Krebs on Security
4 stars based on
69 reviews
In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in Separately, a case that was hailed as a test of whether programmers can be held accountable for how customers use bitcoin botnet hackforums net product turned out poorly for year-old programmer Taylor Huddlestonwho was sentenced bitcoin botnet hackforums net almost three years in prison for making and marketing a complex spyware program.
First, the Ukrainian case. Hundreds of bitcoin botnet hackforums net web servers bitcoin botnet hackforums net hundreds of thousands of domains were blocked in the coordinated action. The global distribution of servers used in the Avalanche crime machine. He was later released, after police allegedly failed to file proper arrest records for him.
No word yet on whether Kapkanov has been charged, which was supposed to happen Monday. The bad things done with Mr. Furthermore, no one had accused Mr. Huddleston of even using his own software.
The court was swayed by evidence that yesMr. Huddleston could be held criminally responsible for those actions. Of course Huddleston knew: He knew what programs his customers were using Net Seal on, and he knew what those customers had done or intended to do with tools like NanoCore. Daily Beast author Kevin Poulsen bitcoin botnet hackforums net in a July story that Huddleston changed his tune and pleaded guilty. KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers.
Until its demise in SeptembervDOS was by far the most popular and powerful attack-for-hire service, allowing even completely unskilled Internet users to launch crippling assaults capable of knocking most Web sites offline. At the end of JulyChappell pleaded guilty to those allegations, as well as charges of helping vDOS launder money from customers wishing to pay for attacks with PayPal accounts. A big factor in that plea was the leak of the vDOS attacks, customer support and payments databases to this author and to U.
Those databases provided extremely detailed information about bitcoin botnet hackforums net, paying customers and victims. But as with many other cybercrime investigations, the perpetrator in this case appears to have been caught thanks to a combination of several bitcoin botnet hackforums net factors, including password re-use, an active presence on bitcoin botnet hackforums net sprawling English-language hacking community Hackforumsand domain names registered in his real name.
Hutchins was virtually unknown to most in the security community until May when the U. Relatively few knew it before his arrest, but Hutchins has for many years authored the popular cybersecurity blog MalwareTech. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm. At first, I did not believe the charges against Hutchins would bitcoin botnet hackforums net up under scrutiny.
The clues suggest that Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror. Domain Tools recently was an advertiser on this site]. One of those domains — Gh0sthosting[dot]com the third character in that domain is a zero — corresponds to a hosting service that was advertised and sold circa on Hackforums[dot]neta massively popular forum overrun with young, impressionable men who desperately wish to be elite coders or hackers or at least recognized as such by their peers.
Shortly after registering Gh0sthosting and other domains tied to his surfallday2day hotmail. That initial vDOS story was based on data shared by an anonymous source who had hacked vDOS and obtained its private user and attack database. Most of those profits came in the form of credit card payments via PayPal. The researchers found that their interventions cut profits in half for the popular booter service, and helped reduce the number of attacks coming out of it by at least 40 percent.
The prices were based partly on the overall number of seconds that an attack may last e. Adam Mudd of Hertfordshire, U. Mudd pleaded guilty to three offences under the U. The Mudd case is the latest in a string of law enforcement actions in the U. In Decemberfederal investigators in the United States and Europe arrested nearly three-dozen people suspected of patronizing booter services.
Bitcoin botnet hackforums net tool was pirated and abused by hackers. When is a programmer criminally responsible for the actions of his users? Mark Rumoldsenior staff attorney at the Electronic Frontier Foundation EFF bitcoin botnet hackforums net, said cases like these are not so cut-and-dry because they hinge on intent, and determining who knew what and when.
Mirai co-author Anna-Senpai leaked the source code for Mirai on Sept. The details help in understanding the financial motivations behind Mirai and the botnet wars that preceded it. At times, I was desperately seeking the missing link between seemingly unrelated people and events; sometimes I was inundated with huge amounts of information — much of it intentionally false or misleading — and left to search for kernels of truth hidden among the dross.
And as we will see, the incessant competition for profits in the blatantly illegal DDoS-for-hire industry can lead those involved down some very strange paths, indeed. Earlier this summer, my site was hit bitcoin botnet hackforums net several huge attacks from a collection of hacked IoT systems compromised by a family of botnet code that served as a precursor to Mirai.
And like those earlier Internet worms, sometimes the Internet scanning these systems perform to identify other candidates for inclusion into the botnet is so aggressive that it constitutes an unintended DDoS on the very home routers, Web cameras and DVRs that the bot code is trying to subvert and recruit into the botnet.
Infected IoT devices constantly scan the Web for other IoT things to compromise, wriggling into devices that are protected by little more than insecure factory-default bitcoin botnet hackforums net and passwords.
The infected devices are then forced to participate in DDoS attacks ironically, many bitcoin botnet hackforums net the devices most commonly infected by Mirai and similar IoT worms are security cameras.
The most frequent target of the lelddos gang were Web servers used to host Minecrafta wildly popular computer game sold by Microsoft that can be played from any device and on any Internet connection. The object of Minecraft is to run around and build stuff, block by large pixelated block.
That may sound simplistic and boring, but an bitcoin botnet hackforums net number of people positively adore this game — particularly pre-teen males. Microsoft has sold more than a million copies of Minecraftand at any given time there are over a million people playing it online.
Players can build their own worlds, or visit a myriad other blocky realms by logging on to their favorite Minecraft server to play with friends. Bitcoin botnet hackforums net would launch a huge DDoS attack against a Minecraft server, knowing that the targeted Minecraft server owner was likely losing thousands of dollars for each day his gaming channel remained offline.
Robert Coelho is vice president of ProxyPipe, Inc. The more players you can hold on the server, the bitcoin botnet hackforums net money you make. But if you go down, you start to lose Minecraft players very fast — maybe for good. In JuneProxyPipe was hit with a gigabit per second DDoS attack launched by lelddos, which had a penchant for publicly taunting its victims on Twitter just as it began launching DDoS assaults at the taunted.
Verisign said the attack was launched by a botnet of more thanservers running on SuperMicro IPMI boards. Days before the huge attack on ProxyPipe, a security researcher published information about a vulnerability in the SuperMicro devices that could allow them to be remotely hacked and commandeered for these sorts of attacks. Datawagon also courted Minecraft servers as customers, and its servers were hosted on Internet space claimed by yet another Minecraft-focused DDoS protection provider — ProTraf Solutions.
At the time, an exploit for a software weakness in Skype was being traded online, and this exploit could be used to remotely and instantaneously disable any Skype account. I, too, was contacted via Skype by Sculti — on two occasions.
The first was on July 7,when Sculti reached out apropos of nothing to brag about scanning the Internet for IoT devices running default usernames and passwords, saying he had uploaded some kind of program to more than a quarter-million systems that his scans found.
I scanned the internet with a few sets of bitcoin botnet hackforums net logins bitcoin botnet hackforums net The second time I heard from Sculti on Skype was Sept. Just minutes after that conversation, however, my Skype account was flooded with thousands of contact requests from compromised or junk Skype accounts, making it virtually impossible to use the software for making phone calls or instant messaging.
Six hours after that Sept. I loathe having to censor material that could be beneficial to members. The attack was launched with the help of Miraia malware strain that enslaves poorly secured Internet-of-Things IoT devices like CCTV cameras and digital video recorders and uses them to launch crippling attacks. In the end there could be new laws which effect [sic] us all. So for those responsible for the attacks and creating this mess…. I expect a lot of backlash to come out of this.
And there were dozens of booter services advertised on Hackforums. Allison Nixondirector of security research at Flashpoint and an expert on booter services, said the move could put many booter services out of business. Recognizing that this is criminal activity on the same level of criminal hacking and fraud may discourage people from using these services, meaning the casual actor may be less likely to buy a booter subscription and launch DDoS attacks.
While a welcome development, the closure of the SST subforum almost seems somewhat arbitrary given the sheer amount of other illegal hacking activity that is blatantly advertised on Hackforums, Nixon said. Other questionable services and subsections bitcoin botnet hackforums net on Hackforums include those intended for the sale of hacked social media and e-commerce accounts.
The booter service accepts payment and attack instructions via a front end Web site that is hidden behind Cloudflare bitcoin botnet hackforums net free DDoS protection service. But the back end of the booter service is where the really interesting stuff happens. In this type of assault, the attacker sends a message to a third party, while bitcoin botnet hackforums net the Internet address bitcoin botnet hackforums net the victim.
When the third party replies to the message, the reply is sent to the victim — and the reply is much larger than the original message, thereby amplifying the size of the attack.
To find vulnerable systems that can be leveraged bitcoin botnet hackforums net way, booters employ large-scale Internet scanning services that constantly seek to refresh the list of systems that can be used for amplification and reflection attacks. To prevent damage caused by our honeypots, we limit the response rate. This way, while attackers can still find these ratelimited honeypots, the honeypots stop replying in the face of attacks. In that paper, the researchers said they deployed 21 globally-distributed AmpPot instances, which observed more than 1.
Many large-scale Internet scans like the ones the researchers sought to measure are launched by security firms and other researchers, so the team needed a way to differentiate between scans launched by booter services and those conducted for research or other benign purposes. So today, I have an amazing release for you.
With Mirai, I usually pull max k bots from telnet alone. Today, max pull is about k bots, and dropping. Follow me on Twitter. Join me on Facebook. Krebs on Security In-depth security news and investigation. Jack Chappell, outside of a court hearing in the U. The vDos home page. The Hackforums post that includes links to the Mirai source code. Your email account may be worth far more than you imagine.
