CVE-2014-0050: Apache Tomcat vulnerable to Denial of service attack

If you are a developer, you should always be careful when writing loops especially an endless loops [ for(;;) or while(true) ] which are coded to be stopped by an 'if' statement.

Security researchers from TrustWave have explained how an endless 'for' loop resulted in a denial of service vulnerability that could allow attackers to launch DOS attacks against websites hosted on Apache Tomcat servers.

The vulnerability(CVE-2014-0050) is located in Apache Commons FileUpload file.  The 'for' loop in the file is coded in such a way that it will be stopped by raising an exception or by returning a value. 

An attacker can send a malformed 'Content-type' header for a multipart request which could result in an infinite loop.

Multipart is often used in HTTP request for uploading files.  Values in the multipart requests are separated by a magic line called "boundary".  Boundary is a random string which will be defined in the 'content-type' header.

By sending a boundary value longer than 4091 characters and 'body' longer than 4096 characters, the 'for' loop won't be stopped by both 'if' statement.

TrustWave researchers managed to send four times a request containing more than 4091 characters in the boundary field that forces vulnerable tomcat server into an infinite loop.  As a result, the tomcat server will end up in consuming all available CPU resources until it is stopped.

Anonymous hacktivists launch DDOS attack against GCHQ website


It seems like Anonymous hackers have launched a Distributed denial of service(ddos) attack against GCHQ website.

The attack just came after Edward Snowden leaked a document which revealed that British Spy Agency (GCHQ) carried out ddos attacks to disrupt the anonymous hacktivists' communication channel.

Some anonymous hacktivists also claimed to have successfully disrupted the website of GCHQ.  Netcraft confirmed that gchq.gov.uk today has experienced 'noticeable performance issues'.  Netcraft says the attack could be originated from Romania.

"Curiously, a much larger amount of downtime has been observed from Netcraft's Romanian performance monitor since the leaked slides were made public."Netcraft post reads.

"That could indicate much more extreme DDoS mitigation techniques are being applied to these requests, and this in turn suggests that if an attack is occurring, perhaps Romania is one of the countries from which the attacks are being launched."

400Gbps NTP-based DDOS attack hits CloudFlare - largest DDOS attack in History

Until a week ago, it was believed that Distributed denial-of-service(DDOS) attack against Spamhaus is the largest one in the history.  Now, an even bigger DDOS attack has been recorded by the Content delivery Network CloudFlare.

Matthew Prince, CloudFlare CEO, said in twitter that very big NTP reflection attack was hitting them and appears to be bigger than the Spamhaus attack from last year.

According to Matthew, the attack reached 400Gbps which is 100Gbps higher than the ddos attack targeting Spamhaus. 

CloudFlare said all websites have returned to production.

Founder of a French hosting firm OVH also said their network received more than 350Gbps traffic, but it is not clear whether it is related or not.

Last month, CloudFlare also wrote an article detailing about the Network Time protocol(NTP) based DDOS attacks that caused trouble for some gaming web sites and service providers.

NTP protocol is UDP-based protocol runs on port 123 which is used by Internet connected computers to set clocks accurately.  A system will synchronize with the server and receives the current time.

Experts says this protocol is prone to amplification attacks because it will response to the packets with spoofed source IP address "and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool."

List of open NTP servers on the Internet allows attackers to launch Denial of attack against any target network. 

Hackers launched DDOS attack against EA Origin Server & Steam server

The Steam server was unavailable to users for an hours after the site being targeted with a distributed denial of service (DDOS) attack.

Two twitter accounts @chFtheCat and @LARCENY_, have taken credits for the Steam’s service outages. The accounts also claimed to have taken the Battle.net server offline.

"The reason for me attacking these games, is because games are bad for the soul (<3 Jesus) my kids were poisned by games." One of the tweets of @LARCENY_ reads.

Another Group called DERPTrolling has taken credits for taking EA's Origin Online gaming service offline that left users unable to login.

"We're working to resolve connectivity/login issues affecting various platforms/games. Thank you for your patience. Updates when available^EX" EA Support account posted a tweet regarding the issue.

NatWest online banking service hit by DDOS attack


A cyber attack to disrupt online banking services of Natwest left the customers unable to access their accounts online.  The website suffered a distributed denial of service(DDOS) attack.

"Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening. " Mirror quoted as Natwest spokesperson saying.

"We have taken the appropriate action to restore the affected web sites.  At no time was there any risk to customers.  We apologise for the inconvenience caused."

This is not the first time the Natwest website under a cyber attack.  Earlier this month, all of RBS and NatWest's systems went down for few hours.

It is still unknown who is responsible for this cyber attack.  Bank customers started to blame the Bank for not able to access their accounts. 

Agency claims NSA.gov down because of "Internal Error"

National Security Agency (NSA) website is down for several hours. There had been speculation on the internet that website is down because of denial of service attack from Anonymous.

However, the Agency denied it was under DDOS attack and says it is just "Internal Error" during a scheduled update..


"The issue will be resolved [Friday] evening. Claims that the outage was caused by a distributed denial of service attack[DDOS] are not true." An NSA spokesperson told ABC News.



#OpSaudi : Anonymous launched cyber attack on Saudi Government site


Saudi branch of Anonymous hacktivist has launched cyberattack on Saudi Government websites , the operation has been named as "#OpSaudi". Few government websites are facing heavy Distributed-denial-of-service(DDOS) attack from the Anonymous.

The affected government sites include Saudi Arabia and the Ministry of Foreign Affairs(mofa.gov.sa), The Ministry of Finance(mof.gov.sa), General Intelligence Presidency(gip.gov.sa ).


gosi.gov.sa, Riyadh Region Traffic(www.rt.gov.sa), hrc.gov.sa are also being targeted by the hackers.

The Anonymous saudi also claimed they have gained access to the server of Qassim Region Traffic website(q-t.gov.sa/h.asp) and deleted the database. 

General Directorate of Education in Jeddah website fell victim to the cyber attack.  Hackers identified and exploited the SQL Injection vulnerability in feenakhair.jedu.gov.sa.

"saudi people like slave for the gov , and 2 days ago a saudi prince kidnapped a girl & raped her . then killed her and throw her body naked" Anonymous Saudi stated as reason for the cyber attack. 

DDOS attack brings the Internet to its knees

The fight between a spam fighting company called "Spamhaus" and a web hosting company called "Cyberbunker" has slowed down a majority of the internet by making DNS resolving slow.



The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.

The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.

The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"

But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.

Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !

The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.

Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

Massive Cyber attack Shut down Knight Center's websites for Two weeks

The websites of the Knight Center for Journalism in the Americas and the International Symposium for Online Journalism hit by massive cyber attack that left the sites down for last two weeks.

“The malicious cyber-attack was enough to shut our websites down, but not to enough to shut us up. We rapidly created WordPress blogs to continue our regular and unique report on Journalism in the Americas,” said professor Rosental Alves, founder and director of the Knight Center for Journalism in the Americas at the University of Texas at Austin.

“We have no idea why someone would want to attack our sites"said professor Alves.

They noticed that the origin of the cyber-attack was in computers located in Russia.

According to the Knight center news report, the attack was taken place on March 11. Those affected websites are now back online.

"We had to shut down the sites, while the University of Texas IT department conduct its work to clean the sites and make sure increase its security levels.We are happy to be back with our normal presence on the Web,” said professor Alves.

#OpEgypt: Egyptian government websites under Cyber attack by Anonymous


Anonymous hacktivist launched cyber attack against the Egypt Government websites under the operation called '#OpEgypt'.

The cyber attack comes after naked Egyptian man being dragged across a street and beaten by at least eight riot policemen during a protest in Cairo on Friday.

The hacktivist DDoSed the several Government websites including Egyptian Cabinet(cabinet.gov.eg), official website of Egyptian Ministry of Culture(ecm.gov.eg) and NREA site(nrea.gov.eg).


Few more affected websites are Egypt's Information Portal(eip.gov.eg), Center for Information and Decision Support Cabinet(idsc.gov.eg), The Ministry of Planning and International Cooperation(mic.gov.eg), Ministry of Interior(moiegypt.gov.eg) and Official website of the Ministry of Information(moinfo.gov.eg).

At the time of writing, those websites are still down and being attacked by the Anonymous hackers.

New Android malware helps Cybercriminals to launch DDOS attacks


The Russian antivirus firm Doctor Web has discovered a new Android Trojan that helps Cyber criminals to launch Distributed-denial-of-service(DDOS) attacks. It is also capable of sending sms based on the command received from the hacker.

According to the report, the malware "Android.DDoS.1.origin" likely spreads via Social engineering attacks and disguises itself as a legitimate application from Google.


fake google android malware
Fake Google Play icon
After installation, the malware creates an application icon that look like Google Play icon. If a user taps the fake Google play icon, it will still launch the original Google play. But , in background, it starts malicious activity.

Once the malware is launched, it transmits the victim's phone number to cybercriminal and then waits for further SMS instructions.

From now onwards, the Cyber criminal can launch DDOS attack against any server by sending a command message containing the server and port details.  After receiving the instructions, the malware starts to send packets to the specified address.

The malware reduces the performance of the infected device. The victim will get unexpected bills for accessing Internet and SMS.

Aiplex India website taken down by Anonymous India

 Indian Anonymous hacktivists launched Distributed denial of service attack against Aiplex Software Pvt. Ltd.

Aiplex is a company based in Vijayanagar, Bangalore, India contracted by the MPAA to deliver copyright notices to websites that they deem violate copyright laws, and distributed denial-of-service attacks (DDoS) to said sites if they fail to remove the offending content.

"We just showed Aiplex India is no one to to deliver copyright notices to websites. " Anonymous said in the twitter.

Izz ad-Din al-Qassam Cyber Fighters Continue cyber attacks against US Banks

A group calling itself "Izz ad-Din al-Qassam Cyber Fighters announced another distributed-denial-of-service(DDOS) attack against major banks as part of second week of the Phase 2 of Operation Ababil.

"Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events." The hackers said.

"The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals. "

According to the hacker statement, the attacks of this week will be as wide as previous week. Hackers didn't mention the name of target banks.

"The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."

Last week, the same group launched DDoS attack against 5 major US banks including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks.

#OpEgypt : Multiple Egypt government sites ddosed by Anonymous


The Anonymous hacktivist has launched Distributed Denial of Service(DDOS) attack against Egypt Government site under the operation called "#OpEgypt" . The cyber attack against Egyptian President Mohamed Morsi was decided last week.

In an online press release, Anonymous outlined its complaints against Morsi:

"To Dr. Morsi: Anonymous will not sit by and watch you washing away what thousands of Egyptians got killed and injured for. It’s your duty to listen to your own people.

The decisions you made have cause the death of 3 young Egyptians in addition to hundreds more injured. In addition, your organized propaganda is portraying your legitimate opposition as if they are opposing the revolution, which you are destroying. We challenge your propaganda machine.

"When you ignore this message, not only will we attack your organization’s websites, Anonymous will also make sure that you stand exposed against your people as well as the international community. Anonymous will not spare anybody who supports such crimes. " Anonymous said.

"It’s in your hands to stop this: continue hardening your head and you will be subject to civil protest - lend an ear to the claim of freedom from your people and the hostilities will cease."


The list Government sites taken down by Anonymous:

http://www.complain.idsc.gov.eg/
http://www.alazhar.gov.eg
http://www.inplanning.gov.eg
http://wwww.tas.gov.eg
http://www.gopp.gov.eg/
http://www.complain.idsc.gov.eg
http://www.ema.gov.eg
http://www.presidency.gov.eg/
http://www.egyptiancabinet.gov.eg
http://www.egac.gov.eg/
http://www.cabinet.gov.eg/
http://www.mts.gov.eg/
http://wwww.capmas.gov.eg/
http://www.mmc.gov.eg/
http://www.moi.gov.eg/
http://www.schools.moe.gov.eg/
http://www.ltc.gov.eg/
http://www.shoura.gov.eg/
http://www.parliament.gov.eg/
http://www.goeic.gov.eg/
http://www.alazhar.gov.eg/
http://www.kalyobiya.gov.eg/
http://www.manpower.gov.eg/
http://www.Urban-comm.gov.eg

*Update*:
 http://www.alextp.gov.eg
http://www.masry.gov.eg

*Update 2*:
www.ismailia.gov.eg
www.goief.gov.eg/
www.alhokoma.gov.eg
www.hio.gov.eg/
www.incometax.gov.eg/
www.mop.gov.eg
nationalarchives.gov.eg

At the time of writing , we are not able to reach most of the websites. It seems like the hackers keep firing.

The Egyptian Presidency(presidency.gov.eg) website faces the heavy cyber attack and displays "Under construction"message.

Anonymous leaks 113K Emails & Password Of Israel, Bank sites taken down

As part of '#OpIsrael', Anonymous Indonesia hackers has leaked more than 113595 emails and passwords Of Israel and Support.

The leaked password is plain text format.  We are not sure how hackers compromised these email address and passwords.


"#Opisrael 113K Emails & Password Of Israel and Support LEAKED by Anony Indonesia on www.anonpaste.me/anonpaste2/index.php?010f3f5bcaedf7d1#14fXEqTTPNHHlTsws3dAMB9dnkulYvvk9I/EefPOId8=" An0nplus' Tweet reads.
The full list 4 MB text file is compressed and uploaded in this site 'www.industrialstoressuppliers.com/total-mails.rar'

The hackers also target the Israeli Bank & Credit Card Site. In anonPaste , they have listed the sites which is being attacked. At the time of writing, we are not able to reach Bank Hapoalim (www.bankhapoalim.co.il) and Adanim Mortgage Bank(www.adanim.co.il) displays "Hello From Adanim"

www.anonpaste.me/anonpaste2/index.php?83b50da250c38004#+AR/uijtiY30tsoV3VeKbNNYT/kXf8GwRkCiVe5CcFM=

Find the rest of the OpIsrael hack here: OpIsrael Hack archive

Ukraine Bank website(bank.kiev.ua ) under DDOS attack


The anonymous hackers launched Distributed denial of service(DDOS) attack against Ukraine Bank website(bank.kiev.ua ). The attack was announced in twitter by hacker named 'LegionCr3w' .

"bank.kiev.ua/ TANGO DOWN! reason: corruption / election 2012 #OpUkraine"the tweet posted by hacker reads.

"Dear #corrupt #governments out there: We are Anonymous. We are your enemy. We will always fight. We will win. #Anonymous" another tweet reads.

At the time of writing ,we are not able to reach the site and downforeveryoneorjustme reports "It's not just you! http://www.bank.kiev.ua looks down from here. "

Besides DDOS attack, He has hacked into one of the Ukraine government website(dabi.gov.ua) few days back. The data stolen from the server was dumped in the pastebin.

http://pastebin.com/D37YwLp2



President of Argentina , MEcon.gov.ar and other Government sites under cyber attack

Argentina Government sites under ddos attack

The day after they sent a warning message to the Government, the Anonymous hackers has launched distributed denial of service(DDoS) attack against several Government websites.

Today, they have taken down the President of Argentina (www.presidencia.gov.ar) and Ministry of Economy and Finance of Argentina (www.mecon.gov.ar).

Other sites being targeted are Argentina Army and anses website. At present, we are able to reach www.ara.mil.ar and anses.gob.ar .

MEcon site displays "Error establishing a database connection" .

Hackers has breached the server belong to Provincial Directorate of Fisheries (DPP) (maa.gba.gov.ar).  They have leaked the extracted data in pastebin that contains database name, username, plain-text passwords.

http://pastebin.com/5bam8kJm

Ministy of Science , technology and Innovation (www.mincyt.gob.ar) also got hacked and data has been dumped in pastebin. The dump contains username, hashed password.

Hackers leaked database from PAMI.ORG.AR that contains username, email address and some other information.

#OpNewen : Conadi.gob.cl and laaraucania.cl taken down by Anonymous


The Chilean branch of Anonymous hacktivist has targeting the official websites of National Indigenous Development Corporation (conadi.gov.cl) and Regional Government of La Araucanía( www.laaraucania.cl ).

Earlier today, The hackers has launched the distributed denial of service(DDoS) attack against the Chile Government sites under the operation called "#OpNewen".  

CONADI.gob.cl under cyber attack

After Anonymous continuously sending malicious packets to the conadi.gov.cl server, the server is down.  

At the time of writing,the conadi is taken down and went offline. we are able to reach the laaraucania.cl but it also under the DDoS attack.

Turkey National Judicial Network taken down by #Anonymous


Anonymous turkey hackers

The Turkey branch of Anonymous hacker group has launched distributed denial of service attack and taken down the Turkey the National Judicial Network .

"5th of November - Turkey the National Judicial Network www.uyap.gov.tr and avukat.uyap.gov.tr Down #Anonymous #Op5Nov"  They announced the attack in a tweet.

They have also defaced the official website of TCDD Foundation(tcddvakfi.org.tr) and posted "Remember remember 5th of November"

At the time of writing, the site is still down and displays "HTTP Error 503. The service is unavailable."





#OpFreeTibet : Anonymous targets Chinese government sites

dangerous hackers

The Anonymous hacker group has launched an operation called "#OpFreeTibet" agianst Chinese Government websites.

They have pasted the list of target websites in the Pastebay.  It includes  Ministry of Foreign Affairs(www.sdpc.gov.cn),Ministry of Science & Technology(www.most.gov.cn), www.qnjc.gov.cn,www.srea.gov.cn, www.fjlyzfcg.gov.cn, www.jlsjj.gov.cn and more sites.

Here you can find the full list:
http://www.pastebay.net/1152163

The message posted by hackers to the Chinese Government:

It has come to our attention that protests in Tibet have been escalating in recent weeks and continue to do so. Tibetan monks are disappearing and since March 2011, nearly 60 people are known to have set themselves on fire in protest against the repressive Chinese occupation of Tibet.

The Chinese invasion of Tibet has resulted in the deaths of hundreds of thousands of Tibetans and the imprisonment and torture of thousands more.

We think it's time the Chinese government and its big corporations became targets in order to remind them that the world is watching, Anonymous is watching and that the religious & political suppression of the Tibetan people must stop.

Human rights in Tibet are non-existhttp://www.pastebay.net/1152163ant with Chinese authorities stopping at nothing to suppress dissent. The Tibetan people have no right to protest and political prisoners are subject to torture.

A message to the Government of China: For too long we have witnessd your tyranny over the people of Tibet and this demonstration is to let you know of our displeasure in your actions.
Recently, they hacked into the official website of Jilin City Public Security Bureau Traffic Police Department by exploiting the SQL injection vulnerability. They've leaked the username and hashed password in pastebay.