Two Israeli Teenagers arrested and charged for selling DDOS Service


Two Israeli teenagers from Sharon region were formerly arrested after eighteen months of investigation.

The Israelis are responsible for thousands of cyber attacks around the world, causing damage estimated in more than million dollars.

According to local news report, they have created a Shell company in England and sold Distributed Denial of Service (DD, OS) attack as service.

"In January of 2016, a covert investigation was opened against the suspects who set up and managed a website called vdos-s[dot]com, which sold packages created to cause the servers to crash," police told local news report.

The DDOS attack is used for disrupting access to the victims' websites. Price of the "attack pacakge" offered by them was ranged from 19.99 $ to $ 499,99.

More than two million cyber attacks were conducted in the United States, England, Holland and Sweden, causing multi million-dollar losses. Suspects earned above 613 thousand dollars. The money was seized after Bank accounts were identified and frozen.

- Christina

HULK - Web Server DoS Tool

Barry Shteiman, a principal security engineer at Imperva, has released a Python-based web server denial-of-service (DOS) tool called HULK (Http Unbearable Load King).

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

Some Techniques
  • Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
  • Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
  • Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
  • no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
  • Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
More details can be found here.

Anonymous Hackers developed Web LOIC DDOS Tool for Android


Anonymous Hackers developed a new version of The Low Orbit Ion Cannon (LOIC), an infamous DDOS tool which is used to take down websites by sending large number of malicious request to server.

The same tool has been ported to JavaScript to perform a DoS directly from a browser. The existence of Web LOIC, along with anonymous web hosting services such as pastehtml, has made it possible for any user on the Internet to participate in those attacks with just one click.

The web LOIC for Android is not something that was developed from scratch, instead they used free online service that create Android application with just URL, HTML code or Document. This tool is developed to aid hackers in OpArgentina.

This tool sends 1,000 HTTP requests with the message "We are LEGION!" as one of the parameters.e LEGION.”

The tool is available here.

SSL Certificate Authority KPN stopped issuing certificates

SSL(Secure Socket Layer) Certificate Authority , KPN stopped issuing certificates after the detection of DDOS Tool on Server.  KPN is Netherlands based SSL certificated provider.  They found DDOS tool on their server during the Security Audit, the tool may have been there for as long as four years.
"Although there is no evidence that the production of the certificate is compromised, can not be completely excluded that this did happen. Therefore, KPN Corporate Market (formerly Getronics) decided the application and issuance of new certificates temporarily discontinued, pending further investigation. This is to ensure that the certificates be issued optimal procedure is safe and reliable.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the processA."  Said in official statement,translate to english.

Previously, Another Dutch Based Certificate authority, DigiNotar compromised by unknown attacker,issuing a huge number of fraudulent, but valid, certificates for high-value domains, including some belonging to Google, Yahoo, the CIA and others. This results in DigiNotar went out of Business and KPN get new customers from DigiNotar. But now KPN Server is Breached.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the process.


THC(The Hacker's Choice) SSL DOS tool released

Today the German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.

Technical details can be found at http://www.thc.org/thc-ssl-dos.

“We decided to make the official release after realizing that this tool leaked to the public a couple of months ago” said a member of THC who wants to remain anonymous.

The tool departs from traditional DDoS tools: It does not require any bandwidth and just a single attack computer (“bot”).

The THC-SSL-DOS attack is en par with other resource exhausting DDoS attacks. Some of those methods played a vital role in demonstrations against oppressive governments (like the DDoS attack against Iran’s leader) and against companies that violate free speech (like the DDoS attack against Mastercard for closing Wikileak’s non-profit donation account because of an alleged typo/misspelling in the application form).

“Here at THC the rights of the citizen and the freedom of speech are at the core of our research”, says a member of THC in a private interview this morning.

“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”, Says a THC member, referring to 3 major vulnerabilities disclosed in SSL over the past 3 years.

To list the 3 major vulnerabilities here THC explains: “In 2009 a vulnerability was disclosed that broke the encryption of SSL. De-facto making all SSL traffic unsafe. In 2011 various Certification Authorities got hacked. De-facto making all SSL traffic unsafe _again_.”

“We warned in 2002 about giving hundreds of commercial companies (so called Certification Authorities) a master key to ALL SSL traffic.”, says Fred Mauer, a senior cryptographer at THC. “Only a real genius can come up with such an idea!”.

“And last but not least the immense complexity of SSL Renegotiation strikes again in 2011 with the release of THC-SSL-DOS.”.

“It’s time for a new security model that adequately protects the citizens.”.

The THC-SSL-DOS tool is a Proof Of Concept tool to disclose fishy security in SSL. It works great if the server supports SSL Renegotiation. It still works if SSL Renegotiation is not supported but requires some modifications and more bots before an effect can be seen.

Our tests reveal that the average server can be taken down from a single IBM laptop through a standard DSL connection.

Taking on larger server farms who make use of SSL Load balancer required 20 average size laptops and about 120kbit/sec of traffic.

All in all superb results.

Interesting here is that a security feature that was supposed to make SSL more secure makes it indeed more vulnerable to this attack:

SSL Renegotiation was invented to renegotiate the key material of an SSL connection. This feature is rarely used. In fact we could not find any software that uses SSL Renegotiation. Yet it’s enabled by default by most servers.

An old saying comes true all over again: Complexity is the enemy of security.

“Renegotiating Key material is a stupid idea from a cryptography standpoint. If you are not happy with the key material negotiated at the start of the session then the session should be re-established and not re-negotiated”, says THC.

Optima DDOS 10a botnet leaked on Hacker Forums(r00tW0rm)

"Optima DDOS 10a Botnet" full version is available to download in Hacker forums.

In this new version 10a according to the author was raised in secrecy bot system and optimized grabber passwords. It cost about $ 600 worth.

Features a bot:
  • DDoS attacks of three types - http flood, icmp-flood, syn-flood.
  • Theft of stored passwords from some applications installed on the victim's system, details below.
  • Opening on the infected system proxy Socks5.
  • The possibility of cheating various counters on the websites (http-access the sites).
  • Hidden download and run the specified file to the affected systems.
  • Installed in the system as a service
  • Weight bot - 95.5 kb, written in Delphi.

DDos Tracer 1.0 ~ Trace the Attacks ,Security Tools

DDos Tracer is using an advanced pinger to let you know if someone is attacking to your website in the future version will include strength of attack and how it was long.

Video Demo:



Download it from here:
http://www.4shared.com/file/0Q2SpWG4/DDos_Tracer.html

AnDOSid~DDOS Tool for Android~Developed for PenTesters

SCOTT HERBERT Developed a new DDOS Tool for Android, designed for Security Professionals/PenTesters.

AnDOSid allows PenTesters to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.

AnDOSid is actively being developed and Devleoper welcome feedback from the security community as to how you would like the application to evolve.

AnDoSid costs only Rs. 74.6 (1.62 USD)

What's in this version:

  • Requires Internet access to send the http post data
  • Requires phone state to access the IMEI (one of the two identifiers sent with each post)
Some possible new features could include:-
  • A drop down list of recent targets
  • User defined delay between posts
  • An option for GET based testing
Screenshots:


Slowhttptest ~ Slow HTTP DoS vulnerability Tool


Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.

This tool actively tests if it's possible to acquire enough resources on HTTP server by slowing down requests to get denial of service at application layer.

Download it from Here.
Installation Guide is Here.