Wikileaks hacked - Mass Distributed Denial of Service (ddos) attacks

Wikileaks under mass distributed denial of service attacks

Wikileaks, the famous whistle blower website has attracted high attention after publishing confidential information otherwise not available to the public.in April 2010, WikiLeaks posted video from a 2007 incident in which Iraqi civilians and journalists were killed by U.S. forces, on a website called Collateral Murder. In July of the same year, WikiLeaks released Afghan War Diary, documents about the War in Afghanistan not previously available for public review.

Just recently, Wikileaks says it is the target of a computer-hacking operation, ahead of a release of secret US documents.

DDOS (Distributed Denial of Service)

Distributed denial-of-service attack (DDoS attack)

In short: Distributed Denial of Service, or DDoS. A group of computer users or an organization distributed across multiple systems floods the host's servers with spurious requests for access, 

Is showed in the below graph,  traffic to one of Wikileak’s primary hosting provider> At approximately 10:05am EST, traffic abruptly jumps by 2-4 Gbps as the attack begins.

The attack was "exceeding 10 Gigabits a second" 

Another way to think of it is that someone, somewhere is demanding that the WikiLeaks cablegate site deliver the equivalent of 114 movies per second
.
That's a massive attack, but it's not as big as some it has survived in the past. So why did it have so much trouble today?

Amazon dropped it
On 2 December 2010 Amazon.com severed its ties with WikiLeaks, to which it was providing infrastructure services, after an intervention of an aide of US Senator Joe Lieberman. Amazon denied acting under political pressure citing a violation of its terms of service. Fuck !
DNS too (Dynamic Network Services Inc.)
On 2 December 2010 American owned EveryDNS dropped WikiLeaks from its entries, citing DDoS attacks that "threatened the stability of its infrastructure".The site's 'info' DNS lookup remained operational at alternative addresses for direct access respectively to the Wikileaks and Cablegate websites

The Hacker who took it down (The Jester) 

th3j35t3r

So who is this hacker?

The hacker, who calls himself The Jester and goes by the name th3j35t3r on Twitter, said he was motivated to take down WikiLeaks for patriotic reasons. He also said his other targets include Web sites used by Al Qaeda and other terrorists groups for recruiting purposes. 

What he used? - XerXeS

He apparently developed a multi-thread, thin-client denial of service attack application that effectively allows him to launch a distributed denial of service (DDOS) attack on a website from a single linux server.

The everal interviews with The Jester, along with two videos he made for Infosec Island that demonstrate the XerXeS Dos attack in action.

Read more »

Wikileak Xerxes Dos Attack

Want to have a look at the tools which Jester (the one who did a Ddos distributed denial of service) attack against Wikileaks ? Here you go :

Xerxes in Action

The tool used to Ddos Wikileak

Activate FullScreen for a better experience xD
and
View the preceding post to get the full story xD

Read more »

Hackers attack Mastercard

OPERATION PAYBACK

If you tried going to MasterCard’s web site this morning you might have found yourself waiting a long time. Hackvists Hackers supporting WikiLeaks founder Julian Assange claim to have taken down the website of MasterCard, which shutdown its payment service to the controversial website on Monday. 

The hacktivist group dubbed Anon_Operationsaid in one tweet that "www.mastercard.com/ is down" and designated mastercard.com as their "current target" in what was taking the proportions of cyber war.

WikiLeaks has benefited from a massive groundswell of online support. Twitter is choked with messages of solidarity. The site's Facebook page has 1 million fans. And tech-savvy supporters are organizing boycotts and other stunts.  

 Operation:Payback occurs after the credit-card company withdrew its funding services for WikiLeaks. The whistleblower Web site’s founder Julian Assange was arrested yesterday and denied bail. He remains in the custody of British police.

View our previous post to see Xerxes, the tool used to ddos Wikileak, in action. A tool able to make adistributed denial of service attack, created by the jester...

Read more »

XerXeS DoS - Wikileaks Hacking Tool

XerXes 

DoS Attack Video Part 2

The Hacking tool used to DoS Wikileaks

This is demonstration of a XerXes DoS Attack in action against atahadi.com

Whats new from the first demo video is that more is revealed about the attack technique.

See for yourself :

Activate FullScreen for a better experience 

Click on this link to view the first video

This second video of XerXeS shows more of the XerXeS dashboard, and reveals even more about the attack technique – It's an Enhanced version of XerXes able to dos secured Apache servers !

Take a look at 02.25 when he sets up the target server:

XerXes can now affect multiple server flavors – some still more are under development. 

This time he dropped a Secured server which is supposed have the Apache setup that is impervious to a XerXeS hit.  

Denial of Service (DoS) Attacks

The basic premise to this attack is that by sending (but never fully completing) numerous requests to Apache, one could get the Apache process to consume all system resources and stop serving up the actual web content.  

Exploitation

The Apache vulnerability is only the beginning, Xerxes will be able to hit IIS in the future. 

DoS or DDoS ? 

The attack is performed on a single low-spec computer, and while The Jester sends relatively few packets from his own machine, the attack results in brief outages of the target site. 

So he is not using any intermediaries or botnets, sorry for having wrote DDoS in my first post xD

You can view part 1 here: XerXes in action

You surely can follow Jester here:

http://twitter.com/th3j35t3r

Read more »

Department of Defence, NASA, Pentagon and NSA have been hacked by hacker named Sl1nk

The United States of America, Department of Defence (DoD).

Department of the Navy, the Pentagon, NASA and the National Security Agency(NSA)

All these security agencies are thought to have the best ever security put into place against hacker attacks...yet one claims to have hacked into them !!!

Hacker Pseudoname: Sl1nk

Organisation: Unknown

Reputation: Unknown

This guys claims to have done some quite interesting and unbelievable things..things that would mean that the security holes in these above mentioned agencies are countless..

Is that because they wanted to adopt cloud computing, we'll see that later.

Maybe what this hacker 'sl1nk' is claiming to have done is completely false..but the information he provided seems so precise that it becomes difficult to ignore them. There is a set of documents he presented as proof and which are available to view at the end of this post. For now take a look at the tricks he says he managed to pull:

1. SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon
2. Access to APACS (automated personell air clearance system) 
3. Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms.
4. Database of all usernames/passwords of Webmail of Nasa.
5. Access to ASSIST (Database for Military Specifications and Military Standards)
6. Data Transformation Corporation's FAA Sponsored DUAT Service
7. Access to Government Gateway at http://www.gateway.gov.uk/
8. Access to applicationmanager.gov
9. Login access to HM Revenue & Customs (HMRC)
10. Login to Central Data Exchange | US EPA

As you can see, he (sl1nk) claims to have SSH access to many boxes, a list is given below :-

Pentagon, Nasa, Navy, NSA	Area 54	Department of the Navy, Space and Naval Warfare System Command
64.224.0.11	207.60.16.0 - 207.60.16.255	205.0.0.0 - 205.117.255.0
IP=64.224.0.5
64.70.0.2,
64.70.1.15
64.70.2.53
64.70.2.95
131.182.3.72
153.31.1.195
64.70.2.16
128.149.2.1
64.224.0.9 and lots more

 He also presented some account credentials that suppozedly THN Team verified and documents originating from the Department of Defence (DoD).

https://assist.daps.dla.mil/ 

User: COM502571

Pass: C*************g@@

--------------------------------------------

http://www.duat.com 

system access code: 0016***9

password: F*****1

--------------------------------------------

http://www.gateway.gov.uk/ 

Agent Name: Corie Lee

User ID: 1152****652

Pass: **************

--------------------------------------------

https://online.hmrc.gov.uk/account 

Your User ID is: 437067167597

Password: cl**********3d

--------------------------------------------

https://applicationmanager.gov/

User: administratorbackup

Pass: fu********l@

--------------------------------------------

https://cdxnode64.epa.gov 

User: JCrimson

Pass: M*********0n

--------------------------------------------

https://pecos.cms.hhs.gov/pecos/login.do 

User: Adminbackup

Pass: g*********7

Nice proofs and for sure would make people believe that these agencies have security flaws..but to what extent is it true ?

Was it because they moved to cloud computing...but why our defense and intelligence agencies are moving so quickly to adopt cloud computing ?

The answer is cost savings and higher efficiency but the most important aspect is is grounded squarely in our DoD's need exploit information faster than its adversaries.

Cloud computing is unique in its ability to address critical defense and intelligence mission needs.  That’s why cloud computing is critical to national defense.

The main concerns surrounding Cloud Computing Security are:

Data security, privacy and integrity

Intrusion detection and prevention

Security concerns about Cloud Computing are nothing new

Security experts find flaws in cloud computing

Demonstrations of new ways to attack corporate data stored with the increasingly popular “cloud” services have added to concerns about the technology.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.

Read more »

Google Chrome and Firefox Crash Exploit

Once in a while you come across people who just won't stop wasting your time on Facebook.
They just do not have anything else to do than to piss you off. In those time, you wish you could just disable that person's internet connection ! While this post won't show you how to do this, it will surely show you how you can piss off your friends by crashing their browsers.

I came across this exploit on the net devised by some hacker by the name of t3rm!n4t0r. The exploit can be found on the Exploit Database Website under the section DoS/PoC and with the name "Google Chrome Denial Of Service (DoS)".
The reason why the author call this a DoS is above my comprehension xD. It is just some javascipt code that crash the browser because the javascript code messes up with the memory of the browser. Still IT DOES CRASH THE BROWSER.

Download the exploit code here: Exploit Database 

Affected Platforms: Windows and Unix

Affected Browsers: Chrome and Firefox

Tested on: Chrome v15 and Firefox v7



How to make it work ?
This exploit can be handy, so you may want it to be ready and and ur disposal.
I recommend uploading the code on a free web host.
(You have to save the code as an html file first)
Shorten the url of your free web host using goo.gl service or any other.
Just send them the url and watch them dissapear xD
Total Fun and they don't even know what hit them.
Happy Crashing.

Read more »