delivery Network CloudFlare.

Matthew Prince, CloudFlare CEO, said in twitter that very big NTP reflection attack was hitting them and appears to be bigger than the Spamhaus attack from last year.

According to Matthew, the attack reached 400Gbps which is 100Gbps higher than the ddos attack targeting Spamhaus. 

CloudFlare said all websites have returned to production.

Founder of a French hosting firm OVH also said their network received more than 350Gbps traffic, but it is not clear whether it is related or not.

Last month, CloudFlare also wrote an article detailing about the Network Time protocol(NTP) based DDOS attacks that caused trouble for some gaming web sites and service providers.

NTP protocol is UDP-based protocol runs on port 123 which is used by Internet connected computers to set clocks accurately.  A system will synchronize with the server and receives the current time.

Experts says this protocol is prone to amplification attacks because it will response to the packets with spoofed source IP address "and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool."

List of open NTP servers on the Internet allows attackers to launch Denial of attack against any target network. 

Hackers launched DDOS attack against EA Origin Server & Steam server

The Steam server was unavailable to users for an hours after the site being targeted with a distributed denial of service (DDOS) attack.

Two twitter accounts @chFtheCat and @LARCENY_, have taken credits for the Steam’s service outages. The accounts also claimed to have taken the server offline.

"The reason for me attacking these games, is because games are bad for the soul (<3 Jesus) my kids were poisned by games." One of the tweets of @LARCENY_ reads.

Another Group called DERPTrolling has taken credits for taking EA's Origin Online gaming service offline that left users unable to login.

"We're working to resolve connectivity/login issues affecting various platforms/games. Thank you for your patience. Updates when available^EX" EA Support account posted a tweet regarding the issue.

NatWest online banking service hit by DDOS attack

A cyber attack to disrupt online banking services of Natwest left the customers unable to access their accounts online.  The website suffered a distributed denial of service(DDOS) attack.

"Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening. " Mirror quoted as Natwest spokesperson saying.

"We have taken the appropriate action to restore the affected web sites.  At no time was there any risk to customers.  We apologise for the inconvenience caused."

This is not the first time the Natwest website under a cyber attack.  Earlier this month, all of RBS and NatWest's systems went down for few hours.

It is still unknown who is responsible for this cyber attack.  Bank customers started to blame the Bank for not able to access their accounts. 

Agency claims down because of "Internal Error"

National Security Agency (NSA) website is down for several hours. There had been speculation on the internet that website is down because of denial of service attack from Anonymous.

However, the Agency denied it was under DDOS attack and says it is just "Internal Error" during a scheduled update..

"The issue will be resolved [Friday] evening. Claims that the outage was caused by a distributed denial of service attack[DDOS] are not true." An NSA spokesperson told ABC News.

#OpSaudi : Anonymous launched cyber attack on Saudi Government site

Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites , the operation has been named as "#OpSaudi". Few government websites are facing heavy Distributed-denial-of-service(DDOS) attack from the Anonymous.

The affected government sites include Saudi Arabia and the Ministry of Foreign Affairs(, The Ministry of Finance(, General Intelligence Presidency( )., Riyadh Region Traffic(, are also being targeted by the hackers.

The Anonymous saudi also claimed they have gained access to the server of Qassim Region Traffic website( and deleted the database. 

General Directorate of Education in Jeddah website fell victim to the cyber attack.  Hackers identified and exploited the SQL Injection vulnerability in

"saudi people like slave for the gov , and 2 days ago a saudi prince kidnapped a girl & raped her . then killed her and throw her body naked" Anonymous Saudi stated as reason for the cyber attack. 

DDOS attack brings the Internet to its knees

The fight between a spam fighting company called "Spamhaus" and a web hosting company called "Cyberbunker" has slowed down a majority of the internet by making DNS resolving slow.

The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.

The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.

The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"

But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.

Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !

The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.

Please read cloudflare's blog post for a detailed analysis :

Massive Cyber attack Shut down Knight Center's websites for Two weeks

The websites of the Knight Center for Journalism in the Americas and the International Symposium for Online Journalism hit by massive cyber attack that left the sites down for last two weeks.

“The malicious cyber-attack was enough to shut our websites down, but not to enough to shut us up. We rapidly created WordPress blogs to continue our regular and unique report on Journalism in the Americas,” said professor Rosental Alves, founder and director of the Knight Center for Journalism in the Americas at the University of Texas at Austin.

“We have no idea why someone would want to attack our sites"said professor Alves.

They noticed that the origin of the cyber-attack was in computers located in Russia.

According to the Knight center news report, the attack was taken place on March 11. Those affected websites are now back online.

"We had to shut down the sites, while the University of Texas IT department conduct its work to clean the sites and make sure increase its security levels.We are happy to be back with our normal presence on the Web,” said professor Alves.

#OpEgypt: Egyptian government websites under Cyber attack by Anonymous

Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.

The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.

The hacktivist DDoSed the several Government websites including Egyptian Cabinet(, official website of Egyptian Ministry of Culture( and NREA site(

Few more affected websites are Egypt's Information Portal(, Center for Information and Decision Support Cabinet(, The Ministry of Planning and International Cooperation(, Ministry of Interior( and Official website of the Ministry of Information(

At the time of writing, those websites are still down and being attacked by the Anonymous hackers.

New Android malware helps Cybercriminals to launch DDOS attacks

The Russian antivirus firm Doctor Web has discovered a new Android Trojan that helps Cyber criminals to launch Distributed-denial-of-service(DDOS) attacks. It is also capable of sending sms based on the command received from the hacker.

According to the report, the malware "Android.DDoS.1.origin" likely spreads via Social engineering attacks and disguises itself as a legitimate application from Google.

fake google android malware
Fake Google Play icon
After installation, the malware creates an application icon that look like Google Play icon. If a user taps the fake Google play icon, it will still launch the original Google play. But , in background, it starts malicious activity.

Once the malware is launched, it transmits the victim's phone number to cybercriminal and then waits for further SMS instructions.

From now onwards, the Cyber criminal can launch DDOS attack against any server by sending a command message containing the server and port details.  After receiving the instructions, the malware starts to send packets to the specified address.

The malware reduces the performance of the infected device. The victim will get unexpected bills for accessing Internet and SMS.

Aiplex India website taken down by Anonymous India

 Indian Anonymous hacktivists launched Distributed denial of service attack against Aiplex Software Pvt. Ltd.

Aiplex is a company based in Vijayanagar, Bangalore, India contracted by the MPAA to deliver copyright notices to websites that they deem violate copyright laws, and distributed denial-of-service attacks (DDoS) to said sites if they fail to remove the offending content.

"We just showed Aiplex India is no one to to deliver copyright notices to websites. " Anonymous said in the twitter.

Izz ad-Din al-Qassam Cyber Fighters Continue cyber attacks against US Banks

A group calling itself "Izz ad-Din al-Qassam Cyber Fighters announced another distributed-denial-of-service(DDOS) attack against major banks as part of second week of the Phase 2 of Operation Ababil.

"Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events." The hackers said.

"The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals. "

According to the hacker statement, the attacks of this week will be as wide as previous week. Hackers didn't mention the name of target banks.

"The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."

Last week, the same group launched DDoS attack against 5 major US banks including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks.

#OpEgypt : Multiple Egypt government sites ddosed by Anonymous

The Anonymous hacktivist has launched Distributed Denial of Service(DDOS) attack against Egypt Government site under the operation called "#OpEgypt" . The cyber attack against Egyptian President Mohamed Morsi was decided last week.

In an online press release, Anonymous outlined its complaints against Morsi:

"To Dr. Morsi: Anonymous will not sit by and watch you washing away what thousands of Egyptians got killed and injured for. It’s your duty to listen to your own people.

The decisions you made have cause the death of 3 young Egyptians in addition to hundreds more injured. In addition, your organized propaganda is portraying your legitimate opposition as if they are opposing the revolution, which you are destroying. We challenge your propaganda machine.

"When you ignore this message, not only will we attack your organization’s websites, Anonymous will also make sure that you stand exposed against your people as well as the international community. Anonymous will not spare anybody who supports such crimes. " Anonymous said.

"It’s in your hands to stop this: continue hardening your head and you will be subject to civil protest - lend an ear to the claim of freedom from your people and the hostilities will cease."

The list Government sites taken down by Anonymous:


*Update 2*:

At the time of writing , we are not able to reach most of the websites. It seems like the hackers keep firing.

The Egyptian Presidency( website faces the heavy cyber attack and displays "Under construction"message.

Anonymous leaks 113K Emails & Password Of Israel, Bank sites taken down

As part of '#OpIsrael', Anonymous Indonesia hackers has leaked more than 113595 emails and passwords Of Israel and Support.

The leaked password is plain text format.  We are not sure how hackers compromised these email address and passwords.

"#Opisrael 113K Emails & Password Of Israel and Support LEAKED by Anony Indonesia on" An0nplus' Tweet reads.
The full list 4 MB text file is compressed and uploaded in this site ''

The hackers also target the Israeli Bank & Credit Card Site. In anonPaste , they have listed the sites which is being attacked. At the time of writing, we are not able to reach Bank Hapoalim ( and Adanim Mortgage Bank( displays "Hello From Adanim"

Find the rest of the OpIsrael hack here: OpIsrael Hack archive

Ukraine Bank website( ) under DDOS attack

The anonymous hackers launched Distributed denial of service(DDOS) attack against Ukraine Bank website( ). The attack was announced in twitter by hacker named 'LegionCr3w' .

" TANGO DOWN! reason: corruption / election 2012 #OpUkraine"the tweet posted by hacker reads.

"Dear #corrupt #governments out there: We are Anonymous. We are your enemy. We will always fight. We will win. #Anonymous" another tweet reads.

At the time of writing ,we are not able to reach the site and downforeveryoneorjustme reports "It's not just you! looks down from here. "

Besides DDOS attack, He has hacked into one of the Ukraine government website( few days back. The data stolen from the server was dumped in the pastebin.