Web Host Chat - The UK's host forum since 2001!
RECOMMENDED HOSTS
Colocation Rack Services
UK Web & Reseller Hosting
UK Leased Lines
VMWare Cloud Servers
Advertise here!
News
Hosting
Data Centres
Networking
Security
Software
Hardware
Business
Jobs
Science
Other

Largest Ever DDoS Cyber Attack Hits US and European Victims

Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.
Posted by JamieBeeston.
Published 02:47, Wed 12 Feb 2014.
Viewed 85 times.
A massive attack that exploited a key vulnerability in the infrastructure of the internet is the "start of ugly things to come", it has been warned.

Hosting and security firm Cloudflare said it recorded what was the "biggest ever" attack of its kind on Monday.

Hackers used weaknesses in the Network Time Protocol (NTP), a system used to synchronise computer clocks, to flood servers with huge amounts of data.

The technique could potentially be used to force popular services offline.

Several experts had predicted that the NTP would be used for malicious purposes.

The target of this latest onslaught is unknown, but it was directed at servers in Europe, Cloudflare said.

Attackers used a well-known method to bring down a system known as Denial of Service (DoS) - in which huge amounts of data are forced on a target, causing it to fall over.

Cloudflare chief executive Matthew Prince said his firm had measured the "very big" attack at about 400 gigabits per second (Gbps), 100Gbps larger than an attack on anti-spam service Spamhaus last year.

Predicted attack
In a report published three months ago, Cloudflare warned that attacks on the NTP were on the horizon and gave details of how web hosts could best try to protect their customers.

NTP servers, of which there are thousands around the world, are designed to keep computers synchronised to the same time.

Continue reading the main story

Start Quote

A lot of these protocols are essential, but they're not secure”

Prof Alan Woodward
University of Surrey
The fundamentals of the NTP began operating in 1985. While there have been changes to the system since then, it still operates in much the same way.

A computer needing to synchronise time with the NTP will send a small amount of data to make the request. The NTP will then reply by sending data back.

The vulnerability lies with two weaknesses. Firstly, the amount of data the NTP sends back is bigger than the amount it receives, meaning an attack is instantly amplified.

Secondly, the original computer's location can be "spoofed", tricking the NTP into sending the information back to somewhere else.

In this attack, it is likely that many machines were used to make requests to the NTP. Hackers spoofed their location so that the massive amounts of data from the NTP were diverted to a single target.

"Amplification attacks like that result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting a victim from around the internet," Cloudfare explained in a blog outlining the vulnerability, posted last month.

'Ugly future'
The NTP is one of several protocols used within the infrastructure of the internet to keep things running smoothly.

Unfortunately, despite being vital components, most of these protocols were designed and implemented at a time when the prospect of malicious activity was not considered.

"A lot of these protocols are essential, but they're not secure," explained Prof Alan Woodward, an independent cyber-security consultant, who had also raised concerns over NTP last year.

"All you can really do is try and mitigate the denial of service attacks. There are technologies around to do it."

Most effective, Prof Woodward suggested, was technology that was able to spot when a large amount of data was heading for one destination - and shutting off the connection.

Cloudflare's Mr Prince said that while his firm had been able to mitigate the attack, it was a worrying sign for the future.

"Someone's got a big, new cannon," he tweeted. "Start of ugly things to come."
Comments on this
  • Bollocks are Cloudflare handling the "biggest ever" attacks - might be the biggest attacks they've absorbed, but the likes of Akamai, Level(3) etc... absorb (and carry on working) attacks on magnitudes of the size of Cloudflares whole network.

    11:11, Wed 12 Feb 2014
  • Cloudflare seem to generally "mitigate" these attacks by going offline ;)
    Freethought Internet
    Freethought Internet Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP. VAT number GB 987 0952 66.
    11:47, Wed 12 Feb 2014
  • Just CF trying to get press based on the growing frequency of NTP reflectio attacks - nothing to see here, move along ...
    14:35, Wed 12 Feb 2014
  • Post a comment on this
    Please login in order to use this feature.
    Username:
    Password:
    Please login to view the full contents of this page.
    If you don't have an account you can;
    Register one here.
    Posted by

    Don't miss:

    Five keys to choose a cloud computing provider
    There are many companies who have chosen to make the leap to the cloud. In fact, according to a Internet survey report more companies used cloud computing in order to improve their productivity. However, before addressing this new IT delivery model it is essential for companies to make an analysis of the main Cloud computing service providers of the market. First, companies should consider one thing before establishing any relationship, without trust it is impossible to establish a good working relationship. However, there are more aspects that need to be fixed before signing an agreement on cloud computing.
    Rural broadband maps criticised for lacking detail
    The government and BT are under fresh attack for the way the rollout of the UK's rural broadband is being handled.
    After nine years, the Million Dollar homepage is 22% dead
    The Million Dollar Homepage was a phenomenon in 2005, but almost a decade on, it stands as a monument to the fragility of the internet: over one-fifth of the links on the site are dead.
    GitHub Founder Suspended over Harassment Claims
    Last Friday, Julie Ann Horvath dramatically quit over allegations of harassment by leadership at GitHub over the last two years. GitHub is a developer platform that allows users to share code. The website is based on Git, the version control software created by Linux hacker and founder, Linus Torvalds. Until Friday, Julie was a developer at the company.
    Samsung Galaxy Remote Backdoor Discovered
    The developers at Replicant (an Open Source project aimed at replacing all proprietary components within Android OS) has discovered a remote back door in the Samsung Galaxy series of mobile devices and the Nexus S. The backdoor is only present in the proprietary version of Android bundled with the Samsung devices. So far, investigations reveal that the backdoor is relatively benign despite having read and write access to sensitive areas of the filesystem.
    Intel to Make Monster 800Gbps Cables
    No, not gold-plated Monster cables but monster 800Gbps cables! It looks like Intel is forging ahead with it's plans to disaggregate rack server infrastructure. Intel will be launching these new MXC cables in the later half of the year. Each cable bundles up to 64, simplex fibres to aggregate 1.6TB of bandwidth and can transmit up to 300 metres without repeaters.
    Cambridge University - No More Password Leaks
    Those smart folks working at Security Research in the University of Cambridge Computer Labs have developed a hardware device which promises to protect you from password leaks. That's a big promise so does it stack up?
    Energy windfall for data centres
    Energy harvesting has been an ideology for some time. With recent developments, we will soon see solutions being tested that will deliver significant changes in the way data centres are run
    Web.com acquires SnapNames domain names drop-catch/auction service
    Web.com acquired SnapNames on 3/March/2014, and continues partnership with NameJet domain name auction platform from Rightside (the domain name services spinoff from Demand Media)
    Raspberry Pi Foundation Offers $10K Bounty for GPU Driver Port
    With over 100,000 units sold on the first day of sales and over 2 million sold by the end of 2014, the Raspberry Pi has been an incredible success. The Raspberry Pi Foundation, set up as a charitable organisation in 2008, has a mission statement to "promote the study of computer science and related topics, especially at school level, and to put the fun back into learning computing." and despite it's success, not everyone's happy.
    Geo Network - Where Fibre Meets Your Fibre
    Getting physically connected between locations has always been expensive and time consuming due to negotiating rights of way and the actual laying of the physical cable. Chris Smedley, CEO of Geo Networks has decided to team up with Thames Water for a quicker and more efficient way of laying fibre. The London sewerage system.
    US TSA Employing Psycics to Find Passengers With Bitcoins
    Two airport security personel stopped Davi Barker at a US airport, claiming to have 'seen bitcoins' in his bag. Clearly a new form of modern day magic as bitcoins are a virtual currency !
    Dynamic kernel patching from Red Hat
    Red Hat show off their work on dynamic kernel patching which allows kernel upgrades without rebooting your system
    Microsoft now the largest Windows host
    Microsoft's Windows Azure cloud platform has helped it to surpass Amazon as the largest Windows host
    Docklands Harbour Exchange bought in 37 million deal
    A £37million deal was announced on Monday morning for the three building development near South Quay on the Isle of Dogs. It was previously owned by Land Securities Group.
    Nominet Selected to Provide Emergency Backup Registry Services
    In the (increasingly likely) event that one of the newGTLD operators goes t1tsup, transfer of the TLD to an Emergency Operator comes into force. Nominet officially selected as one of the EBERO's
    New Silk Road hit with $2.6 million heist due to known Bitcoin flaw
    "Transaction malleability," which worried Mt. Gox and Bitstamp, strikes again. Not only are Bitcoin trading sites like Bitstamp and Mt. Gox susceptible to the recent accleration of the "transaction malleability" problem, but apparently the Silk Road—or at least its newest incarnation—is too. Is this the end for Bitcoin as we know it?
    Hackers now filming their remote victims
    Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts, a security firm reveals.
    Finalists announced for the first UK Cloud Awards
    The shortlist of finalists for the UK Cloud Awards 2014 have been announced, the new awards organised by the Cloud Industry Forum (CIF), Cloud Pro and techUK. There will be 15 awards across 2 categories, projects and products. In the products category, there is a wide variety of new and established businesses from startups to major international corporations. The winners will be announced at ceremony to be held at City Hall on 26th February, 2014.
    Largest Ever DDoS Cyber Attack Hits US and European Victims
    Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50 with Zuckerberg giving away nearly $1bn.
    AMD and ARM working together for server CPUs
    AMD has worked with ARM to lower the energy requirements for data centre servers. Power usage is one of the most important aspects of servers today.
    Icelanders to enjoy virtual cash giveaway
    Following the hype and furore around the various virtual currencies being released on a seemingly daily basis, for the first time an entire nation is to be given some virtual currency.
    KNCMiner building Arctic Circle DataCentre for Bitcoin Mining
    KNC Miner (a Swedish Company) are using the 'pre-order' funds they have accumulated from over 4000 orders of a $12000 BitCoin Mining device to build a 10MW datacentre in The Node Pole region, near the Arctic Circle in Sweden.
    DDoS : Who watches the watchmen?
    Recent revelations from more leaked Snowden files show GCHQ has been using hackers own techniques against them and DDoSing their chatrooms and even using crafted BBC articles to scrape data to help identify users.
    .uk domain names to launch on June 10th
    Nominet are cashing in on the new gTLD hype with shorter .uk domains available to register from June 10th 2014
    AWS now the most popular host
    Amazon Web Services hosts more web sites from the top 100,000 domains than any other host according to data provided by Alexa
    PayPal and eBay websites hijacked
    The Syrian Electronic Army are claiming responsibility for hijacking the paypal.co.uk and ebay.co.uk web sites.
    GoDaddy security blunder
    A security blunder by domain registrar GoDaddy has cost a Twitter user their $50k one character handle thanks to some basic social engineering.
    Telehouse opens a new 1000 square meter co-location floor in London
    Telehouse who have long been a leading provider of data centre space has opened the final phased floor with 1000 sq.meters of available co-location space at Telehouse West.
    .Scot wait is over new top level domain for Scotland
    Congratulations Scotland, they have finally been awarded the dot Scot TLD, unfortunately there is no news on .haggis yet.
    Rackspace has lift off for ObjectRocket in the UK
    Rackspace has launched OBJECTROCKET in the UK and releases NoSQL Database-as-a-Service (DBaaS) in it's London data centres.
    Infinity SDC has opened a new flagship data centre
    Brand new Slough based data centre has been opened by Infinity with a respectable PUE of just 1.25. It will offer much needed new data centre space in the Thames Valley area.
    Ministry of Justice signs deal with Ark for Data Centre solution
    Ark claims to provide the most power efficient data centre solutions to lower the running costs with PUE scores as low as 1.08.
    What is a cloud? Not many end users have a clue
    While the companies supplying "cloud" services should know what they are selling, it is quite clear that most customers really don't have a clue what it means, or even if it's fluffy.
    Zapp plans to take on PayPal for Mobile payments
    The mobile payments brand Zapp is planning to squeeze in beside PayPal by investing tens of millions in to it's launch.
    Should all hosting companies accept PayPal
    As more and more people have PayPal accounts, is it important to accept PayPal as a payment method? Or are the risks and costs not worth it.
    Googles Chrome web browser could be keeping an eye on you
    An Israeli web developer says that Google's web browser could be spying on you. Google dismisses the allegation of eavesdropping threat.
    The internet is a gift from god according to the Pope
    Pope Francis clearly loves the web, and has called the internet a "gift from god". And that it is able to bring people together more easily.
    2014's web hosting company problems to keep an eye on
    2014 should see the ever growing web continue to expand at a rate yet again even faster than before. More and more companies will continue to utilise the web's advantages, and with that there will come new challenges for hosting companies.