Swedish newspaper sites were under a DDoS attack over the weekend. The attack took offline number of Swedish media outlets for several hours. The attack was capable of taking offline seven of the major newspapers in Sweden and so far no one has taken responsibility for the attack. The following sites were taken offline – Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad.
The attackers gave a warning on Twitter stating an attack will take place on websites that spread false propaganda. The propaganda being mentioned in the tweet is referring to content posted by Aftonbladet that published articles that doesn’t portray Russia in a positive way. It is also believed that the DDoS attack might be in direct response to a report by Swedish security service Sapo stating that Russian spying tactics utilize aggressive tactics that target policymakers and general public.
Authorities state that the attack originated from Russia and the reason for attack was due to growing tension between Sweden and Russia. Jeannette Gustafsdotter, who is head of the Swedish Media Publishers’ Association, stated that these types of attack are a “threat to democracy”. By taking away access, the attackers are looking for ways to suppress freedom of press and DDoS attacks have been used by attackers on both sides. In the past, DDoS attacks have been used to bring down websites to suppress violent messages and some groups have used DDoS attacks to bring down services that offer beneficial information.
According to Psychz Networks, which offers remote DDoS protection services, the amount of DDoS attacks have risen over time and today all large traffic sites are at risk of an attack. DDoS protection is like an insurance policy that is a must and companies need to become serious about online threats. Companies are avoiding DDoS protection services because DDoS attacks are not common or happen on a regular basis but when they do happen, they can end up costing millions in revenue from sales, advertisement etc. A DDoS protection services provides 24/7 monitoring and only allow clean traffic to visit the destination website by scrubbing bad traffic. As more users get online, website owners need to become serious about ensuring their website uptime for the end user.
WordPress is a widely used CMS across the web and even we utilize the same technology for our blog. Since WordPress is widely deployed, hackers have figured out a way to utilize the pingback function in WordPress to bring the website offline. A typical DDoS attack would rely on opening multiple connection to the IP thus flooding the server and exhausting the server resources. In the case of WordPress, the attackers are using the Pingback function which leaves a comment when the page is linked from other website.
The attack was first disclosed in 2014 by Sucuri and it was described as a layer 7 attack using 162,000 plus WordPress sites. Layer 7 attacks focus primarily on the application layer instead of the network layer. By default, WordPress sites have ping back enabled and this is the root cause of the problem. The hackers are simply using a botnet that they control and using ping back to leave a comment on the url that they would like to bring offline. As large number of comments are submitted from thousands of websites, the server resources become exhausted thus bringing it offline. Since WordPress relies heavily in PHP and MySQL, a small attack can bring a website offline due to resource consumption from php/mysql.
Currently, these attacks account for 13% of all DDoS attacks that take place online and these attacks are hard to control using a firewall. At most the firewall will rate limit the IP address but the attack will continue to come in to the website. Analysis of the attacks have shown up to 26,000 WordPress based sites sites using ping back option to attack a website. At any given moment, up to 10,000 HTTPS connections are being made using the ping back tool the attack website
Providers like Incapsula, Psychz, Cloudflare can provide layer 7 ddos attack protection but webmasters should take steps to avoid their websites from being used in an attack by disabling ping back feature for now. Many webmasters rely on pingback to let other authors know that they have linked to their website and thus help with marketing but webmasters might be putting their website at risk by not disabling pingback feature until a good solution is published by WordPress. Furthermore, it is also recommended to disable XML-RPC on WordPress installation to lower the risks.
Rackspace is attempting to make a business out of supporting other clouds too. It’ll now bring the support of it’s to Red Hat OpenStack clouds.
OpenStack is an open source cloud framework and the attractiveness of it’s relies on that comprehensive adoption by many businesses. But that wide-ranging support also meant lots of confusion about exactly how compatible all these variations of OpenStack actually are.
Rackspace’s contention is because there are lots of customers that begin the OpenStack path down before recognizing that it is a good deal more difficult to set up and run than expected. Subsequently run and Rackspace can swoop in to configure that cloud for them either in their particular server rooms, in a third party data center, or on Rackspace gear.
Rackspace has since declared management and support services for Amazon Web Services and for Microsoft Azure public cloud.
According to the United States’ National Security Agency which is commonly known as NSA claimed and accused the Linux community website which is used by the several Linux users known as the ‘Linux Journal’ to be an ‘extremist forum’ under the XKeyscore Program which is held by the United States’ National Security Agency while the users of that Linux Journal is stated to be so called extremist according to a source.
The source code that was published by the ARD, German communal broadcaster recognized and acknowledged a minimum of two German ‘Tor Directory Authority servers,’ the one being located at the Berlin while the other is located at the Nuremberg are being kept under a close watch by the United States’ National Security Agency.
Project Tor is an independent and self regulatory, anonymous, open sourced software tool as well as browsing software which directs the traffic all the way through its free of charge, global, volunteer set of connections to cover up the locations usage of the users from the surveillance system.
According to the ARD report it is indicated that the Tor servers of the Germans are two of the rest of the servers that National Security Agency has kept its target on for supervision and observation under this XKeyscore program scheme. The codes refer to a particular group of ip addresses under the Tor Directory Authority which National Security Agency is keeping a close watch on.
The XKeyscore Program which is undertaken by the National Security Agency is a collection cum analysis application which was also one of the surveillance programs which was revealed in the documents that was leaked by Edward Snowden who was the previous NSA contractor as well as whistleblower in the last year. The source code of the XKeyscore regulations refer to the certain terms such as ‘Amnesiac Incogneto Live System’, or ‘TAILs’ along with either one of the abbreviations which are ‘USB’, ‘linux’, ‘secure desktop’, ‘CD’, ‘truecrypt’, ‘IRC’, and also ‘Tor’ which fall under the category of search items that will pinpoint the track and follow the IP address of the human being performing the search.
XKeyscore Program’s source code is published for the first time in this year which exposes not only the German confidential software clients but it also reveals the privacy software users all through the world, especially in the Australia, UK, the US, Canada and New Zealand, who are being followed and tracked by the National Security Agency.