German authorities said Friday they’d arrested seven people and were investigating six more in connection with the raid of a Dark Web hosting operation that allegedly supported multiple child porn, cybercrime and drug markets with hundreds of servers buried inside a heavily fortified military bunker. Incredibly, for at least two of the men accused in the scheme, this was their second bunker-based hosting business that was raided by cops and shut down for courting and supporting illegal activity online.
Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.
A monster distributed denial-of-service attack (DDoS) against KrebsOnSecurity.com in 2016 knocked this site offline for nearly four days. The attack was executed through a network of hacked “Internet of Things” (IoT) devices such as Internet routers, security cameras and digital video recorders. A new study that tries to measure the direct cost of that one attack for IoT device users whose machines were swept up in the assault found that it may have cost device owners a total of $323,973.75 in excess power and added bandwidth consumption.
Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform. The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools. The average age of these groups on Facebook’s platform was two years.
Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks.
In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured “Internet of Things” or IoT devices like security cameras and digital video recorders for use in large-scale cyberattacks.
The FBI and the DOJ had help in their investigation from many security experts, but this post focuses on one expert whose research into the Dark Web and its various malefactors was especially useful in that case. Allison Nixon is director of security research at Flashpoint, a cyber intelligence firm based in New York City. Nixon spoke with KrebsOnSecurity at length about her perspectives on IoT security and the vital role of law enforcement in this fight.
In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store.
A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks.
Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat.
The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google’s Project Shield, an initiative which seeks to protect journalists and news sites from being censored by these crippling digital sieges.
Damian Menscher, a Google security engineer with whom I worked very closely on the migration to Project Shield, spoke publicly for the first time this week about the unique challenges involved in protecting a small site like this one from very large, sustained and constantly morphing attacks.
On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that assault, the individual(s) who launched that attack — using the name “Anna Senpai” — released the source code for Mirai, spawning dozens of copycat attack armies online.
After months of digging, KrebsOnSecurity is now confident to have uncovered Anna Senpai’s real-life identity, and the identity of at least one co-conspirator who helped to write and modify the malware.